secure_boot.c (1348B)
1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Copyright (C) 2019 IBM Corporation 4 * Author: Nayna Jain 5 */ 6#include <linux/types.h> 7#include <linux/of.h> 8#include <asm/secure_boot.h> 9 10static struct device_node *get_ppc_fw_sb_node(void) 11{ 12 static const struct of_device_id ids[] = { 13 { .compatible = "ibm,secureboot", }, 14 { .compatible = "ibm,secureboot-v1", }, 15 { .compatible = "ibm,secureboot-v2", }, 16 {}, 17 }; 18 19 return of_find_matching_node(NULL, ids); 20} 21 22bool is_ppc_secureboot_enabled(void) 23{ 24 struct device_node *node; 25 bool enabled = false; 26 u32 secureboot; 27 28 node = get_ppc_fw_sb_node(); 29 enabled = of_property_read_bool(node, "os-secureboot-enforcing"); 30 of_node_put(node); 31 32 if (enabled) 33 goto out; 34 35 if (!of_property_read_u32(of_root, "ibm,secure-boot", &secureboot)) 36 enabled = (secureboot > 1); 37 38out: 39 pr_info("Secure boot mode %s\n", enabled ? "enabled" : "disabled"); 40 41 return enabled; 42} 43 44bool is_ppc_trustedboot_enabled(void) 45{ 46 struct device_node *node; 47 bool enabled = false; 48 u32 trustedboot; 49 50 node = get_ppc_fw_sb_node(); 51 enabled = of_property_read_bool(node, "trusted-enabled"); 52 of_node_put(node); 53 54 if (enabled) 55 goto out; 56 57 if (!of_property_read_u32(of_root, "ibm,trusted-boot", &trustedboot)) 58 enabled = (trustedboot > 0); 59 60out: 61 pr_info("Trusted boot mode %s\n", enabled ? "enabled" : "disabled"); 62 63 return enabled; 64}