Received: by 2002:a25:824b:0:0:0:0:0 with SMTP id d11csp3512918ybn; Fri, 27 Sep 2019 07:27:55 -0700 (PDT) X-Google-Smtp-Source: APXvYqzwzZZRTsSSjPMv3iIsxFDIomny5NrfcIiIaVkhZ3i6GIHaLtNxLx+sbb+6gbuaVnfQ+1aE X-Received: by 2002:a50:d556:: with SMTP id f22mr4746884edj.263.1569594475812; Fri, 27 Sep 2019 07:27:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569594475; cv=none; d=google.com; s=arc-20160816; b=dS3UZmMuwR71PLPGYnL1GUkta8NRLFoeCicuwcx/OYfvtPWXnCNGlwLNUm5BoGqIS7 2muBTIwZkNFECLbwmTDIPaoAhS7CRn8DnWjmwulNaqZdJvI8x3bTn1lxk7DRMwfrNI3i pBKCESs7DpyvBmvQ6l+UfEITcbre81IlAAO2lBFGjLnaz/wOfozk5k2K1vaQlpaRd5S3 ksxGZpt7cLzw1ty3BSJNMGqzypE7ObDaYh/AU9ItjOV+WokgX5BrCb95mJazyUJN28XQ Uf0shgD5x5jZ4xZrKTx70eK9PWNaVhOUxWYYhL7McDkEPkCpoZwAkmz5XGCGlB9Uk4tz NPyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:references:in-reply-to:date :subject:cc:to:from; bh=Sg2bXcoZJh1ui17MLl53Wv0b5di33AaO2xXlOnNpKL8=; b=ngCmh+iv9LEYKefsn2D5qCNbbGvd1GOIRK5UVmGcsoO4sOF3ouJrexQKij+wL2QNx6 AJ4L93QQ0BGQKmWwqKtdafOgfKQZL/maT5knInrNBydIfQ3XLb/m/D9ZKEfMqbize3I6 RyxQaqBZfitlLtD3crKLj+mm2WkOGcmRCtfR/MuARBWMugPoO6c6IUWnQxQxlm7i+Z0s P6NuNEjYVumJ2raCJs54F6zVJZEj4vT8z5vHdt58H6vajXS6zoMUWzQF+BUm2o//pFwb MgZ7aPKQD2ms3tWNSo2Q5sYLLIMP23H/ZV6GUd5+FxGteGjHPXiLFFWwaiuwzV5YWPEc q23w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k1si1666742ede.255.2019.09.27.07.27.30; Fri, 27 Sep 2019 07:27:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727942AbfI0O04 (ORCPT + 99 others); Fri, 27 Sep 2019 10:26:56 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:49348 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727927AbfI0O0z (ORCPT ); Fri, 27 Sep 2019 10:26:55 -0400 Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x8REMLcw112317 for ; Fri, 27 Sep 2019 10:26:54 -0400 Received: from e06smtp03.uk.ibm.com (e06smtp03.uk.ibm.com [195.75.94.99]) by mx0a-001b2d01.pphosted.com with ESMTP id 2v9ky08mpw-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 27 Sep 2019 10:26:54 -0400 Received: from localhost by e06smtp03.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 27 Sep 2019 15:26:51 +0100 Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197) by e06smtp03.uk.ibm.com (192.168.101.133) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Fri, 27 Sep 2019 15:26:45 +0100 Received: from b06wcsmtp001.portsmouth.uk.ibm.com (b06wcsmtp001.portsmouth.uk.ibm.com [9.149.105.160]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x8REQijN23396564 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 27 Sep 2019 14:26:44 GMT Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2C26FA405F; Fri, 27 Sep 2019 14:26:44 +0000 (GMT) Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4D4E7A4054; Fri, 27 Sep 2019 14:26:40 +0000 (GMT) Received: from swastik.ibm.com (unknown [9.80.207.173]) by b06wcsmtp001.portsmouth.uk.ibm.com (Postfix) with ESMTP; Fri, 27 Sep 2019 14:26:40 +0000 (GMT) From: Nayna Jain To: linuxppc-dev@ozlabs.org, linux-efi@vger.kernel.org, linux-integrity@vger.kernel.org, devicetree@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Michael Ellerman , Benjamin Herrenschmidt , Paul Mackerras , Ard Biesheuvel , Jeremy Kerr , Matthew Garret , Mimi Zohar , Greg Kroah-Hartman , Claudio Carvalho , George Wilson , Elaine Palmer , Eric Ricther , "Oliver O'Halloran" , Rob Herring , Mark Rutland , Nayna Jain Subject: [PATCH v6 4/9] powerpc: detect the trusted boot state of the system Date: Fri, 27 Sep 2019 10:25:55 -0400 X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1569594360-7141-1-git-send-email-nayna@linux.ibm.com> References: <1569594360-7141-1-git-send-email-nayna@linux.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 19092714-0012-0000-0000-000003515662 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19092714-0013-0000-0000-0000218BF23F Message-Id: <1569594360-7141-5-git-send-email-nayna@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-09-27_06:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=580 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1909270134 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org PowerNV systems enables the IMA measurement rules only if the trusted boot is enabled on the system. This patch adds the function to detect if the system has trusted boot enabled. Signed-off-by: Nayna Jain --- arch/powerpc/include/asm/secure_boot.h | 6 ++++++ arch/powerpc/kernel/secure_boot.c | 14 ++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/arch/powerpc/include/asm/secure_boot.h b/arch/powerpc/include/asm/secure_boot.h index 4e8e2b08a993..192caaedbe7a 100644 --- a/arch/powerpc/include/asm/secure_boot.h +++ b/arch/powerpc/include/asm/secure_boot.h @@ -14,6 +14,7 @@ bool is_powerpc_os_secureboot_enabled(void); int get_powerpc_os_sb_node(struct device_node **node); +bool is_powerpc_trustedboot_enabled(void); #else @@ -27,5 +28,10 @@ static inline int get_powerpc_os_sb_node(struct device_node **node) return -ENOENT; } +static inline bool is_powerpc_os_trustedboot_enabled(void) +{ + return false; +} + #endif #endif diff --git a/arch/powerpc/kernel/secure_boot.c b/arch/powerpc/kernel/secure_boot.c index 45ca19f5e836..9d452e1550ae 100644 --- a/arch/powerpc/kernel/secure_boot.c +++ b/arch/powerpc/kernel/secure_boot.c @@ -80,3 +80,17 @@ bool is_powerpc_os_secureboot_enabled(void) pr_info("secureboot mode disabled\n"); return false; } + +bool is_powerpc_trustedboot_enabled(void) +{ + struct device_node *node; + + node = get_powerpc_fw_sb_node(); + if (node && (of_find_property(node, "trusted-enabled", NULL))) { + pr_info("trustedboot mode enabled\n"); + return true; + } + + pr_info("trustedboot mode disabled\n"); + return false; +} -- 2.20.1