diff mbox series

[RFC,v2,3/8] platform.h: add secure variable storage hooks

Message ID 20190411224551.29401-4-erichte@linux.ibm.com
State RFC
Headers show
Series Initial Skiboot Secure Variable Support | expand

Checks

Context Check Description
snowpatch_ozlabs/snowpatch_job_snowpatch-skiboot-dco success Signed-off-by present
snowpatch_ozlabs/snowpatch_job_snowpatch-skiboot success Test snowpatch/job/snowpatch-skiboot on branch master
snowpatch_ozlabs/apply_patch success Successfully applied on branch master (ff79070d1c4cdc38f2ecb42e45b8322cb1efb819)

Commit Message

Eric Richter April 11, 2019, 10:45 p.m. UTC
Different platforms may support a range of features that can be used for persistent
secure variable storage. This patch adds the following hooks to the platform struct,
to be implemented by platforms that support secure variables:

 - secvar_platform_init
 - secvar_load_bank
 - secvar_write_bank

secvar_platform_init performs any loading or initialization that the platform may
need to prepare the internal banks. This may include initialization or formatting
of a pnor section, TPM, etc.

secvar_load_bank loads a bank from the platform's storage into the in-memory cache.

secvar_write_bank takes an in-memory cache and writes it to the platform's storage.

A subsequent patch will provide an implementation that should be usable for most
p9 systems that use the SECBOOT pnor partition.

Signed-off-by: Eric Richter <erichte@linux.ibm.com>
---
 include/platform.h | 5 +++++
 1 file changed, 5 insertions(+)
diff mbox series

Patch

diff --git a/include/platform.h b/include/platform.h
index 0cc9c234..c4aa92a0 100644
--- a/include/platform.h
+++ b/include/platform.h
@@ -185,6 +185,11 @@  struct platform {
 	int (*secboot_read)(void *dst, uint32_t src, uint32_t len);
 	int (*secboot_write)(uint32_t dst, void *src, uint32_t len);
 
+	// TODO: Document this
+	int (*secvar_platform_init)(void);
+	int (*secvar_load_bank)(struct list_head *bank, int section);
+	int (*secvar_write_bank)(struct list_head *bank, int section);
+
 	/*
 	 * OCC timeout. This return how long we should wait for the OCC
 	 * before timing out. This lets us use a high value on larger FSP