From f4c2dae830ed3dca39562b96ff0231001c802ef5 Mon Sep 17 00:00:00 2001 From: Nayna Jain Date: Thu, 8 Oct 2020 19:31:57 -0400 Subject: mowgli: Enable secvar support for Host OS Secure Boot Secure variable support is needed for Host OS Secure Boot key management. This needs to be enabled for each platform, as each platform needs to select the storage and backend drivers to use. This patch adds secure variable support to the mowgli platform. Test Results: After applying the patch, sysfs and device-tree shows secvar entries correctly. # cd /sys/firmware/secvar/ # ls format vars # cat format ibm,edk2-compat-v1 # cd vars # ls KEK PK TS db dbx # cat PK/size 0 # cat KEK/size 0 # cat TS/size 64 # cat db/size 0 # cat dbx/size 0 # ls /proc/device-tree/ibm,secureboot/ compatible hw-key-hash-size name secure-enabled hw-key-hash ibm,cvc phandle trusted-enabled # ls /proc/device-tree/ibm,opal/secvar/status /proc/device-tree/ibm,opal/secvar/status # ls /proc/device-tree/ibm,opal/secvar/ compatible max-var-key-len name status format max-var-size phandle update-status # cat /proc/device-tree/ibm,opal/secvar/status okay# # cat /proc/device-tree/ibm,opal/secvar/format ibm,edk2-compat-v1# Signed-off-by: Nayna Jain Signed-off-by: Klaus Heinrich Kiwi Signed-off-by: Oliver O'Halloran --- platforms/astbmc/mowgli.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/platforms/astbmc/mowgli.c b/platforms/astbmc/mowgli.c index 265cab3..b31a656 100644 --- a/platforms/astbmc/mowgli.c +++ b/platforms/astbmc/mowgli.c @@ -11,6 +11,7 @@ #include #include #include +#include #include "astbmc.h" @@ -45,6 +46,10 @@ static bool mowgli_probe(void) return true; } +static int mowgli_secvar_init(void) +{ + return secvar_main(secboot_tpm_driver, edk2_compatible_v1); +} DECLARE_PLATFORM(mowgli) = { .name = "Mowgli", @@ -61,4 +66,5 @@ DECLARE_PLATFORM(mowgli) = { .exit = astbmc_exit, .terminate = ipmi_terminate, .op_display = op_display_lpc, + .secvar_init = mowgli_secvar_init, }; -- cgit v1.1