diff options
| author | Stephen Cprek <smcprek@us.ibm.com> | 2017-11-20 16:56:44 -0600 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-12-18 17:27:59 -0500 |
| commit | 9ae6e9595f9773d295b7e3ade47088f554c1ed48 (patch) | |
| tree | f33427b681154991423fb9faad3476bf4aa17ff4 /src/bootloader | |
| parent | 8392e4f606607e505bb99de2a8d229ae69be5efe (diff) | |
| download | talos-hostboot-9ae6e9595f9773d295b7e3ade47088f554c1ed48.tar.gz talos-hostboot-9ae6e9595f9773d295b7e3ade47088f554c1ed48.zip | |
Remove Secure Boot workarounds
- Removing the magic number checks that would block sb functionality
if things didn't appear secure
- Remove Best Effort Policy and all of its related code
- Remove the legacy PCR extension
- Remove the non-secure header preservation path.
- Always load HB base image header from the bl to hb data path
vs settings unsecurely out of pnor
Change-Id: Ie638384ac50ed47850985c959ea7a32e5757d64e
RTC: 178520
RTC: 155374
RTC: 173489
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49925
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/bootloader')
| -rw-r--r-- | src/bootloader/bootloader.C | 11 |
1 files changed, 0 insertions, 11 deletions
diff --git a/src/bootloader/bootloader.C b/src/bootloader/bootloader.C index 7f29bed7d..3fe6cd7b9 100644 --- a/src/bootloader/bootloader.C +++ b/src/bootloader/bootloader.C @@ -284,9 +284,6 @@ namespace Bootloader{ // Terminate if a valid securerom is not present else if ( !g_blData->secureRomValid ) { -#ifdef CONFIG_SECUREBOOT_BEST_EFFORT - BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_NO_EYECATCH); -#else BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_INVALID_SECROM); /*@ * @errortype @@ -301,15 +298,7 @@ namespace Bootloader{ */ bl_terminate(Bootloader::MOD_BOOTLOADER_VERIFY, SECUREBOOT::RC_SECROM_INVALID); -#endif - } -#ifdef CONFIG_SECUREBOOT_BEST_EFFORT - else if ( !PNOR::cmpSecurebootMagicNumber( - reinterpret_cast<const uint8_t*>(i_pContainer))) - { - BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_NO_MAGIC_NUM); } -#endif else { // Set startAddr to ROM_verify() function at an offset of Secure ROM |
