diff options
| author | Nayna Jain <nayna@linux.ibm.com> | 2019-11-05 17:00:22 -0600 |
|---|---|---|
| committer | Michael Ellerman <mpe@ellerman.id.au> | 2019-11-12 12:25:02 +1100 |
| commit | 1a8916ee3ac29054322cdac687d36e1b5894d272 (patch) | |
| tree | 64f2ce5cccea8774b8f5c97baf6ee7de4f5e8b24 /arch/powerpc/kernel/secure_boot.c | |
| parent | da0c9ea146cbe92b832f1b0f694840ea8eb33cce (diff) | |
powerpc: Detect the secure boot mode of the system
This patch defines a function to detect the secure boot state of a
PowerNV system.
The PPC_SECURE_BOOT config represents the base enablement of secure
boot for powerpc.
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
[mpe: Fold in change from Nayna to add "ibm,secureboot" to ids]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/46b003b9-3225-6bf7-9101-ed6580bb748c@linux.ibm.com
Diffstat (limited to 'arch/powerpc/kernel/secure_boot.c')
| -rw-r--r-- | arch/powerpc/kernel/secure_boot.c | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/arch/powerpc/kernel/secure_boot.c b/arch/powerpc/kernel/secure_boot.c new file mode 100644 index 000000000000..583c2c4edaf0 --- /dev/null +++ b/arch/powerpc/kernel/secure_boot.c @@ -0,0 +1,35 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2019 IBM Corporation + * Author: Nayna Jain + */ +#include <linux/types.h> +#include <linux/of.h> +#include <asm/secure_boot.h> + +static struct device_node *get_ppc_fw_sb_node(void) +{ + static const struct of_device_id ids[] = { + { .compatible = "ibm,secureboot", }, + { .compatible = "ibm,secureboot-v1", }, + { .compatible = "ibm,secureboot-v2", }, + {}, + }; + + return of_find_matching_node(NULL, ids); +} + +bool is_ppc_secureboot_enabled(void) +{ + struct device_node *node; + bool enabled = false; + + node = get_ppc_fw_sb_node(); + enabled = of_property_read_bool(node, "os-secureboot-enforcing"); + + of_node_put(node); + + pr_info("Secure boot mode %s\n", enabled ? "enabled" : "disabled"); + + return enabled; +} |