diff options
author | Eric Richter <erichte@linux.ibm.com> | 2019-11-04 22:20:09 -0600 |
---|---|---|
committer | Oliver O'Halloran <oohall@gmail.com> | 2019-11-07 17:46:33 +1100 |
commit | bc1f1e446ab40d6de6874b9afe1c6407906f2e57 (patch) | |
tree | ed9a8a7d8c6fe34b17e75aad2e0488b33ba56fdf /libstb/secvar/Makefile.inc | |
parent | 484bdc5dda042ba46c84975a94eacb77e77e35e8 (diff) | |
download | skiboot-bc1f1e446ab40d6de6874b9afe1c6407906f2e57.zip skiboot-bc1f1e446ab40d6de6874b9afe1c6407906f2e57.tar.gz skiboot-bc1f1e446ab40d6de6874b9afe1c6407906f2e57.tar.bz2 |
libstb/secvar: add secvar api implementation
This patch provides the OPAL runtime service frontend for the host OS to
retrieve secure variables, and append new ones for processing on the
next reboot. These calls operate on the internal abstraction or utilize
the platform-provided driver hooks, and therefore this API should not
need to be updated to support changes in storage or backend drivers.
Included are the following functions:
- opal_secvar_get()
- opal_secvar_get_next()
- opal_secvar_enqueue_update()
opal_secvar_get() retrieves the data blob associated with a given key.
The data buffer may be set to NULL to only query for variable size. This
runtime service only operates on the variable bank.
opal_secvar_get_next() can be used to iterate through the list of
variable keys in the variable bank. Supplying an empty key (or zero key
length) returns the key of the first variable in the variable bank.
Supplying a valid key returns the key of the next variable in sequence.
opal_secvar_enqueue_update() provides a method for the host OS to submit
a new variable for processing on next boot, by appending it to the
update bank. As this does not affect the variable bank, appending a
variable via this runtime service will not affect the output of the
previous set of functions. The update queue is only processed during
secvar initialization.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
[oliver: style fixes]
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
---
V2:
- removed opal_secvar_backend, replaced by DT node
- removed unnecessary argument casting
- all calls return OPAL_RESOURCE if secvar failed to init
V3:
- remove metadata from API parameters
- remove opal_secvar_get_size
- change enqueue to replace an update with a repeat name, rather
than enqueueing the duplicate
- change enqueue to unstage an update matching a key if size is zero
- make all key parameters const where possible
- rename key_size to key_buf_size in _get_next
- fix leaking node when enqueue could not allocate the secvar
V4:
- enqueue update now uses secvar alloc/realloc
- use storage-defined max var size instead of hardcoded constant
Diffstat (limited to 'libstb/secvar/Makefile.inc')
-rw-r--r-- | libstb/secvar/Makefile.inc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/libstb/secvar/Makefile.inc b/libstb/secvar/Makefile.inc index 25785a2..2c91f87 100644 --- a/libstb/secvar/Makefile.inc +++ b/libstb/secvar/Makefile.inc @@ -9,6 +9,7 @@ include $(SECVAR_DIR)/storage/Makefile.inc include $(SECVAR_DIR)/backend/Makefile.inc SECVAR_SRCS = secvar_main.c secvar_util.c secvar_devtree.c +SECVAR_SRCS = secvar_main.c secvar_util.c secvar_devtree.c secvar_api.c SECVAR_OBJS = $(SECVAR_SRCS:%.c=%.o) SECVAR = $(SECVAR_DIR)/built-in.a |