libstb/secvar/secvar_main.c - skiboot - Git at Google

 // SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 /* Copyright 2019 IBM Corp. */

 #ifndef pr_fmt
 #define pr_fmt(fmt) "SECVAR: " fmt
 #endif

 #include <stdlib.h>
 #include <skiboot.h>
 #include <opal.h>
 #include <libstb/secureboot.h>
 #include "secvar.h"
 #include "secvar_devtree.h"

 struct list_head variable_bank;
 struct list_head update_bank;

 int secvar_enabled = 0;	// Set to 1 if secvar is supported
 int secvar_ready = 0;	// Set to 1 when base secvar inits correctly

 // To be filled in by platform.secvar_init
 struct secvar_storage_driver secvar_storage = {0};
 struct secvar_backend_driver secvar_backend = {0};


 int secvar_main(struct secvar_storage_driver storage_driver,
                struct secvar_backend_driver backend_driver)
 {
 	int rc = OPAL_UNSUPPORTED;

 	prlog(PR_INFO, "Secure variables are supported, initializing secvar\n");

 	secvar_storage = storage_driver;
 	secvar_backend = backend_driver;

 	secvar_init_devnode(secvar_backend.compatible);

 	secvar_enabled = 1;

 	list_head_init(&variable_bank);
 	list_head_init(&update_bank);

 	/*
 	 * Failures here should indicate some kind of hardware problem,
 	 * therefore we don't even attempt to continue
 	 */
 	rc = secvar_storage.store_init();
 	if (rc)
 		secureboot_enforce();

 	rc = secvar_storage.load_bank(&variable_bank, SECVAR_VARIABLE_BANK);
 	if (rc)
 		goto fail;

 	rc = secvar_storage.load_bank(&update_bank, SECVAR_UPDATE_BANK);
 	if (rc)
 		goto fail;

 	/*
 	 * At this point, base secvar is functional.
 	 * In the event of some error, boot up to Petitboot in secure mode
 	 * with an empty keyring, for an admin to attempt to debug.
 	 */
 	secvar_ready = 1;
 	secvar_set_status("okay");

 	if (secvar_backend.pre_process) {
 		rc = secvar_backend.pre_process(&variable_bank, &update_bank);
 		if (rc) {
 			prlog(PR_ERR, "Error in backend pre_process = %d\n", rc);
 			/* Early failure state, lock the storage */
 			secvar_storage.lockdown();
 			goto soft_fail;
 		}
 	}

 	// Process is required, error if it doesn't exist
 	if (!secvar_backend.process)
 		goto soft_fail;

 	/* Process variable updates from the update bank. */
 	rc = secvar_backend.process(&variable_bank, &update_bank);

 	/* Create and set the update-status device tree property */
 	secvar_set_update_status(rc);

 	/*
 	 * Only write to the storage if we actually processed updates
 	 * OPAL_EMPTY implies no updates were processed
 	 * Refer to full table in doc/device-tree/ibm,opal/secvar.rst
 	 */
 	if (rc == OPAL_SUCCESS) {
 		rc = secvar_storage.write_bank(&variable_bank, SECVAR_VARIABLE_BANK);
 		if (rc)
 			goto soft_fail;
 	}
 	/*
 	 * Write (and probably clear) the update bank if .process() actually detected
 	 * and handled updates in the update bank. Unlike above, this includes error
 	 * cases, where the backend should probably be clearing the bank.
 	 */
 	if (rc != OPAL_EMPTY) {
 		rc = secvar_storage.write_bank(&update_bank,
 					       SECVAR_UPDATE_BANK);
 		if (rc)
 			goto soft_fail;
 	}
 	/* Unconditionally lock the storage at this point */
 	secvar_storage.lockdown();

 	if (secvar_backend.post_process) {
 		rc = secvar_backend.post_process(&variable_bank, &update_bank);
 		if (rc) {
 			prlog(PR_ERR, "Error in backend post_process = %d\n", rc);
 			goto soft_fail;
 		}
 	}

 	prlog(PR_INFO, "secvar initialized successfully\n");

 	return OPAL_SUCCESS;

 fail:
 	/* Early failure, base secvar support failed to initialize */
 	secvar_set_status("fail");
 	secvar_storage.lockdown();
 	secvar_set_secure_mode();

 	prerror("secvar failed to initialize, rc = %04x\n", rc);
 	return rc;

 soft_fail:
 	/*
 	 * Soft-failure, enforce secure boot with an empty keyring in
 	 * bootloader for debug/recovery
 	 */
 	clear_bank_list(&variable_bank);
 	clear_bank_list(&update_bank);
 	secvar_storage.lockdown();
 	secvar_set_secure_mode();

 	prerror("secvar failed to initialize, rc = %04x\n", rc);
 	return rc;
 }
	// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
	/* Copyright 2019 IBM Corp. */

	#ifndef pr_fmt
	#define pr_fmt(fmt) "SECVAR: " fmt
	#endif

	#include <stdlib.h>
	#include <skiboot.h>
	#include <opal.h>
	#include <libstb/secureboot.h>
	#include "secvar.h"
	#include "secvar_devtree.h"

	struct list_head variable_bank;
	struct list_head update_bank;

	int secvar_enabled = 0; // Set to 1 if secvar is supported
	int secvar_ready = 0; // Set to 1 when base secvar inits correctly

	// To be filled in by platform.secvar_init
	struct secvar_storage_driver secvar_storage = {0};
	struct secvar_backend_driver secvar_backend = {0};


	int secvar_main(struct secvar_storage_driver storage_driver,
	struct secvar_backend_driver backend_driver)
	{
	int rc = OPAL_UNSUPPORTED;

	prlog(PR_INFO, "Secure variables are supported, initializing secvar\n");

	secvar_storage = storage_driver;
	secvar_backend = backend_driver;

	secvar_init_devnode(secvar_backend.compatible);

	secvar_enabled = 1;

	list_head_init(&variable_bank);
	list_head_init(&update_bank);

	/*
	* Failures here should indicate some kind of hardware problem,
	* therefore we don't even attempt to continue
	*/
	rc = secvar_storage.store_init();
	if (rc)
	secureboot_enforce();

	rc = secvar_storage.load_bank(&variable_bank, SECVAR_VARIABLE_BANK);
	if (rc)
	goto fail;

	rc = secvar_storage.load_bank(&update_bank, SECVAR_UPDATE_BANK);
	if (rc)
	goto fail;

	/*
	* At this point, base secvar is functional.
	* In the event of some error, boot up to Petitboot in secure mode
	* with an empty keyring, for an admin to attempt to debug.
	*/
	secvar_ready = 1;
	secvar_set_status("okay");

	if (secvar_backend.pre_process) {
	rc = secvar_backend.pre_process(&variable_bank, &update_bank);
	if (rc) {
	prlog(PR_ERR, "Error in backend pre_process = %d\n", rc);
	/* Early failure state, lock the storage */
	secvar_storage.lockdown();
	goto soft_fail;
	}
	}

	// Process is required, error if it doesn't exist
	if (!secvar_backend.process)
	goto soft_fail;

	/* Process variable updates from the update bank. */
	rc = secvar_backend.process(&variable_bank, &update_bank);

	/* Create and set the update-status device tree property */
	secvar_set_update_status(rc);

	/*
	* Only write to the storage if we actually processed updates
	* OPAL_EMPTY implies no updates were processed
	* Refer to full table in doc/device-tree/ibm,opal/secvar.rst
	*/
	if (rc == OPAL_SUCCESS) {
	rc = secvar_storage.write_bank(&variable_bank, SECVAR_VARIABLE_BANK);
	if (rc)
	goto soft_fail;
	}
	/*
	* Write (and probably clear) the update bank if .process() actually detected
	* and handled updates in the update bank. Unlike above, this includes error
	* cases, where the backend should probably be clearing the bank.
	*/
	if (rc != OPAL_EMPTY) {
	rc = secvar_storage.write_bank(&update_bank,
	SECVAR_UPDATE_BANK);
	if (rc)
	goto soft_fail;
	}
	/* Unconditionally lock the storage at this point */
	secvar_storage.lockdown();

	if (secvar_backend.post_process) {
	rc = secvar_backend.post_process(&variable_bank, &update_bank);
	if (rc) {
	prlog(PR_ERR, "Error in backend post_process = %d\n", rc);
	goto soft_fail;
	}
	}

	prlog(PR_INFO, "secvar initialized successfully\n");

	return OPAL_SUCCESS;

	fail:
	/* Early failure, base secvar support failed to initialize */
	secvar_set_status("fail");
	secvar_storage.lockdown();
	secvar_set_secure_mode();

	prerror("secvar failed to initialize, rc = %04x\n", rc);
	return rc;

	soft_fail:
	/*
	* Soft-failure, enforce secure boot with an empty keyring in
	* bootloader for debug/recovery
	*/
	clear_bank_list(&variable_bank);
	clear_bank_list(&update_bank);
	secvar_storage.lockdown();
	secvar_set_secure_mode();

	prerror("secvar failed to initialize, rc = %04x\n", rc);
	return rc;
	}