1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
/* Copyright 2013-2019 IBM Corp. */
#include <device.h>
#include <string.h>
#include "secvar.h"
#include "secvar_devtree.h"
struct dt_node *secvar_node;
int secvar_set_secure_mode(void)
{
struct dt_node *sb_root;
struct dt_property *prop;
if (!secvar_node)
return -1;
sb_root = dt_find_by_path(dt_root, "/ibm,secureboot/");
prop = (struct dt_property *) dt_find_property(sb_root, "os-secureboot-enforcing");
if (prop)
return 0;
prop = dt_add_property(sb_root, "os-secureboot-enforcing", NULL, 0);
if (!prop)
return -2;
return 0;
}
void secvar_init_devnode(const char *compatible)
{
struct dt_node *sb_root;
sb_root = dt_find_by_path(dt_root, "/ibm,opal/");
secvar_node = dt_new(sb_root, "secvar");
dt_add_property_strings(secvar_node, "compatible", "ibm,secvar-backend", compatible);
dt_add_property_string(secvar_node, "format", compatible);
dt_add_property_u64(secvar_node, "max-var-size", secvar_storage.max_var_size);
dt_add_property_u64(secvar_node, "max-var-key-len", SECVAR_MAX_KEY_LEN);
}
void secvar_set_status(const char *status)
{
if (!secvar_node)
return; // Fail boot?
/* This function should only be called once */
dt_add_property_string(secvar_node, "status", status);
}
void secvar_set_update_status(uint64_t val)
{
if (!secvar_node)
return;
if (dt_find_property(secvar_node, "update-status"))
return;
dt_add_property_u64(secvar_node, "update-status", val);
}
bool secvar_check_physical_presence(void)
{
struct dt_node *secureboot;
secureboot = dt_find_by_path(dt_root, "ibm,secureboot");
if (!secureboot)
return false;
if (dt_find_property(secureboot, "clear-os-keys")
|| dt_find_property(secureboot, "clear-all-keys")
|| dt_find_property(secureboot, "clear-mfg-keys"))
return true;
return false;
}
|
