talos-hostboot/src/include/usr/pnor, branch master

Mark Read-Only Partitions as Such

2018-04-12T20:20:04+00:00

Partitions marked with readOnly tag in the xml were treated as WRITABLE in the code. This change modifies the permissions to be READ_ONLY and adds unit tests to test the read only functionality. Change-Id: I8c1f23fd7e30edc38ff882c59716ab63a4f310e6 CQ: SW423350 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/56771 CI-Ready: ILYA SMIRNOV Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Reviewed-by: Nicholas E. Bofferding Reviewed-by: Daniel M. Crowell Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/57066 Tested-by: FSP CI Jenkins

Revert "Check the Section Headers in Non-Secure Mode"

2018-03-26T17:08:58+00:00

This reverts commit c82b626e6ea1d56c0d25cbd5954064e256135002. Change-Id: I0ae2328866e0f90ec583b19044ff917a4f52726c Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/56126 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: ILYA SMIRNOV Reviewed-by: Michael Baiocchi Reviewed-by: Daniel M. Crowell

Check the Section Headers in Non-Secure Mode

2018-03-12T18:27:28+00:00

When a PNOR section without a header is flashed onto a system that doesn't have SECUREBOOT compiled in, no header checks are performed, but the code still acts as if the header is present, and so the virtual address of the section is set to point past the secure header, which is 0x1000 into the section image, which causes all kinds of issues. This change adds logic to check the headers even when Secure Boot features are compiled out. Change-Id: Ieece371014192f160273939a35cb175aef0ddb25 Resolves: #126 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/54831 Reviewed-by: Nicholas E. Bofferding Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Michael Baiocchi Reviewed-by: Daniel M. Crowell

Convert asserts to error logs where it makes sense

2017-12-20T18:54:35+00:00

Change-Id: Idd15e39cc6be44c0865f13503bfa4482d77fcf0d RTC:181899 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/51042 Tested-by: Jenkins Server Reviewed-by: Michael Baiocchi Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Martin Gloff Reviewed-by: Nicholas E. Bofferding Reviewed-by: Daniel M. Crowell

Remove Secure Boot workarounds

2017-12-18T22:27:59+00:00

- Removing the magic number checks that would block sb functionality if things didn't appear secure - Remove Best Effort Policy and all of its related code - Remove the legacy PCR extension - Remove the non-secure header preservation path. - Always load HB base image header from the bl to hb data path vs settings unsecurely out of pnor Change-Id: Ie638384ac50ed47850985c959ea7a32e5757d64e RTC: 178520 RTC: 155374 RTC: 173489 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49925 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Reviewed-by: Nicholas E. Bofferding Tested-by: FSP CI Jenkins Tested-by: Jenkins OP HW Reviewed-by: Michael Baiocchi Reviewed-by: Daniel M. Crowell

Add new pnor section for Centaur hw ref image

2017-12-07T17:06:42+00:00

Change-Id: Id5b75f4a929456efa5da7f173ecba71af513744f RTC:144141 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49369 Reviewed-by: Stephen M. Cprek Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: FSP CI Jenkins Reviewed-by: Michael Baiocchi Reviewed-by: Daniel M. Crowell

Secure Boot: Fix lid load from HB reserved memory issues at runtime

2017-11-19T20:54:51+00:00

- Force all PNOR sections we load from HB rserved memory to be secure Only exception is the RINGOVD section, in which we use a fake header - Add fake header when Secureboot compiled out or a section is never signed as there is no secure header preserved in virtual memory RTC: 171708 RTC: 180063 Change-Id: Ibbbd7be24ee7b199e73451c63b2c2d1f86a2c2d8 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49020 Tested-by: Jenkins Server Reviewed-by: Nicholas E. Bofferding Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Reviewed-by: Marshall J. Wilks Tested-by: FSP CI Jenkins Reviewed-by: Michael Baiocchi Reviewed-by: Daniel M. Crowell

Create new test only PNOR section to test secure Load/Unloads

2017-11-15T20:12:28+00:00

Created a test PNOR section called TESTLOAD that only exists in standalone solely for the purpose of testing loadSecureSection and unloadSecureSection functions of secure boot. Change-Id: I8d397f96c9199b46a20dae0263822eaf3766f83f RTC:181598 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49501 Reviewed-by: Stephen M. Cprek Reviewed-by: Nicholas E. Bofferding Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Reviewed-by: Michael Baiocchi Tested-by: FSP CI Jenkins Reviewed-by: William G. Hoffa

Implement Secure unload

2017-10-20T16:50:04+00:00

Implement Secure unload of secure sections within PNOR. Change-Id: I92a00013d23e0506f89f89ec41a193eac0b25d25 RTC:157475 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/46203 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Michael Baiocchi Reviewed-by: Nicholas E. Bofferding Reviewed-by: William G. Hoffa

Enable OCC on ZZ with Opal

2017-10-20T13:07:29+00:00

Change-Id: I656c47d2468c8c31509b80492709b0f651b85b42 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/47008 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Nicholas E. Bofferding Reviewed-by: Stephen M. Cprek Reviewed-by: William G. Hoffa