From e1678bffbd5cba43911f7e6f670ac3c3bb68af39 Mon Sep 17 00:00:00 2001 From: Jaymes Wilks Date: Fri, 25 Aug 2017 14:18:38 -0500 Subject: Replace HB_SECURITY_MODE attribute with SECUREBOOT API equivalent The HB_SECURITY_MODE attribute will now be a variable managed by secureboot. The FAPI attribue SECURITY_MODE that maps to the HB version will now call to that variable in the SECUREBOOT API. Change-Id: I7e42c3f2e355feeb0d49aa6a998960bc5409bfa2 RTC:178643 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/45167 Reviewed-by: Michael Baiocchi Reviewed-by: Nicholas E. Bofferding Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Reviewed-by: Daniel M. Crowell --- src/include/usr/secureboot/service.H | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'src/include/usr/secureboot') diff --git a/src/include/usr/secureboot/service.H b/src/include/usr/secureboot/service.H index 0258b5706..4c4d43d3c 100644 --- a/src/include/usr/secureboot/service.H +++ b/src/include/usr/secureboot/service.H @@ -305,6 +305,25 @@ namespace SECUREBOOT /* Definition in securerommgr.H */ bool secureRomValidPolicy(); + /* + * @brief Gets the current SBE security mode value from the secureboot + * subsystem + * + * @return uint8_t returns 0 if SBE should check for security disable + * requests, 1 if not + */ + uint8_t getSbeSecurityMode(); + + /* + * @brief Sets the current SBE security mode value in the secureboot + * subsystem + * + * @param[in] uint8_t The value to set the security mode to. Will accept a + * a value of 0 if SBE should check for security disable + * requests and 1 if not. All other values are not + * allowed and will be rejected via an assert. + */ + void setSbeSecurityMode(uint8_t i_sbeSecurityMode); } -- cgit v1.2.3