| Message ID | 20200511213152.24952-3-erichte@linux.ibm.com |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | Add initial secure variable storage and backend drivers | expand |
| Context | Check | Description |
|---|---|---|
| snowpatch_ozlabs/apply_patch | success | Successfully applied on branch master (0f1937ef40fca0c3212a9dff1010b832a24fb063) |
| snowpatch_ozlabs/snowpatch_job_snowpatch-skiboot | success | Test snowpatch/job/snowpatch-skiboot on branch master |
| snowpatch_ozlabs/snowpatch_job_snowpatch-skiboot-dco | success | Signed-off-by present |
On Mon, 2020-05-11 at 16:31 -0500, Eric Richter wrote: > From: Nayna Jain <nayna@linux.ibm.com> > > Secure variables are initialized and processed only if FW secureboot > is enabled. This ensures that underlying verification chain is satisfied > and secure variables cannot be faked by a malicious skiboot. This doesn't make any sense. > Signed-off-by: Nayna Jain <nayna@linux.ibm.com> > Signed-off-by: Eric Richter <erichte@linux.ibm.com> > --- > core/init.c | 2 +- > libstb/secureboot.c | 5 +++++ > libstb/secureboot.h | 1 + > 3 files changed, 7 insertions(+), 1 deletion(-) > > diff --git a/core/init.c b/core/init.c > index 63e3f97a..892b4740 100644 > --- a/core/init.c > +++ b/core/init.c > @@ -1263,7 +1263,7 @@ void __noreturn __nomcount main_cpu_entry(const void *fdt) > trustedboot_init(); > > /* Secure variables init, handled by platform */ > - if (platform.secvar_init) > + if (platform.secvar_init && is_fw_secureboot()) > platform.secvar_init(); > > /* > diff --git a/libstb/secureboot.c b/libstb/secureboot.c > index 2a4b975e..f2892400 100644 > --- a/libstb/secureboot.c > +++ b/libstb/secureboot.c > @@ -61,6 +61,11 @@ bool secureboot_is_compatible(struct dt_node *node, int *version, const char **c > return false; > } > > +bool is_fw_secureboot(void) > +{ > + return secure_mode; > +} > + > void secureboot_init(void) > { > struct dt_node *node; > diff --git a/libstb/secureboot.h b/libstb/secureboot.h > index 721b28de..74e93c84 100644 > --- a/libstb/secureboot.h > +++ b/libstb/secureboot.h > @@ -18,6 +18,7 @@ enum secureboot_version { > void secureboot_enforce(void); > bool secureboot_is_compatible(struct dt_node *node, int *version, const char **compat); > void secureboot_init(void); > +bool is_fw_secureboot(void); > > /** > * secureboot_verify - verify a PNOR partition content
diff --git a/core/init.c b/core/init.c index 63e3f97a..892b4740 100644 --- a/core/init.c +++ b/core/init.c @@ -1263,7 +1263,7 @@ void __noreturn __nomcount main_cpu_entry(const void *fdt) trustedboot_init(); /* Secure variables init, handled by platform */ - if (platform.secvar_init) + if (platform.secvar_init && is_fw_secureboot()) platform.secvar_init(); /* diff --git a/libstb/secureboot.c b/libstb/secureboot.c index 2a4b975e..f2892400 100644 --- a/libstb/secureboot.c +++ b/libstb/secureboot.c @@ -61,6 +61,11 @@ bool secureboot_is_compatible(struct dt_node *node, int *version, const char **c return false; } +bool is_fw_secureboot(void) +{ + return secure_mode; +} + void secureboot_init(void) { struct dt_node *node; diff --git a/libstb/secureboot.h b/libstb/secureboot.h index 721b28de..74e93c84 100644 --- a/libstb/secureboot.h +++ b/libstb/secureboot.h @@ -18,6 +18,7 @@ enum secureboot_version { void secureboot_enforce(void); bool secureboot_is_compatible(struct dt_node *node, int *version, const char **compat); void secureboot_init(void); +bool is_fw_secureboot(void); /** * secureboot_verify - verify a PNOR partition content