diff mbox series

[RFC,v2,8/8] secureboot: initialize secure variables on secureboot init

Message ID 20190411224551.29401-9-erichte@linux.ibm.com
State RFC
Headers show
Series Initial Skiboot Secure Variable Support | expand

Checks

Context Check Description
snowpatch_ozlabs/snowpatch_job_snowpatch-skiboot-dco success Signed-off-by present
snowpatch_ozlabs/snowpatch_job_snowpatch-skiboot success Test snowpatch/job/snowpatch-skiboot on branch master
snowpatch_ozlabs/apply_patch success Successfully applied on branch master (ff79070d1c4cdc38f2ecb42e45b8322cb1efb819)

Commit Message

Eric Richter April 11, 2019, 10:45 p.m. UTC
The secure variable storage needs to be loaded on boot, as the kernel
or sysadmins may need to access the secure variables.

This is a somewhat temporary initialization spot; it may be better
initialized somewhere else. Secure variable access should be
independent of firmware secure boot.

Signed-off-by: Eric Richter <erichte@linux.ibm.com>
---
 libstb/secureboot.c | 3 +++
 1 file changed, 3 insertions(+)
diff mbox series

Patch

diff --git a/libstb/secureboot.c b/libstb/secureboot.c
index 4f6a301d..a6bc1712 100644
--- a/libstb/secureboot.c
+++ b/libstb/secureboot.c
@@ -24,6 +24,7 @@ 
 #include <opal-api.h>
 #include <inttypes.h>
 #include "secureboot.h"
+#include "secvar.h"
 
 static const void* hw_key_hash = NULL;
 static size_t hw_key_hash_size;
@@ -83,6 +84,8 @@  void secureboot_init(void)
 	int version;
 	size_t size;
 
+	secvar_init();
+
 	node = dt_find_by_path(dt_root, "/ibm,secureboot");
 	if (!node) {
 		prlog(PR_NOTICE, "secure boot not supported\n");