[Skiboot] [PATCH] mowgli: Enable secvar support for Host OS Secure Boot
Nayna Jain
nayna at linux.ibm.com
Fri Oct 9 10:31:57 AEDT 2020
Secure variable support is needed for Host OS Secure Boot key management.
This needs to be enabled for each platform, as each platform needs to
select the storage and backend drivers to use. This patch adds secure
variable support to the mowgli platform.
Test Results:
After applying the patch, sysfs and device-tree shows secvar entries correctly.
# cd /sys/firmware/secvar/
# ls
format vars
# cat format
ibm,edk2-compat-v1
# cd vars
# ls
KEK PK TS db dbx
# cat PK/size
0
# cat KEK/size
0
# cat TS/size
64
# cat db/size
0
# cat dbx/size
0
# ls /proc/device-tree/ibm,secureboot/
compatible hw-key-hash-size name secure-enabled
hw-key-hash ibm,cvc phandle trusted-enabled
# ls /proc/device-tree/ibm,opal/secvar/status
/proc/device-tree/ibm,opal/secvar/status
# ls /proc/device-tree/ibm,opal/secvar/
compatible max-var-key-len name status
format max-var-size phandle update-status
# cat /proc/device-tree/ibm,opal/secvar/status
okay#
# cat /proc/device-tree/ibm,opal/secvar/format
ibm,edk2-compat-v1#
Signed-off-by: Nayna Jain <nayna at linux.ibm.com>
Signed-off-by: Klaus Heinrich Kiwi <klaus at linux.ibm.com>
---
platforms/astbmc/mowgli.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/platforms/astbmc/mowgli.c b/platforms/astbmc/mowgli.c
index 265cab3a..b31a6561 100644
--- a/platforms/astbmc/mowgli.c
+++ b/platforms/astbmc/mowgli.c
@@ -11,6 +11,7 @@
#include <ipmi.h>
#include <psi.h>
#include <npu-regs.h>
+#include <secvar.h>
#include "astbmc.h"
@@ -45,6 +46,10 @@ static bool mowgli_probe(void)
return true;
}
+static int mowgli_secvar_init(void)
+{
+ return secvar_main(secboot_tpm_driver, edk2_compatible_v1);
+}
DECLARE_PLATFORM(mowgli) = {
.name = "Mowgli",
@@ -61,4 +66,5 @@ DECLARE_PLATFORM(mowgli) = {
.exit = astbmc_exit,
.terminate = ipmi_terminate,
.op_display = op_display_lpc,
+ .secvar_init = mowgli_secvar_init,
};
--
2.17.1
More information about the Skiboot
mailing list