diff options
author | Stephen Cprek <smcprek@us.ibm.com> | 2017-02-06 12:31:42 -0600 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-03-01 14:04:03 -0500 |
commit | f0d7c809d23c2cf44c0be0ff594c14aff22d6f04 (patch) | |
tree | bbb67150e4e1d2a6309c4bed69ab70473d02e7ce /src/bootloader | |
parent | d3d4ae7c89e6b35fffa8857170762992dc3c6538 (diff) | |
download | talos-hostboot-f0d7c809d23c2cf44c0be0ff594c14aff22d6f04.tar.gz talos-hostboot-f0d7c809d23c2cf44c0be0ff594c14aff22d6f04.zip |
Add SecureROM version info and Change SBE update to use max HBBL size
The HBBL also contains the securerom code and hw keys' hash
for verification purposes. So looking for the end of the HBBL
code leaves out those sections
Change-Id: I73a1b5c50e3a5b3f642ca569b90e79dbe4c4ba1e
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35979
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Martin Gloff <mgloff@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/bootloader')
-rw-r--r-- | src/bootloader/bl_start.S | 6 | ||||
-rw-r--r-- | src/bootloader/bootloader.C | 77 | ||||
-rw-r--r-- | src/bootloader/makefile | 4 |
3 files changed, 51 insertions, 36 deletions
diff --git a/src/bootloader/bl_start.S b/src/bootloader/bl_start.S index 99843a1eb..4af665523 100644 --- a/src/bootloader/bl_start.S +++ b/src/bootloader/bl_start.S @@ -31,7 +31,6 @@ .set SBE_HB_PNORSIZEMB, sbe_hb_structures+6 ;// uint16_t .set SBE_HB_BLLOADSIZE, sbe_hb_structures+8 ;// uint64_t .set HBBL_BASE_ADDRESS, base_load_address -.set HBBL_END_EYECATCHER, 0x4842424C656E6400 ;// 'HBBLend.' .set HBBL_END_ADDRESS, end_load_address .set HBBL_system_reset, 0x100 .set HBBL_machine_check, 0x200 @@ -423,11 +422,6 @@ bootloader_hbbSection: hbi_ImageId: .space 128 - .balign 16 -.global bootloader_end_eyecatcher -bootloader_end_eyecatcher: - .quad HBBL_END_EYECATCHER - .global bootloader_end_address bootloader_end_address: .quad HBBL_END_ADDRESS diff --git a/src/bootloader/bootloader.C b/src/bootloader/bootloader.C index e1386189d..4d764cd04 100644 --- a/src/bootloader/bootloader.C +++ b/src/bootloader/bootloader.C @@ -69,7 +69,6 @@ namespace Bootloader{ sizeof(sha2_hash_t)); } - // @TODO RTC:167740 remove magic number check once fsp/op signs HBB /** * @brief Memcmp a vaddr to the known secureboot magic number * @@ -97,24 +96,48 @@ namespace Bootloader{ const sha2_hash_t* i_hwKeyHash) { #ifdef CONFIG_SECUREBOOT - // @TODO RTC:167740 remove magic number check once fsp/op signs HBB - if (cmpSecurebootMagicNumber(reinterpret_cast<const uint8_t*> - (i_pContainer))) + BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_START); + + uint64_t l_rc = 0; + + // @TODO RTC:166848 Move find/get secure rom logic out of ROM verify + // Find secure ROM addr + // Get starting address of ROM size and code which is the next 8 byte + // aligned address after the bootloader end. + // [hbbl][pad:8:if-applicable][securerom-size:8][securerom] + const void* l_pBootloaderEnd = &bootloader_end_address; + uint64_t l_bootloaderSize = 0; + memcpy (&l_bootloaderSize, l_pBootloaderEnd, sizeof(l_bootloaderSize)); + uint64_t l_rom_startAddr = getHRMOR() + ALIGN_8(l_bootloaderSize); + // Get Rom Size + // @TODO RTC:166848 Store size so hb can use + uint64_t l_secureRomSize = 0; + memcpy (&l_secureRomSize, reinterpret_cast<void*>(l_rom_startAddr), + sizeof(l_secureRomSize)); + l_rom_startAddr += sizeof(l_secureRomSize); + + // Beginning of SecureROM has a info structure + // Get Secure ROM info + const auto l_pSecRomInfo = reinterpret_cast<SecureRomInfo*>( + l_rom_startAddr); + + // # @TODO RTC:170136 terminate in this case + // Ensure SecureRom is actually present + if ( !secureRomInfoValid(l_pSecRomInfo) ) + { + BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_NO_EYECATCH); + } + // # @TODO RTC:170136 terminate in this case + else if ( !cmpSecurebootMagicNumber(reinterpret_cast<const uint8_t*> + (i_pContainer))) + { + BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_NO_MAGIC_NUM); + } + else { - BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_HBB_START); - - uint64_t l_rc = 0; - - const void * l_pBootloaderEnd = &bootloader_end_address; - - // Get starting address of ROM code which is the next 8 byte aligned - // address after the bootloader end. - uint64_t l_size = 0; - memcpy (&l_size, l_pBootloaderEnd, sizeof(l_size)); - uint64_t l_rom_startAddr = getHRMOR() + ALIGN_8(l_size); - // Set startAddr to ROM_verify() function at an offset of Secure ROM uint64_t l_rom_verify_startAddr = l_rom_startAddr + + l_pSecRomInfo->branchtableOffset + ROM_VERIFY_FUNCTION_OFFSET; // Declare local input struct @@ -128,18 +151,17 @@ namespace Bootloader{ // Use current hw hash key memcpy (&l_hw_parms.hw_key_hash, i_hwKeyHash, sizeof(sha2_hash_t)); - const ROM_container_raw* l_container = - reinterpret_cast<const ROM_container_raw*>(i_pContainer); + const auto l_container = reinterpret_cast<const ROM_container_raw*> + (i_pContainer); l_rc = call_rom_verify(reinterpret_cast<void*> (l_rom_verify_startAddr), l_container, &l_hw_parms); - if (l_rc != 0) { // Verification of Container failed. - BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_HBB_FAIL); + BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_FAIL); /*@ * @errortype * @moduleid MOD_BOOTLOADER_VERIFY @@ -156,11 +178,7 @@ namespace Bootloader{ } - BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_HBB_SUCCESS); - } - else - { - BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_HBB_SKIP); + BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_SUCCESS); } #endif } @@ -260,10 +278,11 @@ namespace Bootloader{ verifyContainer(l_src_addr, &l_hwKeyHash); // Increment past secure header -#ifdef CONFIG_SECUREBOOT - l_src_addr += PAGE_SIZE/sizeof(uint64_t); - l_hbbLength -= PAGE_SIZE; -#endif + if (isSecureSection(PNOR::HB_BASE_CODE)) + { + l_src_addr += PAGE_SIZE/sizeof(uint64_t); + l_hbbLength -= PAGE_SIZE; + } // Copy HBB image into address where it executes for(uint32_t i = 0; diff --git a/src/bootloader/makefile b/src/bootloader/makefile index 598236b79..ee1688774 100644 --- a/src/bootloader/makefile +++ b/src/bootloader/makefile @@ -5,7 +5,7 @@ # # OpenPOWER HostBoot Project # -# Contributors Listed Below - COPYRIGHT 2015,2016 +# Contributors Listed Below - COPYRIGHT 2015,2017 # [+] International Business Machines Corp. # # @@ -30,6 +30,8 @@ EXTRAINCDIR += ${ROOTPATH}/src/include/usr/ EXTRAINCDIR += ${ROOTPATH}/src/include/usr/pnor/ EXTRAINCDIR += ${ROOTPATH}/src/include/usr/lpc/ +COMMONFLAGS += -DBOOTLOADER + OBJS += bl_start.o OBJS += bootloader.o OBJS += bl_pnorAccess.o |