Talos™ II hostboot sources https://git.raptorcs.com/git/talos-hostboot/atom?h=07-25-2019 2018-04-12T20:20:04+00:00 2018-04-12T20:20:04+00:00 Ilya Smirnov ismirno@us.ibm.com 2018-04-02T21:39:21+00:00 urn:sha1:f5cd23d6c3be17356e0851ec5d5bb65cee48f15f Partitions marked with readOnly tag in the xml were treated as WRITABLE in the code. This change modifies the permissions to be READ_ONLY and adds unit tests to test the read only functionality. Change-Id: I8c1f23fd7e30edc38ff882c59716ab63a4f310e6 CQ: SW423350 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/56771 CI-Ready: ILYA SMIRNOV <ismirno@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/57066 Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> 2018-01-31T16:09:11+00:00 Stephen Cprek smcprek@us.ibm.com 2018-01-23T20:27:17+00:00 urn:sha1:8443a65a3599f433bd47c2ea03e863240db28b89 Collect both the UTIL and RUNTIME component traces on a ROM verify failure Added a new Errlog User Details sections "Verify Info" containing the component name, ID(s), measured, and expected hashes Change-Id: I0d0408128e05807bb906be5ee365d56d1416693f CQ:SW413889 Backport:release-fips910 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/52593 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2017-12-12T22:16:19+00:00 Stephen Cprek smcprek@us.ibm.com 2017-12-05T22:46:54+00:00 urn:sha1:82f341573515e1dd39c622a955e08d3ab669b458 Sections that do not have Secure Headers and need one injected were not passing in the correct size to preverifiedlidmgr. e.g. RINGOVD section or when SB is compiled out Change-Id: I6e8c775a9a1d3f89473c55af6efc8109fb378c99 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/50545 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2017-12-12T22:06:11+00:00 Stephen Cprek smcprek@us.ibm.com 2017-11-29T21:44:23+00:00 urn:sha1:d527220c6ffe651548c3e002e0d473492c37ad27 Change-Id: Ie6d99d6f67f09861f0d09c8432cf90abc27400b8 RTC: 181848 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/50156 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2017-12-05T19:37:19+00:00 Stephen Cprek smcprek@us.ibm.com 2017-11-21T22:09:22+00:00 urn:sha1:ca52131dad3de16f44b9c9f07b5413edf1e9742a Change-Id: I2dfd02bd7c7f5b5356cd93ca967482c2d7f79ec1 RTC: 178520 RTC: 181899 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49966 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2017-11-19T20:54:51+00:00 Stephen Cprek smcprek@us.ibm.com 2017-10-31T18:01:30+00:00 urn:sha1:81279c1d146d8ee920494c7817cdd72f165dd373 - Force all PNOR sections we load from HB rserved memory to be secure Only exception is the RINGOVD section, in which we use a fake header - Add fake header when Secureboot compiled out or a section is never signed as there is no secure header preserved in virtual memory RTC: 171708 RTC: 180063 Change-Id: Ibbbd7be24ee7b199e73451c63b2c2d1f86a2c2d8 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49020 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2017-11-03T13:45:20+00:00 Nick Bofferding bofferdn@us.ibm.com 2017-10-21T02:13:34+00:00 urn:sha1:07d75753d59419ea6ba9ee3bd930e0aa8e7e7fd5 - In secure mode, bootloader will enforce that HBB component ID is set - In secure mode, Hostboot will enforce that PNOR component IDs are set Change-Id: I04f3bbc45417b3229003c56e1083e1fc31c01cd7 RTC: 179422 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/48711 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com> 2017-08-04T13:53:51+00:00 Jaymes Wilks mjwilks@us.ibm.com 2017-07-25T21:08:02+00:00 urn:sha1:0914d87ae57960ef859886a67b5ae1187aa82474 All instances for sha2_hash_t have been replaced with SHA512_t and the SHA512_t typedef is now in securerom/contrib/sha512.H in place of the old definition. Change-Id: I32524524d755eb3b0264881317d9be5a294dc9a7 RTC:172333 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43610 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2017-06-22T13:20:28+00:00 Nick Bofferding bofferdn@us.ibm.com 2017-06-20T19:22:38+00:00 urn:sha1:ccb74685e3205a1f74e4a2264f27775144600d2c - Direct extended/targeting image unprotected payload access to PNOR range Change-Id: Id81b3bcc8c3ef4317e68e111847d6c9d3ede7ac4 CQ: SW392719 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/42156 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2017-05-01T21:53:46+00:00 Stephen Cprek smcprek@us.ibm.com 2017-04-10T21:32:00+00:00 urn:sha1:863b78e70f9b11e9948c380e1d5cd5790d8d9962 Verify HBI pages via its securely signed hash page table Change-Id: I86d29ee393c19aa0d9c5270b0b6c561a9fc4ab51 RTC: 167668 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/39071 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>