diff options
author | Stephen Cprek <smcprek@us.ibm.com> | 2017-04-20 11:02:58 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-04-28 15:46:38 -0400 |
commit | 942885a519471aa18706f6b48400beb9c009d329 (patch) | |
tree | 7016969be50671de1ba8ebabf68c95fd294e1261 /src/build/buildpnor/genPnorImages.pl | |
parent | e53a2e5cd5b152d6e565f56867f1f8cd435e7556 (diff) | |
download | talos-hostboot-942885a519471aa18706f6b48400beb9c009d329.tar.gz talos-hostboot-942885a519471aa18706f6b48400beb9c009d329.zip |
Sign and Verify the hostboot runtime partition (port from p8)
Change-Id: I04d303b2fe08a9c3fff4e9f3cc0be9768279637d
RTC: 171706
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/39521
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/build/buildpnor/genPnorImages.pl')
-rwxr-xr-x | src/build/buildpnor/genPnorImages.pl | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/src/build/buildpnor/genPnorImages.pl b/src/build/buildpnor/genPnorImages.pl index 5edc38d0a..d343c50c9 100755 --- a/src/build/buildpnor/genPnorImages.pl +++ b/src/build/buildpnor/genPnorImages.pl @@ -537,8 +537,9 @@ sub manipulateImages # Sections that have secureboot support. Secureboot still must be # enabled for secureboot actions on these partitions to occur. # @TODO securebootp9 re-enable with SBE/SBEC/PAYLOAD secureboot ports - my $isNormalSecure = ($eyeCatch eq "SBE"); - #$isNormalSecure ||= ($eyeCatch eq "HBRT"); + my $isNormalSecure ||= ($eyeCatch eq "HBBL"); + $isNormalSecure ||= ($eyeCatch eq "SBE"); + $isNormalSecure ||= ($eyeCatch eq "HBRT"); #$isNormalSecure ||= ($eyeCatch eq "SBEC"); $isNormalSecure ||= ($eyeCatch eq "PAYLOAD"); #$isNormalSecure ||= ($eyeCatch eq "OCC"); @@ -547,9 +548,11 @@ sub manipulateImages my $isSpecialSecure = ($eyeCatch eq "HBB"); $isSpecialSecure ||= ($eyeCatch eq "HBD"); - $isSpecialSecure ||= ($eyeCatch eq "HBBL"); #$isSpecialSecure ||= ($eyeCatch eq "HBI"); + # Used to indicate security is supported in firmware + my $secureSupported = $isNormalSecure || $isSpecialSecure; + # If there is a non-default header for this section, use it instead my $header = $sb_hdrs{DEFAULT}; if(exists $sb_hdrs{$eyeCatch}) @@ -609,7 +612,7 @@ sub manipulateImages $fsp_prefix.=".header"; # Add secure container header # @TODO RTC:155374 Remove when official signing supported - if ($secureboot && $isSpecialSecure) + if ($secureboot && $secureSupported) { $callerHwHdrFields{configure} = 1; # @TODO securebootp9 re-enable hash page table with vfs page table port |