talos-hostboot/src/usr/secureboot/runtime, branch 07-25-2019

Add README.md files to the secureboot component

2020-02-13T14:55:47+00:00

This commit adds a top-level README.md file to the secureboot component that then calls into new README.md files in the different sub-directories. Change-Id: I7460a0e591232c2f8387321b0251ac3f62a1c76e Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/89025 Reviewed-by: Ilya Smirnov Reviewed-by: Nicholas E Bofferding Reviewed-by: Christopher J Engel Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Daniel M Crowell

Make RT_TARG id generation code common between IPL time and runtime

2020-01-22T15:45:00+00:00

For axone we are writing the OMI mmio bars into hdat so the hypervisor know how to talk to the devices. IPL code needs to be able to lookup the hbrt-style ids so we can use them to make hdat entries that the hypervisor will be able to associate targets with. This commit also move rt_targeting.H to the correct include directory and updates everywhere that it is included. Change-Id: I31deaa1a9c5a7523622a8b3b12ad459e2b2feed3 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/80419 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Daniel M Crowell

Automatically include config.h

2019-12-06T16:28:47+00:00

Rather than having to remember to include config.h anywhere we reference a CONFIG variable (and usually forgetting), this adds it to the default compiler flags so that it gets included in every source file we build. Change-Id: I53622ab4d46c55d942e98cae6ec03049fd5b3d08 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/87475 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Zachary Clark Reviewed-by: Roland Veloz Reviewed-by: Christian R Geddes Reviewed-by: Nicholas E Bofferding

Add consistent enter-exit traces for all runtime interfaces

2018-10-02T13:57:58+00:00

Created a new 'HBRT' trace buffer that is exclusively used to bound the external calls into our runtime image. Modified the return code values to be the reasoncode of the error log we commit instead of a generic '-1' value that is not very helpful. Change-Id: Id41288ea1903bf6d11e967fcb10a8184153943c8 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/64871 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Brian J. Stegmiller Reviewed-by: Matt Derksen Reviewed-by: William G. Hoffa

Handle comments from pre-verify and runtime lid loading commits

2017-11-30T14:08:08+00:00

Change-Id: I224079808493c062f04b7c3a59d45128a8f2e699 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49875 Tested-by: Jenkins Server Reviewed-by: Michael Baiocchi Reviewed-by: Nicholas E. Bofferding Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Daniel M. Crowell

Secure Boot: Fix lid load from HB reserved memory issues at runtime

2017-11-19T20:54:51+00:00

- Force all PNOR sections we load from HB rserved memory to be secure Only exception is the RINGOVD section, in which we use a fake header - Add fake header when Secureboot compiled out or a section is never signed as there is no secure header preserved in virtual memory RTC: 171708 RTC: 180063 Change-Id: Ibbbd7be24ee7b199e73451c63b2c2d1f86a2c2d8 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49020 Tested-by: Jenkins Server Reviewed-by: Nicholas E. Bofferding Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Reviewed-by: Marshall J. Wilks Tested-by: FSP CI Jenkins Reviewed-by: Michael Baiocchi Reviewed-by: Daniel M. Crowell

Fix getSectionInfo from failing on secure sections

2017-09-20T22:03:22+00:00

Instead restrict actions if a secure section but let all other info to be obtained Change-Id: I4ae72157f8a956dfe2bccf9a88c8e6332fd3ff6a CQ: SW402304 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/46341 Tested-by: Jenkins Server Reviewed-by: Michael Baiocchi Tested-by: Jenkins OP Build CI Reviewed-by: Daniel M. Crowell

Refactor SecureBoot Workarounds to better control leniency

2017-08-26T03:16:28+00:00

At this time we are trying to secure OpenPOWER in secure mode, but allow best effort policies in other scenarios Change-Id: I9ec2b5be49dbfcff678c4d30bb85f8762e448cb6 RTC: 170136 RTC: 155374 RTC: 168021 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43640 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Reviewed-by: Nicholas E. Bofferding Reviewed-by: Michael Baiocchi Tested-by: FSP CI Jenkins Reviewed-by: Daniel M. Crowell

Fix SECUREBOOT runtime interfaces and tests

2017-08-18T14:25:30+00:00

This commit fixes the SECUREBOOT::allowAttrOverrides() function and also allows for more accurate secureboot testing at runtime. Change-Id: Ife86bd3f6311247438dd68a1a191d5de86892512 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/44635 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Reviewed-by: Marshall J. Wilks Reviewed-by: Nicholas E. Bofferding Tested-by: FSP CI Jenkins Tested-by: Jenkins OP HW Reviewed-by: Daniel M. Crowell

Secureboot: Inhibit attribute overrides and sync exposures

2017-08-09T17:47:00+00:00

For Secureboot purposes, we don't consider the FSP a secure source. So this commit inhibts attribute overrides and any sort of attribute syncing from the FSP. Change-Id: I941ab5083d3055bc29237839aaaf4b723a2b0e90 RTC:175071 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/42687 Reviewed-by: Nicholas E. Bofferding Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Reviewed-by: Stephen M. Cprek Tested-by: FSP CI Jenkins Tested-by: Jenkins OP HW Reviewed-by: Daniel M. Crowell