From: Nayna Jain <nayna@linux.ibm.com>
To: linuxppc-dev@ozlabs.org
Cc: Michael Ellerman <mpe@ellerman.id.au>,
Mimi Zohar <zohar@linux.ibm.com>,
linux-kernel@vger.kernel.org, Nayna Jain <nayna@linux.ibm.com>
Subject: [PATCH] powerpc/pseries: detect secure and trusted boot state of the system.
Date: Sat, 4 Jul 2020 13:08:55 -0400 [thread overview]
Message-ID: <1593882535-21368-1-git-send-email-nayna@linux.ibm.com> (raw)
The device-tree property to check secure and trusted boot state is
different for guests(pseries) compared to baremetal(powernv).
This patch updates the existing is_ppc_secureboot_enabled() and
is_ppc_trustedboot_enabled() function to add support for pseries.
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
---
arch/powerpc/kernel/secure_boot.c | 31 +++++++++++++++++++++++++------
1 file changed, 25 insertions(+), 6 deletions(-)
diff --git a/arch/powerpc/kernel/secure_boot.c b/arch/powerpc/kernel/secure_boot.c
index 4b982324d368..43fc6607c7a5 100644
--- a/arch/powerpc/kernel/secure_boot.c
+++ b/arch/powerpc/kernel/secure_boot.c
@@ -6,6 +6,7 @@
#include <linux/types.h>
#include <linux/of.h>
#include <asm/secure_boot.h>
+#include <asm/machdep.h>
static struct device_node *get_ppc_fw_sb_node(void)
{
@@ -23,11 +24,20 @@ bool is_ppc_secureboot_enabled(void)
{
struct device_node *node;
bool enabled = false;
+ const u32 *secureboot;
- node = get_ppc_fw_sb_node();
- enabled = of_property_read_bool(node, "os-secureboot-enforcing");
+ if (machine_is(powernv)) {
+ node = get_ppc_fw_sb_node();
+ enabled =
+ of_property_read_bool(node, "os-secureboot-enforcing");
+ of_node_put(node);
+ }
- of_node_put(node);
+ if (machine_is(pseries)) {
+ secureboot = of_get_property(of_root, "ibm,secure-boot", NULL);
+ if (secureboot)
+ enabled = (*secureboot > 1) ? true : false;
+ }
pr_info("Secure boot mode %s\n", enabled ? "enabled" : "disabled");
@@ -38,11 +48,20 @@ bool is_ppc_trustedboot_enabled(void)
{
struct device_node *node;
bool enabled = false;
+ const u32 *trustedboot;
- node = get_ppc_fw_sb_node();
- enabled = of_property_read_bool(node, "trusted-enabled");
+ if (machine_is(powernv)) {
+ node = get_ppc_fw_sb_node();
+ enabled = of_property_read_bool(node, "trusted-enabled");
+ of_node_put(node);
+ }
- of_node_put(node);
+ if (machine_is(pseries)) {
+ trustedboot =
+ of_get_property(of_root, "ibm,trusted-boot", NULL);
+ if (trustedboot)
+ enabled = (*trustedboot > 0) ? true : false;
+ }
pr_info("Trusted boot mode %s\n", enabled ? "enabled" : "disabled");
--
2.18.1
next reply other threads:[~2020-07-04 17:10 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-04 17:08 Nayna Jain [this message]
2020-07-07 2:06 ` [PATCH] powerpc/pseries: detect secure and trusted boot state of the system Daniel Axtens
2020-07-07 2:53 ` Daniel Axtens
2020-07-07 5:56 ` Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1593882535-21368-1-git-send-email-nayna@linux.ibm.com \
--to=nayna@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).