diff options
author | Nick Bofferding <bofferdn@us.ibm.com> | 2017-04-22 17:15:03 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-05-08 14:12:48 -0400 |
commit | 8527fc2b9549b9b6782fdffde29ff8713e677bc4 (patch) | |
tree | eb277c60fcf28eec2116546c2ce4be6ca4a53144 /src/build/buildpnor | |
parent | b93bb1c4e5151e309231a6b667bc98deaf98572f (diff) | |
download | talos-hostboot-8527fc2b9549b9b6782fdffde29ff8713e677bc4.tar.gz talos-hostboot-8527fc2b9549b9b6782fdffde29ff8713e677bc4.zip |
Support gracefully adding signing headers to PNOR sections
Change-Id: Ie8ce7672a41c0b6230918911f59ada5443c552f5
RTC: 170650
CMVC-Coreq: 1022416
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/39869
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/build/buildpnor')
-rwxr-xr-x | src/build/buildpnor/buildpnor.pl | 10 | ||||
-rw-r--r-- | src/build/buildpnor/defaultPnorLayout.xml | 2 | ||||
-rwxr-xr-x | src/build/buildpnor/genPnorImages.pl | 70 | ||||
-rw-r--r-- | src/build/buildpnor/pnorLayoutFSP.xml | 1 |
4 files changed, 52 insertions, 31 deletions
diff --git a/src/build/buildpnor/buildpnor.pl b/src/build/buildpnor/buildpnor.pl index 3cfb5d67a..28930dc47 100755 --- a/src/build/buildpnor/buildpnor.pl +++ b/src/build/buildpnor/buildpnor.pl @@ -216,14 +216,16 @@ sub addUserData $dataInteg = 0x8000; } - # VerCheck Flag + # VerCheck Flag: sha512Version if( ($i_sectionHash{$i_key}{sha512Version} eq "yes") ) { - $verCheck = 0x80; + $verCheck |= 0x80; } - elsif( ($i_sectionHash{$i_key}{sha512perEC} eq "yes") ) + + # VerCheck Flag: sha512perEC + if( ($i_sectionHash{$i_key}{sha512perEC} eq "yes") ) { - $verCheck = 0x40; + $verCheck |= 0x40; } # Misc Flags diff --git a/src/build/buildpnor/defaultPnorLayout.xml b/src/build/buildpnor/defaultPnorLayout.xml index 54d4bc516..9bfbc6a47 100644 --- a/src/build/buildpnor/defaultPnorLayout.xml +++ b/src/build/buildpnor/defaultPnorLayout.xml @@ -165,6 +165,7 @@ Layout Description <physicalOffset>0xF61000</physicalOffset> <physicalRegionSize>0x48000</physicalRegionSize> <sha512perEC/> + <sha512Version/> <side>sideless</side> <ecc/> </section> @@ -191,6 +192,7 @@ Layout Description <eyeCatch>PAYLOAD</eyeCatch> <physicalOffset>0x1549000</physicalOffset> <physicalRegionSize>0x1560000</physicalRegionSize> + <sha512Version/> <side>sideless</side> <ecc/> </section> diff --git a/src/build/buildpnor/genPnorImages.pl b/src/build/buildpnor/genPnorImages.pl index f02d0433b..dd0be0fce 100755 --- a/src/build/buildpnor/genPnorImages.pl +++ b/src/build/buildpnor/genPnorImages.pl @@ -617,7 +617,7 @@ sub manipulateImages $eccless_prefix.=".header"; # Add secure container header # @TODO RTC:155374 Remove when official signing supported - if ($secureboot && $secureSupported) + if ($secureboot && $isSpecialSecure) { $callerHwHdrFields{configure} = 1; if (exists $hashPageTablePartitions{$eyeCatch}) @@ -737,7 +737,25 @@ sub manipulateImages die "Error closing of $preReqImages{HBB_SW_SIG_FILE} failed" if $!; } } - # Add simiple version header + elsif($secureboot && $isNormalSecure) + { + $callerHwHdrFields{configure} = 1; + if($openSigningTool) + { + run_command("$CUR_OPEN_SIGN_REQUEST " + . "-protectedPayload $bin_file " + . "-out $tempImages{HDR_PHASE}"); + } + else + { + # @TODO RTC:155374 Remove when official signing + # supported + run_command("$SIGNING_DIR/build -good -if " + . "$secureboot_hdr -of $tempImages{HDR_PHASE} -bin " + . "$bin_file $SIGN_BUILD_PARAMS"); + } + } + # Add simple version header else { run_command("env echo -en VERSION\\\\0 > $tempImages{TEMP_SHA_IMG}"); @@ -746,23 +764,6 @@ sub manipulateImages run_command("cat $bin_file >> $tempImages{HDR_PHASE}"); } } - elsif ($secureboot && $isNormalSecure) - { - $eccless_prefix .=".header"; - - $callerHwHdrFields{configure} = 1; - if($openSigningTool) - { - run_command("$CUR_OPEN_SIGN_REQUEST " - . "-protectedPayload $bin_file " - . "-out $tempImages{HDR_PHASE}"); - } - else - { - # @TODO RTC:155374 Remove when official signing supported - run_command("$SIGNING_DIR/build -good -if $secureboot_hdr -of $tempImages{HDR_PHASE} -bin $bin_file $SIGN_BUILD_PARAMS"); - } - } else { run_command("cp $bin_file $tempImages{HDR_PHASE}"); @@ -830,17 +831,32 @@ sub manipulateImages run_command("dd if=/dev/zero bs=$size count=1 | tr \"\\000\" \"\\377\" > $tempImages{PAD_PHASE}"); # Add secure container header - if ($secureboot && $isNormalSecure && $eyeCatch ne "SBKT") + if( ($sectionHash{$layoutKey}{sha512Version} eq "yes") + && ($eyeCatch ne "SBKT")) { - $callerHwHdrFields{configure} = 1; - # Remove PAGE_SIZE bytes from generated dummy content of file - # to make room for the secure header + # Remove PAGE_SIZE bytes from generated dummy content of + # file to make room for the secure header my $fileSize = (-s $tempImages{PAD_PHASE}) - PAGE_SIZE; - die "fileSize undefined: errno = $!" unless(defined $fileSize); + die "fileSize undefined: errno = $!" + unless(defined $fileSize); run_command("dd if=$tempImages{PAD_PHASE} of=$tempImages{TEMP_BIN} count=1 bs=$fileSize"); - # @TODO RTC:155374 Remove when official signing supported - run_command("$SIGNING_DIR/build -good -if $secureboot_hdr -of $tempImages{PAD_PHASE} -bin $tempImages{TEMP_BIN} $SIGN_BUILD_PARAMS"); - setCallerHwHdrFields(\%callerHwHdrFields, $tempImages{PAD_PHASE}); + + if ($secureboot && $secureSupported) + { + $callerHwHdrFields{configure} = 1; + # @TODO RTC:155374 Remove when official signing + # supported + run_command("$SIGNING_DIR/build -good -if $secureboot_hdr -of $tempImages{PAD_PHASE} -bin $tempImages{TEMP_BIN} $SIGN_BUILD_PARAMS"); + setCallerHwHdrFields(\%callerHwHdrFields, + $tempImages{PAD_PHASE}); + } + else + { + run_command("env echo -en VERSION\\\\0 > $tempImages{TEMP_SHA_IMG}"); + run_command("sha512sum $tempImages{TEMP_BIN} | awk \'{print \$1}\' | xxd -pr -r >> $tempImages{TEMP_SHA_IMG}"); + run_command("dd if=$tempImages{TEMP_SHA_IMG} of=$tempImages{PAD_PHASE} ibs=4k conv=sync"); + run_command("cat $tempImages{TEMP_BIN} >> $tempImages{PAD_PHASE}"); + } } } } diff --git a/src/build/buildpnor/pnorLayoutFSP.xml b/src/build/buildpnor/pnorLayoutFSP.xml index f1b160c60..39fbe326c 100644 --- a/src/build/buildpnor/pnorLayoutFSP.xml +++ b/src/build/buildpnor/pnorLayoutFSP.xml @@ -165,6 +165,7 @@ Layout Description - Used when building an FSP driver <physicalOffset>0xF61000</physicalOffset> <physicalRegionSize>0x48000</physicalRegionSize> <sha512perEC/> + <sha512Version/> <side>sideless</side> <ecc/> </section> |