secvar_devtree: add physical presence mode helper

This patch adds a simple function to detect whether or not physical
presence has been asserted. In the current implementation, all physical
presence assertion modes are treated the same.

Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>

2 files changed, 17 insertions, 0 deletions

diff --git a/libstb/secvar/secvar_devtree.c b/libstb/secvar/secvar_devtree.c
index 998093f..5903ee3 100644
--- a/libstb/secvar/secvar_devtree.c
+++ b/libstb/secvar/secvar_devtree.c
@@ -64,3 +64,18 @@ void secvar_set_update_status(uint64_t val)
 	dt_add_property_u64(secvar_node, "update-status", val);
 }
 
+bool secvar_check_physical_presence(void)
+{
+	struct dt_node *secureboot;
+
+	secureboot = dt_find_by_path(dt_root, "ibm,secureboot");
+	if (!secureboot)
+		return false;
+
+	if (dt_find_property(secureboot, "clear-os-keys")
+			|| dt_find_property(secureboot, "clear-all-keys")
+			|| dt_find_property(secureboot, "clear-mfg-keys"))
+		return true;
+
+	return false;
+}
diff --git a/libstb/secvar/secvar_devtree.h b/libstb/secvar/secvar_devtree.h
index c1c923d..04eb00d 100644
--- a/libstb/secvar/secvar_devtree.h
+++ b/libstb/secvar/secvar_devtree.h
@@ -10,4 +10,6 @@ void secvar_init_devnode(const char *compatible);
 void secvar_set_status(const char *status);
 void secvar_set_update_status(uint64_t val);
 
+bool secvar_check_physical_presence(void);
+
 #endif