xref: /linux/arch/powerpc/kernel/secure_boot.c (revision 4b660dbd9ee2059850fd30e0df420ca7a38a1856)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright (C) 2019 IBM Corporation
4  * Author: Nayna Jain
5  */
6 #include <linux/types.h>
7 #include <linux/of.h>
8 #include <asm/secure_boot.h>
9 
10 static struct device_node *get_ppc_fw_sb_node(void)
11 {
12 	static const struct of_device_id ids[] = {
13 		{ .compatible = "ibm,secureboot", },
14 		{ .compatible = "ibm,secureboot-v1", },
15 		{ .compatible = "ibm,secureboot-v2", },
16 		{},
17 	};
18 
19 	return of_find_matching_node(NULL, ids);
20 }
21 
22 bool is_ppc_secureboot_enabled(void)
23 {
24 	struct device_node *node;
25 	bool enabled = false;
26 	u32 secureboot;
27 
28 	node = get_ppc_fw_sb_node();
29 	enabled = of_property_read_bool(node, "os-secureboot-enforcing");
30 	of_node_put(node);
31 
32 	if (enabled)
33 		goto out;
34 
35 	node = of_find_node_by_path("/");
36 	if (!of_property_read_u32(node, "ibm,secure-boot", &secureboot))
37 		enabled = (secureboot > 1);
38 	of_node_put(node);
39 
40 out:
41 	pr_info("Secure boot mode %s\n", enabled ? "enabled" : "disabled");
42 
43 	return enabled;
44 }
45 
46 bool is_ppc_trustedboot_enabled(void)
47 {
48 	struct device_node *node;
49 	bool enabled = false;
50 	u32 trustedboot;
51 
52 	node = get_ppc_fw_sb_node();
53 	enabled = of_property_read_bool(node, "trusted-enabled");
54 	of_node_put(node);
55 
56 	if (enabled)
57 		goto out;
58 
59 	node = of_find_node_by_path("/");
60 	if (!of_property_read_u32(node, "ibm,trusted-boot", &trustedboot))
61 		enabled = (trustedboot > 0);
62 	of_node_put(node);
63 
64 out:
65 	pr_info("Trusted boot mode %s\n", enabled ? "enabled" : "disabled");
66 
67 	return enabled;
68 }
69