0001
0002
0003
0004
0005
0006 #include <linux/types.h>
0007 #include <linux/of.h>
0008 #include <asm/secure_boot.h>
0009
0010 static struct device_node *get_ppc_fw_sb_node(void)
0011 {
0012 static const struct of_device_id ids[] = {
0013 { .compatible = "ibm,secureboot", },
0014 { .compatible = "ibm,secureboot-v1", },
0015 { .compatible = "ibm,secureboot-v2", },
0016 {},
0017 };
0018
0019 return of_find_matching_node(NULL, ids);
0020 }
0021
0022 bool is_ppc_secureboot_enabled(void)
0023 {
0024 struct device_node *node;
0025 bool enabled = false;
0026 u32 secureboot;
0027
0028 node = get_ppc_fw_sb_node();
0029 enabled = of_property_read_bool(node, "os-secureboot-enforcing");
0030 of_node_put(node);
0031
0032 if (enabled)
0033 goto out;
0034
0035 if (!of_property_read_u32(of_root, "ibm,secure-boot", &secureboot))
0036 enabled = (secureboot > 1);
0037
0038 out:
0039 pr_info("Secure boot mode %s\n", enabled ? "enabled" : "disabled");
0040
0041 return enabled;
0042 }
0043
0044 bool is_ppc_trustedboot_enabled(void)
0045 {
0046 struct device_node *node;
0047 bool enabled = false;
0048 u32 trustedboot;
0049
0050 node = get_ppc_fw_sb_node();
0051 enabled = of_property_read_bool(node, "trusted-enabled");
0052 of_node_put(node);
0053
0054 if (enabled)
0055 goto out;
0056
0057 if (!of_property_read_u32(of_root, "ibm,trusted-boot", &trustedboot))
0058 enabled = (trustedboot > 0);
0059
0060 out:
0061 pr_info("Trusted boot mode %s\n", enabled ? "enabled" : "disabled");
0062
0063 return enabled;
0064 }
