aboutsummaryrefslogtreecommitdiff
path: root/libstb
diff options
context:
space:
mode:
authorStewart Smith <stewart@linux.vnet.ibm.com>2017-12-13 20:33:22 +1100
committerStewart Smith <stewart@linux.vnet.ibm.com>2017-12-20 08:54:07 +1100
commit8c762d5359d6d00ae2ca2d9e5a4e2ae87a402cf0 (patch)
tree7f83a56590a4b91e33ea5b78493de4a5c1861b6c /libstb
parent1ddf7e51936f82a5ba8b6145962fbc278d591cde (diff)
downloadskiboot-8c762d5359d6d00ae2ca2d9e5a4e2ae87a402cf0.zip
skiboot-8c762d5359d6d00ae2ca2d9e5a4e2ae87a402cf0.tar.gz
skiboot-8c762d5359d6d00ae2ca2d9e5a4e2ae87a402cf0.tar.bz2
allow secure boot if not enforcing it
We check the secure boot containers no matter what, only *enforcing* secure boot if we're booting in secure mode. This gives us an extra layer of checking firmware is legit even when secure mode isn't enabled, as well as being really useful for testing. Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Diffstat (limited to 'libstb')
-rw-r--r--libstb/secureboot.c6
1 files changed, 0 insertions, 6 deletions
diff --git a/libstb/secureboot.c b/libstb/secureboot.c
index f3a5db4..afe19fe 100644
--- a/libstb/secureboot.c
+++ b/libstb/secureboot.c
@@ -111,9 +111,6 @@ void secureboot_init(void)
secure_mode ? "on" : "off");
}
- if (!secure_mode)
- return;
-
if (version == IBM_SECUREBOOT_V1 ||
version == IBM_SECUREBOOT_SOFTROM) {
@@ -172,9 +169,6 @@ int secureboot_verify(enum resource_id id, void *buf, size_t len)
uint64_t log;
int rc = -1;
- if (!secure_mode)
- return 0;
-
name = flash_map_resource_name(id);
if (!name) {
prlog(PR_EMERG, "container NOT VERIFIED, resource_id=%d "