diff options
| author | Claudio Carvalho <cclaudio@linux.vnet.ibm.com> | 2016-10-24 01:11:29 -0200 |
|---|---|---|
| committer | Stewart Smith <stewart@linux.vnet.ibm.com> | 2016-10-26 16:07:01 +1100 |
| commit | 253a158663d653e9a4dd8fa0d7ad1a660afa2283 (patch) | |
| tree | b8fc8287fd06d7eaa98ab41718ce06f6ddab09e7 /libstb | |
| parent | ee1bbae31c50bdc260a0d3e0eed33114155f0044 (diff) | |
| download | skiboot-253a158663d653e9a4dd8fa0d7ad1a660afa2283.zip skiboot-253a158663d653e9a4dd8fa0d7ad1a660afa2283.tar.gz skiboot-253a158663d653e9a4dd8fa0d7ad1a660afa2283.tar.bz2 | |
libstb/stb.c: ignore the secure mode flag unless forced in NVRAM
For this stage in Trusted Boot development, we are wishing to not
force Secure Mode through the whole firmware boot process, but we
are wanting to be able to test it (classic chicken and egg problem with
build infrastructure).
We disabled secure mode if the secure-enabled devtree property is
read from the device tree *IF* we aren't overriding it through NVRAM.
Seeing as we can only increase (not decrease) what we're checking through
the NVRAM variable, it is safe.
The NVRAM setting is force-secure-mode=true in the ibm,skiboot partition.
However, if you want to force secure mode even if Hostboot has *not* set
the secure-enabled proprety in the device tree, set force-secure-mode
to "always".
There is also a force-trusted-mode NVRAM setting to force trusted mode
even if Hostboot has not enabled it int the device tree.
To indicate to Linux that we haven't gone through the whole firmware
process in secure mode, we replace the 'secure-enabled' property with
'partial-secure-enabled', to indicate that only part of the firmware
boot process has gone through secure mode.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
[stewart@linux.vnet.ibm.com: add NVRAM flag, modify commit message]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Diffstat (limited to 'libstb')
| -rw-r--r-- | libstb/stb.c | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/libstb/stb.c b/libstb/stb.c index 8c8f380..4dc28a9 100644 --- a/libstb/stb.c +++ b/libstb/stb.c @@ -19,6 +19,7 @@ #include <platform.h> #include <string.h> #include <stdio.h> +#include <nvram.h> #include "stb.h" #include "status_codes.h" #include "container.h" @@ -100,7 +101,7 @@ static void sb_enforce(void) void stb_init(void) { - const struct dt_node *ibm_secureboot; + struct dt_node *ibm_secureboot; /* * The ibm,secureboot device tree properties are documented in * 'doc/device-tree/ibm,secureboot.rst' @@ -117,8 +118,21 @@ void stb_init(void) #else secure_mode = dt_has_node_property(ibm_secureboot, "secure-enabled", NULL); - prlog(PR_NOTICE, "STB: secure mode %s\n", - secure_mode ? "on" : "off"); + + if (nvram_query_eq("force-secure-mode", "always")) { + prlog(PR_NOTICE, "STB: secure mode on (FORCED by nvram)\n"); + secure_mode = true; + } else if (nvram_query_eq("force-secure-mode", "true")) { + prlog(PR_NOTICE, "STB: secure mode %s\n", + (secure_mode) ? "on, *not* partial" : "off"); + } else if (secure_mode) { + prlog(PR_NOTICE, "STB: secure mode on (but not enforced, core secure mode only)\n"); + dt_check_del_prop(ibm_secureboot, "secure-enabled"); + dt_add_property(ibm_secureboot, "partial-secure-enabled", NULL, 0); + secure_mode = false; + } else { + prlog(PR_NOTICE, "STB: secure mode off\n"); + } #endif #ifdef STB_FORCE_TRUSTED_MODE @@ -127,6 +141,10 @@ void stb_init(void) #else trusted_mode = dt_has_node_property(ibm_secureboot, "trusted-enabled", NULL); + if (nvram_query_eq("force-trusted-mode", "true")) { + prlog(PR_NOTICE, "STB: trusted mode ON (from NVRAM)\n"); + trusted_mode = true; + } prlog(PR_NOTICE, "STB: trusted mode %s\n", trusted_mode ? "on" : "off"); #endif |