diff options
author | Nick Bofferding <bofferdn@us.ibm.com> | 2017-07-24 12:05:02 -0500 |
---|---|---|
committer | Nick Bofferding <bofferdn@us.ibm.com> | 2017-08-09 17:09:47 -0500 |
commit | d5c31a5c9332538ceddea4be73781c345c55f31d (patch) | |
tree | df881d6a46855049d7a49818d2af3a2e5bfd8238 | |
parent | 1f584629255276586149a6cfe65e4680f99dd773 (diff) | |
download | pnor-d5c31a5c9332538ceddea4be73781c345c55f31d.tar.gz pnor-d5c31a5c9332538ceddea4be73781c345c55f31d.zip |
Secure Boot: Support secure signing
- Added SBKT partition to 128 MB PNOR layout
- Added SBKT partition to 64 MB PNOR layout
- Removed 32 MB PNOR layout
- Adjusted HBBL size to account for new header to 128/64 MB PNOR layouts
- Removed reprovision tag from IMA partitions
- Added Secure Boot cryptographic algorithms + HW keys' hash to bootloader
- Supported general development signing of most eligible p9 binaries
-rwxr-xr-x | create_pnor_image.pl | 1 | ||||
-rw-r--r-- | p9Layouts/defaultPnorLayout_128.xml | 54 | ||||
-rw-r--r-- | p9Layouts/defaultPnorLayout_32.xml | 321 | ||||
-rw-r--r-- | p9Layouts/defaultPnorLayout_64.xml | 54 | ||||
-rwxr-xr-x | update_image.pl | 492 |
5 files changed, 408 insertions, 514 deletions
diff --git a/create_pnor_image.pl b/create_pnor_image.pl index 9048d8d..2cf220c 100755 --- a/create_pnor_image.pl +++ b/create_pnor_image.pl @@ -150,6 +150,7 @@ if ($release eq "p8"){ $build_pnor_command .= " --binFile_SBEC $scratch_dir/$sbec_binary_filename"; $build_pnor_command .= " --binFile_WINK $scratch_dir/$wink_binary_filename"; } else { + $build_pnor_command .= " --binFile_SBKT $scratch_dir/SBKT.bin"; $build_pnor_command .= " --binFile_HCODE $scratch_dir/$wink_binary_filename"; $build_pnor_command .= " --binFile_HBBL $scratch_dir/hbbl.bin.ecc"; $build_pnor_command .= " --binFile_RINGOVD $scratch_dir/ringOvd.bin"; diff --git a/p9Layouts/defaultPnorLayout_128.xml b/p9Layouts/defaultPnorLayout_128.xml index 15a0fba..6cdd5df 100644 --- a/p9Layouts/defaultPnorLayout_128.xml +++ b/p9Layouts/defaultPnorLayout_128.xml @@ -142,7 +142,7 @@ Layout Description <reprovision/> </section> <section> - <description>Hostboot Base (576K)</description> + <description>Hostboot Base (1M)</description> <eyeCatch>HBB</eyeCatch> <physicalOffset>0x205000</physicalOffset> <physicalRegionSize>0x100000</physicalRegionSize> @@ -155,8 +155,8 @@ Layout Description <eyeCatch>HBD</eyeCatch> <physicalOffset>0x305000</physicalOffset> <physicalRegionSize>0x120000</physicalRegionSize> - <sha512Version/> <side>A</side> + <sha512Version/> <ecc/> </section> <section> @@ -164,8 +164,8 @@ Layout Description <eyeCatch>HBI</eyeCatch> <physicalOffset>0x425000</physicalOffset> <physicalRegionSize>0xC60000</physicalRegionSize> - <sha512Version/> <side>A</side> + <sha512Version/> <ecc/> </section> <section> @@ -173,8 +173,9 @@ Layout Description <eyeCatch>SBE</eyeCatch> <physicalOffset>0x1085000</physicalOffset> <physicalRegionSize>0x82000</physicalRegionSize> - <sha512perEC/> <side>A</side> + <sha512Version/> + <sha512perEC/> <ecc/> </section> <section> @@ -191,8 +192,8 @@ Layout Description <eyeCatch>HBRT</eyeCatch> <physicalOffset>0x1227000</physicalOffset> <physicalRegionSize>0x480000</physicalRegionSize> - <sha512Version/> <side>A</side> + <sha512Version/> <ecc/> </section> <section> @@ -201,6 +202,7 @@ Layout Description <physicalOffset>0x16A7000</physicalOffset> <physicalRegionSize>0x100000</physicalRegionSize> <side>A</side> + <sha512Version/> </section> <section> <description>Bootloader Kernel (15MB)</description> @@ -208,6 +210,7 @@ Layout Description <physicalOffset>0x17A7000</physicalOffset> <physicalRegionSize>0xF00000</physicalRegionSize> <side>A</side> + <sha512Version/> </section> <section> <description>OCC Lid (1.125M)</description> @@ -215,6 +218,7 @@ Layout Description <physicalOffset>0x26A7000</physicalOffset> <physicalRegionSize>0x120000</physicalRegionSize> <side>A</side> + <sha512Version/> <ecc/> </section> <section> @@ -232,6 +236,7 @@ Layout Description <physicalOffset>0x27CA000</physicalOffset> <physicalRegionSize>0x24000</physicalRegionSize> <side>A</side> + <sha512Version/> <ecc/> </section> <section> @@ -243,17 +248,20 @@ Layout Description <reprovision/> </section> <section> - <description>Hostboot Bootloader (22.5K)</description> + <description>Hostboot Bootloader (28K)</description> <eyeCatch>HBBL</eyeCatch> <physicalOffset>0x27F7000</physicalOffset> - <physicalRegionSize>0x6000</physicalRegionSize> + <!-- Physical Size includes Header rounded to ECC valid size --> + <!-- Max size of actual HBBL content is 20K and 22.5K with ECC --> + <physicalRegionSize>0x7000</physicalRegionSize> <side>sideless</side> + <sha512Version/> <ecc/> </section> <section> <description>Temporary Attribute Override (32K)</description> <eyeCatch>ATTR_TMP</eyeCatch> - <physicalOffset>0x27FD000</physicalOffset> + <physicalOffset>0x27FE000</physicalOffset> <physicalRegionSize>0x8000</physicalRegionSize> <side>A</side> <reprovision/> @@ -261,7 +269,7 @@ Layout Description <section> <description>Permanent Attribute Override (32K)</description> <eyeCatch>ATTR_PERM</eyeCatch> - <physicalOffset>0x2805000</physicalOffset> + <physicalOffset>0x2806000</physicalOffset> <physicalRegionSize>0x8000</physicalRegionSize> <side>A</side> <ecc/> @@ -270,23 +278,22 @@ Layout Description <section> <description>PNOR Version (4K)</description> <eyeCatch>VERSION</eyeCatch> - <physicalOffset>0x280D000</physicalOffset> + <physicalOffset>0x280E000</physicalOffset> <physicalRegionSize>0x1000</physicalRegionSize> <side>A</side> </section> <section> <description>IMA Catalog (256K)</description> <eyeCatch>IMA_CATALOG</eyeCatch> - <physicalOffset>0x280E000</physicalOffset> + <physicalOffset>0x280F000</physicalOffset> <physicalRegionSize>0x40000</physicalRegionSize> <side>A</side> <ecc/> - <reprovision/> </section> <section> <description>Ref Image Ring Overrides (128K)</description> <eyeCatch>RINGOVD</eyeCatch> - <physicalOffset>0x284E000</physicalOffset> + <physicalOffset>0x284F000</physicalOffset> <physicalRegionSize>0x20000</physicalRegionSize> <side>A</side> </section> @@ -295,26 +302,37 @@ Layout Description <!-- We need 266KB per module sort, going to support 10 sorts by default, plus ECC --> <eyeCatch>WOFDATA</eyeCatch> - <physicalOffset>0x286E000</physicalOffset> + <physicalOffset>0x286F000</physicalOffset> <physicalRegionSize>0x300000</physicalRegionSize> <side>A</side> + <sha512Version/> <ecc/> </section> <section> <description>Hostboot deconfig area (64KB)</description> <eyeCatch>HB_VOLATILE</eyeCatch> - <physicalOffset>0x2B6E000</physicalOffset> + <physicalOffset>0x2B6F000</physicalOffset> <physicalRegionSize>0x5000</physicalRegionSize> <side>A</side> <ecc/> <volatile/> </section> <section> - <description>MEMD extra data (24K)</description> + <description>MEMD extra data (28K)</description> <eyeCatch>MEMD</eyeCatch> - <physicalOffset>0x2B73000</physicalOffset> - <physicalRegionSize>0x6000</physicalRegionSize> + <physicalOffset>0x2B74000</physicalOffset> + <physicalRegionSize>0x7000</physicalRegionSize> <side>A</side> + <sha512Version/> + <ecc/> + </section> + <section> + <description>SecureBoot Key Transition Partition (16K)</description> + <eyeCatch>SBKT</eyeCatch> + <physicalOffset>0x2B7B000</physicalOffset> + <physicalRegionSize>0x4000</physicalRegionSize> + <side>A</side> + <sha512Version/> <ecc/> </section> </pnor> diff --git a/p9Layouts/defaultPnorLayout_32.xml b/p9Layouts/defaultPnorLayout_32.xml deleted file mode 100644 index 899e965..0000000 --- a/p9Layouts/defaultPnorLayout_32.xml +++ /dev/null @@ -1,321 +0,0 @@ -<!-- IBM_PROLOG_BEGIN_TAG --> -<!-- This is an automatically generated prolog. --> -<!-- --> -<!-- $Source: pnor/p9Layouts/defaultPnorLayout_32.xml $ --> -<!-- --> -<!-- OpenPOWER HostBoot Project --> -<!-- --> -<!-- COPYRIGHT International Business Machines Corp. 2013,2014 --> -<!-- --> -<!-- Licensed under the Apache License, Version 2.0 (the "License"); --> -<!-- you may not use this file except in compliance with the License. --> -<!-- You may obtain a copy of the License at --> -<!-- --> -<!-- http://www.apache.org/licenses/LICENSE-2.0 --> -<!-- --> -<!-- Unless required by applicable law or agreed to in writing, software --> -<!-- distributed under the License is distributed on an "AS IS" BASIS, --> -<!-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or --> -<!-- implied. See the License for the specific language governing --> -<!-- permissions and limitations under the License. --> -<!-- --> -<!-- IBM_PROLOG_END_TAG --> -<!-- -Layout Description -<metadata> Element -> Contains high-level information about the PNOR layout. - <chipSize> -> Size of the chip that the pnor image will reside on - <imageSize> -> Size of PNOR image in bytes. - <blockSize> -> size of erase blocks in bytes. - <tocSize> -> size of each partition table - <!- TODO:RTC:123734 - remove side offsets once hwsv implements new layout -> - <sideAOffset> -> Location of Side A Partition Table - <sideBOffset> -> Location of Side B Partition Table - <side> -> Contains information about the side - <id> -> Id of the side (A or B) - <arrangement> -> Tag that specifies the arrangement of the side - (A-B-D or A-D-B) - A-B-D: Primary TOC (A),Backup TOC (B), and Section Information (Data - D) - A-D-B: Primary TOC (A), Section Information (Data - D), Backup TOC (B) - <golden/> -> Indicates that the side of the PNOR is golden -</metadata> -<section> Element -> Contains information about a PNOR Partition - <description> -> Text description of the partition. - Does not have to be machine readable. - <eyeCatch> -> Name of the Partition - <physicalOffset>-> Offset of the Partition in PNOR - in bytes. - <physicalSize> -> Size of the Partition in bytes. - <side> -> Side that this section is associated with. - could be (A, B, or sideless) - A - Section is associated with side A - B - Section is associated with side B - sideless - Indicates partition will be in both TOCs but - only one copy of the partition should be created - <testonly/> -> Indicates partition is used for internal testing only. - Partition should be skipped in production environments. - <ecc/> -> Indicates Partition should be ECC protected - <sha512Version/>-> Indicates Partition uses SHA512 for version information. - <sha512perEC/> -> Indicates SHA512 is used to indicate version for each - EC-specific image within the Partition. - <preserved/> -> Indicates Partition is preserved across code updates. - <volatile/> -> Indicates Partition is not preserved across power offs, - but is across reboots. BMC will clear on power off/on -</section> ---> - -<pnor> - <metadata> - <imageSize>0x2000000</imageSize> - <chipSize>0x2000000</chipSize> - <blockSize>0x1000</blockSize> - <tocSize>0x8000</tocSize> - <arrangement>A-D-B</arrangement> - <side> - <id>A</id> - </side> - </metadata> - <section> - <description>Hostboot Base (576K)</description> - <eyeCatch>HBB</eyeCatch> - <physicalOffset>0x8000</physicalOffset> - <physicalRegionSize>0x90000</physicalRegionSize> - <side>A</side> - <sha512Version/> - <ecc/> - </section> - <section> - <description>Hostboot Error Logs (144K)</description> - <eyeCatch>HBEL</eyeCatch> - <physicalOffset>0x98000</physicalOffset> - <physicalRegionSize>0x24000</physicalRegionSize> - <side>A</side> - <ecc/> - <reprovision/> - </section> - <section> - <description>Guard Data (20K)</description> - <eyeCatch>GUARD</eyeCatch> - <physicalOffset>0xBC000</physicalOffset> - <physicalRegionSize>0x5000</physicalRegionSize> - <side>A</side> - <ecc/> - <preserved/> - <reprovision/> - </section> - <section> - <description>Hostboot Data (1.125M)</description> - <eyeCatch>HBD</eyeCatch> - <physicalOffset>0xC1000</physicalOffset> - <physicalRegionSize>0x120000</physicalRegionSize> - <sha512Version/> - <side>A</side> - <ecc/> - </section> - <section> - <description>DIMM JEDEC (288K)</description> - <eyeCatch>DJVPD</eyeCatch> - <!--NOTE: MUST update standalone.simics if offset changes --> - <physicalOffset>0x1E1000</physicalOffset> - <physicalRegionSize>0x48000</physicalRegionSize> - <side>A</side> - <ecc/> - <reprovision/> - </section> - <section> - <description>Module VPD (576K)</description> - <eyeCatch>MVPD</eyeCatch> - <!--NOTE: MUST update standalone.simics if offset changes --> - <physicalOffset>0x229000</physicalOffset> - <physicalRegionSize>0x90000</physicalRegionSize> - <side>A</side> - <ecc/> - <reprovision/> - </section> - <section> - <description>Centaur VPD (288K)</description> - <eyeCatch>CVPD</eyeCatch> - <!--NOTE: MUST update standalone.simics if offset changes --> - <physicalOffset>0x2B9000</physicalOffset> - <physicalRegionSize>0x48000</physicalRegionSize> - <side>A</side> - <ecc/> - <reprovision/> - </section> - <section> - <description>Hostboot Extended image (11MB w/o ECC)</description> - <eyeCatch>HBI</eyeCatch> - <physicalOffset>0x301000</physicalOffset> - <physicalRegionSize>0xC60000</physicalRegionSize> - <sha512Version/> - <side>A</side> - <ecc/> - </section> - <section> - <description>SBE-IPL (Staging Area) (520K)</description> - <eyeCatch>SBE</eyeCatch> - <physicalOffset>0xF61000</physicalOffset> - <physicalRegionSize>0x82000</physicalRegionSize> - <sha512perEC/> - <side>A</side> - <ecc/> - </section> - <section> - <description>HCODE Ref Image (1.125MB)</description> - <eyeCatch>HCODE</eyeCatch> - <physicalOffset>0xFE3000</physicalOffset> - <physicalRegionSize>0x120000</physicalRegionSize> - <side>A</side> - <sha512Version/> - <ecc/> - </section> - <section> - <description>Hostboot Runtime Services for Sapphire (4.5MB)</description> - <eyeCatch>HBRT</eyeCatch> - <physicalOffset>0x1103000</physicalOffset> - <physicalRegionSize>0x480000</physicalRegionSize> - <sha512Version/> - <side>A</side> - <ecc/> - </section> - <section> - <description>Payload (1MB)</description> - <eyeCatch>PAYLOAD</eyeCatch> - <physicalOffset>0x1583000</physicalOffset> - <physicalRegionSize>0x100000</physicalRegionSize> - <side>A</side> - </section> - <section> - <description>Bootloader Kernel (15MB)</description> - <eyeCatch>BOOTKERNEL</eyeCatch> - <physicalOffset>0x1683000</physicalOffset> - <physicalRegionSize>0xF00000</physicalRegionSize> - <side>A</side> - </section> - <section> - <description>Nvram (576K)</description> - <eyeCatch>NVRAM</eyeCatch> - <physicalOffset>0x2583000</physicalOffset> - <physicalRegionSize>0x90000</physicalRegionSize> - <side>A</side> - <preserved/> - <reprovision/> - </section> - <section> - <description>OCC Lid (1.125M)</description> - <eyeCatch>OCC</eyeCatch> - <physicalOffset>0x2613000</physicalOffset> - <physicalRegionSize>0x120000</physicalRegionSize> - <side>A</side> - <ecc/> - </section> - <section> - <description>FIRDATA (12K)</description> - <eyeCatch>FIRDATA</eyeCatch> - <physicalOffset>0x2733000</physicalOffset> - <physicalRegionSize>0x3000</physicalRegionSize> - <side>A</side> - <ecc/> - <reprovision/> - </section> - <section> - <description>CAPP Lid (144K)</description> - <eyeCatch>CAPP</eyeCatch> - <physicalOffset>0x2736000</physicalOffset> - <physicalRegionSize>0x24000</physicalRegionSize> - <side>A</side> - <ecc/> - </section> - <section> - <description>Secure Boot (144K)</description> - <eyeCatch>SECBOOT</eyeCatch> - <physicalOffset>0x275A000</physicalOffset> - <physicalRegionSize>0x24000</physicalRegionSize> - <side>sideless</side> - <ecc/> - <preserved/> - </section> - <section> - <description>BMC_INV (36K)</description> - <eyeCatch>BMC_INV</eyeCatch> - <physicalOffset>0x277E000</physicalOffset> - <physicalRegionSize>0x9000</physicalRegionSize> - <side>sideless</side> - <reprovision/> - </section> - <section> - <description>Hostboot Bootloader (22.5K)</description> - <eyeCatch>HBBL</eyeCatch> - <physicalOffset>0x2787000</physicalOffset> - <physicalRegionSize>0x6000</physicalRegionSize> - <side>sideless</side> - <ecc/> - </section> - <section> - <description>Temporary Attribute Override (32K)</description> - <eyeCatch>ATTR_TMP</eyeCatch> - <physicalOffset>0x278D000</physicalOffset> - <physicalRegionSize>0x8000</physicalRegionSize> - <side>A</side> - <reprovision/> - </section> - <section> - <description>Permanent Attribute Override (32K)</description> - <eyeCatch>ATTR_PERM</eyeCatch> - <physicalOffset>0x2795000</physicalOffset> - <physicalRegionSize>0x8000</physicalRegionSize> - <side>A</side> - <ecc/> - <reprovision/> - </section> - <section> - <description>PNOR Version (4K)</description> - <eyeCatch>VERSION</eyeCatch> - <physicalOffset>0x279D000</physicalOffset> - <physicalRegionSize>0x1000</physicalRegionSize> - <side>A</side> - </section> - <section> - <description>IMA Catalog (256K)</description> - <eyeCatch>IMA_CATALOG</eyeCatch> - <physicalOffset>0x279E000</physicalOffset> - <physicalRegionSize>0x40000</physicalRegionSize> - <side>A</side> - <ecc/> - <reprovision/> - </section> - <section> - <description>Ref Image Ring Overrides (128K)</description> - <eyeCatch>RINGOVD</eyeCatch> - <physicalOffset>0x27DE000</physicalOffset> - <physicalRegionSize>0x20000</physicalRegionSize> - <side>A</side> - </section> - <section> - <description>VFRT data for WOF (3MB)</description> - <!-- We need 266KB per module sort, going to support - 10 sorts by default, plus ECC --> - <eyeCatch>WOFDATA</eyeCatch> - <physicalOffset>0x27FE000</physicalOffset> - <physicalRegionSize>0x300000</physicalRegionSize> - <side>A</side> - <ecc/> - </section> - <section> - <description>Hostboot deconfig area (64KB)</description> - <eyeCatch>HB_VOLATILE</eyeCatch> - <physicalOffset>0x2AFE000</physicalOffset> - <physicalRegionSize>0x5000</physicalRegionSize> - <side>A</side> - <reprovision/> - <ecc/> - <volatile/> - </section> - <section> - <description>MEMD extra data (24K)</description> - <eyeCatch>MEMD</eyeCatch> - <physicalOffset>0x2B03000</physicalOffset> - <physicalRegionSize>0x6000</physicalRegionSize> - <side>A</side> - <ecc/> - </section> -</pnor> diff --git a/p9Layouts/defaultPnorLayout_64.xml b/p9Layouts/defaultPnorLayout_64.xml index a10ef4b..3514d9c 100644 --- a/p9Layouts/defaultPnorLayout_64.xml +++ b/p9Layouts/defaultPnorLayout_64.xml @@ -142,7 +142,7 @@ Layout Description <reprovision/> </section> <section> - <description>Hostboot Base (576K)</description> + <description>Hostboot Base (1M)</description> <eyeCatch>HBB</eyeCatch> <physicalOffset>0x205000</physicalOffset> <physicalRegionSize>0x100000</physicalRegionSize> @@ -155,8 +155,8 @@ Layout Description <eyeCatch>HBD</eyeCatch> <physicalOffset>0x305000</physicalOffset> <physicalRegionSize>0x120000</physicalRegionSize> - <sha512Version/> <side>A</side> + <sha512Version/> <ecc/> </section> <section> @@ -164,8 +164,8 @@ Layout Description <eyeCatch>HBI</eyeCatch> <physicalOffset>0x425000</physicalOffset> <physicalRegionSize>0xC60000</physicalRegionSize> - <sha512Version/> <side>A</side> + <sha512Version/> <ecc/> </section> <section> @@ -173,8 +173,9 @@ Layout Description <eyeCatch>SBE</eyeCatch> <physicalOffset>0x1085000</physicalOffset> <physicalRegionSize>0x82000</physicalRegionSize> - <sha512perEC/> <side>A</side> + <sha512Version/> + <sha512perEC/> <ecc/> </section> <section> @@ -191,8 +192,8 @@ Layout Description <eyeCatch>HBRT</eyeCatch> <physicalOffset>0x1227000</physicalOffset> <physicalRegionSize>0x480000</physicalRegionSize> - <sha512Version/> <side>A</side> + <sha512Version/> <ecc/> </section> <section> @@ -201,6 +202,7 @@ Layout Description <physicalOffset>0x16A7000</physicalOffset> <physicalRegionSize>0x100000</physicalRegionSize> <side>A</side> + <sha512Version/> </section> <section> <description>Bootloader Kernel (15MB)</description> @@ -208,6 +210,7 @@ Layout Description <physicalOffset>0x17A7000</physicalOffset> <physicalRegionSize>0xF00000</physicalRegionSize> <side>A</side> + <sha512Version/> </section> <section> <description>OCC Lid (1.125M)</description> @@ -215,6 +218,7 @@ Layout Description <physicalOffset>0x26A7000</physicalOffset> <physicalRegionSize>0x120000</physicalRegionSize> <side>A</side> + <sha512Version/> <ecc/> </section> <section> @@ -232,6 +236,7 @@ Layout Description <physicalOffset>0x27CA000</physicalOffset> <physicalRegionSize>0x24000</physicalRegionSize> <side>A</side> + <sha512Version/> <ecc/> </section> <section> @@ -243,17 +248,20 @@ Layout Description <reprovision/> </section> <section> - <description>Hostboot Bootloader (22.5K)</description> + <description>Hostboot Bootloader (28K)</description> <eyeCatch>HBBL</eyeCatch> <physicalOffset>0x27F7000</physicalOffset> - <physicalRegionSize>0x6000</physicalRegionSize> + <!-- Physical Size includes Header rounded to ECC valid size --> + <!-- Max size of actual HBBL content is 20K and 22.5K with ECC --> + <physicalRegionSize>0x7000</physicalRegionSize> <side>sideless</side> + <sha512Version/> <ecc/> </section> <section> <description>Temporary Attribute Override (32K)</description> <eyeCatch>ATTR_TMP</eyeCatch> - <physicalOffset>0x27FD000</physicalOffset> + <physicalOffset>0x27FE000</physicalOffset> <physicalRegionSize>0x8000</physicalRegionSize> <side>A</side> <reprovision/> @@ -261,7 +269,7 @@ Layout Description <section> <description>Permanent Attribute Override (32K)</description> <eyeCatch>ATTR_PERM</eyeCatch> - <physicalOffset>0x2805000</physicalOffset> + <physicalOffset>0x2806000</physicalOffset> <physicalRegionSize>0x8000</physicalRegionSize> <side>A</side> <ecc/> @@ -270,23 +278,22 @@ Layout Description <section> <description>PNOR Version (4K)</description> <eyeCatch>VERSION</eyeCatch> - <physicalOffset>0x280D000</physicalOffset> + <physicalOffset>0x280E000</physicalOffset> <physicalRegionSize>0x1000</physicalRegionSize> <side>A</side> </section> <section> <description>IMA Catalog (256K)</description> <eyeCatch>IMA_CATALOG</eyeCatch> - <physicalOffset>0x280E000</physicalOffset> + <physicalOffset>0x280F000</physicalOffset> <physicalRegionSize>0x40000</physicalRegionSize> <side>A</side> <ecc/> - <reprovision/> </section> <section> <description>Ref Image Ring Overrides (128K)</description> <eyeCatch>RINGOVD</eyeCatch> - <physicalOffset>0x284E000</physicalOffset> + <physicalOffset>0x284F000</physicalOffset> <physicalRegionSize>0x20000</physicalRegionSize> <side>A</side> </section> @@ -295,15 +302,16 @@ Layout Description <!-- We need 266KB per module sort, going to support 10 sorts by default, plus ECC --> <eyeCatch>WOFDATA</eyeCatch> - <physicalOffset>0x286E000</physicalOffset> + <physicalOffset>0x286F000</physicalOffset> <physicalRegionSize>0x300000</physicalRegionSize> <side>A</side> + <sha512Version/> <ecc/> </section> <section> <description>Hostboot deconfig area (64KB)</description> <eyeCatch>HB_VOLATILE</eyeCatch> - <physicalOffset>0x2B6E000</physicalOffset> + <physicalOffset>0x2B6F000</physicalOffset> <physicalRegionSize>0x5000</physicalRegionSize> <side>A</side> <reprovision/> @@ -311,11 +319,21 @@ Layout Description <volatile/> </section> <section> - <description>MEMD extra data (24K)</description> + <description>MEMD extra data (28K)</description> <eyeCatch>MEMD</eyeCatch> - <physicalOffset>0x2B73000</physicalOffset> - <physicalRegionSize>0x6000</physicalRegionSize> + <physicalOffset>0x2B74000</physicalOffset> + <physicalRegionSize>0x7000</physicalRegionSize> <side>A</side> + <sha512Version/> + <ecc/> + </section> + <section> + <description>SecureBoot Key Transition Partition (16K)</description> + <eyeCatch>SBKT</eyeCatch> + <physicalOffset>0x2B7B000</physicalOffset> + <physicalRegionSize>0x4000</physicalRegionSize> + <side>A</side> + <sha512Version/> <ecc/> </section> </pnor> diff --git a/update_image.pl b/update_image.pl index e1ff994..976bc62 100755 --- a/update_image.pl +++ b/update_image.pl @@ -24,6 +24,14 @@ my $payload = ""; my $xz_compression = 0; my $wof_binary_filename = ""; my $memd_binary_filename = ""; +my $payload_filename = ""; +my $bootkernel_filename = ""; +my $binary_dir = ""; +my $secureboot = 0; +my $key_transition = ""; +my $pnor_layout = ""; +my $debug = 0; +my $sign_mode = ""; while (@ARGV > 0){ $_ = $ARGV[0]; @@ -93,13 +101,37 @@ while (@ARGV > 0){ $openpower_version_filename = $ARGV[1] or die "Bad command line arg given: expecting a config type.\n"; shift; } - elsif (/^-payload/i){ + elsif (/^-payload$/i){ $payload = $ARGV[1] or die "Bad command line arg given: expecting a filepath to payload binary file.\n"; shift; } elsif (/^-xz_compression/i){ $xz_compression = 1; } + elsif (/^-payload_filename/i){ + $payload_filename = $ARGV[1] or die "Bad command line arg given: expecting a filepath to payload binary file.\n"; + shift; + } + elsif (/^-binary_dir/i){ + $binary_dir = $ARGV[1] or die "Bad command line arg given: expecting binary dir.\n"; + shift; + } + elsif (/^-bootkernel_filename/i){ + $bootkernel_filename = $ARGV[1] or die "Bad command line arg given: expecting a filepath to boot kernel binary file.\n"; + shift; + } + elsif (/^-key_transition/i){ + $key_transition = $ARGV[1] or die "Bad command line arg given: expecting string imprint or production.\n"; + shift; + } + elsif (/^-pnor_layout/i){ + $pnor_layout = $ARGV[1] or die "Bad command line arg given: expecting a filepath to PNOR layout file.\n"; + shift; + } + elsif (/^-sign_mode/i){ + $sign_mode = $ARGV[1] or die "Bad command line arg given: expecting string development or production.\n"; + shift; + } elsif (/^-wof_binary_filename/i){ #This filename is necessary if the file exists, but if it's not given, we add a blank partition $wof_binary_filename = $ARGV[1]; @@ -118,201 +150,347 @@ while (@ARGV > 0){ shift; } -# Compress the skiboot lid image with lzma -if (($payload ne "") and ($xz_compression)) +# If OpenPOWER hostboot is compiled with secureboot, then -always- build with +# secure signatures (and hash page tables for applicable partitions), otherwise +# use "dummy" secure headers which lack signatures, and don't do any page table +# processing +if($release eq "p9") { - run_command("xz -fk --check=crc32 $payload"); -} - -# Pad Targeting binary to 4k page size, then add ECC data -### -### To calculate the pad, ibs=(<partition size>/9)*8 -### -if ($release eq "p8") { - run_command("dd if=$op_target_dir/$targeting_binary_source of=$scratch_dir/$targeting_binary_source ibs=4k conv=sync"); -} else { - run_command("env echo -en VERSION\\\\0 > $scratch_dir/hostboot_data.sha.bin"); - run_command("sha512sum $op_target_dir/$targeting_binary_source | awk \'{print \$1}\' | xxd -pr -r >> $scratch_dir/hostboot_data.sha.bin"); - run_command("dd if=$scratch_dir/hostboot_data.sha.bin of=$scratch_dir/hostboot.temp.bin ibs=4k conv=sync"); - run_command("cat $op_target_dir/$targeting_binary_source >> $scratch_dir/hostboot.temp.bin"); - run_command("dd if=$scratch_dir/hostboot.temp.bin of=$scratch_dir/$targeting_binary_source ibs=4k conv=sync"); + my $hbConfigFile = "$hb_image_dir/config.h"; + open (HB_CONFIG_FILE, "<", "$hbConfigFile") + or die "Error opening $hbConfigFile: $!\n"; + while(<HB_CONFIG_FILE>) + { + if($_ =~ m/^#define +CONFIG_SECUREBOOT +1$/) + { + $secureboot = 1; + last; + } + } + close HB_CONFIG_FILE or die "Error closing $hbConfigFile: $!\n"; } -run_command("ecc --inject $scratch_dir/$targeting_binary_source --output $scratch_dir/$targeting_binary_filename --p8"); -if ($release eq "p8") { - run_command("echo \"00000000001800000000000008000000000000000007EF80\" | xxd -r -ps - $scratch_dir/sbe.header"); -} -run_command("env echo -en VERSION\\\\0 > $scratch_dir/hostboot.sha.bin"); -run_command("sha512sum $hb_image_dir/img/hostboot.bin | awk \'{print \$1}\' | xxd -pr -r >> $scratch_dir/hostboot.sha.bin"); -run_command("dd if=$scratch_dir/hostboot.sha.bin of=$scratch_dir/secureboot.header ibs=4k conv=sync"); -if ($release eq "p8") { - run_command("cat $scratch_dir/sbe.header $scratch_dir/secureboot.header $hb_image_dir/img/hostboot.bin > $scratch_dir/hostboot.stage.bin"); - run_command("dd if=$scratch_dir/hostboot.stage.bin of=$scratch_dir/hostboot.header.bin ibs=512k conv=sync"); -} else { - run_command("cat $scratch_dir/secureboot.header $hb_image_dir/img/hostboot.bin > $scratch_dir/hostboot.stage.bin"); - run_command("dd if=$scratch_dir/hostboot.stage.bin of=$scratch_dir/hostboot.header.bin ibs=908k conv=sync"); +# Compress the skiboot lid image with lzma +if ($payload ne "") +{ + if($xz_compression) + { + run_command("xz -fk --stdout --check=crc32 $payload > " + . "$payload.bin"); + } + else + { + run_command("cp $payload $payload.bin"); + } } -run_command("ecc --inject $hb_image_dir/img/hostboot.bin --output $scratch_dir/hostboot.bin.ecc --p8"); -run_command("ecc --inject $scratch_dir/hostboot.header.bin --output $scratch_dir/hostboot.header.bin.ecc --p8"); -run_command("dd if=$hb_image_dir/img/hostboot_extended.bin of=$scratch_dir/hostboot_extended.bin.pad ibs=4k count=1280 conv=sync"); -run_command("ecc --inject $scratch_dir/hostboot_extended.bin.pad --output $scratch_dir/hostboot_extended.bin.ecc --p8"); - -run_command("env echo -en VERSION\\\\0 > $scratch_dir/hostboot_runtime.sha.bin"); -run_command("sha512sum $hb_image_dir/img/hostboot_runtime.bin | awk \'{print \$1}\' | xxd -pr -r >> $scratch_dir/hostboot_runtime.sha.bin"); -run_command("dd if=$scratch_dir/hostboot_runtime.sha.bin of=$scratch_dir/hostboot.temp.bin ibs=4k conv=sync"); -run_command("cat $hb_image_dir/img/hostboot_runtime.bin >> $scratch_dir/hostboot.temp.bin"); -run_command("dd if=$scratch_dir/hostboot.temp.bin of=$scratch_dir/hostboot_runtime.header.bin ibs=3072K conv=sync"); -run_command("ecc --inject $scratch_dir/hostboot_runtime.header.bin --output $scratch_dir/hostboot_runtime.header.bin.ecc --p8"); - -run_command("env echo -en VERSION\\\\0 > $scratch_dir/hostboot_extended.sha.bin"); -run_command("sha512sum $hb_image_dir/img/hostboot_extended.bin | awk \'{print \$1}\' | xxd -pr -r >> $scratch_dir/hostboot_extended.sha.bin"); -run_command("dd if=$scratch_dir/hostboot_extended.sha.bin of=$scratch_dir/hostboot.temp.bin ibs=4k conv=sync"); -run_command("cat $hb_image_dir/img/hostboot_extended.bin >> $scratch_dir/hostboot.temp.bin"); -run_command("dd if=$scratch_dir/hostboot.temp.bin of=$scratch_dir/hostboot_extended.header.bin ibs=5120k conv=sync"); -run_command("ecc --inject $scratch_dir/hostboot_extended.header.bin --output $scratch_dir/hostboot_extended.header.bin.ecc --p8"); - -#Create HBBL section +# Finalize HBBL logical content if ($release eq "p9") { - # remove first 12K from bin, then extend. No secure header yet for HBBL section - run_command("tail -c +12289 $hb_image_dir/img/hostboot_bootloader.bin > $scratch_dir/hbbl.bin"); - run_command("dd if=$scratch_dir/hbbl.bin of=$scratch_dir/hbbl.bin.pad ibs=20K conv=sync"); - run_command("ecc --inject $scratch_dir/hbbl.bin.pad --output $scratch_dir/hbbl.bin.tmp.ecc --p8"); - run_command("dd if=$scratch_dir/hbbl.bin.tmp.ecc of=$scratch_dir/hbbl.bin.ecc ibs=24K conv=sync"); #0s is good ECC + # Strip first 12k (reserved for exception vectors) off the bootloader binary + # Note: ibs=8 conv=sync to ensure bootloader binary ends at an 8-byte + # boundary to align the Secure Boot cryptographic algorithms code size + run_command("dd if=$hb_image_dir/img/hostboot_bootloader.bin of=$scratch_dir/hbbl.bin ibs=8 skip=1536 conv=sync"); + + # Append Secure Boot cryptographic algorithms code size to bootloader binary + run_command("du -b $hb_image_dir/img/hostboot_securerom.bin | cut -f1 | xargs printf \"%016x\" | sed 's/.\\{2\\}/\\\\\\\\x&/g' | xargs echo -n -e >> $scratch_dir/hbbl.bin"); + + # Append Secure Boot cryptographic algorithms code to bootloader binary + # Result: + # [HBBL] + # [padding to 8 byte alignment, 0-7 bytes (if needed)] + # [Secure Boot cryptographic algorithms code size, 8 bytes] + # [Secure Boot cryptographic algorithms code binary] + run_command("cat $hb_image_dir/img/hostboot_securerom.bin >> $scratch_dir/hbbl.bin"); } -#SBE image prep +# SBE image prep if ($release eq "p9") { run_command("python $sbe_binary_dir/sbeOpDistribute.py --install --buildSbePart $hb_image_dir/buildSbePart.pl --hw_ref_image $hb_binary_dir/p9n.ref_image.bin --sbe_binary_filename $sbe_binary_filename --scratch_dir $scratch_dir --sbe_binary_dir $sbe_binary_dir"); - run_command("cp -f $scratch_dir/$sbe_binary_filename $scratch_dir/tmp_$sbe_binary_filename "); - run_command("dd if=$scratch_dir/tmp_$sbe_binary_filename of=$scratch_dir/$sbe_binary_filename bs=520K count=1 conv=sync"); #0s is good ECC - } else { run_command("cp $hb_binary_dir/$sbe_binary_filename $scratch_dir/"); } -#Create blank binary file for HB Errorlogs (HBEL) Partition -run_command("dd if=/dev/zero bs=128K count=1 | tr \"\\000\" \"\\377\" > $scratch_dir/hostboot.temp.bin"); -run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/hbel.bin.ecc --p8");\ - -#Create blank binary file for GUARD Data (GUARD) Partition -run_command("dd if=/dev/zero bs=16K count=1 | tr \"\\000\" \"\\377\" > $scratch_dir/hostboot.temp.bin"); -run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/guard.bin.ecc --p8"); +sub processConvergedSections { -#Create blank binary file for NVRAM Data (NVRAM) Partition -run_command("dd if=/dev/zero bs=512K count=1 of=$scratch_dir/nvram.bin"); + use constant EMPTY => "EMPTY"; -#Create blank binary file for MVPD Partition -run_command("dd if=/dev/zero bs=512K count=1 | tr \"\\000\" \"\\377\" > $scratch_dir/hostboot.temp.bin"); -run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/mvpd_fill.bin.ecc --p8"); - -#Create blank binary file for DJVPD Partition -run_command("dd if=/dev/zero bs=256K count=1 | tr \"\\000\" \"\\377\" > $scratch_dir/hostboot.temp.bin"); -run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/djvpd_fill.bin.ecc --p8"); - -#Add ECC Data to CVPD Data Partition -run_command("dd if=$hb_binary_dir/cvpd.bin of=$scratch_dir/hostboot.temp.bin ibs=256K conv=sync"); -run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/cvpd.bin.ecc --p8"); - -#Create blank binary file for ATTR_TMP Partition -run_command("dd if=/dev/zero bs=28K count=1 | tr \"\\000\" \"\\377\" > $scratch_dir/hostboot.temp.bin"); -run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/attr_tmp.bin.ecc --p8"); - -#Create blank binary file for ATTR_PERM Partition -run_command("dd if=/dev/zero bs=28K count=1 | tr \"\\000\" \"\\377\" > $scratch_dir/hostboot.temp.bin"); -run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/attr_perm.bin.ecc --p8"); - -#Create blank binary file for OCC Partition -run_command("dd if=$occ_binary_filename of=$scratch_dir/hostboot.temp.bin ibs=1M conv=sync"); -run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $occ_binary_filename.ecc --p8"); - -#Encode Ecc into CAPP Partition -run_command("dd if=$capp_binary_filename bs=144K count=1 > $scratch_dir/hostboot.temp.bin"); -run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/cappucode.bin.ecc --p8"); + my $stop_basename = $wink_binary_filename; + $stop_basename =~ s/.hdr.bin.ecc//; -#Create blank binary file for FIRDATA Partition -run_command("dd if=/dev/zero bs=8K count=1 | tr \"\\000\" \"\\377\" > $scratch_dir/hostboot.temp.bin"); -run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/firdata.bin.ecc --p8"); + my $sbePreEcc = "$scratch_dir/$sbe_binary_filename"; + $sbePreEcc =~ s/.ecc//; + + # Source and destination file for each supported section + my %sections=(); + $sections{HBBL}{in} = "$scratch_dir/hbbl.bin"; + $sections{HBBL}{out} = "$scratch_dir/hbbl.bin.ecc"; + $sections{HBB}{in} = "$hb_image_dir/img/hostboot.bin"; + $sections{HBB}{out} = "$scratch_dir/hostboot.header.bin.ecc"; + $sections{HBI}{in} = "$hb_image_dir/img/hostboot_extended.bin"; + $sections{HBI}{out} = "$scratch_dir/hostboot_extended.header.bin.ecc"; + $sections{HBD}{in} = "$op_target_dir/$targeting_binary_source"; + $sections{HBD}{out} = "$scratch_dir/$targeting_binary_filename"; + $sections{SBE}{in} = "$sbePreEcc"; + $sections{SBE}{out} = "$scratch_dir/$sbe_binary_filename"; + $sections{PAYLOAD}{in} = "$payload.bin"; + $sections{PAYLOAD}{out} = "$scratch_dir/$payload_filename"; + $sections{HCODE}{in} = "$hb_binary_dir/${stop_basename}.bin"; + $sections{HCODE}{out} = "$scratch_dir/${stop_basename}.hdr.bin.ecc"; + $sections{HBRT}{in} = "$hb_image_dir/img/hostboot_runtime.bin"; + $sections{HBRT}{out} = "$scratch_dir/hostboot_runtime.header.bin.ecc"; + $sections{OCC}{in} = "$occ_binary_filename"; + $sections{OCC}{out} = "$occ_binary_filename.ecc"; + $sections{BOOTKERNEL}{in} = "$binary_dir/$bootkernel_filename"; + $sections{BOOTKERNEL}{out} = "$scratch_dir/$bootkernel_filename"; + $sections{CAPP}{in} = "$capp_binary_filename"; + $sections{CAPP}{out} = "$scratch_dir/cappucode.bin.ecc"; + $sections{CVPD}{in} = "$hb_binary_dir/cvpd.bin"; + $sections{CVPD}{out} = "$scratch_dir/cvpd.bin.ecc"; + $sections{VERSION}{in} = "$openpower_version_filename"; + $sections{VERSION}{out} = "$openpower_version_filename"; + $sections{IMA_CATALOG}{in} = "$ima_catalog_binary_filename"; + $sections{IMA_CATALOG}{out} = "$scratch_dir/ima_catalog.bin.ecc"; + + # No input file, but special processing to emit optional content + $sections{SBKT}{out} = "$scratch_dir/SBKT.bin"; + + # Blank partitions + $sections{HBEL}{out} = "$scratch_dir/hbel.bin.ecc"; + $sections{GUARD}{out} = "$scratch_dir/guard.bin.ecc"; + $sections{NVRAM}{out} = "$scratch_dir/nvram.bin"; + $sections{MVPD}{out} = "$scratch_dir/mvpd_fill.bin.ecc"; + $sections{DJVPD}{out} = "$scratch_dir/djvpd_fill.bin.ecc"; + $sections{ATTR_TMP}{out} = "$scratch_dir/attr_tmp.bin.ecc"; + $sections{ATTR_PERM}{out} = "$scratch_dir/attr_perm.bin.ecc"; + $sections{FIRDATA}{out} = "$scratch_dir/firdata.bin.ecc"; + $sections{SECBOOT}{out} = "$scratch_dir/secboot.bin.ecc"; + $sections{RINGOVD}{out} = "$scratch_dir/ringOvd.bin"; + + if(-e $wof_binary_filename) + { + $sections{WOFDATA}{in} = "$wof_binary_filename"; + } + else + { + print "WARNING: WOFDATA partition is not found, including blank binary instead\n"; + } + $sections{WOFDATA}{out} = "$scratch_dir/wofdata.bin.ecc"; -#Create blank binary file for SECBOOT Partition -run_command("dd if=/dev/zero bs=128K count=1 > $scratch_dir/hostboot.temp.bin"); -run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/secboot.bin.ecc --p8"); + if(-e $memd_binary_filename) + { + $sections{MEMD}{in} = "$memd_binary_filename"; + } + else + { + print "WARNING: MEMD partition is not found, including blank binary instead\n"; + } + $sections{MEMD}{out} = "$scratch_dir/memd_extra_data.bin.ecc"; + + # Build up the system bin files specification + my $system_bin_files; + foreach my $section (keys %sections) + { + if(exists $sections{$section}{in}) + { + $_ = $sections{$section}{in}; + if((/ecc/i) || (/pad/i)) + { + die "Input file's name, $sections{$section}{in}, suggests padding " + . "or ECC, neither of which is allowed."; + } + } + + # If the system bin files specification has nothing in it yet, avoid + # adding a separator + my $separator = length($system_bin_files) ? "," : ""; + + # If no input bin file then the pnor script handles creating the content + if(!exists $sections{$section}{in}) + { + # Build up the systemBinFiles argument + $system_bin_files .= "$separator$section=".EMPTY; + } + else + { + # Stage the input file + run_command("cp $sections{$section}{in} " + . "$scratch_dir/$section.staged"); + + # If secureboot compile, there can be extra protected + # and unprotected versions of the input to stage + if(-e "$sections{$section}{in}.protected") + { + run_command("cp $sections{$section}{in}.protected " + . "$scratch_dir/$section.staged.protected"); + } + + if(-e "$sections{$section}{in}.unprotected") + { + run_command("cp $sections{$section}{in}.unprotected " + . "$scratch_dir/$section.staged.unprotected"); + } + # Build up the systemBinFiles argument + $system_bin_files .= "$separator$section=$scratch_dir/" + . "$section.staged"; + } + } -#Add openpower version file -run_command("dd if=$openpower_version_filename of=$scratch_dir/openpower_version.temp ibs=4K conv=sync"); -run_command("cp $scratch_dir/openpower_version.temp $openpower_version_filename"); + if(length($system_bin_files)) + { + # Point to the location of the signing tools + $ENV{'DEV_KEY_DIR'}="$ENV{'HOST_DIR'}/etc/keys/"; + $ENV{'SIGNING_DIR'} = "$ENV{'HOST_DIR'}/usr/bin/"; + $ENV{'SIGNING_TOOL_EDITION'} = "community"; + + # Determine whether to securely sign the images + my $securebootArg = $secureboot ? "--secureboot" : ""; + + # Determine whether a key transition should take place + my $keyTransitionArg = $key_transition ne "" ? "--key-transition $key_transition" : ""; + # Determine which type of signing to use + my $signModeArg = $sign_mode ne "" ? "--sign-mode $sign_mode" : ""; + + # Process each image + my $cmd = "cd $scratch_dir && " + . "$hb_image_dir/genPnorImages.pl " + . "--binDir $scratch_dir " + . "--systemBinFiles $system_bin_files " + . "--pnorLayout $pnor_layout " + . "$securebootArg $keyTransitionArg $signModeArg " + . "--hwKeyHashFile $hb_image_dir/imprintHwKeyHash"; + + # Print context not visible in the actual command + if($debug) + { + print STDOUT "SIGNING_DIR: " . $ENV{'SIGNING_DIR'} . "\n"; + print STDOUT "DEV_KEY_DIR: " . $ENV{'DEV_KEY_DIR'} . "\n"; + print STDOUT "SIGNING_TOOL_EDITION: " + . $ENV{'SIGNING_TOOL_EDITION'} . "\n"; + } + + run_command($cmd); + + # Copy each output file to its final destination + foreach my $section (keys %sections) + { + # Don't copy if output file path is same as generated file + next if("$sections{$section}{out}" eq "$scratch_dir/$section.bin"); + run_command("cp $scratch_dir/$section.bin " + . "$sections{$section}{out}"); + } + } +} -#Copy Binary Data files for consistency -run_command("cp $hb_binary_dir/$sbec_binary_filename $scratch_dir/"); -if ($release eq "p8") -{ - run_command("cp $hb_binary_dir/$wink_binary_filename $scratch_dir/"); +if ($release ne "p8") { + processConvergedSections(); } else { - #WINK (STOP) image name is passed in in final form. Find the pre header/ecc version - my $stop_basename = $wink_binary_filename; - $stop_basename =~ s/.hdr.bin.ecc//; - run_command("env echo -en VERSION\\\\0 > $scratch_dir/${stop_basename}.sha.bin"); - run_command("sha512sum $hb_binary_dir/$stop_basename.bin | awk \'{print \$1}\' | xxd -pr -r >> $scratch_dir/${stop_basename}.sha.bin"); - run_command("dd if=$scratch_dir/${stop_basename}.sha.bin of=$scratch_dir/${stop_basename}.temp.bin ibs=4k conv=sync"); - run_command("cat $hb_binary_dir/${stop_basename}.bin >> $scratch_dir/${stop_basename}.temp.bin"); - run_command("dd if=$scratch_dir/${stop_basename}.temp.bin of=$scratch_dir/${stop_basename}.hdr.bin ibs=1M conv=sync"); - run_command("ecc --inject $scratch_dir/${stop_basename}.hdr.bin --output $scratch_dir/${stop_basename}.hdr.bin.ecc --p8"); -} + # Inject ECC into HBD (hostboot targeting) output binary + run_command("dd if=$op_target_dir/$targeting_binary_source of=$scratch_dir/$targeting_binary_source ibs=4k conv=sync"); + run_command("ecc --inject $scratch_dir/$targeting_binary_source --output $scratch_dir/$targeting_binary_filename --p8"); + # Add SBE/normal headers and inject ECC into HBB (hostboot base) partition binary + run_command("echo \"00000000001800000000000008000000000000000007EF80\" | xxd -r -ps - $scratch_dir/sbe.header"); + run_command("env echo -en VERSION\\\\0 > $scratch_dir/hostboot.sha.bin"); + run_command("sha512sum $hb_image_dir/img/hostboot.bin | awk \'{print \$1}\' | xxd -pr -r >> $scratch_dir/hostboot.sha.bin"); + run_command("dd if=$scratch_dir/hostboot.sha.bin of=$scratch_dir/secureboot.header ibs=4k conv=sync"); + run_command("cat $scratch_dir/sbe.header $scratch_dir/secureboot.header $hb_image_dir/img/hostboot.bin > $scratch_dir/hostboot.stage.bin"); + run_command("dd if=$scratch_dir/hostboot.stage.bin of=$scratch_dir/hostboot.header.bin ibs=512k conv=sync"); + run_command("ecc --inject $hb_image_dir/img/hostboot.bin --output $scratch_dir/hostboot.bin.ecc --p8"); + run_command("ecc --inject $scratch_dir/hostboot.header.bin --output $scratch_dir/hostboot.header.bin.ecc --p8"); + + # Inject ECC into HBI (hostboot extended) output binary + run_command("dd if=$hb_image_dir/img/hostboot_extended.bin of=$scratch_dir/hostboot_extended.bin.pad ibs=4k count=1280 conv=sync"); + run_command("ecc --inject $scratch_dir/hostboot_extended.bin.pad --output $scratch_dir/hostboot_extended.bin.ecc --p8"); + + # Add header and inject ECC into HBRT (hostboot runtime) partition binary + run_command("env echo -en VERSION\\\\0 > $scratch_dir/hostboot_runtime.sha.bin"); + run_command("sha512sum $hb_image_dir/img/hostboot_runtime.bin | awk \'{print \$1}\' | xxd -pr -r >> $scratch_dir/hostboot_runtime.sha.bin"); + run_command("dd if=$scratch_dir/hostboot_runtime.sha.bin of=$scratch_dir/hostboot.temp.bin ibs=4k conv=sync"); + run_command("cat $hb_image_dir/img/hostboot_runtime.bin >> $scratch_dir/hostboot.temp.bin"); + run_command("dd if=$scratch_dir/hostboot.temp.bin of=$scratch_dir/hostboot_runtime.header.bin ibs=3072K conv=sync"); + run_command("ecc --inject $scratch_dir/hostboot_runtime.header.bin --output $scratch_dir/hostboot_runtime.header.bin.ecc --p8"); + + # Add header and inject ECC into HBI (hostboot extended) partition binary + run_command("env echo -en VERSION\\\\0 > $scratch_dir/hostboot_extended.sha.bin"); + run_command("sha512sum $hb_image_dir/img/hostboot_extended.bin | awk \'{print \$1}\' | xxd -pr -r >> $scratch_dir/hostboot_extended.sha.bin"); + run_command("dd if=$scratch_dir/hostboot_extended.sha.bin of=$scratch_dir/hostboot.temp.bin ibs=4k conv=sync"); + run_command("cat $hb_image_dir/img/hostboot_extended.bin >> $scratch_dir/hostboot.temp.bin"); + run_command("dd if=$scratch_dir/hostboot.temp.bin of=$scratch_dir/hostboot_extended.header.bin ibs=5120k conv=sync"); + run_command("ecc --inject $scratch_dir/hostboot_extended.header.bin --output $scratch_dir/hostboot_extended.header.bin.ecc --p8"); + + # Inject ECC into OCC partition binary + run_command("dd if=$occ_binary_filename of=$scratch_dir/hostboot.temp.bin ibs=1M conv=sync"); + run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $occ_binary_filename.ecc --p8"); + + # Inject ECC into CAPP partition binary + run_command("dd if=$capp_binary_filename bs=144K count=1 > $scratch_dir/hostboot.temp.bin"); + run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/cappucode.bin.ecc --p8"); + + # Stage PAYLOAD partition + run_command("cp $payload.bin $scratch_dir/$payload_filename"); + + # Stage BOOTKERNEL partition + run_command("cp $binary_dir/$bootkernel_filename $scratch_dir/$bootkernel_filename"); + + # Stage WINK partition + run_command("cp $hb_binary_dir/$wink_binary_filename $scratch_dir/"); + # Inject ECC into CVPD partition binary + run_command("dd if=$hb_binary_dir/cvpd.bin of=$scratch_dir/hostboot.temp.bin ibs=256K conv=sync"); + run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/cvpd.bin.ecc --p8"); + # Stage VERSION partition + run_command("dd if=$openpower_version_filename of=$scratch_dir/openpower_version.temp ibs=4K conv=sync"); + run_command("cp $scratch_dir/openpower_version.temp $openpower_version_filename"); -#Encode Ecc into IMA_CATALOG Partition -if ($release eq "p8") -{ - run_command("dd if=$ima_catalog_binary_filename bs=36K count=1 > $scratch_dir/hostboot.temp.bin"); -} -else -{ - run_command("dd if=$ima_catalog_binary_filename bs=256K count=1 > $scratch_dir/hostboot.temp.bin"); - #Create blank binary file for RINGOVD Partition - run_command("dd if=/dev/zero bs=64K count=1 | tr \"\\000\" \"\\377\" > $scratch_dir/ringOvd.bin"); -} + # Inject ECC into IMA_CATALOG partition binary + run_command("dd if=$ima_catalog_binary_filename bs=36K count=1 > $scratch_dir/hostboot.temp.bin"); + run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/ima_catalog.bin.ecc --p8"); -run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/ima_catalog.bin.ecc --p8"); + # Create blank binary file for HBEL (Hostboot error logs) partition + run_command("dd if=/dev/zero bs=128K count=1 | tr \"\\000\" \"\\377\" > $scratch_dir/hostboot.temp.bin"); + run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/hbel.bin.ecc --p8");\ -#Encode ECC into WOF/VFRT (WOFDATA) Partition -if ($release eq "p9" && -e $wof_binary_filename) { - run_command("dd if=$wof_binary_filename ibs=2728K conv=sync > $scratch_dir/hostboot.temp.bin"); - run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/wofdata.bin.ecc --p8"); -} + # Create blank binary file for GUARD partition + run_command("dd if=/dev/zero bs=16K count=1 | tr \"\\000\" \"\\377\" > $scratch_dir/hostboot.temp.bin"); + run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/guard.bin.ecc --p8"); -#Print error and blank binary if wof file does not exist -elsif ($release eq "p9") -{ - print "ERROR: WOFDATA partition is not found, including blank binary instead\n"; - run_command("dd if=/dev/zero bs=2730K count=1 | tr \"\\000\" \"\\377\" > $scratch_dir/hostboot.temp.bin"); - run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/wofdata.bin.ecc --p8"); -} + # Create blank binary file for NVRAM partition + run_command("dd if=/dev/zero bs=512K count=1 of=$scratch_dir/nvram.bin"); -#Encode ECC into the MEMD Partition -if ($release eq "p9" && -e $memd_binary_filename) { - run_command("dd if=$memd_binary_filename > $scratch_dir/hostboot.temp.bin"); - run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/memd_extra.bin.ecc --p8"); -} + # Create blank binary file for MVPD partition + run_command("dd if=/dev/zero bs=512K count=1 | tr \"\\000\" \"\\377\" > $scratch_dir/hostboot.temp.bin"); + run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/mvpd_fill.bin.ecc --p8"); -#Create blank binary file for MEMD Partition (for now) -elsif ($release eq "p9") { - print "ERROR: MEMD partition is not found, including blank binary instead\n"; - run_command("dd if=/dev/zero bs=20K count=1 | tr \"\\000\" \"\\377\" > $scratch_dir/hostboot.temp.bin"); - run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/memd_extra_data.bin.ecc --p8"); -} + # Create blank binary file for DJVPD partition + run_command("dd if=/dev/zero bs=256K count=1 | tr \"\\000\" \"\\377\" > $scratch_dir/hostboot.temp.bin"); + run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/djvpd_fill.bin.ecc --p8"); + # Create blank binary file for ATTR_TMP partition + run_command("dd if=/dev/zero bs=28K count=1 | tr \"\\000\" \"\\377\" > $scratch_dir/hostboot.temp.bin"); + run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/attr_tmp.bin.ecc --p8"); -#END MAIN -#------------------------------------------------------------------------- + # Create blank binary file for ATTR_PERM partition + run_command("dd if=/dev/zero bs=28K count=1 | tr \"\\000\" \"\\377\" > $scratch_dir/hostboot.temp.bin"); + run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/attr_perm.bin.ecc --p8"); + # Create blank binary file for FIRDATA partition + run_command("dd if=/dev/zero bs=8K count=1 | tr \"\\000\" \"\\377\" > $scratch_dir/hostboot.temp.bin"); + run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/firdata.bin.ecc --p8"); + # Create blank binary file for SECBOOT partition + run_command("dd if=/dev/zero bs=128K count=1 > $scratch_dir/hostboot.temp.bin"); + run_command("ecc --inject $scratch_dir/hostboot.temp.bin --output $scratch_dir/secboot.bin.ecc --p8"); +} +#Stage SBEC image +run_command("cp $hb_binary_dir/$sbec_binary_filename $scratch_dir/"); +#END MAIN +#------------------------------------------------------------------------- ############# HELPER FUNCTIONS ################################################# # Function to first print, and then run a system command, erroring out if the |