1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 2019 IBM Corporation 4 * Author: Nayna Jain 5 */ 6 #include <linux/types.h> 7 #include <linux/of.h> 8 #include <asm/secure_boot.h> 9 10 static struct device_node *get_ppc_fw_sb_node(void) 11 { 12 static const struct of_device_id ids[] = { 13 { .compatible = "ibm,secureboot", }, 14 { .compatible = "ibm,secureboot-v1", }, 15 { .compatible = "ibm,secureboot-v2", }, 16 {}, 17 }; 18 19 return of_find_matching_node(NULL, ids); 20 } 21 22 bool is_ppc_secureboot_enabled(void) 23 { 24 struct device_node *node; 25 bool enabled = false; 26 u32 secureboot; 27 28 node = get_ppc_fw_sb_node(); 29 enabled = of_property_read_bool(node, "os-secureboot-enforcing"); 30 of_node_put(node); 31 32 if (enabled) 33 goto out; 34 35 node = of_find_node_by_path("/"); 36 if (!of_property_read_u32(node, "ibm,secure-boot", &secureboot)) 37 enabled = (secureboot > 1); 38 of_node_put(node); 39 40 out: 41 pr_info("Secure boot mode %s\n", enabled ? "enabled" : "disabled"); 42 43 return enabled; 44 } 45 46 bool is_ppc_trustedboot_enabled(void) 47 { 48 struct device_node *node; 49 bool enabled = false; 50 u32 trustedboot; 51 52 node = get_ppc_fw_sb_node(); 53 enabled = of_property_read_bool(node, "trusted-enabled"); 54 of_node_put(node); 55 56 if (enabled) 57 goto out; 58 59 node = of_find_node_by_path("/"); 60 if (!of_property_read_u32(node, "ibm,trusted-boot", &trustedboot)) 61 enabled = (trustedboot > 0); 62 of_node_put(node); 63 64 out: 65 pr_info("Trusted boot mode %s\n", enabled ? "enabled" : "disabled"); 66 67 return enabled; 68 } 69