Merge: Updates for powerpc security when system booted in secure boot mode

MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-10/-/merge_requests/32

Description: powerpc: security: Lock down the kernel if booted in secure boot mode

JIRA: https://issues.redhat.com/browse/RHEL-57024

Upstream Status: RHEL only

Signed-off-by: Mamatha Inamdar <minamdar@redhat.com>

Approved-by: Steve Best <sbest@redhat.com>
Approved-by: Tony Camuso <tcamuso@redhat.com>
Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com>

Merged-by: Jan Stancek <jstancek@redhat.com>

Author: jstancek

arch/powerpc/kernel/setup-common.c

@@ -35,6 +35,8 @@
 #include <linux/of_irq.h>
 #include <linux/hugetlb.h>
 #include <linux/pgtable.h>
+#include <linux/security.h>
+#include <asm/secure_boot.h>
 #include <asm/io.h>
 #include <asm/paca.h>
 #include <asm/processor.h>
@@ -921,7 +923,13 @@ void __init setup_arch(char **cmdline_p)
 	 * just cputable (on ppc32).
 	 */
 	initialize_cache_info();
-
+	/*
+	 * Lock down the kernel if booted in secure mode. This is required to
+	 * maintain kernel integrity.
+	 */
+	if(is_ppc_secureboot_enabled())
+		security_lock_kernel_down("Power secure boot", LOCKDOWN_INTEGRITY_MAX);
+	
 	/* Initialize RTAS if available. */
 	rtas_initialize();