[Skiboot] [RFC 8/8] mowgli: (EXAMPLE) enable mode-switchable drivers for secvar

Eric Richter erichte at linux.ibm.com
Thu Oct 7 09:33:11 AEDT 2021 

On 10/6/21 4:52 AM, Daniel Axtens wrote:
> Eric Richter <erichte at linux.ibm.com> writes:
> 
>> This example patch enables the new mode-switchable secvar drivers for the
>> mowgli platform.
>>
>> RFC NOTE: This is a patch that should likely be carried out-of-tree for
>> platforms that decide to use these switchable drivers. As this will depend
>> on having default variables compiled it, there should likely be some
>> compile-time check to confirm default keys are in use, or some runtime
>> check to force USER_MODE if no built-in keys are provided.
> 
> Yeah figuring out how to avoid the intrinsic set of footguns would be
> good.
> 
> I am not a fan of carrying a driver in-tree that has no in-tree users.
> 

I can't say I'm a fan of it either, but...

> I think my preference would be makefile hacking that detects the
> presence of the default keys and only compiles in the static and
> switchable modes if they are present.
> 

...this is what I considered, and this becomes problematic to determine
when/why to use switchable drivers over pure static.

For example, I don't have a TPM in my blackbird, so I cannot enable the
switchable driver at all, which depends on the TPM still.

> Ultimately I would prefer an explicit user configuration but skiboot
> hasn't really gone down the kernel-style `make config` direction so
> maybe this limited 'magic' is the least surprising thing we can manage.
> 

I would also prefer some kind of configuration. Perhaps this is the time,
if there are other possible config bits to manage?

> Kind regards,
> Daniel
> 
>>
>> I am slightly in favor of the latter option, so that it is easier for
>> users of platforms supported by secvar to enable switchable modes by only
>> needing to supply default variable data.
>> ---
>>  platforms/astbmc/mowgli.c | 4 +++-
>>  1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/platforms/astbmc/mowgli.c b/platforms/astbmc/mowgli.c
>> index df83319d..8b0686b6 100644
>> --- a/platforms/astbmc/mowgli.c
>> +++ b/platforms/astbmc/mowgli.c
>> @@ -84,7 +84,9 @@ static bool mowgli_probe(void)
>>  }
>>  static int mowgli_secvar_init(void)
>>  {
>> -	return secvar_main(secboot_tpm_driver, edk2_compatible_v1);
>> +	// TODO: Provide a compile-time check to make sure there actually are static keys?
>> +	//  have switchable mode only in the presence of a mode to switch to
>> +	return secvar_main(secboot_tpm_switchable_driver, edk2_switchable_driver);
>>  }
>>  
>>  
>> -- 
>> 2.33.0
>>
>> _______________________________________________
>> Skiboot mailing list
>> Skiboot at lists.ozlabs.org
>> https://lists.ozlabs.org/listinfo/skiboot

More information about the Skiboot mailing list