Remove Secure Boot workarounds

- Removing the magic number checks that would block sb functionality
  if things didn't appear secure
- Remove Best Effort Policy and all of its related code
- Remove the legacy PCR extension
- Remove the non-secure header preservation path.
- Always load HB base image header from the bl to hb data path
  vs settings unsecurely out of pnor

Change-Id: Ie638384ac50ed47850985c959ea7a32e5757d64e
RTC: 178520
RTC: 155374
RTC: 173489
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49925
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

1 files changed, 7 insertions, 7 deletions

diff --git a/src/build/buildpnor/genPnorImages.pl b/src/build/buildpnor/genPnorImages.pl
index d075dd436..3f02db1fa 100755
--- a/src/build/buildpnor/genPnorImages.pl
+++ b/src/build/buildpnor/genPnorImages.pl
@@ -234,7 +234,6 @@ if ($secureboot)
     }
 }
 
-# @TODO RTC: 155374 add official signing support including up to 3 sw keys
 # Signing and Dev key directory location set via env vars
 my $SIGNING_DIR = $ENV{'SIGNING_DIR'};
 my $DEV_KEY_DIR = $ENV{'DEV_KEY_DIR'};
@@ -672,7 +671,6 @@ sub manipulateImages
                 {
                     $eccless_prefix.=".header";
                     # Add secure container header
-                    # @TODO RTC:155374 Remove when official signing supported
                     if ($secureboot && $isSpecialSecure)
                     {
                         $callerHwHdrFields{configure} = 1;
@@ -727,7 +725,7 @@ sub manipulateImages
                             }
                             else
                             {
-                                # @TODO RTC:155374 Remove when official signing
+                                # @TODO RTC:183183 Remove when official signing
                                 # supported
                                 run_command("$SIGNING_DIR/build -good -if $secureboot_hdr -of $tempImages{PROTECTED_PAYLOAD} -bin $tempImages{PAYLOAD_TEXT} $SIGN_BUILD_PARAMS");
                             }
@@ -745,7 +743,7 @@ sub manipulateImages
                             }
                             else
                             {
-                                # @TODO RTC:155374 Remove when official signing
+                                # @TODO RTC:183183 Remove when official signing
                                 # supported
                                 run_command("$SIGNING_DIR/build -good -if $secureboot_hdr -of $tempImages{PROTECTED_PAYLOAD} -bin $bin_file.protected $SIGN_BUILD_PARAMS");
                             }
@@ -765,7 +763,7 @@ sub manipulateImages
                             }
                             else
                             {
-                                # @TODO RTC:155374 Remove when official signing
+                                # @TODO RTC:183183 Remove when official signing
                                 # supported
                                 run_command("$SIGNING_DIR/build -good -if $secureboot_hdr -of $tempImages{HDR_PHASE} -bin $bin_file $SIGN_BUILD_PARAMS");
                             }
@@ -804,7 +802,7 @@ sub manipulateImages
                         }
                         else
                         {
-                            # @TODO RTC:155374 Remove when official signing
+                            # @TODO RTC:183183 Remove when official signing
                             # supported
                             run_command("$SIGNING_DIR/build -good -if "
                                 . "$secureboot_hdr -of $tempImages{HDR_PHASE} -bin "
@@ -821,6 +819,7 @@ sub manipulateImages
                                 . "--protectedPayload $bin_file "
                                 . "--out $tempImages{HDR_PHASE}");
                         }
+                        # @TODO RTC:183183 Remove when official signing supported
                         else # attach the legacy header
                         {
                             run_command("env echo -en VERSION\\\\0 > $tempImages{TEMP_SHA_IMG}");
@@ -924,7 +923,7 @@ sub manipulateImages
                             }
                             else
                             {
-                                # @TODO RTC:155374 Remove when official signing
+                                # @TODO RTC:183183 Remove when official signing
                                 # supported
                                 run_command("$SIGNING_DIR/build -good -if $secureboot_hdr -of $tempImages{PAD_PHASE} -bin $tempImages{TEMP_BIN} $SIGN_BUILD_PARAMS");
                             }
@@ -941,6 +940,7 @@ sub manipulateImages
                                     . "--protectedPayload $tempImages{TEMP_BIN} "
                                     . "--out $tempImages{PAD_PHASE}");
                             }
+                            # @TODO RTC:183183 Remove when official signing supported
                             else # Attach legacy header
                             {
                                 run_command("env echo -en VERSION\\\\0 > $tempImages{TEMP_SHA_IMG}");