diff mbox series

libstb/secvar: remove hard stop if storage driver fails to initialize

Message ID 20201006222537.26119-1-erichte@linux.ibm.com
State Accepted
Headers show
Series libstb/secvar: remove hard stop if storage driver fails to initialize | expand

Checks

Context Check Description
snowpatch_ozlabs/apply_patch success Successfully applied on branch master (f901fcafae14d38e29f1cc11440086ee678785d0)
snowpatch_ozlabs/snowpatch_job_snowpatch-skiboot success Test snowpatch/job/snowpatch-skiboot on branch master
snowpatch_ozlabs/snowpatch_job_snowpatch-skiboot-dco success Signed-off-by present

Commit Message

Eric Richter Oct. 6, 2020, 10:25 p.m. UTC
If the storage driver failed to initialize, secvar would immediately
terminate the boot. The original intent was to fail early, however this
has proven to affect usability as it prevents the machine from being
able to boot even to skiroot/petitboot.

This patch instead causes secvar to halt at petitboot in
secure-enforcing mode, without any keys or secvar support.

Signed-off-by: Eric Richter <erichte@linux.ibm.com>
---
 doc/secvar/driver-api.rst   | 8 ++++----
 libstb/secvar/secvar_main.c | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)
diff mbox series

Patch

diff --git a/doc/secvar/driver-api.rst b/doc/secvar/driver-api.rst
index 32ca5785..80986910 100644
--- a/doc/secvar/driver-api.rst
+++ b/doc/secvar/driver-api.rst
@@ -57,10 +57,10 @@  intialization. This hook should perform any initialization logic required for
 the other hooks to operate.
 
 IMPORTANT: If this hook returns an error (non-zero) code, secvar will
-immediately halt the boot. When implementing this hook, consider the
-implications of any errors in initialization, and whether they may affect the
-secure state. For example, if secure state is indeterminable due to some
-hardware failure, this is grounds for a halt.
+quit initializing, and instruct petitboot to halt the boot. When implementing
+this hook, consider the implications of any errors in initialization, and
+whether they may affect the secure state. For example, if secure state is
+indeterminable due to some hardware failure, this is grounds for a halt.
 
 This hook should only be called once. Subsequent calls should have no effect,
 or raise an error.
diff --git a/libstb/secvar/secvar_main.c b/libstb/secvar/secvar_main.c
index 759d8ef4..e38ca967 100644
--- a/libstb/secvar/secvar_main.c
+++ b/libstb/secvar/secvar_main.c
@@ -46,7 +46,7 @@  int secvar_main(struct secvar_storage_driver storage_driver,
 	 */
 	rc = secvar_storage.store_init();
 	if (rc)
-		secureboot_enforce();
+		goto fail;
 
 	rc = secvar_storage.load_bank(&variable_bank, SECVAR_VARIABLE_BANK);
 	if (rc)