From patchwork Fri Feb 4 07:22:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joel Stanley X-Patchwork-Id: 12734857 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C9C11C433F5 for ; Fri, 4 Feb 2022 07:24:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=q95J8jrzMVXsqsNKSdGYiC0FCMaQmTz5Ew0mxCHkD5k=; b=GP9TUqk0e2rzU+ 6sYDFbClMypzRqhIDKCXPxC+XUVr776+ZLTGDnfGKg/lZziyejVkJ4Q4G6+mp53gTMswCmtb5m7Aa 6Ka8vR911MRMhXULXtLydUlxSgKbBOXVGgoOQkby1vcSxPf2HaQ1fvwaBCw035g0FVFeKIlxausHa P5okZ3fzdi7e5R4SfmoTcx+rpHYn0e37wamo9Nt+I3HgxxFU7J4E29LjLqJp7GI4f18OwobUJU2Zh k4FTMhdhhDvhj2oWavHgZ7xduVgSh+7V6KkRTMSm7GAdN3xw29WOd9O0Tk/RLMbC6SXlok4kEVsmr kcCg82LdBQNoto8hbFrg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nFsvq-003dT7-87; Fri, 04 Feb 2022 07:22:58 +0000 Received: from mail-pj1-x102f.google.com ([2607:f8b0:4864:20::102f]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nFsvg-003dQb-HG for linux-arm-kernel@lists.infradead.org; Fri, 04 Feb 2022 07:22:50 +0000 Received: by mail-pj1-x102f.google.com with SMTP id o64so4730399pjo.2 for ; Thu, 03 Feb 2022 23:22:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=+5LKPpbu5iKLCx8q3l3QTtraKDXoVw4tcaBCnigYFY0=; b=Ye1x1oKYhX/fuw433OWsCC+WYT2KJrWfEgXPhcjxbxm2hgAeS8b6jd3Ohjog74Pqyt u7OBe17I2pIXHHVTnuy2pG2RTYJqriTSaE/XLqZIj2SyZMCdOVvBOub3a2AMpl4aE263 8GD1zjPpHbEPPnKKn4f3ZM8gsIRx5X19bqdHZ5hWecZ0mzJtLHv7YsCNTrEOH1Zva/Mn lrDeZX8UdjFZwDG4vvwNfLluk6993FcAqLyoraf7XlI9WsZdpdCgCDdQkTyO7MHgrUfo Tw9owpoGiKWvql0zEBJgxUpIN2zZ+T8vy/fOMJs0eCOoET5U6ikWef3LbJAHBsyLwvZS TYig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=+5LKPpbu5iKLCx8q3l3QTtraKDXoVw4tcaBCnigYFY0=; b=lq8dtqIlqNguZ2nhcg38iT7Dpq4Wmj50SAljyyLeWYj2Z87Utdw9IY4+/1hgwMDW8h oEYzKJocrdorbhK+2XM7I7se7uclLJ/2hPYWnMP6SDB2OKDC4kgYvD/OO6K76ZCUWfcN YwLIE2Q7u//iXDB5H48LD+YXRnDHw9Q0SEHuMycq0u8Z+nOyLMujsNFCPhIGgUBrKm/Q 2QCuDAfPsZ6mHe+2BcYrVmdChlNFnO4AQl3cg4X0V0xmrN/NV1yvcesUZIBbgZ/FYkom vj4Cs+qnQUb+ei+E4FgpRkYmE6W9V2unki3+t/FWKXGEyWIqSXH1feaCL+9Rhs97h+6k eYyw== X-Gm-Message-State: AOAM532teCXpfFk0T2HeU1AOOIs/Ntrau2U1Y56q2pqtbDo79NG9LGw4 OBxqOSjAtRtPAfZqIqm2R/cinOsj4Q8= X-Google-Smtp-Source: ABdhPJxamqaX7dV6Xu5aIa9QaGzi6tPvLY26OfbUAcepJ1S0aH7GPsguPzJfyitNg9q10b9Pe55yDg== X-Received: by 2002:a17:902:b189:: with SMTP id s9mr1679695plr.112.1643959367334; Thu, 03 Feb 2022 23:22:47 -0800 (PST) Received: from voyager.lan ([45.124.203.14]) by smtp.gmail.com with ESMTPSA id t14sm11665328pjd.6.2022.02.03.23.22.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 23:22:46 -0800 (PST) From: Joel Stanley To: Arnd Bergmann , Andrew Jeffery , Greg Kroah-Hartman , "Rafael J . Wysocki" , Robin Murphy Cc: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-aspeed@lists.ozlabs.org Subject: [PATCH v3 1/3] firmware: Add boot information to sysfs Date: Fri, 4 Feb 2022 17:52:32 +1030 Message-Id: <20220204072234.304543-2-joel@jms.id.au> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220204072234.304543-1-joel@jms.id.au> References: <20220204072234.304543-1-joel@jms.id.au> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220203_232248_607356_0989831D X-CRM114-Status: GOOD ( 30.32 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Machines often have firmware that perform some action before Linux is loaded. It's useful to know how this firmware is configured, so create a sysfs directory and some properties that a system can choose to expose to describe how the system was started. Currently the intended use describes four files, relating to hardware root of trust configuration. These properties are populated by platform code at startup. Using fixed values is suitable as the state that the system booted in will not change after firmware has handed over. Signed-off-by: Joel Stanley --- v2: - Rewrite so properties are present in common code and are exposed based on the is_visible callback. - Use sysfs_emit v3: - drop uart_boot - Add kerneldoc to header - Rename en -> present - Rename val -> value - Drop unncessary __init from header - Wrap macro in do { } while(0) --- .../ABI/testing/sysfs-firmware-bootinfo | 37 +++++++++ drivers/base/firmware.c | 80 +++++++++++++++++++ include/linux/firmware_bootinfo.h | 48 +++++++++++ 3 files changed, 165 insertions(+) create mode 100644 Documentation/ABI/testing/sysfs-firmware-bootinfo create mode 100644 include/linux/firmware_bootinfo.h diff --git a/Documentation/ABI/testing/sysfs-firmware-bootinfo b/Documentation/ABI/testing/sysfs-firmware-bootinfo new file mode 100644 index 000000000000..cd8eeaa49a00 --- /dev/null +++ b/Documentation/ABI/testing/sysfs-firmware-bootinfo @@ -0,0 +1,37 @@ +What: /sys/firmware/bootinfo/* +Date: Jan 2022 +Description: + A system can expose information about how it was started in + this directory. + + This information is agnostic as to the firmware implementation. + + A system may expose a subset of these properties as applicable. + + +What: /sys/firmware/bootinfo/secure_boot +Date: Jan 2022 +Description: + Indicates the system was started with secure boot enabled in + the firmware. + + +What: /sys/firmware/bootinfo/abr_image +Date: Jan 2022 +Description: + Indicates the system was started from the alternate image + loaded from an Alternate Boot Region. Often this is a result of + the primary firmware image failing to start the system. + + +What: /sys/firmware/bootinfo/low_security_key +Date: Jan 2022 +Description: + Indicates the system's secure boot was verified with a low + security or development key. + +What: /sys/firmware/bootinfo/otp_protected +Date: Jan 2022 +Description: + Indicates the system's boot configuration region is write + protected and cannot be modified. diff --git a/drivers/base/firmware.c b/drivers/base/firmware.c index 8dff940e0db9..8d1a7a36784c 100644 --- a/drivers/base/firmware.c +++ b/drivers/base/firmware.c @@ -11,6 +11,7 @@ #include #include #include +#include #include "base.h" @@ -24,3 +25,82 @@ int __init firmware_init(void) return -ENOMEM; return 0; } + +/* + * Exposes attributes documented in Documentation/ABI/testing/sysfs-firmware-bootinfo + */ +static struct bootinfo bootinfo; + +static ssize_t abr_image_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + return sysfs_emit(buf, "%d\n", bootinfo.abr_image.value); +} +static DEVICE_ATTR_RO(abr_image); + +static ssize_t low_security_key_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + return sysfs_emit(buf, "%d\n", bootinfo.low_security_key.value); +} +static DEVICE_ATTR_RO(low_security_key); + +static ssize_t otp_protected_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + return sysfs_emit(buf, "%d\n", bootinfo.otp_protected.value); +} +static DEVICE_ATTR_RO(otp_protected); + +static ssize_t secure_boot_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + return sysfs_emit(buf, "%d\n", bootinfo.secure_boot.value); +} +static DEVICE_ATTR_RO(secure_boot); + +#define ATTR_ENABLED(a) ((attr == &dev_attr_##a.attr) && bootinfo.a.present) + +static umode_t bootinfo_attr_mode(struct kobject *kobj, struct attribute *attr, int index) +{ + if (ATTR_ENABLED(abr_image)) + return 0444; + + if (ATTR_ENABLED(otp_protected)) + return 0444; + + if (ATTR_ENABLED(low_security_key)) + return 0444; + + if (ATTR_ENABLED(otp_protected)) + return 0444; + + if (ATTR_ENABLED(low_security_key)) + return 0444; + + if (ATTR_ENABLED(secure_boot)) + return 0444; + + return 0; +} + +static struct attribute *bootinfo_attrs[] = { + &dev_attr_abr_image.attr, + &dev_attr_low_security_key.attr, + &dev_attr_otp_protected.attr, + &dev_attr_secure_boot.attr, + NULL, +}; + +static const struct attribute_group bootinfo_attr_group = { + .attrs = bootinfo_attrs, + .is_visible = bootinfo_attr_mode, +}; + +int __init firmware_bootinfo_init(struct bootinfo *bootinfo_init) +{ + struct kobject *kobj = kobject_create_and_add("bootinfo", firmware_kobj); + if (!kobj) + return -ENOMEM; + + memcpy(&bootinfo, bootinfo_init, sizeof(bootinfo)); + + return sysfs_create_group(kobj, &bootinfo_attr_group); +} +EXPORT_SYMBOL_GPL(firmware_bootinfo_init); diff --git a/include/linux/firmware_bootinfo.h b/include/linux/firmware_bootinfo.h new file mode 100644 index 000000000000..237da83b673c --- /dev/null +++ b/include/linux/firmware_bootinfo.h @@ -0,0 +1,48 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* Copyright 2022 IBM Corp. */ + +#include +#include + +#define BOOTINFO_SET(b, n, v) do {b.n.present = true; b.n.value = v; } while (0) + +/** + * struct bootinfo_entry - A bootinfo sysfs entry + * @present: true if the file should be present (visible) in sysfs + * @value: value of the entry, will be printed as 1 or 0 + * + * Contains the state of a given bootinfo sysfs file, to be filled out by the + * platform that wishes it to be present. + * + * It is used by sysfs. The is_present callback tests .present indicate the + * attribute should be shown, and by the show callback tests .value to display + * the value. + */ +struct bootinfo_entry { + bool present; + bool value; +}; + +/** + * struct bootinfo: A collection of bootinfo entries + * @abr_image: sysfs property + * @low_security_key: sysfs property + * @otp_protected: sysfs property + * @secure_boot: sysfs property + * + * The documented set of bootinfo entries to be displayed in + * /sys/firmware/bootinfo. Platform code populates a struct bootinfo and + * passes it to firmware_bootinfo_init, which takes a copy to be used at + * runtime. + * + * See struct bootinfo_entry for a description of the information each entry + * contiains. + */ +struct bootinfo { + struct bootinfo_entry abr_image; + struct bootinfo_entry low_security_key; + struct bootinfo_entry otp_protected; + struct bootinfo_entry secure_boot; +}; + +int firmware_bootinfo_init(struct bootinfo *bootinfo_init); From patchwork Fri Feb 4 07:22:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joel Stanley X-Patchwork-Id: 12734858 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1857AC433EF for ; Fri, 4 Feb 2022 07:24:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=Lp75EXef1q1YsIsIZgVSYGq5ZKLrlSm6nrvyEsZglfE=; b=aoFR+vDhKOuVQU F6C33nbco52OgU1CBqfm8B9QiE9WQ6F+PulZXr10eDtKj9+L0Ik2+UHgCZ3KLcMDR4WqZR9w8smCP VRmHp80EsQZcpwx87sJY4XnCELdtgG/KdOfViMDVYgUVIEBMDSmozSap+PoXFJ1T9IvTJ5Hd07jox nknyIElxLzAYHloHLzv/2f+mdnMBbsg+dDLsu7hxItZTX7uzB3negLbo9DNS62kqUcXOYBsVEd9nw 0WWAJ9yYesKmSGkILPj7EvnC2Fc2GLWS2zOQixnJ8CaKTNvhnWvnB2uGcjhPQmVrQlIkEU8uMcFvJ wEha4e+JAK7LqfUGxWSQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nFsw0-003dVN-OI; Fri, 04 Feb 2022 07:23:08 +0000 Received: from mail-pj1-x1035.google.com ([2607:f8b0:4864:20::1035]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nFsvl-003dRb-AY for linux-arm-kernel@lists.infradead.org; Fri, 04 Feb 2022 07:22:54 +0000 Received: by mail-pj1-x1035.google.com with SMTP id l24-20020a17090aec1800b001b55738f633so7288122pjy.1 for ; Thu, 03 Feb 2022 23:22:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=r1QEEzychUMCoe5U0DSfc5Oq8DaKAXk74KjekRt/xBk=; b=W6qp7cTDZMWu2cumGId9gyog0wkFPZ6VWS/JnKyjaYHYoz5ep33RmlhmkdZHhrqMxf Rh037CyhguO34+KYPjPfU4Dhr8q1DIF1zY8bSTqPfX1WqonPbzPUALZIcz6s/Fo4T1b5 uejYahCQDjJ3kM2AfbMQkz1EW9pfzWz6cAt9P2XxhN/yDP9TymzKVCUvSc0Xq7aPQP/b Lf+oVCL/yWqKIb68vmDsFf6o2jEsjqxGQGh8qrDAnEW2NLSYv9R7w0cH+ngm1UNv0GUL YLLEuCvEJFgTrwEHJ8KJmLCnatwRzc9QhqifvLGkXoUP/YUkk+6kdkCj7rSFkePZtxOP T1qQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=r1QEEzychUMCoe5U0DSfc5Oq8DaKAXk74KjekRt/xBk=; b=Hol+BikCGQQhStSL5VXnxTYVWyEqDgZDPnmCihTsdwbD6S102jkZv3H8/rItny+PG9 ipZ9zEA9r/NKpuNfw/cJHXCCk8MjLvhvGDoqAVsVP6Zs/V7oA5TQQusztgVE6nrlSPVZ HWQEtHFwOCKA6hIPOmD0OU50HjeO2oCQt56pKnAY5BNUfQ1UrBfAcvJmOptt5ZExSMQL EwBtQuMfFCRasFwMyEhShFFsoz706Vx98VtjVXaFjIwoDt9Av520w1GKdhqGUynpeEK+ HLAdUcTzyBcJvdi1iJ1ABX8vuaWxfRrTZxgFWeqwRPTPFAKqu2CZOqdlFgwmnJLpnXqH 5E3g== X-Gm-Message-State: AOAM533RSvPsXvj7gA5tFrRw37xtB0xXI5wT+2QlX94eMmSKF7Eyed8o Ji3kVNYNYSO49cXQ3f9KZ0Q= X-Google-Smtp-Source: ABdhPJzv/S6WjXTCMee8NeOApFsHfvQNWaNzQQYEDOSomwHAyzQX+uirIatWiFPa/UeV9TWHfDvo/g== X-Received: by 2002:a17:90b:4c4a:: with SMTP id np10mr1694513pjb.164.1643959371345; Thu, 03 Feb 2022 23:22:51 -0800 (PST) Received: from voyager.lan ([45.124.203.14]) by smtp.gmail.com with ESMTPSA id t14sm11665328pjd.6.2022.02.03.23.22.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 23:22:50 -0800 (PST) From: Joel Stanley To: Arnd Bergmann , Andrew Jeffery , Greg Kroah-Hartman , "Rafael J . Wysocki" , Robin Murphy Cc: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-aspeed@lists.ozlabs.org Subject: [PATCH v3 2/3] ARM: aspeed: Add secure boot controller support Date: Fri, 4 Feb 2022 17:52:33 +1030 Message-Id: <20220204072234.304543-3-joel@jms.id.au> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220204072234.304543-1-joel@jms.id.au> References: <20220204072234.304543-1-joel@jms.id.au> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220203_232253_386826_15741483 X-CRM114-Status: GOOD ( 16.58 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This reads out the status of the secure boot controller and exposes it in sysfs using the bootinfo sysfs api. An example on a AST2600A3 QEMU model: # grep -r . /sys/firmware/bootinfo/* /sys/firmware/bootinfo/abr_image:0 /sys/firmware/bootinfo/low_security_key:0 /sys/firmware/bootinfo/otp_protected:0 /sys/firmware/bootinfo/secure_boot:1 On boot the state of the system according to the secure boot controller will be printed: [ 0.037634] AST2600 secure boot enabled or [ 0.037935] AST2600 secure boot disabled The initialisation is changed from early_initcall to subsys_initcall because we need the firmware_kobj to be initialised, and because there's no requirement to print this information early. Signed-off-by: Joel Stanley --- v2: - Rewrite to new bootinfo api - Get rid of unused return values v3: - Drop uart_boot --- drivers/soc/aspeed/aspeed-socinfo.c | 44 ++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) diff --git a/drivers/soc/aspeed/aspeed-socinfo.c b/drivers/soc/aspeed/aspeed-socinfo.c index 1ca140356a08..e5ced9bebfa2 100644 --- a/drivers/soc/aspeed/aspeed-socinfo.c +++ b/drivers/soc/aspeed/aspeed-socinfo.c @@ -8,6 +8,7 @@ #include #include #include +#include static struct { const char *name; @@ -74,6 +75,45 @@ static const char *siliconid_to_rev(u32 siliconid) return "??"; } +/* Secure Boot Controller register */ +#define SEC_STATUS 0x14 +#define ABR_IMAGE_SOURCE BIT(13) +#define OTP_PROTECTED BIT(8) +#define LOW_SEC_KEY BIT(7) +#define SECURE_BOOT BIT(6) +#define UART_BOOT BIT(5) + +static void __init aspeed_bootinfo_init(void) +{ + struct device_node *np; + void __iomem *base; + struct bootinfo bootinfo = {}; + u32 reg; + + /* AST2600 only */ + np = of_find_compatible_node(NULL, NULL, "aspeed,ast2600-sbc"); + if (!of_device_is_available(np)) + return; + + base = of_iomap(np, 0); + if (!base) + of_node_put(np); + + reg = readl(base + SEC_STATUS); + + iounmap(base); + of_node_put(np); + + BOOTINFO_SET(bootinfo, abr_image, reg & ABR_IMAGE_SOURCE); + BOOTINFO_SET(bootinfo, low_security_key, reg & LOW_SEC_KEY); + BOOTINFO_SET(bootinfo, otp_protected, reg & OTP_PROTECTED); + BOOTINFO_SET(bootinfo, secure_boot, reg & SECURE_BOOT); + + firmware_bootinfo_init(&bootinfo); + + pr_info("AST2600 secure boot %s\n", (reg & SECURE_BOOT) ? "enabled" : "disabled"); +} + static int __init aspeed_socinfo_init(void) { struct soc_device_attribute *attrs; @@ -148,6 +188,8 @@ static int __init aspeed_socinfo_init(void) attrs->revision, attrs->soc_id); + aspeed_bootinfo_init(); + return 0; } -early_initcall(aspeed_socinfo_init); +subsys_initcall(aspeed_socinfo_init); From patchwork Fri Feb 4 07:22:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joel Stanley X-Patchwork-Id: 12734859 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id F2274C433EF for ; Fri, 4 Feb 2022 07:24:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=D2qfRACOqiGegzqZ2IgIXdvSra5KsLtIzaiWpozDVes=; b=sTWaNAFdhoYn5t +0qK1XMiu7PPyk0lNgJfKgAlERzgIuvm4krflfBUuBpLdS+lbk0LbLfhKzMzK+SK/wEO+QJdPrc0D 6yPce/2OL8Om7HnYg62Sy61A/mPLQxEGRKG3M6FN6N8FXRTWxKczzOhqDmBB93s9wSoYnxWPlDjNU q9HhmT44Dh/7OhpT+SJBIOPLBrvXPeLUIKCjQ7bS0me1/bpRHmaEMTxE2mESQvA8ur/74QjvwOM0W DLZyMPTewscwKilAa2D7BUCNmI/y6jkA8GNEJ/9+nVMRs6A8y0tmcHAPtZyvf2MOQgo5iW61+v44a iQ6KN6Q0tj8zrG9GH4rg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nFswA-003dXc-MZ; Fri, 04 Feb 2022 07:23:18 +0000 Received: from mail-pl1-x635.google.com ([2607:f8b0:4864:20::635]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nFsvo-003dSX-HO for linux-arm-kernel@lists.infradead.org; Fri, 04 Feb 2022 07:22:57 +0000 Received: by mail-pl1-x635.google.com with SMTP id x11so4411026plg.6 for ; Thu, 03 Feb 2022 23:22:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=3NAuZUPwGF81ONxppx1B9B6iTuR1QuOpDIcTSst0sx0=; b=HmUyqiwJMKWnR7xJD07p4oXeNj9NB7fxabIkBU7eUvnS7cgvXWWegTDLLCfxRsQO0L bDTv0BDUlmGtIsho04tQU1mS+fFZs0lOi4IXKWd4u4jiaFmxFO1v6Uy5ykagjn1FfFkY ooJR2M+k3Ad2jnFTbCJzpLDQLmy8ctJ0d1cZASvSOVAMPqBYsT2rx6OIq8Wo+L3yZXJf HEE14JFihc1dS7hY07KRN2s3iv0iSOkvaS4TEAAjSULEjOuf0sbT8DSwqrP2AhTpoFoP li3jYYBBInfYPeEGtJS1Y8Q88AslwT6YmvKI7otNQFTjM30Mr1y/Cw8CixxwV40SbOoD cVWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=3NAuZUPwGF81ONxppx1B9B6iTuR1QuOpDIcTSst0sx0=; b=YkjvBKRTKlOSjGCde4D8ErAxrwh4VTFU4ndj4QjAjaTv1N0J0Cfji/F5G+kMTAZ1KU vWCLBMsNtbK5W6Z5Z7LhSYrbBTq0S9iedTYPi9/r+9x6juFEBgtDJtVaCRS2ycxJfDX3 UenspNMKYRQ6PY0xyIp0qUUgMfi90SyLsMGQ+pcuD1Pcx4UCqmfFKWpaTOgEpdrSfTOf h+xSQ55UjqAusXuouV9eHEPbFLYn8I4S1lFeCPC1FW1KcR72NIl3fD6qy9/GwFrPLVpl j3PEQmMZGDFhhwCfNKclmsS1zqOW/otpbBKrA/l4DWwUsZipKc7L8WzKn3HVSUUyNeM+ KmGg== X-Gm-Message-State: AOAM5330s8CzMKT2oSkBnHHgbgB89t41a885fDr0zJukO3nyGSovWmnT q3pgY2UxSCHP72FAtFy+9+M= X-Google-Smtp-Source: ABdhPJyVz5qfJzssRkzORV9t582XmgGtNGjvXlTFsPohRi5IjyDvNmGF+qtghzsEor7vO69s2ZW/Fg== X-Received: by 2002:a17:90a:6a4e:: with SMTP id d14mr1695587pjm.177.1643959375746; Thu, 03 Feb 2022 23:22:55 -0800 (PST) Received: from voyager.lan ([45.124.203.14]) by smtp.gmail.com with ESMTPSA id t14sm11665328pjd.6.2022.02.03.23.22.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 23:22:54 -0800 (PST) From: Joel Stanley To: Arnd Bergmann , Andrew Jeffery , Greg Kroah-Hartman , "Rafael J . Wysocki" , Robin Murphy Cc: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-aspeed@lists.ozlabs.org Subject: [PATCH v3 3/3] x86/setup: Populate bootinfo with secure boot status Date: Fri, 4 Feb 2022 17:52:34 +1030 Message-Id: <20220204072234.304543-4-joel@jms.id.au> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220204072234.304543-1-joel@jms.id.au> References: <20220204072234.304543-1-joel@jms.id.au> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220203_232256_601457_96852B8A X-CRM114-Status: GOOD ( 11.43 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org bootinfo indicates to userspace that firmware is configured to boot with secure boot. Signed-off-by: Joel Stanley --- v2: new v3: no change --- arch/x86/kernel/setup.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index f7a132eb794d..b805b758478f 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -23,6 +23,7 @@ #include #include #include +#include #include @@ -1100,17 +1101,22 @@ void __init setup_arch(char **cmdline_p) setup_log_buf(1); if (efi_enabled(EFI_BOOT)) { + struct bootinfo bootinfo = {}; + switch (boot_params.secure_boot) { case efi_secureboot_mode_disabled: pr_info("Secure boot disabled\n"); + BOOTINFO_SET(bootinfo, secure_boot, false); break; case efi_secureboot_mode_enabled: pr_info("Secure boot enabled\n"); + BOOTINFO_SET(bootinfo, secure_boot, true); break; default: pr_info("Secure boot could not be determined\n"); break; } + firmware_bootinfo_init(&bootinfo); } reserve_initrd();