diff options
| author | Stephen Cprek <smcprek@us.ibm.com> | 2017-07-26 10:33:24 -0500 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-08-25 23:16:28 -0400 |
| commit | cefc4c2c1bf3a43a993f2091813ee181779ddee4 (patch) | |
| tree | f6b15a971c3207dbae3b1800f8555b55d5dd8ae7 /src/usr/secureboot/base/settings.C | |
| parent | b8f86e3a6bb4f491360dc3771854e36e903f8a71 (diff) | |
| download | talos-hostboot-cefc4c2c1bf3a43a993f2091813ee181779ddee4.tar.gz talos-hostboot-cefc4c2c1bf3a43a993f2091813ee181779ddee4.zip | |
Refactor SecureBoot Workarounds to better control leniency
At this time we are trying to secure OpenPOWER in secure mode,
but allow best effort policies in other scenarios
Change-Id: I9ec2b5be49dbfcff678c4d30bb85f8762e448cb6
RTC: 170136
RTC: 155374
RTC: 168021
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43640
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot/base/settings.C')
| -rw-r--r-- | src/usr/secureboot/base/settings.C | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/src/usr/secureboot/base/settings.C b/src/usr/secureboot/base/settings.C index 078b9e1ed..0e2e2ea02 100644 --- a/src/usr/secureboot/base/settings.C +++ b/src/usr/secureboot/base/settings.C @@ -101,6 +101,21 @@ namespace SECUREBOOT securitySwitchValue,cbsValue); } #endif + +#ifdef CONFIG_SECUREBOOT_BEST_EFFORT + iv_bestEffortPolicy = true; +#else + if (iv_enabled) + { + iv_bestEffortPolicy = false; + } + else + { + iv_bestEffortPolicy = true; + } +#endif + SB_INF("getBestEffortPolicy() state:%i",iv_bestEffortPolicy); + printk("SECUREBOOT::bestEffortPolicy() state:%i\n", iv_bestEffortPolicy); } bool Settings::getEnabled() const @@ -108,6 +123,11 @@ namespace SECUREBOOT return iv_enabled; } + bool Settings::getBestEffortPolicy() const + { + return iv_bestEffortPolicy; + } + errlHndl_t Settings::getJumperState(SecureJumperState& o_state, Target* i_pProc) const { @@ -364,5 +384,4 @@ namespace SECUREBOOT return l_errl; } - } |
