diff options
author | Stephen Cprek <smcprek@us.ibm.com> | 2017-02-06 12:31:42 -0600 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-03-01 14:04:03 -0500 |
commit | f0d7c809d23c2cf44c0be0ff594c14aff22d6f04 (patch) | |
tree | bbb67150e4e1d2a6309c4bed69ab70473d02e7ce /src/include/securerom | |
parent | d3d4ae7c89e6b35fffa8857170762992dc3c6538 (diff) | |
download | talos-hostboot-f0d7c809d23c2cf44c0be0ff594c14aff22d6f04.tar.gz talos-hostboot-f0d7c809d23c2cf44c0be0ff594c14aff22d6f04.zip |
Add SecureROM version info and Change SBE update to use max HBBL size
The HBBL also contains the securerom code and hw keys' hash
for verification purposes. So looking for the end of the HBBL
code leaves out those sections
Change-Id: I73a1b5c50e3a5b3f642ca569b90e79dbe4c4ba1e
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35979
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Martin Gloff <mgloff@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/include/securerom')
-rw-r--r-- | src/include/securerom/ROM.H | 56 |
1 files changed, 54 insertions, 2 deletions
diff --git a/src/include/securerom/ROM.H b/src/include/securerom/ROM.H index 4a47b2502..9e3d7d4ca 100644 --- a/src/include/securerom/ROM.H +++ b/src/include/securerom/ROM.H @@ -29,6 +29,8 @@ #include <securerom/hw_utils.H> #include <securerom/sha512.H> #include <securerom/ecverify.H> +#include <string.h> +#include <array> #define CONTAINER_VERSION 1 #define HEADER_VERSION 1 @@ -130,15 +132,65 @@ extern "C" ROM_response ROM_verify (ROM_container_raw* container, /************************* END OF ORIGINAL ROM CODE ***************************/ -/* Offsets needed to call functions in jump table at start of ROM code. - See img/securerom.list.bz2 and search for SHA512_Hash and ROM_verify +/* Offsets relative to branchtable start to call functions in SecureROM code. + See img/securerom.list.bz2 and search for SHA512_Hash and ROM_verify, then + subtract the branch table offset E.g. + 0000000000000040 <_SHA512_Hash>: + 0000000000000050 <_ROM_verify>: + + Search for branchtableoffset + 0000000000000010 <branchtableoffset>: + 10 00000010: 00 00 00 00 .long 0x0 + 14 00000014: 00 00 00 28 .long 0x28 + + Subtraction (0x28) results in relative offset from branch table start 0000000000000018 <_SHA512_Hash>: 0000000000000028 <_ROM_verify>: + + Note: If the SecureRomInfo change size, these will be affected. + See src/securerom/secureromasm.S for more info. */ #define SHA512_HASH_FUNCTION_OFFSET 0x18 #define ROM_VERIFY_FUNCTION_OFFSET 0x28 +// Version info at SECUREROM_VERSION_STRUCTURE_OFFSET +// - [8 bytes] - eyeCatch +// - [8 bytes] - version +// - [8 bytes] - branchtable offset +// - [16 bytes] - reserved +struct SecureRomInfo +{ + uint64_t eyeCatch; + uint64_t version; + uint64_t branchtableOffset; + std::array<uint64_t,2> reserved; +}__attribute__((packed)); + +// Expected securerom eye catch +const uint64_t SECROM_EYECATCHER = 0x23534543524F4D00; // #SECROM\0 + +// Used for version checking as the SecureRomInfo structure changes +enum SecureRomInfoVersion +{ + // [release:4][version:4] + SECUREROM_INFO_ADDED = 0x0000000900000001 +}; + +/** + * @brief Checks if secureROM is valid by checking the eyeCatch and version + * + * @param[in] SecureRomInfo* Pointer to SecureRomInfo - Must not be NULL + * + * @return bool true if valid; false otherwise + */ +inline bool secureRomInfoValid (const SecureRomInfo * i_secureRomInfo) +{ + // Ensure EyeCatch and Version are valid + return (i_secureRomInfo->eyeCatch == SECROM_EYECATCHER) && + (i_secureRomInfo->version >= SECUREROM_INFO_ADDED); +} + // Need this for the following definition #ifdef __cplusplus extern "C" |