| // SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later |
| /* Copyright 2019 IBM Corp. */ |
| |
| #ifndef pr_fmt |
| #define pr_fmt(fmt) "SECVAR: " fmt |
| #endif |
| |
| #include <stdlib.h> |
| #include <skiboot.h> |
| #include <opal.h> |
| #include <libstb/secureboot.h> |
| #include "secvar.h" |
| #include "secvar_devtree.h" |
| |
| struct list_head variable_bank; |
| struct list_head update_bank; |
| |
| int secvar_enabled = 0; // Set to 1 if secvar is supported |
| int secvar_ready = 0; // Set to 1 when base secvar inits correctly |
| |
| // To be filled in by platform.secvar_init |
| struct secvar_storage_driver secvar_storage = {0}; |
| struct secvar_backend_driver secvar_backend = {0}; |
| |
| |
| int secvar_main(struct secvar_storage_driver storage_driver, |
| struct secvar_backend_driver backend_driver) |
| { |
| int rc = OPAL_UNSUPPORTED; |
| |
| prlog(PR_INFO, "Secure variables are supported, initializing secvar\n"); |
| |
| secvar_storage = storage_driver; |
| secvar_backend = backend_driver; |
| |
| secvar_init_devnode(secvar_backend.compatible); |
| |
| secvar_enabled = 1; |
| |
| list_head_init(&variable_bank); |
| list_head_init(&update_bank); |
| |
| /* |
| * Failures here should indicate some kind of hardware problem, |
| * therefore we don't even attempt to continue |
| */ |
| rc = secvar_storage.store_init(); |
| if (rc) |
| secureboot_enforce(); |
| |
| rc = secvar_storage.load_bank(&variable_bank, SECVAR_VARIABLE_BANK); |
| if (rc) |
| goto fail; |
| |
| rc = secvar_storage.load_bank(&update_bank, SECVAR_UPDATE_BANK); |
| if (rc) |
| goto fail; |
| |
| /* |
| * At this point, base secvar is functional. |
| * In the event of some error, boot up to Petitboot in secure mode |
| * with an empty keyring, for an admin to attempt to debug. |
| */ |
| secvar_ready = 1; |
| secvar_set_status("okay"); |
| |
| if (secvar_backend.pre_process) { |
| rc = secvar_backend.pre_process(&variable_bank, &update_bank); |
| if (rc) { |
| prlog(PR_ERR, "Error in backend pre_process = %d\n", rc); |
| /* Early failure state, lock the storage */ |
| secvar_storage.lockdown(); |
| goto soft_fail; |
| } |
| } |
| |
| // Process is required, error if it doesn't exist |
| if (!secvar_backend.process) |
| goto soft_fail; |
| |
| /* Process variable updates from the update bank. */ |
| rc = secvar_backend.process(&variable_bank, &update_bank); |
| |
| /* Create and set the update-status device tree property */ |
| secvar_set_update_status(rc); |
| |
| /* |
| * Only write to the storage if we actually processed updates |
| * OPAL_EMPTY implies no updates were processed |
| * Refer to full table in doc/device-tree/ibm,opal/secvar.rst |
| */ |
| if (rc == OPAL_SUCCESS) { |
| rc = secvar_storage.write_bank(&variable_bank, SECVAR_VARIABLE_BANK); |
| if (rc) |
| goto soft_fail; |
| } |
| /* |
| * Write (and probably clear) the update bank if .process() actually detected |
| * and handled updates in the update bank. Unlike above, this includes error |
| * cases, where the backend should probably be clearing the bank. |
| */ |
| if (rc != OPAL_EMPTY) { |
| rc = secvar_storage.write_bank(&update_bank, |
| SECVAR_UPDATE_BANK); |
| if (rc) |
| goto soft_fail; |
| } |
| /* Unconditionally lock the storage at this point */ |
| secvar_storage.lockdown(); |
| |
| if (secvar_backend.post_process) { |
| rc = secvar_backend.post_process(&variable_bank, &update_bank); |
| if (rc) { |
| prlog(PR_ERR, "Error in backend post_process = %d\n", rc); |
| goto soft_fail; |
| } |
| } |
| |
| prlog(PR_INFO, "secvar initialized successfully\n"); |
| |
| return OPAL_SUCCESS; |
| |
| fail: |
| /* Early failure, base secvar support failed to initialize */ |
| secvar_set_status("fail"); |
| secvar_storage.lockdown(); |
| secvar_set_secure_mode(); |
| |
| prerror("secvar failed to initialize, rc = %04x\n", rc); |
| return rc; |
| |
| soft_fail: |
| /* |
| * Soft-failure, enforce secure boot with an empty keyring in |
| * bootloader for debug/recovery |
| */ |
| clear_bank_list(&variable_bank); |
| clear_bank_list(&update_bank); |
| secvar_storage.lockdown(); |
| secvar_set_secure_mode(); |
| |
| prerror("secvar failed to initialize, rc = %04x\n", rc); |
| return rc; |
| } |