summaryrefslogtreecommitdiffstats
path: root/src/build
diff options
context:
space:
mode:
authorNick Bofferding <bofferdn@us.ibm.com>2017-05-12 11:52:43 -0500
committerWilliam G. Hoffa <wghoffa@us.ibm.com>2017-05-18 18:18:25 -0400
commit513e460747a3275fcbfd5deb585bfb2836f8fbc9 (patch)
tree5f10108e01fc566deb36e890e8c1a9177d11d4d4 /src/build
parent291b8a53d7d258227d58a361b7a847cb02675e92 (diff)
downloadtalos-hostboot-513e460747a3275fcbfd5deb585bfb2836f8fbc9.tar.gz
talos-hostboot-513e460747a3275fcbfd5deb585bfb2836f8fbc9.zip
Support flags option on fake secureboot header generator script
Change-Id: I429a4ad276636d5c6fc486f2e1cc4652d5481a90 RTC: 174017 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/40456 Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Diffstat (limited to 'src/build')
-rwxr-xr-xsrc/build/buildpnor/genfakeheader.pl43
1 files changed, 38 insertions, 5 deletions
diff --git a/src/build/buildpnor/genfakeheader.pl b/src/build/buildpnor/genfakeheader.pl
index 164f30a93..eaeff56ac 100755
--- a/src/build/buildpnor/genfakeheader.pl
+++ b/src/build/buildpnor/genfakeheader.pl
@@ -6,7 +6,7 @@
#
# OpenPOWER HostBoot Project
#
-# Contributors Listed Below - COPYRIGHT 2016
+# Contributors Listed Below - COPYRIGHT 2016,2017
# [+] International Business Machines Corp.
#
#
@@ -36,12 +36,14 @@ my $payloadTextSize=0;
my $payloadDataSize=0;
my $help=0;
my $man=0;
+my $prefixFlags="0x00000000";
GetOptions(
"output-file=s" => \$outputFile,
"payload-text-hash=s" => \$payloadTextHash,
"payload-text-size=s" => \$payloadTextSize,
"payload-data-size=s" => \$payloadDataSize,
+ "prefix-flags=s" => \$prefixFlags,
"help" => \$help,
"man" => \$man) || pod2usage(-verbose=>0);
@@ -52,13 +54,25 @@ if( (length($payloadTextHash) != 128)
|| ($payloadTextHash =~ /[^a-fA-F0-9]/ ))
{
print STDERR "\nERROR: --payload-text-hash must "
- . "be 64 ASCII hex bytes. Example: --payload-text-hash="
+ . "specify exactly 64 ASCII hex bytes. Example: --payload-text-hash="
. "e41110deec6c3bd7914bf792a2e51b0c8eaebe8d30f9360324598"
. "1b32106a13beafb6cdddd36e48947d35723d166ac08f0be93d2c6"
. "8e2640b539952e6fe819c6\n\n";
pod2usage(-verbose=>1);
}
+if( (length($prefixFlags) != 10)
+ || !($prefixFlags =~ /^0[xX][a-fA-F0-9]{8}$/ ))
+{
+ print STDERR "\nERROR: --prefix-flags must specify a 4-byte hex formatted "
+ . "value. Example: --prefix-flags=0x80000000\n\n";
+ pod2usage(-verbose=>1);
+}
+
+# Convert the string to a hex number, which is guaranteed to work given the
+# above checks
+$prefixFlags = hex($prefixFlags);
+
if($payloadTextSize == 0)
{
print STDERR "\nERROR: --payload-text-size must be non-zero\n";
@@ -95,7 +109,7 @@ sub pack1byte {
sub createFakeHeader {
my ($containerSize,$hrmor,
- $stack,$textSize,$textHash) = @_;
+ $stack,$textSize,$textHash,$prefixFlags) = @_;
# Array of [ field size (bytes), field value ] pairs
my @sizeValAoA = (
@@ -110,7 +124,7 @@ sub createFakeHeader {
[1,1], # Sign algo
[8,0], # Unused
[8,0], # Reserved
- [4,0], # Flags
+ [4,$prefixFlags], # Prefix flags (firmware key indicator)
[1,1], # SW key count
[8,132], # Size of SW key payload
[64,0], # Hash of SW key payload
@@ -168,7 +182,7 @@ open(OUTFILE, "> $outputFile")
my $containerSize= HEADER_SIZE
+ $payloadTextSize + $payloadDataSize;
my $data = createFakeHeader (
- $containerSize,0,0,$payloadTextSize, $payloadTextHash ) ;
+ $containerSize,0,0,$payloadTextSize, $payloadTextHash,$prefixFlags ) ;
print OUTFILE $data;
@@ -188,6 +202,7 @@ genfakeheader.pl
--payload-text-hash=TEXT_HASH
--payload-text-size=TEXT_SIZE
[--payload-data-size=DATA_SIZE]
+ [--prefix-flags=FLAGS]
=head1 OPTIONS
@@ -213,6 +228,24 @@ Size of protected payload, in bytes.
Size of the unprotected payload, in bytes.
+=item B<--prefix-flags>=FLAGS
+
+Prefix key header's flags field (a.k.a. firmware key indicator). Should be
+supplied as a 4-byte hex value (example: 0x80000000), where each bit represents
+a specific flag. Flag values are as follows:
+
+ 0x80000000: Images signed by key set 1 (op-build)
+ 0x40000000: Images signed by key set 2 (FSP build)
+ 0x20000000: Images signed by key set 3 (ODM, i.e. IBM AIX kernel)
+ 0x00080000: Enable SBE checking of mailbox scratch register 3 bit 6 for
+ secureboot disable request (only applicable to SBE partition for
+ non-production-signed images)
+ 0x00000001: Container is key transition container with nested payload image
+ signed by new key (only applicable to SBKT partition for
+ non-production-signed images)
+
+ Default value is 0x00000000.
+
=back
=head1 DESCRIPTION
OpenPOWER on IntegriCloud