[SRU][F:linux-bluefield][PATCH v1 1/2] UBUNTU: SAUCE: mlx-bootctl: Check secure boot development mode status bit

Shravan Kumar Ramani shravankr at nvidia.com
Fri Oct 22 09:46:36 UTC 2021 

BugLink: https://bugs.launchpad.net/bugs/1948434

If secure boot is enabled with the development keys, then print
it to the output buffer when lifecycle_state_show() is invoked.

Signed-off-by: Shravan Kumar Ramani <shravankr at nvidia.com>
---
 drivers/platform/mellanox/mlx-bootctl.c | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/drivers/platform/mellanox/mlx-bootctl.c b/drivers/platform/mellanox/mlx-bootctl.c
index 65b67b9de1d9..6eda75146a7c 100644
--- a/drivers/platform/mellanox/mlx-bootctl.c
+++ b/drivers/platform/mellanox/mlx-bootctl.c
@@ -30,6 +30,7 @@
 
 #define SB_MODE_SECURE_MASK	0x03
 #define SB_MODE_TEST_MASK	0x0c
+#define SB_MODE_DEV_MASK	0x10
 
 #define SB_KEY_NUM		4
 
@@ -47,11 +48,18 @@ static struct boot_name boot_names[] = {
 	{ -1,				""		}
 };
 
+enum {
+	SB_LIFECYCLE_PRODUCTION = 0,
+	SB_LIFECYCLE_GA_SECURE = 1,
+	SB_LIFECYCLE_GA_NON_SECURE = 2,
+	SB_LIFECYCLE_RMA = 3
+};
+
 static char lifecycle_states[][16] = {
-	[0] = "Production",
-	[1] = "GA Secured",
-	[2] = "GA Non-Secured",
-	[3] = "RMA",
+	[SB_LIFECYCLE_PRODUCTION] = "Production",
+	[SB_LIFECYCLE_GA_SECURE] = "GA Secured",
+	[SB_LIFECYCLE_GA_NON_SECURE] = "GA Non-Secured",
+	[SB_LIFECYCLE_RMA] = "RMA",
 };
 
 /* ctl/data register within the resource. */
@@ -225,7 +233,10 @@ static ssize_t lifecycle_state_show(struct device_driver *drv,
 	if (lc_state < 0)
 		return -EINVAL;
 
-	lc_state &= (SB_MODE_TEST_MASK | SB_MODE_SECURE_MASK);
+	lc_state &= (SB_MODE_TEST_MASK |
+		     SB_MODE_SECURE_MASK |
+		     SB_MODE_DEV_MASK);
+
 	/*
 	 * If the test bits are set, we specify that the current state may be
 	 * due to using the test bits.
@@ -236,6 +247,9 @@ static ssize_t lifecycle_state_show(struct device_driver *drv,
 
 		return snprintf(buf, PAGE_SIZE, "%s(test)\n",
 				lifecycle_states[lc_state]);
+	} else if ((lc_state & SB_MODE_SECURE_MASK) == SB_LIFECYCLE_GA_SECURE
+		   && (lc_state & SB_MODE_DEV_MASK)) {
+		return snprintf(buf, PAGE_SIZE, "Secured (development)\n");
 	}
 
 	return snprintf(buf, PAGE_SIZE, "%s\n", lifecycle_states[lc_state]);
-- 
2.30.1

More information about the kernel-team mailing list