1 files changed, 39 insertions, 0 deletions
diff --git a/roms/skiboot/libstb/secureboot.h b/roms/skiboot/libstb/secureboot.h
new file mode 100644
index 000000000..74e93c84a
--- /dev/null
+++ b/roms/skiboot/libstb/secureboot.h
@@ -0,0 +1,39 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+/* Copyright 2013-2017 IBM Corp. */
+
+#ifndef __SECUREBOOT_H
+#define __SECUREBOOT_H
+
+#include <platform.h>
+#include <device.h>
+#include "container.h"
+#include "cvc.h"
+
+enum secureboot_version {
+	IBM_SECUREBOOT_V1,
+	IBM_SECUREBOOT_SOFTROM,
+	IBM_SECUREBOOT_V2,
+};
+
+void secureboot_enforce(void);
+bool secureboot_is_compatible(struct dt_node *node, int *version, const char **compat);
+void secureboot_init(void);
+bool is_fw_secureboot(void);
+
+/**
+ * secureboot_verify - verify a PNOR partition content
+ * @id   : PNOR partition id
+ * @buf  : PNOR partition content to be verified
+ * @len  : @buf length
+ *
+ * This verifies the integrity and authenticity of @buf downloaded from PNOR if
+ * secure mode is on. The verification is done by the Container Verification
+ * Code (CVC) flashed in ROM.
+ *
+ * For more information refer to 'doc/stb.rst'
+ *
+ * returns: 0 otherwise the boot process is aborted
+ */
+int secureboot_verify(enum resource_id id, void *buf, size_t len);
+
+#endif /* __SECUREBOOT_H */