From 07d75753d59419ea6ba9ee3bd930e0aa8e7e7fd5 Mon Sep 17 00:00:00 2001
From: Nick Bofferding <bofferdn@us.ibm.com>
Date: Fri, 20 Oct 2017 21:13:34 -0500
Subject: Secure Boot: Enforce PNOR section component IDs

- In secure mode, bootloader will enforce that HBB component ID is set
- In secure mode, Hostboot will enforce that PNOR component IDs are set

Change-Id: I04f3bbc45417b3229003c56e1083e1fc31c01cd7
RTC: 179422
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/48711
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
---
 src/include/bootloader/bootloader_trace.H | 6 ++++++
 src/include/bootloader/hbblreasoncodes.H  | 1 +
 2 files changed, 7 insertions(+)

(limited to 'src/include/bootloader')

diff --git a/src/include/bootloader/bootloader_trace.H b/src/include/bootloader/bootloader_trace.H
index 129b9a303..3b3fa262a 100644
--- a/src/include/bootloader/bootloader_trace.H
+++ b/src/include/bootloader/bootloader_trace.H
@@ -77,6 +77,12 @@ enum BootloaderTraces
     /** Bootloader main verifyContainer skip verification - SAB unset */
     BTLDR_TRC_MAIN_VERIFY_SAB_UNSET          = 0x19,
 
+    /** Bootloader main verifyComponent succeeded */
+    BTLDR_TRC_COMP_ID_VERIFY_SUCCESS         = 0x1A,
+
+    /** Bootloader main verifyComponent failed */
+    BTLDR_TRC_COMP_ID_VERIFY_FAILED          = 0x1B,
+
     /** Bootloader handleMMIO started */
     BTLDR_TRC_HANDLEMMIO_START               = 0x20,
 
diff --git a/src/include/bootloader/hbblreasoncodes.H b/src/include/bootloader/hbblreasoncodes.H
index 392b7e4b3..1a4dbc98f 100644
--- a/src/include/bootloader/hbblreasoncodes.H
+++ b/src/include/bootloader/hbblreasoncodes.H
@@ -49,6 +49,7 @@ namespace Bootloader
         MOD_PNORACC_GETHBBSECT           = 0x04, /**< bl_pnorAccess.C : get HBB sect */
         MOD_BOOTLOADER_VERIFY            = 0x05, /**< bootloader.C : verifyContainer */
         MOD_BOOTLOADER_ASSERT            = 0x06, /**< bootloader.H assert */
+        MOD_BOOTLOADER_VERIFY_COMP_ID    = 0x07, /**< bootloader.C : verifyComponent */
     };
 
 /**
-- 
cgit v1.2.3