diff options
-rw-r--r-- | core/init.c | 7 | ||||
-rw-r--r-- | libstb/cvc.c | 33 | ||||
-rw-r--r-- | libstb/cvc.h | 1 |
3 files changed, 40 insertions, 1 deletions
diff --git a/core/init.c b/core/init.c index 06d5190..0405f5c 100644 --- a/core/init.c +++ b/core/init.c @@ -1062,6 +1062,13 @@ void __noreturn __nomcount main_cpu_entry(const void *fdt) /* ... and add remaining reservations to the DT */ mem_region_add_dt_reserved(); + /* + * Update /ibm,secureboot/ibm,cvc/memory-region to point to + * /reserved-memory/secure-crypt-algo-code instead of + * /ibm,hostboot/reserved-memory/secure-crypt-algo-code. + */ + cvc_update_reserved_memory_phandle(); + prd_register_reserved_memory(); /* On P9, switch to radix mode by default */ diff --git a/libstb/cvc.c b/libstb/cvc.c index 4faeb96..e9df190 100644 --- a/libstb/cvc.c +++ b/libstb/cvc.c @@ -47,6 +47,9 @@ static struct container_verification_code *cvc = NULL; static bool softrom = false; static void *secure_rom_mem = NULL; +static struct dt_node *cvc_resv_mem = NULL; +static struct dt_node *cvc_node = NULL; + struct cvc_service { int id; uint64_t addr; /* base_addr + offset */ @@ -137,7 +140,6 @@ static void cvc_service_register(uint32_t id, uint32_t offset, uint32_t version) static int cvc_reserved_mem_init(struct dt_node *parent) { struct dt_node *node, *service; struct dt_node *reserved_mem; - struct dt_node *cvc_resv_mem = NULL; uint32_t phandle; uint64_t addr, size; @@ -156,6 +158,7 @@ static int cvc_reserved_mem_init(struct dt_node *parent) { if (dt_node_is_compatible(node, "ibm,container-verification-code")) { phandle = dt_prop_get_u32(node, "memory-region"); cvc_resv_mem = dt_find_by_phandle(reserved_mem, phandle); + cvc_node = node; break; } } @@ -218,6 +221,34 @@ static int cvc_secure_rom_init(void) { return 0; } +void cvc_update_reserved_memory_phandle(void) { + struct dt_node *reserved_mem; + + if (!cvc_resv_mem || !cvc_node) + return; + + /* + * The linux documentation, reserved-memory.txt, says that memory-region + * is a phandle that pairs to a children of /reserved-memory + */ + reserved_mem = dt_find_by_path(dt_root, "/reserved-memory"); + if (!reserved_mem) { + prlog(PR_ERR, "/reserved-memory not found\n"); + return; + } + cvc_resv_mem = dt_find_by_name(reserved_mem, cvc_resv_mem->name); + if (cvc_resv_mem) { + dt_check_del_prop(cvc_node, "memory-region"); + dt_add_property_cells(cvc_node, "memory-region", cvc_resv_mem->phandle); + } else { + prlog(PR_WARNING, "CVC not found in /reserved-memory\n"); + return; + } + + cvc_resv_mem = NULL; + cvc_node = NULL; +} + int cvc_init(void) { struct dt_node *node; diff --git a/libstb/cvc.h b/libstb/cvc.h index 13c1b33..6bbd3a3 100644 --- a/libstb/cvc.h +++ b/libstb/cvc.h @@ -22,6 +22,7 @@ enum cvc_service_id { CVC_VERIFY_SERVICE, }; +void cvc_update_reserved_memory_phandle(void); int cvc_init(void); /************************************************************************ |