diff options
author | Stephen Cprek <smcprek@us.ibm.com> | 2017-04-10 16:32:00 -0500 |
---|---|---|
committer | William G. Hoffa <wghoffa@us.ibm.com> | 2017-05-01 17:53:46 -0400 |
commit | 863b78e70f9b11e9948c380e1d5cd5790d8d9962 (patch) | |
tree | 37e0685a747c34d2bc4e58018eb2ac7f1910072a /src/build/buildpnor/genPnorImages.pl | |
parent | 142a25c1a3453d0cc5bac4a93a2765e60a281d2d (diff) | |
download | talos-hostboot-863b78e70f9b11e9948c380e1d5cd5790d8d9962.tar.gz talos-hostboot-863b78e70f9b11e9948c380e1d5cd5790d8d9962.zip |
Port P8 HBI page verification functionality
Verify HBI pages via its securely signed hash page table
Change-Id: I86d29ee393c19aa0d9c5270b0b6c561a9fc4ab51
RTC: 167668
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/39071
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Diffstat (limited to 'src/build/buildpnor/genPnorImages.pl')
-rwxr-xr-x | src/build/buildpnor/genPnorImages.pl | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/src/build/buildpnor/genPnorImages.pl b/src/build/buildpnor/genPnorImages.pl index 3c8d4c973..fb5c5f5d7 100755 --- a/src/build/buildpnor/genPnorImages.pl +++ b/src/build/buildpnor/genPnorImages.pl @@ -541,7 +541,7 @@ sub manipulateImages # Sections that have secureboot support. Secureboot still must be # enabled for secureboot actions on these partitions to occur. # @TODO securebootp9 re-enable with SBE/SBEC/PAYLOAD secureboot ports - my $isNormalSecure ||= ($eyeCatch eq "HBBL"); + my $isNormalSecure = ($eyeCatch eq "HBBL"); $isNormalSecure ||= ($eyeCatch eq "SBE"); $isNormalSecure ||= ($eyeCatch eq "HBRT"); #$isNormalSecure ||= ($eyeCatch eq "SBEC"); @@ -552,7 +552,7 @@ sub manipulateImages my $isSpecialSecure = ($eyeCatch eq "HBB"); $isSpecialSecure ||= ($eyeCatch eq "HBD"); - #$isSpecialSecure ||= ($eyeCatch eq "HBI"); + $isSpecialSecure ||= ($eyeCatch eq "HBI"); # Used to indicate security is supported in firmware my $secureSupported = $isNormalSecure || $isSpecialSecure; @@ -620,8 +620,7 @@ sub manipulateImages if ($secureboot && $secureSupported) { $callerHwHdrFields{configure} = 1; - # @TODO securebootp9 re-enable hash page table with vfs page table port - if (0) #exists $hashPageTablePartitions{$eyeCatch}) + if (exists $hashPageTablePartitions{$eyeCatch}) { if ($eyeCatch eq "HBI") { @@ -635,8 +634,7 @@ sub manipulateImages } } # Add hash page table - # @TODO securebootp9 re-enable hash page table with vfs page table port - if (0) #$tempImages{hashPageTable} ne "" && -e $tempImages{hashPageTable}) + if ($tempImages{hashPageTable} ne "" && -e $tempImages{hashPageTable}) { trace(1,"Adding hash page table for $eyeCatch"); my $hashPageTableSize = -s $tempImages{hashPageTable}; |