diff options
| author | Stephen Cprek <smcprek@us.ibm.com> | 2017-02-28 09:59:17 -0600 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-03-17 17:24:15 -0400 |
| commit | 551ba04c02d56b669a93b0e3fc62b0633cf844c9 (patch) | |
| tree | 994d6464586bc433aa7ab313e2eb7259c827ab66 /src/bootloader/bootloader.C | |
| parent | e32262ef84b7e4d688308b35dfefa296cf14fc6c (diff) | |
| download | talos-hostboot-551ba04c02d56b669a93b0e3fc62b0633cf844c9.tar.gz talos-hostboot-551ba04c02d56b669a93b0e3fc62b0633cf844c9.zip | |
Consume Secure Access Bit from SBE HB communication area
Disable verification in bootloader if SAB not set
Change-Id: If5f1adcbe0277f2a4223d8cea6a5e2048019871d
RTC: 167741
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/37214
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/bootloader/bootloader.C')
| -rw-r--r-- | src/bootloader/bootloader.C | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/src/bootloader/bootloader.C b/src/bootloader/bootloader.C index 3091e018c..be2c2f748 100644 --- a/src/bootloader/bootloader.C +++ b/src/bootloader/bootloader.C @@ -45,6 +45,7 @@ #include <securerom/ROM.H> #include <config.h> #include <secureboot/secure_reasoncodes.H> +#include <p9_sbe_hb_structures.H> extern uint64_t kernel_other_thread_spinlock; extern PNOR::SectionData_t bootloader_hbbSection; @@ -76,6 +77,16 @@ namespace Bootloader{ */ void setSecureData(const void * i_pHbbSrc) { + // Read SBE HB shared data. + const auto l_blConfigData = reinterpret_cast<BootloaderConfigData_t *>( + SBE_HB_COMM_ADDR); + // Set secure Access Bit + // Ensure SBE to Bootloader structure has the SAB member + if (l_blConfigData->version >= SAB_ADDED) + { + g_blToHbData.secureAccessBit = l_blConfigData->secureAccessBit; + } + // Find secure ROM addr // Get starting address of ROM size and code which is the next 8 byte // aligned address after the bootloader end. @@ -105,7 +116,7 @@ namespace Bootloader{ g_secureRomValid = true; g_blToHbData.eyeCatch = BLTOHB_EYECATCHER; - g_blToHbData.version = BLTOHB_INIT; + g_blToHbData.version = BLTOHB_SAB; g_blToHbData.branchtableOffset = l_pSecRomInfo->branchtableOffset; g_blToHbData.secureRom = l_pRomStart; @@ -156,9 +167,14 @@ namespace Bootloader{ uint64_t l_rc = 0; + // Check if Secure Access Bit is set + if (!g_blToHbData.secureAccessBit) + { + BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_SAB_UNSET); + } // # @TODO RTC:170136 terminate in this case // Ensure SecureRom is actually present - if ( !g_secureRomValid ) + else if ( !g_secureRomValid ) { BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_NO_EYECATCH); } |
