diff mbox

libstb/stb.c: ignore the secure mode flag unless forced in NVRAM

Message ID 1477453075-6406-1-git-send-email-stewart@linux.vnet.ibm.com
State Superseded
Headers show

Commit Message

Stewart Smith Oct. 26, 2016, 3:37 a.m. UTC 
From: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>

For this stage in Trusted Boot development, we are wishing to not
force Secure Mode through the whole firmware boot process, but we
are wanting to be able to test it (classic chicken and egg problem with
build infrastructure).

We disabled secure mode if the secure-enabled devtree property is
read from the device tree *IF* we aren't overriding it through NVRAM.
Seeing as we can only increase (not decrease) what we're checking through
the NVRAM variable, it is safe.

The NVRAM setting is forced-secure-mode=true in the ibm,skiboot partition.

To indicate to Linux that we haven't gone through the whole firmware
process in secure mode, we replace the 'secure-enabled' property with
'partial-secure-enabled', to indicate that only part of the firmware
boot process has gone through secure mode.

Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
[stewart@linux.vnet.ibm.com: add NVRAM flag, modify commit message]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
---
 libstb/stb.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)
diff mbox

Patch

diff --git a/libstb/stb.c b/libstb/stb.c
index 8c8f3803145f..a5db7077bf13 100644
--- a/libstb/stb.c
+++ b/libstb/stb.c
@@ -19,6 +19,7 @@ 
 #include <platform.h>
 #include <string.h>
 #include <stdio.h>
+#include <nvram.h>
 #include "stb.h"
 #include "status_codes.h"
 #include "container.h"
@@ -100,7 +101,7 @@  static void sb_enforce(void)
 
 void stb_init(void)
 {
-	const struct dt_node *ibm_secureboot;
+	struct dt_node *ibm_secureboot;
 	/*
 	 * The ibm,secureboot device tree properties are documented in
 	 * 'doc/device-tree/ibm,secureboot.rst'
@@ -117,8 +118,17 @@  void stb_init(void)
 #else
 	secure_mode = dt_has_node_property(ibm_secureboot, "secure-enabled",
 					   NULL);
-	prlog(PR_NOTICE, "STB: secure mode %s\n",
-	      secure_mode ? "on" : "off");
+
+	if (nvram_query_eq("force-secure-mode", "true")) {
+		prlog(PR_NOTICE, "STB: secure mode on (FORCED by nvram)\n");
+	} else if (secure_mode) {
+		prlog(PR_NOTICE, "STB: secure mode on (but not enforced, core secure mode only)\n");
+		dt_check_del_prop(ibm_secureboot, "secure-enabled");
+		dt_add_property(ibm_secureboot, "partial-secure-enabled", NULL, 0);
+		secure_mode = false;
+	} else {
+		prlog(PR_NOTICE, "STB: secure mode off\n");
+	}
 #endif
 
 #ifdef STB_FORCE_TRUSTED_MODE