libstb/secvar/secvar_devtree.c - skiboot - Git at Google

 // SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 /* Copyright 2013-2019 IBM Corp. */

 #include <device.h>
 #include <string.h>
 #include "secvar.h"
 #include "secvar_devtree.h"

 struct dt_node *secvar_node;

 int secvar_set_secure_mode(void)
 {
 	struct dt_node *sb_root;
 	struct dt_property *prop;

 	if (!secvar_node)
 		return -1;

 	sb_root = dt_find_by_path(dt_root, "/ibm,secureboot/");

 	prop = (struct dt_property *) dt_find_property(sb_root, "os-secureboot-enforcing");
 	if (prop)
 		return 0;

 	prop = dt_add_property(sb_root, "os-secureboot-enforcing", NULL, 0);
 	if (!prop)
 		return -2;

 	return 0;
 }

 void secvar_init_devnode(const char *compatible)
 {
 	struct dt_node *sb_root;

 	sb_root = dt_find_by_path(dt_root, "/ibm,opal/");

 	secvar_node = dt_new(sb_root, "secvar");

 	dt_add_property_strings(secvar_node, "compatible", "ibm,secvar-backend", compatible);
 	dt_add_property_string(secvar_node, "format", compatible);
 	dt_add_property_u64(secvar_node, "max-var-size", secvar_storage.max_var_size);
 	dt_add_property_u64(secvar_node, "max-var-key-len", SECVAR_MAX_KEY_LEN);
 }

 void secvar_set_status(const char *status)
 {
 	if (!secvar_node)
 		return; // Fail boot?

 	/* This function should only be called once */
 	dt_add_property_string(secvar_node, "status", status);
 }


 void secvar_set_update_status(uint64_t val)
 {
 	if (!secvar_node)
 		return;

 	if (dt_find_property(secvar_node, "update-status"))
 		return;

 	dt_add_property_u64(secvar_node, "update-status", val);
 }

 bool secvar_check_physical_presence(void)
 {
 	struct dt_node *secureboot;

 	secureboot = dt_find_by_path(dt_root, "ibm,secureboot");
 	if (!secureboot)
 		return false;

 	if (dt_find_property(secureboot, "clear-os-keys")
 			|| dt_find_property(secureboot, "clear-all-keys")
 			|| dt_find_property(secureboot, "clear-mfg-keys"))
 		return true;

 	return false;
 }
	// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
	/* Copyright 2013-2019 IBM Corp. */

	#include <device.h>
	#include <string.h>
	#include "secvar.h"
	#include "secvar_devtree.h"

	struct dt_node *secvar_node;

	int secvar_set_secure_mode(void)
	{
	struct dt_node *sb_root;
	struct dt_property *prop;

	if (!secvar_node)
	return -1;

	sb_root = dt_find_by_path(dt_root, "/ibm,secureboot/");

	prop = (struct dt_property *) dt_find_property(sb_root, "os-secureboot-enforcing");
	if (prop)
	return 0;

	prop = dt_add_property(sb_root, "os-secureboot-enforcing", NULL, 0);
	if (!prop)
	return -2;

	return 0;
	}

	void secvar_init_devnode(const char *compatible)
	{
	struct dt_node *sb_root;

	sb_root = dt_find_by_path(dt_root, "/ibm,opal/");

	secvar_node = dt_new(sb_root, "secvar");

	dt_add_property_strings(secvar_node, "compatible", "ibm,secvar-backend", compatible);
	dt_add_property_string(secvar_node, "format", compatible);
	dt_add_property_u64(secvar_node, "max-var-size", secvar_storage.max_var_size);
	dt_add_property_u64(secvar_node, "max-var-key-len", SECVAR_MAX_KEY_LEN);
	}

	void secvar_set_status(const char *status)
	{
	if (!secvar_node)
	return; // Fail boot?

	/* This function should only be called once */
	dt_add_property_string(secvar_node, "status", status);
	}


	void secvar_set_update_status(uint64_t val)
	{
	if (!secvar_node)
	return;

	if (dt_find_property(secvar_node, "update-status"))
	return;

	dt_add_property_u64(secvar_node, "update-status", val);
	}

	bool secvar_check_physical_presence(void)
	{
	struct dt_node *secureboot;

	secureboot = dt_find_by_path(dt_root, "ibm,secureboot");
	if (!secureboot)
	return false;

	if (dt_find_property(secureboot, "clear-os-keys")
	\|\| dt_find_property(secureboot, "clear-all-keys")
	\|\| dt_find_property(secureboot, "clear-mfg-keys"))
	return true;

	return false;
	}