diff options
| author | Nick Bofferding <bofferdn@us.ibm.com> | 2017-09-13 20:32:31 -0500 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-09-21 12:31:26 -0400 |
| commit | 229ad66260fe34db94acaae5128d61f05951f218 (patch) | |
| tree | b78af25aad99627c0fe38bc9e483a7c0aa33f162 /src/include | |
| parent | ce2eb298ea1c4fb5e68674eb4d76ba0e06920cbc (diff) | |
| download | blackbird-hostboot-229ad66260fe34db94acaae5128d61f05951f218.tar.gz blackbird-hostboot-229ad66260fe34db94acaae5128d61f05951f218.zip | |
Secure Boot: Support reading component ID from container's SW header
- Repurposed container SW header reserved field for component ID
- Parse component ID when reading container header
- Implement user API to read component ID
Change-Id: I005f0e1cb20d4022333d05bfe86d88bf706f60de
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/46173
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/securerom/ROM.H | 38 | ||||
| -rw-r--r-- | src/include/usr/secureboot/containerheader.H | 16 |
2 files changed, 49 insertions, 5 deletions
diff --git a/src/include/securerom/ROM.H b/src/include/securerom/ROM.H index efd90b970..7ff73bf5b 100644 --- a/src/include/securerom/ROM.H +++ b/src/include/securerom/ROM.H @@ -32,10 +32,38 @@ #include <string.h> #include <array> -#define CONTAINER_VERSION 1 -#define HEADER_VERSION 1 -#define HASH_ALG_SHA512 1 -#define SIG_ALG_ECDSA521 1 +/** + * @brief Indicates container header section versions + */ +enum CONTAINER_SECTION_VERSION : uint16_t +{ + CONTAINER_VERSION = 0x0001, + HEADER_VERSION = 0x0001, +}; + +/** + * @brief Indicates sizes of container header fields + */ +enum CONTAINER_FIELD_SIZE : size_t +{ + SW_HDR_COMP_ID_SIZE_BYTES = 8, +}; + +/** + * @brief Unique identifer for the hash algorithm to use + */ +enum ROM_HASH_ALGORITHM : uint8_t +{ + HASH_ALG_SHA512 = 0x01, +}; + +/** + * @brief Unique identifier for the signature algorithm to use + */ +enum ROM_SIGNATURE_ALGORITHM : uint8_t +{ + SIG_ALG_ECDSA521 = 0x01, +}; typedef struct { @@ -92,7 +120,7 @@ typedef struct { ROM_version_raw ver_alg; uint64_t code_start_offset; - uint64_t reserved; + char component_id[SW_HDR_COMP_ID_SIZE_BYTES]; uint32_t flags; uint8_t reserved_0; uint64_t payload_size; diff --git a/src/include/usr/secureboot/containerheader.H b/src/include/usr/secureboot/containerheader.H index 5a554f0fc..49ecc9223 100644 --- a/src/include/usr/secureboot/containerheader.H +++ b/src/include/usr/secureboot/containerheader.H @@ -58,6 +58,7 @@ class ContainerHeader iv_pHdrStart = reinterpret_cast<const uint8_t*>(i_header); memset(&iv_headerInfo, 0x00, sizeof(iv_headerInfo)); memset(iv_hwKeyHash, 0, sizeof(SHA512_t)); + memset(iv_componentId,0x00,sizeof(iv_componentId)); parse_header(i_header); }; @@ -142,6 +143,14 @@ class ContainerHeader */ bool isValid() const; + /** + * @brief Returns the container's component ID as an invariant + * character string, or an empty string if none provided. + * + * @return const char* Component ID string + */ + const char* componentId() const; + private: /** * @brief Default Constructor in private to prevent being instantiated @@ -161,6 +170,13 @@ class ContainerHeader ROM_sw_sig_raw sw_sig; }; + /** + * @brief Container's component ID (one byte larger than associated + * container header field to allow for a NULL terminator) + */ + char iv_componentId[ sizeof(ROM_sw_header_raw::component_id) + + sizeof(uint8_t) ]; + // Entire cached container header content SecureHeaderInfo iv_headerInfo; |
