diff options
Diffstat (limited to 'src/bootloader')
| -rw-r--r-- | src/bootloader/bl_start.S | 6 | ||||
| -rw-r--r-- | src/bootloader/bootloader.C | 77 | ||||
| -rw-r--r-- | src/bootloader/makefile | 4 |
3 files changed, 51 insertions, 36 deletions
diff --git a/src/bootloader/bl_start.S b/src/bootloader/bl_start.S index 99843a1eb..4af665523 100644 --- a/src/bootloader/bl_start.S +++ b/src/bootloader/bl_start.S @@ -31,7 +31,6 @@ .set SBE_HB_PNORSIZEMB, sbe_hb_structures+6 ;// uint16_t .set SBE_HB_BLLOADSIZE, sbe_hb_structures+8 ;// uint64_t .set HBBL_BASE_ADDRESS, base_load_address -.set HBBL_END_EYECATCHER, 0x4842424C656E6400 ;// 'HBBLend.' .set HBBL_END_ADDRESS, end_load_address .set HBBL_system_reset, 0x100 .set HBBL_machine_check, 0x200 @@ -423,11 +422,6 @@ bootloader_hbbSection: hbi_ImageId: .space 128 - .balign 16 -.global bootloader_end_eyecatcher -bootloader_end_eyecatcher: - .quad HBBL_END_EYECATCHER - .global bootloader_end_address bootloader_end_address: .quad HBBL_END_ADDRESS diff --git a/src/bootloader/bootloader.C b/src/bootloader/bootloader.C index e1386189d..4d764cd04 100644 --- a/src/bootloader/bootloader.C +++ b/src/bootloader/bootloader.C @@ -69,7 +69,6 @@ namespace Bootloader{ sizeof(sha2_hash_t)); } - // @TODO RTC:167740 remove magic number check once fsp/op signs HBB /** * @brief Memcmp a vaddr to the known secureboot magic number * @@ -97,24 +96,48 @@ namespace Bootloader{ const sha2_hash_t* i_hwKeyHash) { #ifdef CONFIG_SECUREBOOT - // @TODO RTC:167740 remove magic number check once fsp/op signs HBB - if (cmpSecurebootMagicNumber(reinterpret_cast<const uint8_t*> - (i_pContainer))) + BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_START); + + uint64_t l_rc = 0; + + // @TODO RTC:166848 Move find/get secure rom logic out of ROM verify + // Find secure ROM addr + // Get starting address of ROM size and code which is the next 8 byte + // aligned address after the bootloader end. + // [hbbl][pad:8:if-applicable][securerom-size:8][securerom] + const void* l_pBootloaderEnd = &bootloader_end_address; + uint64_t l_bootloaderSize = 0; + memcpy (&l_bootloaderSize, l_pBootloaderEnd, sizeof(l_bootloaderSize)); + uint64_t l_rom_startAddr = getHRMOR() + ALIGN_8(l_bootloaderSize); + // Get Rom Size + // @TODO RTC:166848 Store size so hb can use + uint64_t l_secureRomSize = 0; + memcpy (&l_secureRomSize, reinterpret_cast<void*>(l_rom_startAddr), + sizeof(l_secureRomSize)); + l_rom_startAddr += sizeof(l_secureRomSize); + + // Beginning of SecureROM has a info structure + // Get Secure ROM info + const auto l_pSecRomInfo = reinterpret_cast<SecureRomInfo*>( + l_rom_startAddr); + + // # @TODO RTC:170136 terminate in this case + // Ensure SecureRom is actually present + if ( !secureRomInfoValid(l_pSecRomInfo) ) + { + BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_NO_EYECATCH); + } + // # @TODO RTC:170136 terminate in this case + else if ( !cmpSecurebootMagicNumber(reinterpret_cast<const uint8_t*> + (i_pContainer))) + { + BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_NO_MAGIC_NUM); + } + else { - BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_HBB_START); - - uint64_t l_rc = 0; - - const void * l_pBootloaderEnd = &bootloader_end_address; - - // Get starting address of ROM code which is the next 8 byte aligned - // address after the bootloader end. - uint64_t l_size = 0; - memcpy (&l_size, l_pBootloaderEnd, sizeof(l_size)); - uint64_t l_rom_startAddr = getHRMOR() + ALIGN_8(l_size); - // Set startAddr to ROM_verify() function at an offset of Secure ROM uint64_t l_rom_verify_startAddr = l_rom_startAddr + + l_pSecRomInfo->branchtableOffset + ROM_VERIFY_FUNCTION_OFFSET; // Declare local input struct @@ -128,18 +151,17 @@ namespace Bootloader{ // Use current hw hash key memcpy (&l_hw_parms.hw_key_hash, i_hwKeyHash, sizeof(sha2_hash_t)); - const ROM_container_raw* l_container = - reinterpret_cast<const ROM_container_raw*>(i_pContainer); + const auto l_container = reinterpret_cast<const ROM_container_raw*> + (i_pContainer); l_rc = call_rom_verify(reinterpret_cast<void*> (l_rom_verify_startAddr), l_container, &l_hw_parms); - if (l_rc != 0) { // Verification of Container failed. - BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_HBB_FAIL); + BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_FAIL); /*@ * @errortype * @moduleid MOD_BOOTLOADER_VERIFY @@ -156,11 +178,7 @@ namespace Bootloader{ } - BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_HBB_SUCCESS); - } - else - { - BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_HBB_SKIP); + BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_SUCCESS); } #endif } @@ -260,10 +278,11 @@ namespace Bootloader{ verifyContainer(l_src_addr, &l_hwKeyHash); // Increment past secure header -#ifdef CONFIG_SECUREBOOT - l_src_addr += PAGE_SIZE/sizeof(uint64_t); - l_hbbLength -= PAGE_SIZE; -#endif + if (isSecureSection(PNOR::HB_BASE_CODE)) + { + l_src_addr += PAGE_SIZE/sizeof(uint64_t); + l_hbbLength -= PAGE_SIZE; + } // Copy HBB image into address where it executes for(uint32_t i = 0; diff --git a/src/bootloader/makefile b/src/bootloader/makefile index 598236b79..ee1688774 100644 --- a/src/bootloader/makefile +++ b/src/bootloader/makefile @@ -5,7 +5,7 @@ # # OpenPOWER HostBoot Project # -# Contributors Listed Below - COPYRIGHT 2015,2016 +# Contributors Listed Below - COPYRIGHT 2015,2017 # [+] International Business Machines Corp. # # @@ -30,6 +30,8 @@ EXTRAINCDIR += ${ROOTPATH}/src/include/usr/ EXTRAINCDIR += ${ROOTPATH}/src/include/usr/pnor/ EXTRAINCDIR += ${ROOTPATH}/src/include/usr/lpc/ +COMMONFLAGS += -DBOOTLOADER + OBJS += bl_start.o OBJS += bootloader.o OBJS += bl_pnorAccess.o |
