From 05d9b9ba495d2898b9306efa33e07a0171b225fb Mon Sep 17 00:00:00 2001
From: Jeremy Kerr <jk@ozlabs.org>
Date: Thu, 21 Nov 2019 15:16:37 +0800
Subject: discover/powerpc: detect secureboot enforcing mode

As per the OPAL devicetree specification:

  https://github.com/open-power/skiboot/blob/master/doc/device-tree/ibm%2Csecureboot.rst

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
---
 discover/platform-powerpc.c | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/discover/platform-powerpc.c b/discover/platform-powerpc.c
index fcfe41a..6ec4a0a 100644
--- a/discover/platform-powerpc.c
+++ b/discover/platform-powerpc.c
@@ -938,6 +938,31 @@ static void pre_boot(struct platform *p, const struct config *config)
 		platform->set_os_boot_sensor(platform);
 }
 
+static void get_sysinfo_stb(struct platform_powerpc *platform,
+		struct system_info *sysinfo)
+{
+	char *filename;
+	unsigned int i;
+	int rc;
+	struct {
+		const char *name;
+		bool *flag;
+	} props[] = {
+		{ "secure-enabled", &sysinfo->stb_fw_enforcing },
+		{ "trusted-enabled", &sysinfo->stb_fw_measurement },
+		{ "os-secureboot-enforcing", &sysinfo->stb_os_enforcing },
+	};
+
+	for (i = 0; i < ARRAY_SIZE(props); i++) {
+		struct stat statbuf;
+		filename = talloc_asprintf(platform, "%sibm,secureboot/%s",
+				devtree_dir, props[i].name);
+		rc = stat(filename, &statbuf);
+		*props[i].flag = (rc == 0);
+		talloc_free(filename);
+	}
+}
+
 static int get_sysinfo(struct platform *p, struct system_info *sysinfo)
 {
 	struct platform_powerpc *platform = p->platform_data;
@@ -966,6 +991,9 @@ static int get_sysinfo(struct platform *p, struct system_info *sysinfo)
 	if (platform->get_platform_versions)
 		platform->get_platform_versions(sysinfo);
 
+	get_sysinfo_stb(platform, sysinfo);
+
+
 	return 0;
 }
 
-- 
cgit v1.2.1