Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp127864ybg; Tue, 22 Oct 2019 17:22:48 -0700 (PDT) X-Google-Smtp-Source: APXvYqwzb12B8RSN6nQaXpeksggry6YV+UvT1gc28Ym/liT0G5VGZdAu2Ge3VmvLl0qsGiCxXVSJ X-Received: by 2002:a50:99d9:: with SMTP id n25mr17795999edb.263.1571790168721; Tue, 22 Oct 2019 17:22:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571790168; cv=none; d=google.com; s=arc-20160816; b=F2k+n6ZTZITmkHzDf1e1BnTDuW/5iDByc1c03JBbCxbQ0/AdMqgD3pRs9p+JVsGI7h 4wCNoWdUgE6o85Ss5OiMaxnq0yAg0urySfTF3xqe/ZqI4O+OcbA3vMf6jEKnMlJYBrO3 2e6Vta9h1RT/h8scEvMEOk4zmAz2puhSDELFOIdqXRSFkF2ucW21IwGb1raePp93xGHl uRjYF1jfpSRz3+kPUNl6HgZ62p51NcA2kZA47ReKn+Cf021CeU1MoUws53q/ZGdFRwGt IRWshuLh+qVq+KRUDipPwRBCdLEQAHTpZ5T0fwtFWY/IuolE5TeLger05zn+WatgNISP sEkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:dkim-signature; bh=Laklds9CTb9pAY0RNMYmxwKtMqHE8CCuLFC6CN1KT/k=; b=Vl78My1wSfYOh98Lr08+zk6CCk9aW1GJKu/02jEXAFgdqBD3iwYaTochdtuNHZgtBn R4LvDSgSSrfn2k/2U/r9Luu/bglKGsHqNn9Dw7bUUV1OaUWIhRhPFTLNtd2+nH8gwK4+ tkIcgnlZN/n/i+2XJ9/MI19BcO8nDSSY3Hk5SI4zhSsLqD3JlvPNExB57vSJsspLDx7O 5tnoklRMyjofq/nY0aiPHaIcDqHzuaM+GEn7z4zBjalJae86ZOjJWW7Ikx8pl7DEJZKD lEUIeJ5XtZA5ybD24vHoj9kkDtPklDamtWEIovIXkGgWfl7jzZkxoZhOnBtDBW2kZZZd 9Zug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ellerman.id.au header.s=201909 header.b=UGBdAfxa; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y32si2637313ede.209.2019.10.22.17.22.24; Tue, 22 Oct 2019 17:22:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@ellerman.id.au header.s=201909 header.b=UGBdAfxa; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389742AbfJVXhe (ORCPT + 99 others); Tue, 22 Oct 2019 19:37:34 -0400 Received: from ozlabs.org ([203.11.71.1]:50863 "EHLO ozlabs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731847AbfJVXhe (ORCPT ); Tue, 22 Oct 2019 19:37:34 -0400 Received: from authenticated.ozlabs.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.ozlabs.org (Postfix) with ESMTPSA id 46yVKk41tlz9sP3; Wed, 23 Oct 2019 10:37:30 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ellerman.id.au; s=201909; t=1571787451; bh=bix38GBS8ziIG4D3rYTWk0p86PfmiZSj/wSR65+5FO4=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=UGBdAfxatgCtF86fvylV99/QFpSVym95XuNMX9oU9VJ/vdOXEBZnaKPrE+RU4NoEa LF4vXTA63Y1NCPpdUeNamISsqi58pKjanBzbMC5w+mv6Tf55QMI+2wCFqXK2Syjo0T NQRBGiuxA5ZKAKARmotaog3inA58Mk1hdtXTzKoRfpM4ptLFMTepUmJaIz6VGujCMr JvoS89CZDSyjig9lE0RuwgLNyYRbrS4GtsUYs+PjySDB7MIt+fV+Zb0KTe5Bs9Rj1X k04YauMfnuq75MflrBRrXCE6uOEpH6Hg+o/k4rkuDybV3a0E+QhbYmFBBHmGJtAzBC spPt9ZtqKX6Bw== From: Michael Ellerman To: Nayna Jain , linuxppc-dev@ozlabs.org, linux-efi@vger.kernel.org, linux-integrity@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Benjamin Herrenschmidt , Paul Mackerras , Ard Biesheuvel , Jeremy Kerr , Matthew Garret , Mimi Zohar , Greg Kroah-Hartman , Claudio Carvalho , George Wilson , Elaine Palmer , Eric Ricther , Oliver O'Halloran , Nayna Jain , Prakhar Srivastava , Lakshmi Ramasubramanian Subject: Re: [PATCH v8 1/8] powerpc: detect the secure boot mode of the system In-Reply-To: <1571508377-23603-2-git-send-email-nayna@linux.ibm.com> References: <1571508377-23603-1-git-send-email-nayna@linux.ibm.com> <1571508377-23603-2-git-send-email-nayna@linux.ibm.com> Date: Wed, 23 Oct 2019 10:37:30 +1100 Message-ID: <87zhhs5p39.fsf@mpe.ellerman.id.au> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Nayna Jain writes: > diff --git a/arch/powerpc/kernel/secure_boot.c b/arch/powerpc/kernel/secure_boot.c > new file mode 100644 > index 000000000000..99bba7915629 > --- /dev/null > +++ b/arch/powerpc/kernel/secure_boot.c > @@ -0,0 +1,30 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* > + * Copyright (C) 2019 IBM Corporation > + * Author: Nayna Jain > + */ > +#include > +#include > +#include > + > +bool is_ppc_secureboot_enabled(void) > +{ > + struct device_node *node; > + bool enabled = false; > + > + node = of_find_compatible_node(NULL, NULL, "ibm,secvar-v1"); If this found a node then you have a node with an elevated refcount which you need to drop on the way out. > + if (!of_device_is_available(node)) { > + pr_err("Cannot find secure variable node in device tree; failing to secure state\n"); > + goto out; > + } > + > + /* > + * secureboot is enabled if os-secure-enforcing property exists, > + * else disabled. > + */ > + enabled = of_property_read_bool(node, "os-secure-enforcing"); > + > +out: So here you need: of_node_put(node); > + pr_info("Secure boot mode %s\n", enabled ? "enabled" : "disabled"); > + return enabled; > +} cheers