diff options
author | Michael Neuling <mikey@neuling.org> | 2019-05-13 17:09:39 +1000 |
---|---|---|
committer | Stewart Smith <stewart@linux.ibm.com> | 2019-05-15 15:43:19 +1000 |
commit | 5beda3c6fe5b72aac95b4c13746ae598dfd64c01 (patch) | |
tree | 9f8db43611af7bf743c4a70c6843fb5e614be400 /libstb | |
parent | c8b5e8a95caf029ffe73ea18769fdd7f2da48ab4 (diff) | |
download | skiboot-5beda3c6fe5b72aac95b4c13746ae598dfd64c01.zip skiboot-5beda3c6fe5b72aac95b4c13746ae598dfd64c01.tar.gz skiboot-5beda3c6fe5b72aac95b4c13746ae598dfd64c01.tar.bz2 |
nvram: Flag dangerous NVRAM options
Most nvram options used by skiboot are just for debug or testing for
regressions. They should never be used long term.
We've hit a number of issues in testing and the field where nvram
options have been set "temporarily" but haven't been properly cleared
after, resulting in crashes or real bugs being masked.
This patch marks most nvram options used by skiboot as dangerous and
prints a chicken to remind users of the problem.
Signed-off-by: Michael Neuling <mikey@neuling.org>
Reviewed-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Acked-By: Alistair Popple <alistair@popple.id.au>
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
Diffstat (limited to 'libstb')
-rw-r--r-- | libstb/secureboot.c | 2 | ||||
-rw-r--r-- | libstb/trustedboot.c | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/libstb/secureboot.c b/libstb/secureboot.c index 4f6a301..1578f52 100644 --- a/libstb/secureboot.c +++ b/libstb/secureboot.c @@ -104,7 +104,7 @@ void secureboot_init(void) prlog(PR_DEBUG, "Found %s\n", compat); - if (nvram_query_eq("force-secure-mode", "always")) { + if (nvram_query_eq_dangerous("force-secure-mode", "always")) { secure_mode = true; prlog(PR_NOTICE, "secure mode on (FORCED by nvram)\n"); } else { diff --git a/libstb/trustedboot.c b/libstb/trustedboot.c index ae2cc55..d9bacb2 100644 --- a/libstb/trustedboot.c +++ b/libstb/trustedboot.c @@ -102,7 +102,7 @@ void trustedboot_init(void) return; } - if (nvram_query_eq("force-trusted-mode", "true")) { + if (nvram_query_eq_dangerous("force-trusted-mode", "true")) { trusted_mode = true; prlog(PR_NOTICE, "trusted mode on (FORCED by nvram)\n"); } else { |