Talos™ II hostboot sources https://git.raptorcs.com/git/talos-hostboot/atom?h=master 2017-11-30T14:08:08+00:00 2017-11-30T14:08:08+00:00 Stephen Cprek smcprek@us.ibm.com 2017-11-17T21:49:30+00:00 urn:sha1:c336a77283197bd63475f0773b78473c7c239567 Change-Id: I224079808493c062f04b7c3a59d45128a8f2e699 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49875 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2017-11-19T20:54:51+00:00 Stephen Cprek smcprek@us.ibm.com 2017-10-31T18:01:30+00:00 urn:sha1:81279c1d146d8ee920494c7817cdd72f165dd373 - Force all PNOR sections we load from HB rserved memory to be secure Only exception is the RINGOVD section, in which we use a fake header - Add fake header when Secureboot compiled out or a section is never signed as there is no secure header preserved in virtual memory RTC: 171708 RTC: 180063 Change-Id: Ibbbd7be24ee7b199e73451c63b2c2d1f86a2c2d8 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49020 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2017-09-20T22:03:22+00:00 Stephen Cprek smcprek@us.ibm.com 2017-09-18T15:25:22+00:00 urn:sha1:4b2859591b45f9b83c6856c4d242e20fc236ebf0 Instead restrict actions if a secure section but let all other info to be obtained Change-Id: I4ae72157f8a956dfe2bccf9a88c8e6332fd3ff6a CQ: SW402304 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/46341 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2017-08-26T03:16:28+00:00 Stephen Cprek smcprek@us.ibm.com 2017-07-26T15:33:24+00:00 urn:sha1:cefc4c2c1bf3a43a993f2091813ee181779ddee4 At this time we are trying to secure OpenPOWER in secure mode, but allow best effort policies in other scenarios Change-Id: I9ec2b5be49dbfcff678c4d30bb85f8762e448cb6 RTC: 170136 RTC: 155374 RTC: 168021 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43640 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2017-08-18T14:25:30+00:00 Mike Baiocchi mbaiocch@us.ibm.com 2017-08-15T15:44:28+00:00 urn:sha1:6a040451c75c888ad1ecca9e10988c119cbbba84 This commit fixes the SECUREBOOT::allowAttrOverrides() function and also allows for more accurate secureboot testing at runtime. Change-Id: Ife86bd3f6311247438dd68a1a191d5de86892512 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/44635 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2017-08-09T17:47:00+00:00 Mike Baiocchi mbaiocch@us.ibm.com 2017-07-01T06:43:12+00:00 urn:sha1:776d1086a7ed224c482d2da3c49b2c597b8776ab For Secureboot purposes, we don't consider the FSP a secure source. So this commit inhibts attribute overrides and any sort of attribute syncing from the FSP. Change-Id: I941ab5083d3055bc29237839aaaf4b723a2b0e90 RTC:175071 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/42687 Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2016-07-07T14:11:39+00:00 Nick Bofferding bofferdn@us.ibm.com 2016-06-21T19:49:31+00:00 urn:sha1:f25ca35cf10693ccc45753231f171b453228b82e - Added verify_container API to runtime interface for secureboot - Added testcase to test API registration - Created common secureboot tracing files Change-Id: If755644ff6507f14fd0463f4accf05301fc91832 RTC: 156119 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/26104 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>