1
2
3
4
5
6#include <linux/types.h>
7#include <linux/of.h>
8#include <asm/secure_boot.h>
9
10static struct device_node *get_ppc_fw_sb_node(void)
11{
12 static const struct of_device_id ids[] = {
13 { .compatible = "ibm,secureboot", },
14 { .compatible = "ibm,secureboot-v1", },
15 { .compatible = "ibm,secureboot-v2", },
16 {},
17 };
18
19 return of_find_matching_node(NULL, ids);
20}
21
22bool is_ppc_secureboot_enabled(void)
23{
24 struct device_node *node;
25 bool enabled = false;
26 u32 secureboot;
27
28 node = get_ppc_fw_sb_node();
29 enabled = of_property_read_bool(node, "os-secureboot-enforcing");
30 of_node_put(node);
31
32 if (enabled)
33 goto out;
34
35 if (!of_property_read_u32(of_root, "ibm,secure-boot", &secureboot))
36 enabled = (secureboot > 1);
37
38out:
39 pr_info("Secure boot mode %s\n", enabled ? "enabled" : "disabled");
40
41 return enabled;
42}
43
44bool is_ppc_trustedboot_enabled(void)
45{
46 struct device_node *node;
47 bool enabled = false;
48 u32 trustedboot;
49
50 node = get_ppc_fw_sb_node();
51 enabled = of_property_read_bool(node, "trusted-enabled");
52 of_node_put(node);
53
54 if (enabled)
55 goto out;
56
57 if (!of_property_read_u32(of_root, "ibm,trusted-boot", &trustedboot))
58 enabled = (trustedboot > 0);
59
60out:
61 pr_info("Trusted boot mode %s\n", enabled ? "enabled" : "disabled");
62
63 return enabled;
64}
65
