| Message ID | 20200120023700.5373-13-erichte@linux.ibm.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Add initial secure variable storage and backend drivers | expand |
| Context | Check | Description |
|---|---|---|
| snowpatch_ozlabs/apply_patch | warning | Failed to apply on branch master (d75e82dbfbb9443efeb3f9a5921ac23605aab469) |
| snowpatch_ozlabs/apply_patch | fail | Failed to apply to any branch |
On 1/19/20 9:37 PM, Eric Richter wrote: > Secure variable support needs to be enabled for each platform, and each > platform needs to select which storage and backend drivers to use (or > alternatively implement their own). This patch adds secure variable > support to the witherspoon platform. > > NOTE: This patch includes commented out code to enable "Fake NV" mode, > intended for review purposes only. To review or test secure variables > on a non-witherspoon platform, replace this patch with a similar > one for your given platform with the Fake NV lines uncommented. > > Signed-off-by: Eric Richter <erichte@linux.ibm.com> > --- > platforms/astbmc/witherspoon.c | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > > diff --git a/platforms/astbmc/witherspoon.c b/platforms/astbmc/witherspoon.c > index c576a176..cbaa9b97 100644 > --- a/platforms/astbmc/witherspoon.c > +++ b/platforms/astbmc/witherspoon.c > @@ -17,6 +17,9 @@ > #include <npu2.h> > #include <occ.h> > #include <i2c.h> > +#include <secvar.h> > +#include "libstb/secvar/secvar_tpmnv.h" > +#include "libstb/secvar/storage/secboot_tpm.h" > > #include "astbmc.h" > #include "ast.h" > @@ -506,6 +509,15 @@ static void witherspoon_finalise_dt(bool is_reboot) > } > } > > +static int witherspoon_secvar_init(void) > +{ > + // REMOVE THESE TO USE ACTUAL TPM > +// tpm_fake_nv = 1; > +// tpm_fake_nv_offset = sizeof(struct secboot); > + > + return secvar_main(secboot_tpm_driver, edk2_compatible_v1); looks like whitespace error here ; use tabs > +} > + > /* The only difference between these is the PCI slot handling */ > > DECLARE_PLATFORM(witherspoon) = { > @@ -527,4 +539,5 @@ DECLARE_PLATFORM(witherspoon) = { > .ocapi = &witherspoon_ocapi, > .npu2_device_detect = witherspoon_npu2_device_detect, > .op_display = op_display_lpc, > + .secvar_init = witherspoon_secvar_init, > };
diff --git a/platforms/astbmc/witherspoon.c b/platforms/astbmc/witherspoon.c index c576a176..cbaa9b97 100644 --- a/platforms/astbmc/witherspoon.c +++ b/platforms/astbmc/witherspoon.c @@ -17,6 +17,9 @@ #include <npu2.h> #include <occ.h> #include <i2c.h> +#include <secvar.h> +#include "libstb/secvar/secvar_tpmnv.h" +#include "libstb/secvar/storage/secboot_tpm.h" #include "astbmc.h" #include "ast.h" @@ -506,6 +509,15 @@ static void witherspoon_finalise_dt(bool is_reboot) } } +static int witherspoon_secvar_init(void) +{ + // REMOVE THESE TO USE ACTUAL TPM +// tpm_fake_nv = 1; +// tpm_fake_nv_offset = sizeof(struct secboot); + + return secvar_main(secboot_tpm_driver, edk2_compatible_v1); +} + /* The only difference between these is the PCI slot handling */ DECLARE_PLATFORM(witherspoon) = { @@ -527,4 +539,5 @@ DECLARE_PLATFORM(witherspoon) = { .ocapi = &witherspoon_ocapi, .npu2_device_detect = witherspoon_npu2_device_detect, .op_display = op_display_lpc, + .secvar_init = witherspoon_secvar_init, };
Secure variable support needs to be enabled for each platform, and each platform needs to select which storage and backend drivers to use (or alternatively implement their own). This patch adds secure variable support to the witherspoon platform. NOTE: This patch includes commented out code to enable "Fake NV" mode, intended for review purposes only. To review or test secure variables on a non-witherspoon platform, replace this patch with a similar one for your given platform with the Fake NV lines uncommented. Signed-off-by: Eric Richter <erichte@linux.ibm.com> --- platforms/astbmc/witherspoon.c | 13 +++++++++++++ 1 file changed, 13 insertions(+)