On Wed, 2020-07-15 at 07:52 -0400, Nayna Jain wrote: > The device-tree property to check secure and trusted boot state is > different for guests(pseries) compared to baremetal(powernv). > > This patch updates the existing is_ppc_secureboot_enabled() and > is_ppc_trustedboot_enabled() functions to add support for pseries. > > The secureboot and trustedboot state are exposed via device-tree property: > /proc/device-tree/ibm,secure-boot and /proc/device-tree/ibm,trusted-boot > > The values of ibm,secure-boot under pseries are interpreted as: > > 0 - Disabled > 1 - Enabled in Log-only mode. This patch interprets this value as > disabled, since audit mode is currently not supported for Linux. > 2 - Enabled and enforced. > 3-9 - Enabled and enforcing; requirements are at the discretion of the > operating system. > > The values of ibm,trusted-boot under pseries are interpreted as: > 0 - Disabled > 1 - Enabled > > Signed-off-by: Nayna Jain <na...@linux.ibm.com> > Reviewed-by: Daniel Axtens <d...@axtens.net>
Thanks for updating the patch description. Reviewed-by: Mimi Zohar <zo...@linux.ibm.com>
