1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 2019 IBM Corporation 4 * Author: Nayna Jain 5 */ 6 #include <linux/types.h> 7 #include <linux/of.h> 8 #include <linux/secure_boot.h> 9 #include <linux/string_choices.h> 10 #include <asm/secure_boot.h> 11 12 static struct device_node *get_ppc_fw_sb_node(void) 13 { 14 static const struct of_device_id ids[] = { 15 { .compatible = "ibm,secureboot", }, 16 { .compatible = "ibm,secureboot-v1", }, 17 { .compatible = "ibm,secureboot-v2", }, 18 {}, 19 }; 20 21 return of_find_matching_node(NULL, ids); 22 } 23 24 bool is_ppc_secureboot_enabled(void) 25 { 26 struct device_node *node; 27 bool enabled = false; 28 u32 secureboot; 29 30 node = get_ppc_fw_sb_node(); 31 enabled = of_property_read_bool(node, "os-secureboot-enforcing"); 32 of_node_put(node); 33 34 if (enabled) 35 goto out; 36 37 node = of_find_node_by_path("/"); 38 if (!of_property_read_u32(node, "ibm,secure-boot", &secureboot)) 39 enabled = (secureboot > 1); 40 of_node_put(node); 41 42 out: 43 pr_info("Secure boot mode %s\n", str_enabled_disabled(enabled)); 44 45 return enabled; 46 } 47 48 bool arch_get_secureboot(void) 49 { 50 return is_ppc_secureboot_enabled(); 51 } 52 53 bool is_ppc_trustedboot_enabled(void) 54 { 55 struct device_node *node; 56 bool enabled = false; 57 u32 trustedboot; 58 59 node = get_ppc_fw_sb_node(); 60 enabled = of_property_read_bool(node, "trusted-enabled"); 61 of_node_put(node); 62 63 if (enabled) 64 goto out; 65 66 node = of_find_node_by_path("/"); 67 if (!of_property_read_u32(node, "ibm,trusted-boot", &trustedboot)) 68 enabled = (trustedboot > 0); 69 of_node_put(node); 70 71 out: 72 pr_info("Trusted boot mode %s\n", str_enabled_disabled(enabled)); 73 74 return enabled; 75 } 76