summaryrefslogtreecommitdiff
path: root/src/libostree/ostree-bootloader-zipl.c
diff options
context:
space:
mode:
authorNikita Dubrovskii <nikita@linux.ibm.com>2022-05-23 17:28:54 +0200
committerNikita Dubrovskii <nikita@linux.ibm.com>2022-05-23 18:24:43 +0200
commitd0005698596ff3e434a3e4ddd4aea8d4c618079f (patch)
treec89c08cf228f56ca9be3485690c4a449d9681f87 /src/libostree/ostree-bootloader-zipl.c
parentfe4ca42760a34b8fbb834eaa97b4ca065a05c809 (diff)
downloadostree-d0005698596ff3e434a3e4ddd4aea8d4c618079f.tar.gz
s390x: ensure SecureExecution is enabled before sd-boot generation
Signed-off-by: Nikita Dubrovskii <nikita@linux.ibm.com>
Diffstat (limited to 'src/libostree/ostree-bootloader-zipl.c')
-rw-r--r--src/libostree/ostree-bootloader-zipl.c24
1 files changed, 18 insertions, 6 deletions
diff --git a/src/libostree/ostree-bootloader-zipl.c b/src/libostree/ostree-bootloader-zipl.c
index fe024d80..348dfe03 100644
--- a/src/libostree/ostree-bootloader-zipl.c
+++ b/src/libostree/ostree-bootloader-zipl.c
@@ -25,6 +25,7 @@
#include <sys/stat.h>
#include <string.h>
+#define SECURE_EXECUTION_SYSFS_FLAG "/sys/firmware/uv/prot_virt_guest"
#define SECURE_EXECUTION_PARTITION "/dev/disk/by-label/se"
#define SECURE_EXECUTION_MOUNTPOINT "/sysroot/se"
#define SECURE_EXECUTION_BOOT_IMAGE SECURE_EXECUTION_MOUNTPOINT "/sd-boot"
@@ -109,6 +110,14 @@ _ostree_bootloader_zipl_write_config (OstreeBootloader *bootloader,
return TRUE;
}
+static gboolean _ostree_secure_execution_is_enabled (GCancellable *cancellable) {
+ gsize len = 0;
+ g_autofree char *data = glnx_file_get_contents_utf8_at (-1, SECURE_EXECUTION_SYSFS_FLAG, &len, cancellable, NULL);
+ if (!data)
+ return FALSE;
+ return strstr (data, "1") != NULL;
+}
+
static gboolean
_ostree_secure_execution_get_keys (GPtrArray **keys,
GCancellable *cancellable,
@@ -329,12 +338,15 @@ _ostree_bootloader_zipl_post_bls_sync (OstreeBootloader *bootloader,
return TRUE;
/* Try with Secure Execution */
- g_autoptr(GPtrArray) keys = NULL;
- if (!_ostree_secure_execution_get_keys (&keys, cancellable, error))
- return FALSE;
- if (keys && keys->len)
- return _ostree_secure_execution_enable (self, bootversion, keys, cancellable, error);
-
+ if ( _ostree_secure_execution_is_enabled (cancellable) )
+ {
+ g_autoptr(GPtrArray) keys = NULL;
+ if (!_ostree_secure_execution_get_keys (&keys, cancellable, error))
+ return FALSE;
+ if (!keys || keys->len == 0)
+ return glnx_throw (error, "s390x SE: no keys");
+ return _ostree_secure_execution_enable (self, bootversion, keys, cancellable, error);
+ }
/* Fallback to non-SE setup */
const char *const zipl_argv[] = {"zipl", NULL};
int estatus;
View Lorry Controller Status