talos-hostboot/src/include/bootloader, branch master

Secure Boot: Support Phyp debug flag in HDAT

2018-04-09T20:29:14+00:00

PHYP needs a way to know if SBE security backdoor is enabled for debug purposes. This change creates a flag in TPM instance data structure to indicate whether the backdoor is enabled. This flag is passed by SBE to the hb bootloader; also added the flag to indicate whether PCR is poisoned (default of 0). The population of this flag will be implemented on Fleetwood. Change-Id: I22305dbc9651134ba7dfe3b0bd3c760fe53c2c85 RTC: 188961 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/56045 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Nicholas E. Bofferding Reviewed-by: Michael Baiocchi CI-Ready: Daniel M. Crowell Reviewed-by: Daniel M. Crowell

Remove Secure Boot workarounds

2017-12-18T22:27:59+00:00

- Removing the magic number checks that would block sb functionality if things didn't appear secure - Remove Best Effort Policy and all of its related code - Remove the legacy PCR extension - Remove the non-secure header preservation path. - Always load HB base image header from the bl to hb data path vs settings unsecurely out of pnor Change-Id: Ie638384ac50ed47850985c959ea7a32e5757d64e RTC: 178520 RTC: 155374 RTC: 173489 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49925 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Reviewed-by: Nicholas E. Bofferding Tested-by: FSP CI Jenkins Tested-by: Jenkins OP HW Reviewed-by: Michael Baiocchi Reviewed-by: Daniel M. Crowell

Add component ID check for Master Container Lid Processing

2017-12-12T22:06:11+00:00

Change-Id: Ie6d99d6f67f09861f0d09c8432cf90abc27400b8 RTC: 181848 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/50156 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Reviewed-by: Michael Baiocchi Reviewed-by: Nicholas E. Bofferding Tested-by: FSP CI Jenkins Reviewed-by: Daniel M. Crowell

Secure Boot: Enforce PNOR section component IDs

2017-11-03T13:45:20+00:00

- In secure mode, bootloader will enforce that HBB component ID is set - In secure mode, Hostboot will enforce that PNOR component IDs are set Change-Id: I04f3bbc45417b3229003c56e1083e1fc31c01cd7 RTC: 179422 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/48711 Reviewed-by: Michael Baiocchi Tested-by: Jenkins Server Reviewed-by: Marshall J. Wilks Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Reviewed-by: Stephen M. Cprek Tested-by: FSP CI Jenkins Reviewed-by: William G. Hoffa

Refactor SecureBoot Workarounds to better control leniency

2017-08-26T03:16:28+00:00

At this time we are trying to secure OpenPOWER in secure mode, but allow best effort policies in other scenarios Change-Id: I9ec2b5be49dbfcff678c4d30bb85f8762e448cb6 RTC: 170136 RTC: 155374 RTC: 168021 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43640 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Reviewed-by: Nicholas E. Bofferding Reviewed-by: Michael Baiocchi Tested-by: FSP CI Jenkins Reviewed-by: Daniel M. Crowell

Pass Key-Addr info through bootloader

2017-08-18T14:26:41+00:00

RTC: 165369 Change-Id: If15f6ccc7a7c3649b8352467ae10173a15f3f501 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/44426 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Tested-by: Jenkins OP Build CI Reviewed-by: Matt Derksen Reviewed-by: Martin Gloff Tested-by: Jenkins OP HW Reviewed-by: Daniel M. Crowell

Hostboot not able to send a valid TI after corrupting HB base

2017-08-04T13:28:37+00:00

Bootloader TI design is incomplete and does not set up the TI info at HBB offset 0x2000 with the magic signature or pointer to the Bootloader TI data. Change-Id: I16229fed67a2cf67322dce02f0a1b8f0b68d275f CQ: SW397043 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43941 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: FSP CI Jenkins Tested-by: Jenkins OP HW Reviewed-by: Christian R. Geddes Reviewed-by: Stephen M. Cprek Reviewed-by: Corey V. Swenson Reviewed-by: Daniel M. Crowell

Increase HBB PNOR section max size to 1MB with ECC

2017-07-20T19:54:48+00:00

Change-Id: Icfd9411deac792d9772e89e35e7da5df272a7ecc RTC: 175114 CMVC-prereq: 1027576 CMVC-prereq: 1027947 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/42170 Tested-by: Jenkins Server Reviewed-by: Martin Gloff Reviewed-by: Michael Baiocchi Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Daniel M. Crowell

Handle Compatability issues for new BltoHbData location

2017-07-20T19:54:41+00:00

Change-Id: I9ec35ca8dd513a5e31f69cd899fa5d1e00d41c63 RTC: 175114 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/42442 Tested-by: Jenkins Server Reviewed-by: Michael Baiocchi Reviewed-by: Martin Gloff Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Daniel M. Crowell

Relocate bl to hb preserved data and page table in VMM

2017-07-20T19:54:36+00:00

Relocate Page Manager Page Table to 256K alignment after preserved area Simplify page manager initialize Change-Id: Ic90584437fa68843a7ebe3818d48c3fe4f5157d8 RTC: 175114 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/42154 Tested-by: Jenkins Server Reviewed-by: Martin Gloff Reviewed-by: Michael Baiocchi Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Daniel M. Crowell