diff options
| author | Ilya Smirnov <ismirno@us.ibm.com> | 2018-03-19 17:12:32 -0500 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2018-04-09 16:29:14 -0400 |
| commit | da8911ce095aa7d18231c9d344dc978dae7cf984 (patch) | |
| tree | bba30d639c013bdd5f77cf70a31fc560f8c33698 /src/bootloader | |
| parent | 5192636a15d9fd36653952eaad5dac0974094f00 (diff) | |
| download | talos-hostboot-da8911ce095aa7d18231c9d344dc978dae7cf984.tar.gz talos-hostboot-da8911ce095aa7d18231c9d344dc978dae7cf984.zip | |
Secure Boot: Support Phyp debug flag in HDAT
PHYP needs a way to know if SBE security backdoor is enabled
for debug purposes. This change creates a flag in TPM instance
data structure to indicate whether the backdoor is enabled. This
flag is passed by SBE to the hb bootloader; also added the flag
to indicate whether PCR is poisoned (default of 0).
The population of this flag will be implemented on Fleetwood.
Change-Id: I22305dbc9651134ba7dfe3b0bd3c760fe53c2c85
RTC: 188961
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/56045
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
CI-Ready: Daniel M. Crowell <dcrowell@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/bootloader')
| -rw-r--r-- | src/bootloader/bootloader.C | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/bootloader/bootloader.C b/src/bootloader/bootloader.C index 3fe6cd7b9..eed79770d 100644 --- a/src/bootloader/bootloader.C +++ b/src/bootloader/bootloader.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015,2017 */ +/* Contributors Listed Below - COPYRIGHT 2015,2018 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -85,6 +85,12 @@ namespace Bootloader{ l_blConfigData->secureSettings.allowAttrOverrides; } + if(l_blConfigData->version >= SBE_BACKDOOR_BIT_ADDED) + { + g_blData->blToHbData.secBackdoorBit = + l_blConfigData->secureSettings.secBackdoorBit; + } + // Find secure ROM addr // Get starting address of ROM size and code which is the next 8 byte // aligned address after the bootloader end. @@ -113,6 +119,9 @@ namespace Bootloader{ case ADDR_STASH_SUPPORT_ADDED: g_blData->blToHbData.version = BLTOHB_KEYADDR; break; + case SBE_BACKDOOR_BIT_ADDED: + g_blData->blToHbData.version = BLTOHB_BACKDOOR; + break; default: g_blData->blToHbData.version = BLTOHB_SIZE; break; |
