talos-hostboot/src/usr/secureboot/common, branch 07-25-2019

Add README.md files to the secureboot component

2020-02-13T14:55:47+00:00

This commit adds a top-level README.md file to the secureboot component that then calls into new README.md files in the different sub-directories. Change-Id: I7460a0e591232c2f8387321b0251ac3f62a1c76e Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/89025 Reviewed-by: Ilya Smirnov Reviewed-by: Nicholas E Bofferding Reviewed-by: Christopher J Engel Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Daniel M Crowell

Add page tables to read only partitions

2019-05-09T21:10:29+00:00

Changed partitions (WOFDATA, MEMD) to be signed with a hash page table bit. This generates a hash page table in the protected payload which will be used to validate pages in the unprotected payload Change-Id: I9be4b1f6e65b9a52a8b6ba23affdacc4d89f5295 RTC: 179519 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72776 Tested-by: Jenkins Server Reviewed-by: Nicholas E. Bofferding Tested-by: Jenkins OP Build CI Tested-by: FSP CI Jenkins Tested-by: Jenkins OP HW Reviewed-by: Michael Baiocchi Reviewed-by: Daniel M. Crowell

Move HOMER BAR to Secure Memory in SMF Mode

2018-11-13T19:23:59+00:00

This commits enables HOMER BAR to point to the top of the secure memory on SMF-enabled systems. Consequently, the HOMER image and hostboot reserved memory will be moved to the secure memory if SMF is enabled. Change-Id: I37c7527b06688a41e57f14b4107ff53a507ffae8 RTC: 198825 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/66702 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Reviewed-by: Nicholas E. Bofferding Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Daniel M. Crowell

Minor Error Log Improvements

2018-07-30T17:34:29+00:00

This commit adds the error log severity to the trace saying that a new error log is being created. It also cleans up an unused variable in some error log parsing logic. Change-Id: Iff196993bdabf80ad65006fca195f0785221257f Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/63476 Reviewed-by: Nicholas E. Bofferding Reviewed-by: Marshall J. Wilks Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: FSP CI Jenkins Tested-by: Jenkins OP HW Reviewed-by: ILYA SMIRNOV Reviewed-by: Daniel M. Crowell

Improve FFDC for new Node Comm Device Driver

2018-05-24T13:33:07+00:00

This commit adds a new custom Node Comm Device Driver error log user details section and its parser code. It also adds a function to add the target and important HW registers to an error log. Change-Id: I11893af06b7a097b43106117d648e9a431c4f3ea RTC:191008 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/59079 Reviewed-by: ILYA SMIRNOV Reviewed-by: Nicholas E. Bofferding Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Reviewed-by: William G. Hoffa

Secure Boot: Check integrity of dynamically sized secure header copies

2018-03-12T18:20:57+00:00

When reading a secure header, the container header object can overrun a buffer when number of ECIDs or software keys specified is greater than the supported amount. This change implements hard enforcement to ensure that this is no longer possible. Change-Id: Ife9194763f858b37e2de6f12fa01d74da1145df3 CQ: SW419735 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/55088 CI-Ready: Nicholas E. Bofferding Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Reviewed-by: ILYA SMIRNOV Reviewed-by: Michael Baiocchi Reviewed-by: Marshall J. Wilks Tested-by: FSP CI Jenkins Reviewed-by: William G. Hoffa

Secure Boot: Remove utilmem from verify container fail path

2018-02-07T22:54:50+00:00

When the Hostboot extended image verification fails, it calls FFDC collection routine which invokes UtilMem functionality that is contained in the extended image. This creates a circular loop of dependency that cannot be satisfied. The FFDC collection was fixed to remove use of UtilMem while providing same function Change-Id: Id7a15ae68ec316c5d6d6779143d1409f5333e816 Backport: release-fips910 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/53456 Reviewed-by: ILYA SMIRNOV Tested-by: Jenkins Server Reviewed-by: Michael Baiocchi Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Daniel M. Crowell

Collect better FFDC on ROM verification errors

2018-01-31T16:09:11+00:00

Collect both the UTIL and RUNTIME component traces on a ROM verify failure Added a new Errlog User Details sections "Verify Info" containing the component name, ID(s), measured, and expected hashes Change-Id: I0d0408128e05807bb906be5ee365d56d1416693f CQ:SW413889 Backport:release-fips910 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/52593 Reviewed-by: Michael Baiocchi Reviewed-by: Nicholas E. Bofferding Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Marshall J. Wilks Reviewed-by: Daniel M. Crowell

Fix incorrect size for entries going into hb resv memory

2017-12-12T22:16:19+00:00

Sections that do not have Secure Headers and need one injected were not passing in the correct size to preverifiedlidmgr. e.g. RINGOVD section or when SB is compiled out Change-Id: I6e8c775a9a1d3f89473c55af6efc8109fb378c99 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/50545 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: Nicholas E. Bofferding Reviewed-by: Michael Baiocchi Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Reviewed-by: Daniel M. Crowell

Create a Trusted boot trace component and collect trace on errors

2017-12-05T20:16:08+00:00

Error log trace never included "TRBOOT" trace Change-Id: I0ff99d3d3cc78a7a25c576059d69d1644a2c802d RTC: 181899 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/50077 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: FSP CI Jenkins Reviewed-by: Michael Baiocchi Reviewed-by: Nicholas E. Bofferding Reviewed-by: Daniel M. Crowell