diff options
| author | Nick Bofferding <bofferdn@us.ibm.com> | 2017-05-12 11:52:43 -0500 |
|---|---|---|
| committer | William G. Hoffa <wghoffa@us.ibm.com> | 2017-05-18 18:18:25 -0400 |
| commit | 513e460747a3275fcbfd5deb585bfb2836f8fbc9 (patch) | |
| tree | 5f10108e01fc566deb36e890e8c1a9177d11d4d4 /src/build | |
| parent | 291b8a53d7d258227d58a361b7a847cb02675e92 (diff) | |
| download | talos-hostboot-513e460747a3275fcbfd5deb585bfb2836f8fbc9.tar.gz talos-hostboot-513e460747a3275fcbfd5deb585bfb2836f8fbc9.zip | |
Support flags option on fake secureboot header generator script
Change-Id: I429a4ad276636d5c6fc486f2e1cc4652d5481a90
RTC: 174017
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/40456
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Diffstat (limited to 'src/build')
| -rwxr-xr-x | src/build/buildpnor/genfakeheader.pl | 43 |
1 files changed, 38 insertions, 5 deletions
diff --git a/src/build/buildpnor/genfakeheader.pl b/src/build/buildpnor/genfakeheader.pl index 164f30a93..eaeff56ac 100755 --- a/src/build/buildpnor/genfakeheader.pl +++ b/src/build/buildpnor/genfakeheader.pl @@ -6,7 +6,7 @@ # # OpenPOWER HostBoot Project # -# Contributors Listed Below - COPYRIGHT 2016 +# Contributors Listed Below - COPYRIGHT 2016,2017 # [+] International Business Machines Corp. # # @@ -36,12 +36,14 @@ my $payloadTextSize=0; my $payloadDataSize=0; my $help=0; my $man=0; +my $prefixFlags="0x00000000"; GetOptions( "output-file=s" => \$outputFile, "payload-text-hash=s" => \$payloadTextHash, "payload-text-size=s" => \$payloadTextSize, "payload-data-size=s" => \$payloadDataSize, + "prefix-flags=s" => \$prefixFlags, "help" => \$help, "man" => \$man) || pod2usage(-verbose=>0); @@ -52,13 +54,25 @@ if( (length($payloadTextHash) != 128) || ($payloadTextHash =~ /[^a-fA-F0-9]/ )) { print STDERR "\nERROR: --payload-text-hash must " - . "be 64 ASCII hex bytes. Example: --payload-text-hash=" + . "specify exactly 64 ASCII hex bytes. Example: --payload-text-hash=" . "e41110deec6c3bd7914bf792a2e51b0c8eaebe8d30f9360324598" . "1b32106a13beafb6cdddd36e48947d35723d166ac08f0be93d2c6" . "8e2640b539952e6fe819c6\n\n"; pod2usage(-verbose=>1); } +if( (length($prefixFlags) != 10) + || !($prefixFlags =~ /^0[xX][a-fA-F0-9]{8}$/ )) +{ + print STDERR "\nERROR: --prefix-flags must specify a 4-byte hex formatted " + . "value. Example: --prefix-flags=0x80000000\n\n"; + pod2usage(-verbose=>1); +} + +# Convert the string to a hex number, which is guaranteed to work given the +# above checks +$prefixFlags = hex($prefixFlags); + if($payloadTextSize == 0) { print STDERR "\nERROR: --payload-text-size must be non-zero\n"; @@ -95,7 +109,7 @@ sub pack1byte { sub createFakeHeader { my ($containerSize,$hrmor, - $stack,$textSize,$textHash) = @_; + $stack,$textSize,$textHash,$prefixFlags) = @_; # Array of [ field size (bytes), field value ] pairs my @sizeValAoA = ( @@ -110,7 +124,7 @@ sub createFakeHeader { [1,1], # Sign algo [8,0], # Unused [8,0], # Reserved - [4,0], # Flags + [4,$prefixFlags], # Prefix flags (firmware key indicator) [1,1], # SW key count [8,132], # Size of SW key payload [64,0], # Hash of SW key payload @@ -168,7 +182,7 @@ open(OUTFILE, "> $outputFile") my $containerSize= HEADER_SIZE + $payloadTextSize + $payloadDataSize; my $data = createFakeHeader ( - $containerSize,0,0,$payloadTextSize, $payloadTextHash ) ; + $containerSize,0,0,$payloadTextSize, $payloadTextHash,$prefixFlags ) ; print OUTFILE $data; @@ -188,6 +202,7 @@ genfakeheader.pl --payload-text-hash=TEXT_HASH --payload-text-size=TEXT_SIZE [--payload-data-size=DATA_SIZE] + [--prefix-flags=FLAGS] =head1 OPTIONS @@ -213,6 +228,24 @@ Size of protected payload, in bytes. Size of the unprotected payload, in bytes. +=item B<--prefix-flags>=FLAGS + +Prefix key header's flags field (a.k.a. firmware key indicator). Should be +supplied as a 4-byte hex value (example: 0x80000000), where each bit represents +a specific flag. Flag values are as follows: + + 0x80000000: Images signed by key set 1 (op-build) + 0x40000000: Images signed by key set 2 (FSP build) + 0x20000000: Images signed by key set 3 (ODM, i.e. IBM AIX kernel) + 0x00080000: Enable SBE checking of mailbox scratch register 3 bit 6 for + secureboot disable request (only applicable to SBE partition for + non-production-signed images) + 0x00000001: Container is key transition container with nested payload image + signed by new key (only applicable to SBKT partition for + non-production-signed images) + + Default value is 0x00000000. + =back =head1 DESCRIPTION |
