From patchwork Mon Jan 20 02:37:00 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1225604 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 481GBV4fzgz9sPJ for ; Mon, 20 Jan 2020 13:41:06 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 481GBV3tCVzDqY2 for ; Mon, 20 Jan 2020 13:41:06 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 481G6B3g9LzDqY2 for ; Mon, 20 Jan 2020 13:37:22 +1100 (AEDT) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 00K2WqDL003549 for ; Sun, 19 Jan 2020 21:37:20 -0500 Received: from e06smtp02.uk.ibm.com (e06smtp02.uk.ibm.com [195.75.94.98]) by mx0b-001b2d01.pphosted.com with ESMTP id 2xmg378402-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 19 Jan 2020 21:37:19 -0500 Received: from localhost by e06smtp02.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 20 Jan 2020 02:37:18 -0000 Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197) by e06smtp02.uk.ibm.com (192.168.101.132) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 20 Jan 2020 02:37:17 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 00K2bFuh52232210 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 20 Jan 2020 02:37:15 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A5EC04C04A; Mon, 20 Jan 2020 02:37:15 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0260A4C040; Mon, 20 Jan 2020 02:37:15 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.80.231.232]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 20 Jan 2020 02:37:14 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Sun, 19 Jan 2020 20:37:00 -0600 X-Mailer: git-send-email 2.21.0 In-Reply-To: <20200120023700.5373-1-erichte@linux.ibm.com> References: <20200120023700.5373-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 20012002-0008-0000-0000-0000034AE753 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 20012002-0009-0000-0000-00004A6B486C Message-Id: <20200120023700.5373-13-erichte@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-01-19_08:2020-01-16, 2020-01-19 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 clxscore=1015 mlxlogscore=999 suspectscore=1 phishscore=0 malwarescore=0 impostorscore=0 bulkscore=0 lowpriorityscore=0 mlxscore=0 adultscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-2001200020 Subject: [Skiboot] [PATCH v2 12/12] witherspoon: enable secvar for witherspoon platform X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" Secure variable support needs to be enabled for each platform, and each platform needs to select which storage and backend drivers to use (or alternatively implement their own). This patch adds secure variable support to the witherspoon platform. NOTE: This patch includes commented out code to enable "Fake NV" mode, intended for review purposes only. To review or test secure variables on a non-witherspoon platform, replace this patch with a similar one for your given platform with the Fake NV lines uncommented. Signed-off-by: Eric Richter --- platforms/astbmc/witherspoon.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/platforms/astbmc/witherspoon.c b/platforms/astbmc/witherspoon.c index c576a176..cbaa9b97 100644 --- a/platforms/astbmc/witherspoon.c +++ b/platforms/astbmc/witherspoon.c @@ -17,6 +17,9 @@ #include #include #include +#include +#include "libstb/secvar/secvar_tpmnv.h" +#include "libstb/secvar/storage/secboot_tpm.h" #include "astbmc.h" #include "ast.h" @@ -506,6 +509,15 @@ static void witherspoon_finalise_dt(bool is_reboot) } } +static int witherspoon_secvar_init(void) +{ + // REMOVE THESE TO USE ACTUAL TPM +// tpm_fake_nv = 1; +// tpm_fake_nv_offset = sizeof(struct secboot); + + return secvar_main(secboot_tpm_driver, edk2_compatible_v1); +} + /* The only difference between these is the PCI slot handling */ DECLARE_PLATFORM(witherspoon) = { @@ -527,4 +539,5 @@ DECLARE_PLATFORM(witherspoon) = { .ocapi = &witherspoon_ocapi, .npu2_device_detect = witherspoon_npu2_device_detect, .op_display = op_display_lpc, + .secvar_init = witherspoon_secvar_init, };