mirror of
https://github.com/Fishwaldo/Star64_linux.git
synced 2025-06-21 14:11:20 +00:00
s390/ipl: read IPL report at early boot
Read the IPL Report block provided by secure-boot, add the entries of the certificate list to the system key ring and print the list of components. PR: Adjust to Vasilys bootdata_preserved patch set. Preserve ipl_cert_list for later use in kexec_file. Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Philipp Rudo <prudo@linux.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
This commit is contained in:
Martin Schwidefsky
parent
d29af5b7a8
commit
9641b8cc73
10 changed files with 301 additions and 17 deletions
|
|
@ -50,6 +50,7 @@
|
|||
#include <linux/compat.h>
|
||||
#include <linux/start_kernel.h>
|
||||
|
||||
#include <asm/boot_data.h>
|
||||
#include <asm/ipl.h>
|
||||
#include <asm/facility.h>
|
||||
#include <asm/smp.h>
|
||||
|
|
@ -741,6 +742,15 @@ static void __init reserve_initrd(void)
|
|||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
* Reserve the memory area used to pass the certificate lists
|
||||
*/
|
||||
static void __init reserve_certificate_list(void)
|
||||
{
|
||||
if (ipl_cert_list_addr)
|
||||
memblock_reserve(ipl_cert_list_addr, ipl_cert_list_size);
|
||||
}
|
||||
|
||||
static void __init reserve_mem_detect_info(void)
|
||||
{
|
||||
unsigned long start, size;
|
||||
|
|
@ -1035,6 +1045,38 @@ static void __init setup_control_program_code(void)
|
|||
asm volatile("diag %0,0,0x318\n" : : "d" (diag318_info.val));
|
||||
}
|
||||
|
||||
/*
|
||||
* Print the component list from the IPL report
|
||||
*/
|
||||
static void __init log_component_list(void)
|
||||
{
|
||||
struct ipl_rb_component_entry *ptr, *end;
|
||||
char *str;
|
||||
|
||||
if (!early_ipl_comp_list_addr)
|
||||
return;
|
||||
if (ipl_block.hdr.flags & IPL_PL_FLAG_IPLSR)
|
||||
pr_info("Linux is running with Secure-IPL enabled\n");
|
||||
else
|
||||
pr_info("Linux is running with Secure-IPL disabled\n");
|
||||
ptr = (void *) early_ipl_comp_list_addr;
|
||||
end = (void *) ptr + early_ipl_comp_list_size;
|
||||
pr_info("The IPL report contains the following components:\n");
|
||||
while (ptr < end) {
|
||||
if (ptr->flags & IPL_RB_COMPONENT_FLAG_SIGNED) {
|
||||
if (ptr->flags & IPL_RB_COMPONENT_FLAG_VERIFIED)
|
||||
str = "signed, verified";
|
||||
else
|
||||
str = "signed, verification failed";
|
||||
} else {
|
||||
str = "not signed";
|
||||
}
|
||||
pr_info("%016llx - %016llx (%s)\n",
|
||||
ptr->addr, ptr->addr + ptr->len, str);
|
||||
ptr++;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Setup function called from init/main.c just after the banner
|
||||
* was printed.
|
||||
|
|
@ -1055,6 +1097,8 @@ void __init setup_arch(char **cmdline_p)
|
|||
else
|
||||
pr_info("Linux is running as a guest in 64-bit mode\n");
|
||||
|
||||
log_component_list();
|
||||
|
||||
/* Have one command line that is parsed and saved in /proc/cmdline */
|
||||
/* boot_command_line has been already set up in early.c */
|
||||
*cmdline_p = boot_command_line;
|
||||
|
|
@ -1086,6 +1130,7 @@ void __init setup_arch(char **cmdline_p)
|
|||
reserve_oldmem();
|
||||
reserve_kernel();
|
||||
reserve_initrd();
|
||||
reserve_certificate_list();
|
||||
reserve_mem_detect_info();
|
||||
memblock_allow_resize();
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue