diff options
author | Stephen Cprek <smcprek@us.ibm.com> | 2016-10-20 15:05:04 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2016-11-16 13:31:11 -0500 |
commit | 9fe792112fcad9167829dd785972f2d3fd6f59c4 (patch) | |
tree | 7b0755853e4ba8884a7d5b5ad6e2882da95f9cdd /src/build | |
parent | a301193c570cfb2462e7d3fe4e0a25b1fc24bef1 (diff) | |
download | talos-hostboot-9fe792112fcad9167829dd785972f2d3fd6f59c4.tar.gz talos-hostboot-9fe792112fcad9167829dd785972f2d3fd6f59c4.zip |
Port secureboot build infrastructure from P8 to P9
Change-Id: Ief0412848818c45ee9b49476926cd742b9fa78f3
RTC:163081
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/31591
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/build')
-rw-r--r-- | src/build/buildpnor/PnorUtils.pm | 151 | ||||
-rwxr-xr-x | src/build/buildpnor/buildpnor.pl | 388 | ||||
-rw-r--r-- | src/build/buildpnor/defaultPnorLayout.xml | 10 | ||||
-rwxr-xr-x | src/build/buildpnor/genPnorImages.pl | 48 | ||||
-rw-r--r-- | src/build/buildpnor/pnorLayoutFSP.xml | 10 | ||||
-rw-r--r-- | src/build/buildpnor/pnorLayoutFake.xml | 2 | ||||
-rwxr-xr-x | src/build/citest/populate-sandbox | 2 | ||||
-rw-r--r-- | src/build/mkrules/dist.targets.mk | 4 | ||||
-rwxr-xr-x | src/build/mkrules/hbfw/img/makefile | 373 | ||||
-rwxr-xr-x | src/build/tools/hb | 3 | ||||
-rwxr-xr-x | src/build/tools/hbDistribute | 79 |
11 files changed, 365 insertions, 705 deletions
diff --git a/src/build/buildpnor/PnorUtils.pm b/src/build/buildpnor/PnorUtils.pm index 4c167d5c0..dcb524167 100644 --- a/src/build/buildpnor/PnorUtils.pm +++ b/src/build/buildpnor/PnorUtils.pm @@ -64,83 +64,24 @@ sub loadPnorLayout #parse the input XML file my $xs = new XML::Simple(keyattr=>[], forcearray => 1); my $xml = $xs->XMLin($i_pnorFile); + my $imageSize = 0; + my $chipSize = 0; - #Iterate over the <section> elements. - foreach my $sectionEl (@{$xml->{section}}) - { - my $description = $sectionEl->{description}[0]; - my $eyeCatch = $sectionEl->{eyeCatch}[0]; - my $physicalOffset = $sectionEl->{physicalOffset}[0]; - my $physicalRegionSize = $sectionEl->{physicalRegionSize}[0]; - my $side = $sectionEl->{side}[0]; - my $testonly = $sectionEl->{testonly}[0]; - my $ecc = (exists $sectionEl->{ecc} ? "yes" : "no"); - my $sha512Version = (exists $sectionEl->{sha512Version} ? "yes" : "no"); - my $sha512perEC = (exists $sectionEl->{sha512perEC} ? "yes" : "no"); - my $preserved = (exists $sectionEl->{preserved} ? "yes" : "no"); - my $reprovision = (exists $sectionEl->{reprovision} ? "yes" : "no"); - my $readOnly = (exists $sectionEl->{readOnly} ? "yes" : "no"); - my $xz = ""; - my $xzSize = 0; - if((exists $sectionEl->{compressed}) && - ($sectionEl->{compressed}[0]->{algorithm}[0] eq "xz")) - { - $xz = "xz"; - $xzSize = $sectionEl->{compressed}[0]->{uncompressedSize}[0]; - } - if (($i_testRun == 0) && ($sectionEl->{testonly}[0] eq "yes")) - { - next; - } - - trace(3, "$this_func: description = $description, eyeCatch=$eyeCatch, physicalOffset = $physicalOffset, physicalRegionSize=$physicalRegionSize, side=$side"); - - $physicalOffset = getNumber($physicalOffset); - $physicalRegionSize = getNumber($physicalRegionSize); - - $$i_pnorLayoutRef{sections}{$physicalOffset}{description} = $description; - $$i_pnorLayoutRef{sections}{$physicalOffset}{eyeCatch} = $eyeCatch; - $$i_pnorLayoutRef{sections}{$physicalOffset}{physicalOffset} = $physicalOffset; - $$i_pnorLayoutRef{sections}{$physicalOffset}{physicalRegionSize} = $physicalRegionSize; - $$i_pnorLayoutRef{sections}{$physicalOffset}{side} = $side; - $$i_pnorLayoutRef{sections}{$physicalOffset}{ecc} = $ecc; - $$i_pnorLayoutRef{sections}{$physicalOffset}{sha512Version} = $sha512Version; - $$i_pnorLayoutRef{sections}{$physicalOffset}{sha512perEC} = $sha512perEC; - $$i_pnorLayoutRef{sections}{$physicalOffset}{preserved} = $preserved; - $$i_pnorLayoutRef{sections}{$physicalOffset}{reprovision} = $reprovision; - $$i_pnorLayoutRef{sections}{$physicalOffset}{readOnly} = $readOnly; - $$i_pnorLayoutRef{sections}{$physicalOffset}{compressed}{algorithm} = $xz; - $$i_pnorLayoutRef{sections}{$physicalOffset}{compressed}{uncompressedSize} = $xzSize; - - #store the physical offsets of each section in a hash, so, it is easy - #to search physicalOffsets based on the name of the section (eyecatch) - if ($side eq "sideless") - { - foreach my $metadata (@{$xml->{metadata}}) - { - foreach my $sides (@{$metadata->{side}}) - { - $$i_physicalOffsets{side}{$sides->{id}[0]}{eyecatch}{$eyeCatch} = $physicalOffset; - } - } - } - else - { - $$i_physicalOffsets{side}{$side}{eyecatch}{$eyeCatch} = $physicalOffset; - } - } # Save the metadata - imageSize, blockSize, toc Information etc. foreach my $metadataEl (@{$xml->{metadata}}) { # Get meta data - my $imageSize = $metadataEl->{imageSize}[0]; + $imageSize = $metadataEl->{imageSize}[0]; + $chipSize = $metadataEl->{chipSize}[0]; my $blockSize = $metadataEl->{blockSize}[0]; my $tocSize = $metadataEl->{tocSize}[0]; my $arrangement = $metadataEl->{arrangement}[0]; $imageSize = getNumber($imageSize); + $chipSize = getNumber($chipSize); $blockSize = getNumber($blockSize); $tocSize = getNumber($tocSize); $$i_pnorLayoutRef{metadata}{imageSize} = $imageSize; + $$i_pnorLayoutRef{metadata}{chipSize} = $chipSize; $$i_pnorLayoutRef{metadata}{blockSize} = $blockSize; $$i_pnorLayoutRef{metadata}{tocSize} = $tocSize; $$i_pnorLayoutRef{metadata}{arrangement} = $arrangement; @@ -155,7 +96,8 @@ sub loadPnorLayout # #Arrangement A-B-D means that the layout had Primary TOC (A), then backup TOC (B), then Data (pnor section information). #Similaryly, arrangement A-D-B means that primary toc is followed by the data (section information) and then - #the backup TOC. + #the backup TOC. In order for the parsing tools to find the TOC, the TOCs must be at TOP_OF_FLASH-(2) * TOC_SIZE + # and the other at 0x0 of flash memory. if ($arrangement eq "A-B-D") { my $count = 0; @@ -176,18 +118,21 @@ sub loadPnorLayout } elsif ($arrangement eq "A-D-B") { + my $count = 0; foreach my $side (@{$metadataEl->{side}}) { my $golden = (exists $side->{golden} ? "yes" : "no"); my $sideId = $side->{id}[0]; - my $hbbAddr = $$i_physicalOffsets{side}{$sideId}{eyecatch}{"HBB"}; - my $primaryTOC = align_down($hbbAddr, $sideSize); - my $backupTOC = align_up($hbbAddr, $sideSize) - $tocSize; + #Leave 1 block sized pad because the top addr of flash special + # and simics broke we had the toc touching it + my $primaryTOC = ($sideSize)*($count + 1) - ($tocSize + $blockSize) ; + my $backupTOC = ($sideSize)*($count); $$i_pnorLayoutRef{metadata}{sides}{$sideId}{toc}{primary} = $primaryTOC; $$i_pnorLayoutRef{metadata}{sides}{$sideId}{toc}{backup} = $backupTOC; $$i_pnorLayoutRef{metadata}{sides}{$sideId}{golden} = $golden; - trace(1, "A-D-B: side:$sideId HBB:$hbbAddr, primaryTOC:$primaryTOC, backupTOC:$backupTOC, golden: $golden"); + $count = $count + 1; + trace(1, "A-D-B: side:$sideId, primaryTOC:$primaryTOC, backupTOC:$backupTOC, golden: $golden"); } } else @@ -195,6 +140,64 @@ sub loadPnorLayout trace(0, "Arrangement:$arrangement is not supported"); exit(1); } + + #Iterate over the <section> elements. + foreach my $sectionEl (@{$xml->{section}}) + { + my $description = $sectionEl->{description}[0]; + my $eyeCatch = $sectionEl->{eyeCatch}[0]; + my $physicalOffset = $sectionEl->{physicalOffset}[0]; + my $physicalRegionSize = $sectionEl->{physicalRegionSize}[0]; + my $side = $sectionEl->{side}[0]; + my $testonly = $sectionEl->{testonly}[0]; + my $ecc = (exists $sectionEl->{ecc} ? "yes" : "no"); + my $sha512Version = (exists $sectionEl->{sha512Version} ? "yes" : "no"); + my $sha512perEC = (exists $sectionEl->{sha512perEC} ? "yes" : "no"); + my $preserved = (exists $sectionEl->{preserved} ? "yes" : "no"); + my $readOnly = (exists $sectionEl->{readOnly} ? "yes" : "no"); + if (($i_testRun == 0) && ($sectionEl->{testonly}[0] eq "yes")) + { + next; + } + + trace(3, "$this_func: description = $description, eyeCatch=$eyeCatch, physicalOffset = $physicalOffset, physicalRegionSize=$physicalRegionSize, side=$side"); + + $physicalOffset = getNumber($physicalOffset); + $physicalRegionSize = getNumber($physicalRegionSize); + + if($physicalRegionSize + $physicalOffset > $imageSize) + { + die "ERROR: $this_func: Image size ($imageSize) smaller than $eyeCatch's offset + $eyeCatch's size (".($physicalOffset + $physicalRegionSize)."). Aborting! "; + } + + $$i_pnorLayoutRef{sections}{$physicalOffset}{description} = $description; + $$i_pnorLayoutRef{sections}{$physicalOffset}{eyeCatch} = $eyeCatch; + $$i_pnorLayoutRef{sections}{$physicalOffset}{physicalOffset} = $physicalOffset; + $$i_pnorLayoutRef{sections}{$physicalOffset}{physicalRegionSize} = $physicalRegionSize; + $$i_pnorLayoutRef{sections}{$physicalOffset}{side} = $side; + $$i_pnorLayoutRef{sections}{$physicalOffset}{ecc} = $ecc; + $$i_pnorLayoutRef{sections}{$physicalOffset}{sha512Version} = $sha512Version; + $$i_pnorLayoutRef{sections}{$physicalOffset}{sha512perEC} = $sha512perEC; + $$i_pnorLayoutRef{sections}{$physicalOffset}{preserved} = $preserved; + $$i_pnorLayoutRef{sections}{$physicalOffset}{readOnly} = $readOnly; + + #store the physical offsets of each section in a hash, so, it is easy + #to search physicalOffsets based on the name of the section (eyecatch) + if ($side eq "sideless") + { + foreach my $metadata (@{$xml->{metadata}}) + { + foreach my $sides (@{$metadata->{side}}) + { + $$i_physicalOffsets{side}{$sides->{id}[0]}{eyecatch}{$eyeCatch} = $physicalOffset; + } + } + } + else + { + $$i_physicalOffsets{side}{$side}{eyecatch}{$eyeCatch} = $physicalOffset; + } + } } return 0; } @@ -225,11 +228,11 @@ sub getNumber my $inVal = shift; if($inVal =~ "0x") { - return oct($inVal); + return oct($inVal); } else { - return $inVal; + return $inVal; } } @@ -255,11 +258,11 @@ sub trace #traceLevel 0 is for errors if($i_traceLevel == 0) { - print "ERROR: ".$i_string."\n"; + print "ERROR: ".$i_string."\n"; } elsif ($g_trace >= $i_traceLevel) { - print "TRACE: ".$i_string."\n"; + print "TRACE: ".$i_string."\n"; } } diff --git a/src/build/buildpnor/buildpnor.pl b/src/build/buildpnor/buildpnor.pl index a3693396c..138f86533 100755 --- a/src/build/buildpnor/buildpnor.pl +++ b/src/build/buildpnor/buildpnor.pl @@ -30,39 +30,19 @@ # number fields must be 4 or 8 bytes # numbers cannot be over 32 bits - use strict; -use XML::Simple; use Data::Dumper; use File::Basename; - -# Digest::SHA1 module is now Digest::SHA in newer version of perl. Need to -# do the below eval blocks to support both modules. -BEGIN -{ - eval "use Digest::SHA;"; - if ($@) - { - eval "use Digest::SHA1;"; - die $@ if $@; - } -} - -################################################################################ -# Set PREFERRED_PARSER to XML::Parser. Otherwise it uses XML::SAX which contains -# bugs that result in XML parse errors that can be fixed by adjusting white- -# space (i.e. parse errors that do not make sense). -################################################################################ -$XML::Simple::PREFERRED_PARSER = 'XML::Parser'; - -my $TRAC_ERR = 0; -# 0=errors, >0 for more traces, leaving at 1 to keep key milestone traces. -my $g_trace = 1; +use Cwd qw(abs_path); +use lib dirname abs_path($0); +use PnorUtils qw(loadPnorLayout getNumber traceErr trace run_command + findLayoutKeyByEyeCatch checkSpaceConstraints); my $programName = File::Basename::basename $0; my %pnorLayout; my %PhysicalOffsets; my %binFiles; +my %finalBinFiles=(); my $pnorLayoutFile; my $pnorBinName = ""; my $tocVersion = 0x1; @@ -76,7 +56,6 @@ my %SideOptions = ( B => "B", sideless => "sideless", ); -use constant PAGE_SIZE => 4096; if ($#ARGV < 0) { usage(); @@ -133,16 +112,13 @@ if (-e $pnorBinName) } #Load PNOR Layout XML file -loadPnorLayout($pnorLayoutFile, \%pnorLayout, \%PhysicalOffsets); +loadPnorLayout($pnorLayoutFile, \%pnorLayout, \%PhysicalOffsets, $testRun); #Verify all the section files exist verifyFilesExist(\%pnorLayout, \%binFiles); -#Perform any data integrity manipulation (ECC, shaw-hash, etc) -robustifyImgs(\%pnorLayout, \%binFiles); - -checkSpaceConstraints(\%pnorLayout, \%binFiles); -trace(1, "Done checkSpaceConstraints"); +# Make sure provided files will fit in their sections +checkSpaceConstraints(\%pnorLayout, \%binFiles, $testRun); # Create all Partition Tables at each TOC offset # Each side has 2 TOC's created at different offsets for backup purposes. @@ -176,8 +152,7 @@ foreach my $sideId ( keys %{$pnorLayout{metadata}{sides}} ) { my $tocOffset = $pnorLayout{metadata}{sides}{$sideId}{toc}{primary}; - fillPnorImage($pnorBinName, \%pnorLayout, \%binFiles, $sideId, - $tocOffset); + fillPnorImage($pnorBinName, \%pnorLayout, \%binFiles, $sideId, $tocOffset); } exit 0; @@ -185,162 +160,6 @@ exit 0; ######################### Begin Utility Subroutines ########################### ################################################################################ -# loadPnorLayout -################################################################################ -sub loadPnorLayout -{ - my ($i_pnorFile, $i_pnorLayoutRef, $i_physicalOffsets) = @_; - my $this_func = (caller(0))[3]; - - unless(-e $i_pnorFile) - { - traceErr("$this_func: File not found: $i_pnorFile"); - return -1; - } - - #parse the input XML file - my $xs = new XML::Simple(keyattr=>[], forcearray => 1); - my $xml = $xs->XMLin($i_pnorFile); - my $imageSize = 0; - my $chipSize = 0; - # Save the metadata - imageSize, blockSize, toc Information etc. - foreach my $metadataEl (@{$xml->{metadata}}) - { - # Get meta data - $imageSize = $metadataEl->{imageSize}[0]; - $chipSize = $metadataEl->{chipSize}[0]; - my $blockSize = $metadataEl->{blockSize}[0]; - my $tocSize = $metadataEl->{tocSize}[0]; - my $arrangement = $metadataEl->{arrangement}[0]; - $chipSize = getNumber($chipSize); - $imageSize = getNumber($imageSize); - $blockSize = getNumber($blockSize); - $tocSize = getNumber($tocSize); - $$i_pnorLayoutRef{metadata}{chipSize} = $chipSize; - $$i_pnorLayoutRef{metadata}{imageSize} = $imageSize; - $$i_pnorLayoutRef{metadata}{blockSize} = $blockSize; - $$i_pnorLayoutRef{metadata}{tocSize} = $tocSize; - $$i_pnorLayoutRef{metadata}{arrangement} = $arrangement; - - my $numOfSides = scalar (@{$metadataEl->{side}}); - my $sideSize = ($imageSize)/($numOfSides); - - trace(1, " $this_func: metadata: imageSize = $imageSize, blockSize=$blockSize, arrangement = $arrangement, numOfSides: $numOfSides, sideSize: $sideSize, tocSize: $tocSize"); - - #determine the TOC offsets from the arrangement and side Information - #stored in the layout xml - # - #Arrangement A-B-D means that the layout had Primary TOC (A), then backup TOC (B), then Data (pnor section information). - #Similaryly, arrangement A-D-B means that primary toc is followed by the data (section information) and then - #the backup TOC. In order for the parsing tools to find the TOC, the TOCs must be at TOP_OF_FLASH-(2) * TOC_SIZE - # and the other at 0x0 of flash memory. - if ($arrangement eq "A-B-D") - { - my $count = 0; - foreach my $side (@{$metadataEl->{side}}) - { - my $golden = (exists $side->{golden} ? "yes" : "no"); - my $sideId = $side->{id}[0]; - my $primaryTOC = ($sideSize)*($count); - my $backupTOC = ($primaryTOC)+($tocSize); - - $$i_pnorLayoutRef{metadata}{sides}{$sideId}{toc}{primary} = $primaryTOC; - $$i_pnorLayoutRef{metadata}{sides}{$sideId}{toc}{backup} = $backupTOC; - $$i_pnorLayoutRef{metadata}{sides}{$sideId}{golden} = $golden; - - $count = $count + 1; - trace(1, "A-B-D: side:$sideId primaryTOC:$primaryTOC, backupTOC:$backupTOC, golden: $golden"); - } - } - elsif ($arrangement eq "A-D-B") - { - my $count = 0; - foreach my $side (@{$metadataEl->{side}}) - { - my $golden = (exists $side->{golden} ? "yes" : "no"); - my $sideId = $side->{id}[0]; - - #Leave 1 block sized pad because the top addr of flash special - # and simics broke we had the toc touching it - my $primaryTOC = ($sideSize)*($count + 1) - ($tocSize + $blockSize) ; - my $backupTOC = ($sideSize)*($count); - - $$i_pnorLayoutRef{metadata}{sides}{$sideId}{toc}{primary} = $primaryTOC; - $$i_pnorLayoutRef{metadata}{sides}{$sideId}{toc}{backup} = $backupTOC; - $$i_pnorLayoutRef{metadata}{sides}{$sideId}{golden} = $golden; - $count = $count + 1; - trace(1, "A-D-B: side:$sideId, primaryTOC:$primaryTOC, backupTOC:$backupTOC, golden: $golden"); - } - } - else - { - trace(0, "Arrangement:$arrangement is not supported"); - exit(1); - } - - #Iterate over the <section> elements. - foreach my $sectionEl (@{$xml->{section}}) - { - my $description = $sectionEl->{description}[0]; - my $eyeCatch = $sectionEl->{eyeCatch}[0]; - my $physicalOffset = $sectionEl->{physicalOffset}[0]; - my $physicalRegionSize = $sectionEl->{physicalRegionSize}[0]; - my $side = $sectionEl->{side}[0]; - my $testonly = $sectionEl->{testonly}[0]; - my $ecc = (exists $sectionEl->{ecc} ? "yes" : "no"); - my $sha512Version = (exists $sectionEl->{sha512Version} ? "yes" : "no"); - my $sha512perEC = (exists $sectionEl->{sha512perEC} ? "yes" : "no"); - my $preserved = (exists $sectionEl->{preserved} ? "yes" : "no"); - my $readOnly = (exists $sectionEl->{readOnly} ? "yes" : "no"); - if (($testRun == 0) && ($sectionEl->{testonly}[0] eq "yes")) - { - next; - } - - trace(3, "$this_func: description = $description, eyeCatch=$eyeCatch, physicalOffset = $physicalOffset, physicalRegionSize=$physicalRegionSize, side=$side"); - - $physicalOffset = getNumber($physicalOffset); - $physicalRegionSize = getNumber($physicalRegionSize); - - if($physicalRegionSize + $physicalOffset > $imageSize) - { - die "ERROR: $this_func: Image size ($imageSize) smaller than $eyeCatch's offset + $eyeCatch's size (".($physicalOffset + $physicalRegionSize)."). Aborting! "; - } - - $$i_pnorLayoutRef{sections}{$physicalOffset}{description} = $description; - $$i_pnorLayoutRef{sections}{$physicalOffset}{eyeCatch} = $eyeCatch; - $$i_pnorLayoutRef{sections}{$physicalOffset}{physicalOffset} = $physicalOffset; - $$i_pnorLayoutRef{sections}{$physicalOffset}{physicalRegionSize} = $physicalRegionSize; - $$i_pnorLayoutRef{sections}{$physicalOffset}{side} = $side; - $$i_pnorLayoutRef{sections}{$physicalOffset}{ecc} = $ecc; - $$i_pnorLayoutRef{sections}{$physicalOffset}{sha512Version} = $sha512Version; - $$i_pnorLayoutRef{sections}{$physicalOffset}{sha512perEC} = $sha512perEC; - $$i_pnorLayoutRef{sections}{$physicalOffset}{preserved} = $preserved; - $$i_pnorLayoutRef{sections}{$physicalOffset}{readOnly} = $readOnly; - - #store the physical offsets of each section in a hash, so, it is easy - #to search physicalOffsets based on the name of the section (eyecatch) - if ($side eq "sideless") - { - foreach my $metadata (@{$xml->{metadata}}) - { - foreach my $sides (@{$metadata->{side}}) - { - $$i_physicalOffsets{side}{$sides->{id}[0]}{eyecatch}{$eyeCatch} = $physicalOffset; - } - } - } - else - { - $$i_physicalOffsets{side}{$side}{eyecatch}{$eyeCatch} = $physicalOffset; - } - } - - } - return 0; -} - -################################################################################ # createPnorImg - Create PNOR image based on input data. ################################################################################ sub createPnorImg @@ -416,6 +235,10 @@ sub addUserData { $miscFlags |= 0x40; } + if( ($i_sectionHash{$i_key}{reprovision} eq "yes") ) + { + $miscFlags |= 0x10; + } #First User Data Word #[1:chip][1:compressType][2:dataInteg] @@ -428,6 +251,7 @@ sub addUserData my $userflags1 = ($verCheck << 24) | ($miscFlags << 16); + trace(2, "$g_fpartCmd --target $i_pnorBinName --partition-offset $i_offset --user 0 --name $eyeCatch --value userflags0=$userflags0"); system("$g_fpartCmd --target $i_pnorBinName --partition-offset $i_offset --user 0 --name $eyeCatch --value $userflags0"); die "ERROR: $this_func: Call to add userdata to $eyeCatch failed. Aborting!" if($?); @@ -435,6 +259,7 @@ sub addUserData trace(2, "$g_fpartCmd --target $i_pnorBinName --partition-offset $i_offset --user 1 --name $eyeCatch --value userflags1=$userflags1"); system("$g_fpartCmd --target $i_pnorBinName --partition-offset $i_offset --user 1 --name $eyeCatch --value $userflags1"); die "ERROR: $this_func: Call to add userdata to $eyeCatch failed. Aborting!" if($?); + } ################################################################################ @@ -580,59 +405,6 @@ sub addTOCInfo $sideShift = $sideShift + $numOfTOCs; } } -################################################################################ -# robustifyImgs - Perform any ECC or ShawHash manipulations -################################################################################ -sub robustifyImgs -{ - my ($i_pnorLayoutRef, $i_binFiles) = @_; - my $this_func = (caller(0))[3]; - - #@TODO: ECC Correction - #@TODO: maybe a little SHA hashing? - - return 0; -} - -################################################################################ -# align_down: Align the input to the lower end of the PNOR side -################################################################################ -sub align_down -{ - my ($addr,$n) = @_; - return (($addr) - ($addr)%($n)); -} - -################################################################################ -# align_up: Align the input address to the higher end of the PNOR side -################################################################################ -sub align_up -{ - my ($addr,$n) = @_; - return ((($addr) + ($n-1)) & ~($n-1)); -} - -################################################################################ -# findLayoutKeyByEyeCatch - Figure out hash key based on eyeCatcher -################################################################################ -sub findLayoutKeyByEyeCatch -{ - my $layoutKey = -1; - my($eyeCatch, $i_pnorLayoutRef) = @_; - my $key; - - my %sectionHash = %{$$i_pnorLayoutRef{sections}}; - for $key ( keys %sectionHash) - { - if($sectionHash{$key}{eyeCatch} eq $eyeCatch) - { - $layoutKey = $key; - last; - } - } - - return $layoutKey; -} ################################################################################ # verifyFilesExist - Verify all the input files exist @@ -659,89 +431,6 @@ sub verifyFilesExist my %sectionHash = %{$$i_pnorLayoutRef{sections}}; } -################################################################################ -# checkSpaceConstraints - Make sure provided files will fit in their sections -################################################################################ -sub checkSpaceConstraints -{ - my ($i_pnorLayoutRef, $i_binFiles) = @_; - my $this_func = (caller(0))[3]; - my $key; - - my %sectionHash = %{$$i_pnorLayoutRef{sections}}; - - for $key ( keys %{$i_binFiles}) - { - my $filesize = -s $$i_binFiles{$key}; - - my $layoutKey = findLayoutKeyByEyeCatch($key, \%$i_pnorLayoutRef); - if( $layoutKey == -1) - { - die "ERROR: $this_func: entry not found in PNOR layout for file $$i_binFiles{$key}, under eyecatcher $key" if($?); - } - - my $eyeCatch = $sectionHash{$layoutKey}{eyeCatch}; - my $physicalRegionSize = $sectionHash{$layoutKey}{physicalRegionSize}; - - if($filesize > $physicalRegionSize) - { - # If this is a test run increase HBI size by PAGE_SIZE until all test - # cases fit - if ($testRun && $eyeCatch eq "HBI") - { - print "Adjusting HBI size - ran out of space for test cases\n"; - my $hbbKey = findLayoutKeyByEyeCatch("HBB", \%$i_pnorLayoutRef); - adjustHbiPhysSize(\%sectionHash, $layoutKey, $filesize, $hbbKey); - } - else - { - die "ERROR: $this_func: Image provided ($$i_binFiles{$eyeCatch}) has size ($filesize) which is greater than allocated space ($physicalRegionSize) for section=$eyeCatch. Aborting!"; - } - } - } -} - -############################################################################### -# adjustHbiPhysSize - Adjust HBI physical size when running test cases and fix -# up physical offsets of partitions between HBI and HBB -################################################################################ -sub adjustHbiPhysSize -{ - my ($i_sectionHashRef, $i_hbiKey, $i_filesize, $i_hbbKey) = @_; - - my %sectionHash = %$i_sectionHashRef; - - # Increment HBI physical size by PAGE_SIZE until the HBI file can fit - my $hbi_old = $sectionHash{$i_hbiKey}{physicalRegionSize}; - while ($i_filesize > $sectionHash{$i_hbiKey}{physicalRegionSize}) - { - $sectionHash{$i_hbiKey}{physicalRegionSize} += PAGE_SIZE; - } - my $hbi_move = $sectionHash{$i_hbiKey}{physicalRegionSize} - $hbi_old; - my $hbi_end = $sectionHash{$i_hbiKey}{physicalRegionSize} + $hbi_move; - - # Fix up physical offset affected by HBI size change - foreach my $section (keys %sectionHash) - { - # Only fix partitions after HBI and before HBB - if ( ( $sectionHash{$section}{physicalOffset} > - $sectionHash{$i_hbiKey}{physicalOffset} ) && - ( $sectionHash{$section}{physicalOffset} < - $sectionHash{$i_hbbKey}{physicalOffset} ) - ) - { - $sectionHash{$section}{physicalOffset} += $hbi_move; - # Ensure section adjustment does not cause an overlap with HBB - if ($sectionHash{$section}{physicalOffset} > - $sectionHash{$i_hbbKey}{physicalOffset}) - { - die "Error detected $sectionHash{$section}{eyeCatch}'s adjusted size overlaps HBB"; - } - } - } -} - - ############################################################################### # fillPnorImage - Load actual PNOR image with data using the provided input images ################################################################################ @@ -828,52 +517,6 @@ sub insertPadBytes } ################################################################################ -# getNumber - handle hex or decimal input string -################################################################################ -sub getNumber -{ - my $inVal = shift; - if($inVal =~ "0x") - { - return oct($inVal); - } - else - { - return $inVal; - } -} - -################################################################################ -# trace -################################################################################ -sub traceErr -{ - my $i_string = shift; - trace($TRAC_ERR, $i_string); -} - -################################################################################ -# trace -################################################################################ -sub trace -{ - my $i_traceLevel; - my $i_string; - - ($i_traceLevel, $i_string) = @_; - - #traceLevel 0 is for errors - if($i_traceLevel == 0) - { - print "ERROR: ".$i_string."\n"; - } - elsif ($g_trace >= $i_traceLevel) - { - print "TRACE: ".$i_string."\n"; - } -} - -################################################################################ # getSideInfo - return side info of certain sections and determine if value is # a supported value ################################################################################ @@ -930,7 +573,6 @@ sub getOtherSide return $other_side; } - ################################################################################ # print usage instructions ################################################################################ diff --git a/src/build/buildpnor/defaultPnorLayout.xml b/src/build/buildpnor/defaultPnorLayout.xml index c6858edba..587fc85a2 100644 --- a/src/build/buildpnor/defaultPnorLayout.xml +++ b/src/build/buildpnor/defaultPnorLayout.xml @@ -148,7 +148,7 @@ Layout Description <side>sideless</side> <ecc/> </section> - <!-- @fixme - Put this back later (RTC:154286) + <!-- #@TODO RTC:163810 - Put this back later if needed <section> <description>Centaur SBE (576K)</description> <eyeCatch>SBEC</eyeCatch> @@ -238,4 +238,12 @@ Layout Description <side>sideless</side> <ecc/> </section> + <section> + <description>SecureBoot Key Transition Partition (16K)</description> + <eyeCatch>SBKT</eyeCatch> + <physicalOffset>0x2ACF000</physicalOffset> + <physicalRegionSize>0x4000</physicalRegionSize> + <side>sideless</side> + <ecc/> + </section> </pnor> diff --git a/src/build/buildpnor/genPnorImages.pl b/src/build/buildpnor/genPnorImages.pl index 2ac721bbe..911e56aaa 100755 --- a/src/build/buildpnor/genPnorImages.pl +++ b/src/build/buildpnor/genPnorImages.pl @@ -471,7 +471,6 @@ sub manipulateImages my $eyeCatch = $sectionHash{$layoutKey}{eyeCatch}; my %tempImages = ( HDR_PHASE => "$bin_dir/$parallelPrefix.$eyeCatch.temp.hdr.bin", - PREFIX_PHASE => "$bin_dir/$parallelPrefix.$eyeCatch.temp.hdr.prefix.bin", TEMP_SHA_IMG => "$bin_dir/$parallelPrefix.$eyeCatch.temp.sha.bin", PAD_PHASE => "$bin_dir/$parallelPrefix.$eyeCatch.temp.pad.bin", ECC_PHASE => "$bin_dir/$parallelPrefix.$eyeCatch.temp.bin.ecc", @@ -495,14 +494,15 @@ sub manipulateImages # Sections that have secureboot support. Secureboot still must be # enabled for secureboot actions on these partitions to occur. - my $isNormalSecure = ($eyeCatch eq "SBE") - || ($eyeCatch eq "SBEC") - || ($eyeCatch eq "PAYLOAD") - || ($eyeCatch eq "SBKT") - || ($eyeCatch eq "OCC") - || ($eyeCatch eq "HBRT") - || ($eyeCatch eq "CAPP") - || ($eyeCatch eq "BOOTKERNEL"); + # @TODO securebootp9 re-enable with SBE/SBEC/PAYLOAD secureboot ports + my $isNormalSecure = ($eyeCatch eq "SBKT") + || ($eyeCatch eq "HBRT"); + #|| ($eyeCatch eq "SBE") + #|| ($eyeCatch eq "SBEC") + #|| ($eyeCatch eq "PAYLOAD") + #|| ($eyeCatch eq "OCC") + #|| ($eyeCatch eq "CAPP") + #|| ($eyeCatch eq "BOOTKERNEL"); my $isSpecialSecure = ($eyeCatch eq "HBB") || ($eyeCatch eq "HBI") @@ -539,7 +539,8 @@ sub manipulateImages if ($secureboot) { $callerHwHdrFields{configure} = 1; - if (exists $hashPageTablePartitions{$eyeCatch}) + # @TODO securebootp9 re-enable hash page table with vfs page table port + if (0) #exists $hashPageTablePartitions{$eyeCatch}) { if ($eyeCatch eq "HBI") { @@ -553,7 +554,8 @@ sub manipulateImages } } # Add hash page table - if ($tempImages{hashPageTable} ne "" && -e $tempImages{hashPageTable}) + # @TODO securebootp9 re-enable hash page table with vfs page table port + if (0) #$tempImages{hashPageTable} ne "" && -e $tempImages{hashPageTable}) { trace(1,"Adding hash page table for $eyeCatch"); my $hashPageTableSize = -s $tempImages{hashPageTable}; @@ -665,9 +667,10 @@ sub manipulateImages run_command("cat $bin_file >> $tempImages{HDR_PHASE}"); } } - elsif($secureboot - && ( ($sectionHash{$layoutKey}{sha512perEC} eq "yes") - || ($isNormalSecure))) + # @TODO securebootp9 re-enable with SBE/SBEC secureboot ports + elsif(0) #$secureboot + #&& ( ($sectionHash{$layoutKey}{sha512perEC} eq "yes") + # || ($isNormalSecure))) { $callerHwHdrFields{configure} = 1; if($openSigningTool) @@ -689,30 +692,17 @@ sub manipulateImages setCallerHwHdrFields(\%callerHwHdrFields, $tempImages{HDR_PHASE}); - # Prefix phase - # Add SBE header to HBB - if($eyeCatch eq "HBB") - { - run_command("echo \"00000000001800000000000008000000000000000007EF80\" | xxd -r -ps - $tempImages{PREFIX_PHASE}"); - run_command("cat $tempImages{HDR_PHASE} >> $tempImages{PREFIX_PHASE}"); - } - # Otherwise propagate image to next phase - else - { - run_command("mv $tempImages{HDR_PHASE} $tempImages{PREFIX_PHASE}"); - } - # Padding Phase if ($eyeCatch eq "HBI" && $testRun) { # If "--test" flag set do not pad as the test HBI images is # possibly larger than partition size and does not need to be # fully padded. Size adjustments made in checkSpaceConstraints - run_command("dd if=$tempImages{PREFIX_PHASE} of=$tempImages{PAD_PHASE} ibs=4k conv=sync"); + run_command("dd if=$tempImages{HDR_PHASE} of=$tempImages{PAD_PHASE} ibs=4k conv=sync"); } else { - run_command("dd if=$tempImages{PREFIX_PHASE} of=$tempImages{PAD_PHASE} ibs=$size conv=sync"); + run_command("dd if=$tempImages{HDR_PHASE} of=$tempImages{PAD_PHASE} ibs=$size conv=sync"); } # Create .header.bin file for FSP diff --git a/src/build/buildpnor/pnorLayoutFSP.xml b/src/build/buildpnor/pnorLayoutFSP.xml index a16ea8645..751e2e917 100644 --- a/src/build/buildpnor/pnorLayoutFSP.xml +++ b/src/build/buildpnor/pnorLayoutFSP.xml @@ -149,7 +149,7 @@ Layout Description <side>sideless</side> <ecc/> </section> - <!-- @fixme - Put this back later (RTC:154286) + <!-- #@TODO RTC:163810 - Put this back later if needed <section> <description>Centaur SBE (576K)</description> <eyeCatch>SBEC</eyeCatch> @@ -202,4 +202,12 @@ Layout Description <side>sideless</side> <ecc/> </section> + <section> + <description>SecureBoot Key Transition Partition (16K)</description> + <eyeCatch>SBKT</eyeCatch> + <physicalOffset>0x1D3D000</physicalOffset> + <physicalRegionSize>0x4000</physicalRegionSize> + <side>sideless</side> + <ecc/> + </section> </pnor> diff --git a/src/build/buildpnor/pnorLayoutFake.xml b/src/build/buildpnor/pnorLayoutFake.xml index 3a2570832..e8a319c11 100644 --- a/src/build/buildpnor/pnorLayoutFake.xml +++ b/src/build/buildpnor/pnorLayoutFake.xml @@ -128,7 +128,7 @@ Layout Description </section> <section> <!-- NOTE: smaller than official layout for fake-PNOR --> - <description>Hostboot Extended image (3MB)</description> + <description>Hostboot Extended image (4.96MB)</description> <eyeCatch>HBI</eyeCatch> <physicalOffset>0x10A000</physicalOffset> <physicalRegionSize>0x4F6000</physicalRegionSize> diff --git a/src/build/citest/populate-sandbox b/src/build/citest/populate-sandbox index 0b64fa29a..e074d9073 100755 --- a/src/build/citest/populate-sandbox +++ b/src/build/citest/populate-sandbox @@ -41,4 +41,4 @@ fi mkdir -p $SANDBOXBASE/img || exit -1 # Copy files. -hbDistribute --test || exit -1 +hbDistribute --test --hb-standalone || exit -1 diff --git a/src/build/mkrules/dist.targets.mk b/src/build/mkrules/dist.targets.mk index ebf51ec54..2ec1ee617 100644 --- a/src/build/mkrules/dist.targets.mk +++ b/src/build/mkrules/dist.targets.mk @@ -75,6 +75,8 @@ COPY_FILES = \ src/build/hwpf/prcd_compile.tcl:tools \ src/build/buildpnor/buildSbePart.pl:openpower \ src/build/buildpnor/buildpnor.pl:openpower \ + src/build/buildpnor/genPnorImages.pl:openpower \ + src/build/buildpnor/PnorUtils.pm:openpower \ src/usr/targeting/common/processMrw.pl:openpower \ src/usr/targeting/common/Targets.pm:openpower \ src/usr/targeting/common/xmltohb/mergexml.sh:openpower \ @@ -215,6 +217,8 @@ fsp.tar_CONTENTS = \ src/build/mkrules/hbfw/fsp/makefile \ src/build/buildpnor/buildSbePart.pl \ src/build/buildpnor/buildpnor.pl \ + src/build/buildpnor/genPnorImages.pl \ + src/build/buildpnor/PnorUtils.pm \ src/build/buildpnor/defaultPnorLayout.xml \ src/build/buildpnor/pnorLayoutFSP.xml \ $(if $(FAKEPNOR), src/build/buildpnor/pnorLayoutFake.xml, ) \ diff --git a/src/build/mkrules/hbfw/img/makefile b/src/build/mkrules/hbfw/img/makefile index 01084dccc..3d2c1baae 100755 --- a/src/build/mkrules/hbfw/img/makefile +++ b/src/build/mkrules/hbfw/img/makefile @@ -38,12 +38,13 @@ VPATH += ../fsp DEFAULT_PATH = ${.PATH} SRCPATH = ${DEFAULT_PATH:M*src*} -build_all: cp_hbfiles -install_all: inject_ecc build_sbe_partitions build_pnor_images +build_all: cp_hbfiles gen_default_images +install_all: gen_system_specific_images build_sbe_partitions build_pnor_images #Some useful search paths HBFW_OBJPATH = ${.PATH:M*obj*} ENGD_OBJPATH = ${HBFW_OBJPATH:S/hbfw\/img/engd\/href/g} +ENGD_SRCPATH = ${SRCPATH:S/hbfw\/img/engd\/href/g} ################################################# # Copy Hostboot binary images to obj dir to be grabbed @@ -51,164 +52,89 @@ ENGD_OBJPATH = ${HBFW_OBJPATH:S/hbfw\/img/engd\/href/g} # Having external users acquire from OBJ dir as there are packaging # changes expected in the future which will require using OBJ version. ################################################# -BOOTLDR_IMAGE = hostboot_bootloader.bin -HBBL_IMAGE = hbbl.bin -HBBL_ECC_IMAGE = hbbl.bin.ecc -BASE_IMAGE = hostboot.bin -EXT_IMAGE = hostboot_extended.bin -EXT_FAKE_IMAGE = hostboot_extended.bin.fake -HBRT_IMAGE = hostboot_runtime.bin -HBRT_SHA_IMAGE = hostboot_runtime.sha.bin -HBRT_HEADER_IMAGE = hostboot_runtime.header.bin -HBRT_ECC_HEADER_IMAGE = hostboot_runtime.header.bin.ecc -BASE_IMAGES = ${BASE_IMAGE} ${EXT_IMAGE} ${HBRT_IMAGE} ${BOOTLDR_IMAGE} -BASE_W_HEADER_IMAGE = hostboot.header.bin -BASE_W_HEADER_ECC_IMAGE = hostboot.header.bin.ecc -BASE_ECC_IMAGE = hostboot.bin.ecc -BASE_SHA_IMAGE = hostboot.sha.bin -EXT_PAD_IMAGE = hostboot_extended.bin.pad -EXT_ECC_IMAGE = hostboot_extended.bin.ecc -EXT_ECC_HEADER_IMAGE = hostboot_extended.header.bin.ecc -EXT_SHA_IMAGE = hostboot_extended.sha.bin -EXT_HEADER_IMAGE = hostboot_extended.header.bin -TEMP_IMAGE = hostboot.temp.bin -TESTDATA = hbtestdata.bin -TESTDATA_ECC = hbtestdata.bin.ecc -HBEL_ECC_IMAGE = hbel.bin.ecc -HBEL_IMAGE = hbel.bin -GUARD_ECC_IMAGE = guard.bin.ecc -GLOBAL_ECC_IMAGE = global.bin.ecc -DJVPD_ECC_IMAGE = djvpd.bin.ecc -DJVPD_IMAGE = djvpd.bin -MVPD_ECC_IMAGE = mvpd.bin.ecc -MVPD_IMAGE = mvpd.bin -CVPD_ECC_IMAGE = cvpd.bin.ecc -PAYLOAD_ECC_IMAGE = payload.bin.ecc -SECUREBOOT_HEADER = secureboot.header -SECUREBOOT_SIGNED_CONTAINER = secureboot_signed_container -# DEV_KEY_DIR set by env variable -SIGN_PREFIX_PARAMS=-flag 0x80000000 -hka ${DEV_KEY_DIR}/hw_key_a -hkb ${DEV_KEY_DIR}/hw_key_b -hkc ${DEV_KEY_DIR}/hw_key_c -skp ${DEV_KEY_DIR}/sw_key_a -SIGN_BUILD_PARAMS=-skp ${DEV_KEY_DIR}/sw_key_a + +# Input default images +BOOTLDR_IMG = hostboot_bootloader.bin +HBBL_IMG = hbbl.bin +HBB_IMG = hostboot.bin +HBB_ECC_IMG = hostboot.bin.ecc +HBI_IMG = hostboot_extended.bin +HBRT_IMG = hostboot_runtime.bin +BASE_IMAGES = ${BOOTLDR_IMG} ${HBB_IMG} ${HBI_IMG} ${HBRT_IMG} + +# Input fake images +HBI_FAKE_IMG = hostboot_extended.bin.fake VPO_FAKE_MVPD = vpo_sysmvpd.dat VPO_FAKE_DJVPD = vpo_djvpd.dat VPO_FAKE_DVPD = dvpd.dat -RING_OVERRIDE_ECC_IMAGE = ring_override.bin.ecc -RING_OVERRIDE_IMAGE = ring_override.bin - -ALL_HB_IMAGES = ${BASE_IMAGES} \ - ${BASE_W_HEADER_IMAGE} \ - ${BASE_ECC_IMAGE} ${EXT_ECC_IMAGE} \ - ${BASE_W_HEADER_ECC_IMAGE} ${BASE_SHA_IMAGE}\ - ${HBRT_SHA_IMAGE} \ - ${HBRT_HEADER_IMAGE} ${HBRT_ECC_HEADER_IMAGE} \ - ${EXT_PAD_IMAGE} \ - ${EXT_SHA_IMAGE} ${EXT_HEADER_IMAGE} \ - ${EXT_ECC_HEADER_IMAGE} \ - ${BOOTLDR_IMAGE} ${HBBL_IMAGE} ${HBBL_ECC_IMAGE} \ - ${TESTDATA} ${TESTDATA_ECC} \ - ${HBEL_ECC_IMAGE} ${GUARD_ECC_IMAGE} ${GLOBAL_ECC_IMAGE} \ - ${DJVPD_ECC_IMAGE} ${MVPD_ECC_IMAGE} ${CVPD_ECC_IMAGE} \ - ${HBEL_IMAGE} ${DJVPD_IMAGE} ${MVPD_IMAGE} \ - ${PAYLOAD_ECC_IMAGE} ${RING_OVERRIDE_ECC_IMAGE} +FAKE_IMAGES = ${HBI_FAKE_IMG} ${VPO_FAKE_MVPD} ${VPO_FAKE_DJVPD} ${VPO_FAKE_DVPD} +DEFAULT_INPUT_IMAGES = ${BASE_IMAGES} ${HBB_ECC_IMG} ${HBBL_IMG} ${FAKE_IMAGES} + +# Output final images +HBBL_FINAL_IMG = HBBL.bin +HBB_FINAL_IMG = HBB.bin +HBI_FINAL_IMG = HBI.bin +HBRT_FINAL_IMG = HBRT.bin +TEST_FINAL_IMG = TEST.bin +TESTRO_FINAL_IMG = TESTRO.bin +HBEL_FINAL_IMG = HBEL.bin +GUARD_FINAL_IMG = GUARD.bin +GLOBAL_FINAL_IMG = GLOBAL.bin +DJVPD_FINAL_IMG = DJVPD.bin +MVPD_FINAL_IMG = MVPD.bin +CVPD_FINAL_IMG = CVPD.bin +PAYLOAD_FINAL_IMG = PAYLOAD.bin +RINGOVD_FINAL_IMG = RINGOVD.bin +SBKT_FINAL_IMG = SBKT.bin +FINAL_OUTPUT_IMAGES = ${HBBL_FINAL_IMG} ${HBB_FINAL_IMG} ${HBI_FINAL_IMG} \ + ${HBRT_FINAL_IMG} ${TEST_FINAL_IMG} ${TESTRO_FINAL_IMG} \ + ${HBEL_FINAL_IMG} ${GUARD_FINAL_IMG} ${GLOBAL_FINAL_IMG} \ + ${DJVPD_FINAL_IMG} ${MVPD_FINAL_IMG} ${CVPD_FINAL_IMG} \ + ${PAYLOAD_FINAL_IMG} ${RINGOVD_FINAL_IMG} ${SBKT_FINAL_IMG} + +# Aggregate +ALL_DEFAULT_IMAGES = ${DEFAULT_INPUT_IMAGES} ${FINAL_OUTPUT_IMAGES} + +# Script to manipulate bin files to prepare for buildpnor (install_all phase) +# Note: sections with no input files are zero filled images and pass EMPTY as +# their input file name. This is so the script knows it needs to generate +# them, rather than use an input. +# Note: HBI depends on HBB for sw signatures. Ensure that both are passed into +# the same --systemBinFiles parameter for genPnorImages +GEN_PNOR_IMAGE_SCRIPT = ${genPnorImages.pl:P} + +# Decide which PNOR to build +.if(${FAKEPNOR} == "") + DEFAULT_PNOR_LAYOUT = ${defaultPnorLayout.xml:P} + # Parameters passed into GEN_PNOR_IMAGE_SCRIPT. + GEN_DEFAULT_BIN_FILES = HBBL=${HBBL_IMG},HBB=${HBB_IMG},HBI=${HBI_IMG},HBRT=${HBRT_IMG},TEST=EMPTY,TESTRO=EMPTY,HBEL=EMPTY,GUARD=EMPTY,GLOBAL=EMPTY,PAYLOAD=EMPTY,CVPD=EMPTY,MVPD=EMPTY,DJVPD=EMPTY,RINGOVD=EMPTY,SBKT=EMPTY + DEFAULT_PARAMS = --build-all ${TARGET_TEST:b--test} \ + ${CONFIG_SECUREBOOT:b--secureboot} --systemBinFiles ${GEN_DEFAULT_BIN_FILES} \ + --pnorLayout ${DEFAULT_PNOR_LAYOUT} ${KEY_TRANSITION_PARAMS} ${CORRUPT_PARAMS} +.else + DEFAULT_PNOR_LAYOUT = ${pnorLayoutFake.xml:P} + # Parameters passed into GEN_PNOR_IMAGE_SCRIPT. + GEN_DEFAULT_BIN_FILES = HBI=${HBI_IMG},HBEL=EMPTY,MVPD=${${VPO_FAKE_MVPD}:P},DJVPD=${${VPO_FAKE_DJVPD}:P} + DEFAULT_PARAMS = --systemBinFiles ${GEN_DEFAULT_BIN_FILES} --pnorLayout ${DEFAULT_PNOR_LAYOUT} +.endif cp_hbfiles: .SPECTARG ${BASE_IMAGES:@image@cp -f ${SRCPATH:F${image}} ${image};@} - # add version header w/ HBB sha hash - echo -en VERSION\\0 > ${BASE_SHA_IMAGE} - sha512sum ${BASE_IMAGE} | awk '{print $$1}' | xxd -pr -r >> ${BASE_SHA_IMAGE} - dd if=${BASE_SHA_IMAGE} of=secureboot.header ibs=4k conv=sync - dd if=/dev/zero of=hbb.footer count=1 bs=128K - cat secureboot.header ${BASE_IMAGE} hbb.footer > hostboot.stage.bin - head -c 524288 hostboot.stage.bin > ${BASE_W_HEADER_IMAGE} + +gen_default_images: cp_hbfiles currentsb -chain - ecc --inject ${BASE_IMAGE} --output ${BASE_ECC_IMAGE} --p8 - ecc --inject ${BASE_W_HEADER_IMAGE} --output ${BASE_W_HEADER_ECC_IMAGE} --p8 - - # Add version header w/ HBRT sha hash - echo -en VERSION\\0 > ${HBRT_SHA_IMAGE} - sha512sum ${HBRT_IMAGE} | awk '{print $$1}' | xxd -pr -r >> ${HBRT_SHA_IMAGE} - dd if=${HBRT_SHA_IMAGE} of=${TEMP_IMAGE} ibs=4k conv=sync - cat ${HBRT_IMAGE} >> ${TEMP_IMAGE} - # HBRT partition size w/o ECC = 4MB (4096K) - dd if=${TEMP_IMAGE} of=${HBRT_HEADER_IMAGE} ibs=4096K conv=sync - ecc --inject ${HBRT_HEADER_IMAGE} --output ${HBRT_ECC_HEADER_IMAGE} --p8 - # Add version header w/ HBI sha hash - echo -en VERSION\\0 > ${EXT_SHA_IMAGE} - sha512sum ${EXT_IMAGE} | awk '{print $$1}' | xxd -pr -r >> ${EXT_SHA_IMAGE} - dd if=${EXT_SHA_IMAGE} of=${TEMP_IMAGE} ibs=4k conv=sync - cat ${EXT_IMAGE} >> ${TEMP_IMAGE} - # HBI partition size w/o ECC = 5.5MB (5632K) - # If "--test" flag set do not pad to ibs=5632k, as the test HBI images is - # possibly larger than parition size and does not need to be fully padded. - # Size adjustments made in buildpnor.pl - .if(${TARGET_TEST}) - dd if=${TEMP_IMAGE} of=${EXT_HEADER_IMAGE} ibs=4k conv=sync - .else - dd if=${TEMP_IMAGE} of=${EXT_HEADER_IMAGE} ibs=5632k conv=sync - .endif - ecc --inject ${EXT_HEADER_IMAGE} --output ${EXT_ECC_HEADER_IMAGE} --p8 - dd if=${EXT_IMAGE} of=${EXT_PAD_IMAGE} ibs=4k count=1280 conv=sync - ecc --inject ${EXT_PAD_IMAGE} --output ${EXT_ECC_IMAGE} --p8 - .if(${FAKEPNOR} != "") - dd if=${EXT_IMAGE} of=${EXT_FAKE_IMAGE} ibs=5080k conv=sync - .endif - - - # Test signed container, SIGNING_DIR set by env variable - .if(${SECUREBOOT} && ${SIGNING_DIR}) - # Key prefix used for all partitions - ${SIGNING_DIR}/prefix -good -of ${SECUREBOOT_HEADER} ${SIGN_PREFIX_PARAMS} - dd if=/dev/zero count=1 | tr "\000" "\377" > ${TEMP_IMAGE} - ${SIGNING_DIR}/build -good -if ${SECUREBOOT_HEADER} -of ${SECUREBOOT_SIGNED_CONTAINER} -bin ${TEMP_IMAGE} ${SIGN_BUILD_PARAMS} - .endif + ecc --inject ${HBB_IMG} --output ${HBB_ECC_IMG} --p8 + + # Remove offset from start of Bootloader image for HBBL partition + # Actual code is offset from HRMOR by 12k = 12 1k-blocks (space + # reserved for exception vectors) + dd if=${BOOTLDR_IMG} of=${HBBL_IMG} ibs=1k skip=12 conv=sync - # Pad and add ECC to other partitions that do not need headers - # create data for a test partition in pnor - dd if=/dev/urandom of=${TESTDATA} count=1 bs=32K - ecc --inject ${TESTDATA} --output ${TESTDATA_ECC} --p8 - # Fill the following partitions with FF's and then ECC them - dd if=/dev/zero bs=128K count=1 | tr "\000" "\377" > ${TEMP_IMAGE} - ecc --inject ${TEMP_IMAGE} --output ${HBEL_ECC_IMAGE} --p8 - .if(${FAKEPNOR} != "") - dd if=/dev/zero bs=64K count=1 | tr "\000" "\377" > ${HBEL_IMAGE} - .endif - # GUARD partition - dd if=/dev/zero bs=16K count=1 | tr "\000" "\377" > ${TEMP_IMAGE} - ecc --inject ${TEMP_IMAGE} --output ${GUARD_ECC_IMAGE} --p8 - # GLOBAL partition - dd if=/dev/zero bs=32K count=1 | tr "\000" "\377" > ${TEMP_IMAGE} - ecc --inject ${TEMP_IMAGE} --output ${GLOBAL_ECC_IMAGE} --p8 - # DJVPD partition - dd if=/dev/zero bs=256K count=1 | tr "\000" "\377" > ${TEMP_IMAGE} - ecc --inject ${TEMP_IMAGE} --output ${DJVPD_ECC_IMAGE} --p8 - .if(${FAKEPNOR} != "") - dd if=${${VPO_FAKE_DJVPD}:P} bs=32K count=1 > ${DJVPD_IMAGE} - .endif - # MVPD partition - dd if=/dev/zero bs=512K count=1 | tr "\000" "\377" > ${TEMP_IMAGE} - ecc --inject ${TEMP_IMAGE} --output ${MVPD_ECC_IMAGE} --p8 - .if(${FAKEPNOR} != "") - dd if=${${VPO_FAKE_MVPD}:P} bs=128K count=1 > ${MVPD_IMAGE} - .endif - # CVPD partition - dd if=/dev/zero bs=256K count=1 | tr "\000" "\377" > ${TEMP_IMAGE} - ecc --inject ${TEMP_IMAGE} --output ${CVPD_ECC_IMAGE} --p8 - # PAYLOAD partition - dd if=/dev/zero bs=19456K count=1 | tr "\000" "\377" > ${TEMP_IMAGE} - ecc --inject ${TEMP_IMAGE} --output ${PAYLOAD_ECC_IMAGE} --p8 - # RINGOVD partition - dd if=/dev/zero bs=16K count=1 | tr "\000" "\377" > ${TEMP_IMAGE} - ecc --inject ${TEMP_IMAGE} --output ${RING_OVERRIDE_ECC_IMAGE} --p8 - rm ${TEMP_IMAGE} - # Remove offset from start of Bootloader image for HBBL partition - # Actual code is offset from HRMOR by 12k = 12 1k-blocks (space - # reserved for exception vectors) - dd if=${BOOTLDR_IMAGE} of=${HBBL_IMAGE} ibs=1k skip=12 conv=sync - ecc --inject ${HBBL_IMAGE} --output ${HBBL_ECC_IMAGE} --p8 + # Call script to generate final bin files for default images + ${GEN_PNOR_IMAGE_SCRIPT} ${DEFAULT_PARAMS} clobber_cp_hbfiles: - rm -f ${ALL_HB_IMAGES} \ - secureboot.header hb.footer hostboot.stage.bin + rm -f ${ALL_DEFAULT_IMAGES} ################################################# ### SAMPLE for building an SBE Partition with multiple ECs @@ -273,65 +199,89 @@ PNOR_BUILD_SCRIPT = ${buildpnor.pl:P} #so need to use tryinclude for now. .tryinclude <${.PATH:Ffips_pnor.mk}> -HOSTBOOT_DEFAULT_SECTIONS = HBB=${BASE_W_HEADER_ECC_IMAGE},HBI=${EXT_ECC_HEADER_IMAGE},HBRT=${HBRT_ECC_HEADER_IMAGE},HBBL=${HBBL_ECC_IMAGE},TEST=${TESTDATA_ECC},TESTRO=${TESTDATA_ECC},HBEL=${HBEL_ECC_IMAGE},GUARD=${GUARD_ECC_IMAGE},GLOBAL=${GLOBAL_ECC_IMAGE},PAYLOAD=${PAYLOAD_ECC_IMAGE},CVPD=${CVPD_ECC_IMAGE},MVPD=${MVPD_ECC_IMAGE},DJVPD=${DJVPD_ECC_IMAGE},RINGOVD=${RING_OVERRIDE_ECC_IMAGE} -HOSTBOOT_FAKEPNOR_SECTIONS = HBI=${EXT_FAKE_IMAGE},HBEL=${HBEL_IMAGE},MVPD=${MVPD_IMAGE},DJVPD=${DJVPD_IMAGE},CVPD=${VPO_FAKE_DVPD} - - HBFW_OBJPATH = ${.PATH:M*obj*} ENGD_OBJPATH = ${HBFW_OBJPATH:S/hbfw\/img/engd\/href/g} -NIMBUS_TARG_IMG = simics_NIMBUS_targeting.bin -NIMBUS_VPO_TARG_IMG = vbu_NIMBUS_targeting.bin -NIMBUS_TARG_IMG_ECC = simics_NIMBUS_targeting.bin.ecc -NIMBUS_TARG_IMG_FAKE = vbu_NIMBUS_targeting.bin.fake -NIMBUS_SLW_IMG = ${ENGD_OBJPATH:Fp9n.hw_ref_image.hdr.bin} -NIMBUS_LOCAL_SLW_IMG = p9n.hw_ref_image.hdr.bin -NIMBUS_LOCAL_SLW_IMG_ECC = p9n.hw_ref_image.hdr.bin.ecc + +## Define system name strings +NIMBUS = NIMBUS + +# Input system specific images +NIMBUS_HBD_IMG = simics_${NIMBUS}_targeting.bin +NIMBUS_HCODE_IMG = ${ENGD_SRCPATH:Fp9n.hw_ref_image.bin} NIMBUS_SBE_IMG = p9nSbePartition.bin -NIMBUS_SBE_IMG_ECC = p9nSbePartition.bin.ecc SBEC_IMG = centSbePartition.bin -SBEC_IMG_ECC = centSbePartition.bin.ecc + +# Input fake images +NIMBUS_VPO_HBD_IMG = vbu_${NIMBUS}_targeting.bin + +# Output final images +NIMBUS_HBD_FINAL_IMG = ${NIMBUS}.HBD.bin +NIMBUS_HCODE_FINAL_IMG = ${NIMBUS}.HCODE.bin +NIMBUS_SBE_FINAL_IMG = ${NIMBUS}.SBE.bin +SBEC_FINAL_IMG = SBEC.bin TEMP_IMG = temp.bin -inject_ecc: build_sbe_partitions - # cp file with full path to one with local path - cp ${NIMBUS_SLW_IMG} ${NIMBUS_LOCAL_SLW_IMG} +# Decide which PNOR to build +.if(${FAKEPNOR} == "") + # Paramemters passed into GEN_PNOR_IMAGE_SCRIPT. + #@TODO securebootp9 - Put `HBD=${${NIMBUS_HBD_IMG}:P},` back into genPnorImage parameters + GEN_NIMBUS_BIN_FILES = ${NIMBUS}:SBE=${${NIMBUS_SBE_IMG}:P},HCODE=${${NIMBUS_HCODE_IMG}:P} + #@TODO RTC:163810 - Put SBEC back "--systemBinFile SBEC=${${SBEC_IMG}:P}" + SYSTEM_SPECIFIC_PARAMS = ${TARGET_TEST:b--test} ${CONFIG_SECUREBOOT:b--secureboot} \ + --pnorLayout ${DEFAULT_PNOR_LAYOUT} ${CORRUPT_PARAMS} \ + --systemBinFiles ${GEN_NIMBUS_BIN_FILES} +.else + # Parameters passed into GEN_PNOR_IMAGE_SCRIPT. + #@TODO securebootp9 - Put `HBD=${${NIMBUS_VPO_HBD_IMG}:P}` back into genPnorImage parameters + GEN_NIMBUS_BIN_FILES = ${NIMBUS}:HCODE=${${NIMBUS_HCODE_IMG}:P} + #@TODO RTC:163810 - Put SBEC back "--systemBinFile SBEC=${${SBEC_IMG}:P}" + SYSTEM_SPECIFIC_PARAMS = --pnorLayout ${DEFAULT_PNOR_LAYOUT} \ + --systemBinFiles ${GEN_NIMBUS_BIN_FILES} +.endif + +gen_system_specific_images: build_sbe_partitions + # Call script to generate final bin file for system specific images + ${GEN_PNOR_IMAGE_SCRIPT} ${SYSTEM_SPECIFIC_PARAMS} + #@TODO securebootp9 - Remove all dd/ecc commands and add HBD back into genPnorImage # HBD partition - dd if=${${NIMBUS_TARG_IMG}:P} of=${TEMP_IMG} ibs=1024k conv=sync; \ - ecc --inject ${TEMP_IMG} --output ${NIMBUS_TARG_IMG_ECC} --p8; \ + dd if=${${NIMBUS_HBD_IMG}:P} of=${TEMP_IMG} ibs=1024k conv=sync + ecc --inject ${TEMP_IMG} --output ${NIMBUS_HBD_FINAL_IMG} --p8 #for NIMBUS fake pnor skip version header - dd if=${${NIMBUS_VPO_TARG_IMG}:P} of=${NIMBUS_TARG_IMG_FAKE} ibs=4k skip=1 conv=sync; \ - # SBE partition - dd if=${${NIMBUS_SBE_IMG}:P} of=${TEMP_IMG} ibs=256k conv=sync; \ - ecc --inject ${TEMP_IMG} --output ${NIMBUS_SBE_IMG_ECC} --p8; \ - #@fixme - put this back after we adjust the layout (RTC:154286) - # SBEC partition - #dd if=${${SBEC_IMG}:P} of=${TEMP_IMG} ibs=512k conv=sync; \ - #ecc --inject ${TEMP_IMG} --output ${SBEC_IMG_ECC} --p8; \ - # WINK partition - dd if=${${NIMBUS_LOCAL_SLW_IMG}:P} of=${TEMP_IMG} ibs=1024k conv=sync; \ - ecc --inject ${TEMP_IMG} --output ${NIMBUS_LOCAL_SLW_IMG_ECC} --p8; \ - rm ${TEMP_IMG} - -#@fixme - Put SBEC back (RTC:154286) "SBEC=${SBEC_IMG_ECC}," -NIMBUS_SECT = HBD=${NIMBUS_TARG_IMG_ECC},SBE=${NIMBUS_SBE_IMG_ECC},HCODE=${NIMBUS_LOCAL_SLW_IMG_ECC} -FAKE_SECT = HBD=${NIMBUS_TARG_IMG_FAKE},HCODE=${NIMBUS_LOCAL_SLW_IMG} + .if(${FAKEPNOR} != "") + dd if=${${NIMBUS_VPO_HBD_IMG}:P} of=${NIMBUS_HBD_FINAL_IMG} ibs=4k skip=1 conv=sync + .endif + rm -f ${TEMP_IMG} + +HOSTBOOT_DEFAULT_SECTIONS = HBBL=${HBBL_FINAL_IMG},HBB=${HBB_FINAL_IMG},HBI=${HBI_FINAL_IMG},HBRT=${HBRT_FINAL_IMG},TEST=${TEST_FINAL_IMG},TESTRO=${TESTRO_FINAL_IMG},HBEL=${HBEL_FINAL_IMG},GUARD=${GUARD_FINAL_IMG},GLOBAL=${GLOBAL_FINAL_IMG},PAYLOAD=${PAYLOAD_FINAL_IMG},CVPD=${CVPD_FINAL_IMG},MVPD=${MVPD_FINAL_IMG},DJVPD=${DJVPD_FINAL_IMG},RINGOVD=${RINGOVD_FINAL_IMG},SBKT=${SBKT_FINAL_IMG} +#@TODO RTC:163810 - Put SBEC back "SBEC=${SBEC_FINAL_IMG}," +NIMBUS_SECT = HBD=${NIMBUS_HBD_FINAL_IMG},SBE=${NIMBUS_SBE_FINAL_IMG},HCODE=${NIMBUS_HCODE_FINAL_IMG} +PNOR_IMG_INFO = \ + nimbus.pnor:${DEFAULT_PNOR_LAYOUT}:${NIMBUS_SECT},${HOSTBOOT_DEFAULT_SECTIONS} \ + ${FIPS_PNOR_INFO} # To build fake PNOR, set FAKEPNOR to filename of file to build, # ie, 'export FAKEPNOR=fake8m.pnor' # To not build fake PNOR, do not set FAKEPNOR or clear its setting, # ie, 'export FAKEPNOR=' +# Note: If FAKEPNOR defined, ONLY a FAKEPNOR will be generated, this is due to +# some limitations of GEN_PNOR_IMAGE_SCRIPT at the time of porting to p9 .if(${FAKEPNOR} != "") - FAKE_PNOR_IMG_INFO = \ - ${FAKEPNOR}:pnorLayoutFake.xml:${FAKE_SECT},${HOSTBOOT_FAKEPNOR_SECTIONS} + HOSTBOOT_DEFAULT_SECTIONS = HBI=${HBI_FINAL_IMG},HBEL=${HBEL_FINAL_IMG},MVPD=${MVPD_FINAL_IMG},DJVPD=${DJVPD_FINAL_IMG},CVPD=${VPO_FAKE_DVPD} + NIMBUS_SECT = HBD=${NIMBUS_HBD_FINAL_IMG},HCODE=${NIMBUS_HCODE_FINAL_IMG} + PNOR_IMG_INFO = \ + ${FAKEPNOR}:${DEFAULT_PNOR_LAYOUT}:${NIMBUS_SECT},${HOSTBOOT_DEFAULT_SECTIONS} \ + ${FIPS_PNOR_INFO} .endif -PNOR_IMG_INFO = \ - nimbus.pnor:defaultPnorLayout.xml:${NIMBUS_SECT},${HOSTBOOT_DEFAULT_SECTIONS} \ - ${FAKE_PNOR_IMG_INFO} \ - ${FIPS_PNOR_INFO} - - -__IMAGE_BUILD/% : .SPECTARG .PMAKE cp_hbfiles inject_ecc +# Added a different dependency chain for hostboot standalone so we can compile +# faster and call one rule in dist.targets.mk 'update_images_for_sandbox' +.if( ${HB_STANDALONE} == 1) +__IMAGE_BUILD/% : .SPECTARG .PMAKE gen_default_images gen_system_specific_images +# In FSP this is run at install_all phase, so it's assumed all build_all rules +# have completed. If build_all rule dependencies are added they will run again. +.else +__IMAGE_BUILD/% : .SPECTARG .PMAKE gen_system_specific_images +.endif @${MAKE:T:R} BUILD_SPECIFIC_IMAGE \ "IMAGE_PARAMS=${.TARGET:s/__IMAGE_BUILD\///:s/:/ /g}" @@ -349,21 +299,12 @@ BUILD_SPECIFIC_IMAGE: .SPECTARG ${IMAGE_TARGET} #@echo BINARIES ${IMAGE_BINS} #@echo BIN_OPTION ${IMAGE_BIN_OPTION} - ${IMAGE_TARGET}: ${IMAGE_LAYOUT} ${IMAGE_BINS} ${PNOR_BUILD_SCRIPT} - .if empty(FFSCMD) - .if(${PNOR} == ${IMAGE_TARGET} || ${PNOR} == "" || \ - ${FAKEPNOR} == ${IMAGE_TARGET}) - ${PNOR_BUILD_SCRIPT} --pnorOutBin ${IMAGE_TARGET} \ - ${TARGET_TEST:b--test} --pnorLayout ${IMAGE_LAYOUT} \ - ${IMAGE_BIN_OPTION} --fpartCmd "fpart" --fcpCmd "fcp" - .endif - .else - .if(${PNOR} == ${IMAGE_TARGET}) - ${PNOR_BUILD_SCRIPT} --pnorOutBin ${IMAGE_TARGET} \ - ${TARGET_TEST:b--test} --pnorLayout ${IMAGE_LAYOUT} \ - ${IMAGE_BIN_OPTION} --ffsCmd "ffs" - .endif + .if(${PNOR} == ${IMAGE_TARGET} || ${PNOR} == "" || \ + ${FAKEPNOR} == ${IMAGE_TARGET}) + ${PNOR_BUILD_SCRIPT} --pnorOutBin ${IMAGE_TARGET} \ + ${TARGET_TEST:b--test} --pnorLayout ${IMAGE_LAYOUT} \ + ${IMAGE_BIN_OPTION} --fpartCmd "fpart" --fcpCmd "fcp" .endif .endif @@ -376,22 +317,24 @@ clobber_build_pnor_images: #Special target to copy images to flash dir for simics ################################################# FLASH_DEST = $(MAKETOP)$(OBJECTDIRTOP)../images/$(CONTEXT)/lab/flash -FLASH_IMG = ${BASE_IMAGE} ${BASE_ECC_IMAGE} ${HBBL_IMAGE} +FLASH_IMG = ${HBB_IMG} ${HBB_ECC_IMG} ${HBBL_IMG} FAKE_PNOR = fake6m.pnor -update_images_for_sandbox: inject_ecc build_sbe_partitions build_pnor_images +update_images_for_sandbox: gen_default_images gen_system_specific_images build_sbe_partitions build_pnor_images mkdir -p ${FLASH_DEST} #Copy hostboot base image and bootloader image to flash dir ${FLASH_IMG:@image@${baseimg:!cd ${FLASH_DEST}; cp -f ${.PATH:F${image}} ${image};!e}@} #Truncate fake pnor image down to 6MB and copy to flash dir - ${FAKE_PNOR_IMG_INFO:@image@${pnorimg:!dd if=${image:s/:/ /g:xs/ .*//} of=${FAKE_PNOR} bs=6M count=1; \ - cp -f ${FAKE_PNOR} ${FLASH_DEST}/${FAKE_PNOR};!e}@} + .if(${FAKEPNOR} != "") + ${FAKE_PNOR_IMG_INFO:@image@${pnorimg:!dd if=${image:s/:/ /g:xs/ .*//} of=${FAKE_PNOR} bs=6M count=1; \ + cp -f ${FAKE_PNOR} ${FLASH_DEST}/${FAKE_PNOR};!e}@} + .endif #Copy pnor images to flash dir ${PNOR_IMG_INFO:@image@${pnorimg:!cd ${FLASH_DEST}; \ - if [ "${PNOR}" == "${image:s/:/ /g:xs/ .*//}" ] || \ - [ "${PNOR}" == "" ] || \ - [ "${FAKEPNOR}" == "${image:s/:/ /g:xs/ .*//}" ]; \ - then cp -f ${.PATH:F${image:s/:/ /g:xs/ .*//}} ${image:s/:/ /g:xs/ .*//}; fi !e}@} + if [ "${PNOR}" == "${image:s/:/ /g:xs/ .*//}" ] || \ + [ "${PNOR}" == "" ] || \ + [ "${FAKEPNOR}" == "${image:s/:/ /g:xs/ .*//}" ]; \ + then cp -f ${.PATH:F${image:s/:/ /g:xs/ .*//}} ${image:s/:/ /g:xs/ .*//}; fi !e}@} .endif diff --git a/src/build/tools/hb b/src/build/tools/hb index c5aa4ce9d..fb049d5f4 100755 --- a/src/build/tools/hb +++ b/src/build/tools/hb @@ -125,6 +125,7 @@ hb_helptext() echo echo " Options:" echo " --test : Copy test images (as opposed to non-test)." + echo " --secureboot : Build a secure pnor with proper signing" echo echo " See also:" echo " simsetup" @@ -312,7 +313,7 @@ hb_prime() fi fi - hbDistribute $* + hbDistribute --hb-standalone $* } hb_fipssetup() diff --git a/src/build/tools/hbDistribute b/src/build/tools/hbDistribute index 85b39b24f..0bc53ddb5 100755 --- a/src/build/tools/hbDistribute +++ b/src/build/tools/hbDistribute @@ -48,52 +48,88 @@ print_usage() echo " --release: Create a full release distribution (all targets)." echo " --vpo: Generate just 'vpo' content." echo " --simics/--fsp: *default* Generate just 'fsp' content" + echo " --hb-standalone: Indicate if in hb-standalone mode for compile optimizing" + echo " --corrupt <Partition name>[= pro|unpro] (Note: requires '--secureboot')" + echo " Partition 'eyeCatch' name to corrupt a byte of." + echo " Optional '= pro|unpro' to indicate which section of the secure container to corrupt." + echo " Default (empty string '') is protected section." + echo " [Note: Some sections only have a protected section so not relevant for all.]" + echo " Multiple '--corrupt' options are allowed, but note the system will checkstop on the" + echo " first bad partition so multiple may not be that useful." + echo " Example: --corrupt HBI --corrupt HBD=unpro" + echo " --key-transition <imprint|production> Indicates a key transition is needed and creates a secureboot key transition container." + echo " Note: \"--sign-mode production\" is not allowed with \"--key-transition imprint" + echo " With [--test] will transition to test dev keys, which are a fixed permutation of imprint keys." } # Parse arguments -for ARG in $* +while [[ $# -gt 0 ]] do - case $ARG in + case $1 in "--help") print_usage - exit + exit -1 ;; "--test") TARGET_TEST=1 + shift ;; "--vpo") TARGET="vpo_TARGET" + shift ;; "--simics" | "--fsp") TARGET="fsp_TARGET" + shift ;; "--openpower") TARGET="openpower_TARGET" + shift ;; "--release") TARGET="ALL" + shift ;; "--debug") DEBUG="-d" + shift ;; - "--secureboot") - SECUREBOOT=1 + "--hb-standalone") + HB_STANDALONE=1 + shift + ;; + + "--corrupt") + # Format is "--corrupt <partition[=pro|unpro]>" + CORRUPT_PARAMS="$CORRUPT_PARAMS $1" + shift + CORRUPT_PARAMS="$CORRUPT_PARAMS $1" + shift + ;; + + "--key-transition") + # Format is "--key-transition <imprint|production>" + KEY_TRANSITION_PARAMS="$KEY_TRANSITION_PARAMS $1" + shift + KEY_TRANSITION_PARAMS="$KEY_TRANSITION_PARAMS $1" + shift ;; --*) - echo "ERROR: Unknown option: $ARG" - exit + echo "ERROR: Unknown option: $1" + exit -1 ;; *) - TARGET_DIR=$ARG + TARGET_DIR=$1 + shift ;; esac @@ -137,13 +173,38 @@ else fi fi +# @TODO RTC:157356 +# Temporary development signing tools to create valid container headers +export SIGNING_DIR="/gsa/ausgsa/home/h/o/hostboot/hostboot-project/secure-dev-signing/secure-boot-scripts/rom_new_header/sign/obj" +export DEV_KEY_DIR="/gsa/ausgsa/home/h/o/hostboot/hostboot-project/secure-dev-signing/dev_keys" +# Dynamically check config file if secureboot enabled build occurred +if [[ -f ${PROJECT_ROOT}/obj/genfiles/config.h ]]; then + if cat ${PROJECT_ROOT}/obj/genfiles/config.h | grep -q "CONFIG_SECUREBOOT 1"; then + echo "In secure mode" + export CONFIG_SECUREBOOT=1 + else + echo "In unsecure mode" + fi +else + echo "File DNE ${PROJECT_ROOT}/obj/genfiles/config.h" + exit -1 +fi + # Execute makefile for distribution. mkdir -p $TARGET_DIR mkdir -p $SBFW_DIR export TARGET_TEST export TARGET_DIR export SBFW_DIR -export SECUREBOOT +export HB_STANDALONE +export CORRUPT_PARAMS +if [ -n "$CORRUPT_PARAMS" ]; then + echo "Corruption options = $CORRUPT_PARAMS" +fi +export KEY_TRANSITION_PARAMS +if [ -n "$KEY_TRANSITION_PARAMS" ]; then + echo "Key transition options = $KEY_TRANSITION_PARAMS" +fi cd $REPO_ROOT/src/build/mkrules make -rR ${DEBUG:=} -f dist.targets.mk $TARGET |