qemu/roms/skiboot/libstb/secvar/secvar_devtree.c

// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
/* Copyright 2013-2019 IBM Corp. */

#include <device.h>
#include <string.h>
#include "secvar.h"
#include "secvar_devtree.h"

struct dt_node *secvar_node;

int secvar_set_secure_mode(void)
{
	struct dt_node *sb_root;
	struct dt_property *prop;

	if (!secvar_node)
		return -1;

	sb_root = dt_find_by_path(dt_root, "/ibm,secureboot/");

	prop = (struct dt_property *) dt_find_property(sb_root, "os-secureboot-enforcing");
	if (prop)
		return 0;

	prop = dt_add_property(sb_root, "os-secureboot-enforcing", NULL, 0);
	if (!prop)
		return -2;

	return 0;
}

void secvar_init_devnode(const char *compatible)
{
	struct dt_node *sb_root;

	sb_root = dt_find_by_path(dt_root, "/ibm,opal/");

	secvar_node = dt_new(sb_root, "secvar");

	dt_add_property_strings(secvar_node, "compatible", "ibm,secvar-backend", compatible);
	dt_add_property_string(secvar_node, "format", compatible);
	dt_add_property_u64(secvar_node, "max-var-size", secvar_storage.max_var_size);
	dt_add_property_u64(secvar_node, "max-var-key-len", SECVAR_MAX_KEY_LEN);
}

void secvar_set_status(const char *status)
{
	if (!secvar_node)
		return; // Fail boot?

	/* This function should only be called once */
	dt_add_property_string(secvar_node, "status", status);
}


void secvar_set_update_status(uint64_t val)
{
	if (!secvar_node)
		return;

	if (dt_find_property(secvar_node, "update-status"))
		return;

	dt_add_property_u64(secvar_node, "update-status", val);
}

bool secvar_check_physical_presence(void)
{
	struct dt_node *secureboot;

	secureboot = dt_find_by_path(dt_root, "ibm,secureboot");
	if (!secureboot)
		return false;

	if (dt_find_property(secureboot, "clear-os-keys")
			|| dt_find_property(secureboot, "clear-all-keys")
			|| dt_find_property(secureboot, "clear-mfg-keys"))
		return true;

	return false;
}