diff options
| author | Stewart Smith <stewart@linux.vnet.ibm.com> | 2017-12-13 20:33:22 +1100 |
|---|---|---|
| committer | Stewart Smith <stewart@linux.vnet.ibm.com> | 2017-12-20 08:54:07 +1100 |
| commit | 8c762d5359d6d00ae2ca2d9e5a4e2ae87a402cf0 (patch) | |
| tree | 7f83a56590a4b91e33ea5b78493de4a5c1861b6c /libstb | |
| parent | 1ddf7e51936f82a5ba8b6145962fbc278d591cde (diff) | |
| download | skiboot-8c762d5359d6d00ae2ca2d9e5a4e2ae87a402cf0.zip skiboot-8c762d5359d6d00ae2ca2d9e5a4e2ae87a402cf0.tar.gz skiboot-8c762d5359d6d00ae2ca2d9e5a4e2ae87a402cf0.tar.bz2 | |
allow secure boot if not enforcing it
We check the secure boot containers no matter what, only *enforcing*
secure boot if we're booting in secure mode. This gives us an extra
layer of checking firmware is legit even when secure mode isn't enabled,
as well as being really useful for testing.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Diffstat (limited to 'libstb')
| -rw-r--r-- | libstb/secureboot.c | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/libstb/secureboot.c b/libstb/secureboot.c index f3a5db4..afe19fe 100644 --- a/libstb/secureboot.c +++ b/libstb/secureboot.c @@ -111,9 +111,6 @@ void secureboot_init(void) secure_mode ? "on" : "off"); } - if (!secure_mode) - return; - if (version == IBM_SECUREBOOT_V1 || version == IBM_SECUREBOOT_SOFTROM) { @@ -172,9 +169,6 @@ int secureboot_verify(enum resource_id id, void *buf, size_t len) uint64_t log; int rc = -1; - if (!secure_mode) - return 0; - name = flash_map_resource_name(id); if (!name) { prlog(PR_EMERG, "container NOT VERIFIED, resource_id=%d " |