[Skiboot] [RFC 8/8] mowgli: (EXAMPLE) enable mode-switchable drivers for secvar

Daniel Axtens dja at axtens.net
Wed Oct 6 20:52:56 AEDT 2021


Eric Richter <erichte at linux.ibm.com> writes:

> This example patch enables the new mode-switchable secvar drivers for the
> mowgli platform.
>
> RFC NOTE: This is a patch that should likely be carried out-of-tree for
> platforms that decide to use these switchable drivers. As this will depend
> on having default variables compiled it, there should likely be some
> compile-time check to confirm default keys are in use, or some runtime
> check to force USER_MODE if no built-in keys are provided.

Yeah figuring out how to avoid the intrinsic set of footguns would be
good.

I am not a fan of carrying a driver in-tree that has no in-tree users.

I think my preference would be makefile hacking that detects the
presence of the default keys and only compiles in the static and
switchable modes if they are present.

Ultimately I would prefer an explicit user configuration but skiboot
hasn't really gone down the kernel-style `make config` direction so
maybe this limited 'magic' is the least surprising thing we can manage.

Kind regards,
Daniel

>
> I am slightly in favor of the latter option, so that it is easier for
> users of platforms supported by secvar to enable switchable modes by only
> needing to supply default variable data.
> ---
>  platforms/astbmc/mowgli.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/platforms/astbmc/mowgli.c b/platforms/astbmc/mowgli.c
> index df83319d..8b0686b6 100644
> --- a/platforms/astbmc/mowgli.c
> +++ b/platforms/astbmc/mowgli.c
> @@ -84,7 +84,9 @@ static bool mowgli_probe(void)
>  }
>  static int mowgli_secvar_init(void)
>  {
> -	return secvar_main(secboot_tpm_driver, edk2_compatible_v1);
> +	// TODO: Provide a compile-time check to make sure there actually are static keys?
> +	//  have switchable mode only in the presence of a mode to switch to
> +	return secvar_main(secboot_tpm_switchable_driver, edk2_switchable_driver);
>  }
>  
>  
> -- 
> 2.33.0
>
> _______________________________________________
> Skiboot mailing list
> Skiboot at lists.ozlabs.org
> https://lists.ozlabs.org/listinfo/skiboot


More information about the Skiboot mailing list