Base Support for Secure ROM verification

This change adds the basic structure needed to call and
implement a verifcation of a signed container via the
loaded/initliaized Secure ROM device.

Change-Id: Ieada4eb0b557fc556cd12647a698bbfa16aba278
RTC:64764
Reviewed-on: http://gfw160.austin.ibm.com:8080/gerrit/4958
Tested-by: Jenkins Server
Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>

1 files changed, 35 insertions, 0 deletions

diff --git a/src/include/usr/secureboot/service.H b/src/include/usr/secureboot/service.H
index a83d5d510..b640fd978 100644
--- a/src/include/usr/secureboot/service.H
+++ b/src/include/usr/secureboot/service.H
@@ -23,6 +23,10 @@
 #ifndef __SECUREBOOT_SERVICE_H
 #define __SECUREBOOT_SERVICE_H
 
+#include <errl/errlentry.H>
+
+typedef uint8_t SHA512_t[64];
+
 namespace SECUREBOOT
 {
     /** @brief Perform initialization of Secureboot for the Base image.
@@ -33,9 +37,40 @@ namespace SECUREBOOT
      */
     void* initializeBase(void* unused);
 
+    /**
+     * @brief Initialize Secure Rom by loading it into memory and
+     *        retrieving Hash Keys
+     *
+     * @return errlHndl_t  NULL on success
+     */
+    errlHndl_t initializeSecureROM(void);
+
+
     /** @brief Determines if Secureboot is enabled.
      */
     bool enabled();
+
+    /**
+     * @brief Verify Signed Container
+     *
+     * @param[in] i_container  Void pointer to effective address of container
+     * @param[in] i_size       Size of container in bytes
+     *
+     * @return errlHndl_t  NULL on success
+     */
+    errlHndl_t verifyContainer(void * i_container, size_t i_size);
+
+    /**
+     * @brief Hash Signed Blob
+     *
+     * @param[in]  i_blob    Void pointer to effective address of blob
+     * @param[in]  i_size    Size of blob in bytes
+     * @param[out] o_hash    SHA512 hash
+     *
+     * @return errlHndl_t  NULL on success
+     */
+    errlHndl_t hashBlob(void * i_blob, size_t i_size, SHA512_t o_buf);
+
 }
 
 #endif