Secure Boot: Fix lid load from HB reserved memory issues at runtime

- Force all PNOR sections we load from HB rserved memory to be secure
  Only exception is the RINGOVD section, in which we use a fake header
- Add fake header when Secureboot compiled out or a section is never
  signed as there is no secure header preserved in virtual memory

RTC: 171708
RTC: 180063
Change-Id: Ibbbd7be24ee7b199e73451c63b2c2d1f86a2c2d8
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49020
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

1 files changed, 8 insertions, 0 deletions

diff --git a/src/include/usr/runtime/preverifiedlidmgr.H b/src/include/usr/runtime/preverifiedlidmgr.H
index 185a0d24f..4b087e102 100644
--- a/src/include/usr/runtime/preverifiedlidmgr.H
+++ b/src/include/usr/runtime/preverifiedlidmgr.H
@@ -171,6 +171,14 @@ class PreVerifiedLidMgr
     // Depends on the payload kind
     uint64_t (*getNextAddress)(const size_t);
 
+    // Add fake headers during pnor loads
+    // Use Case: Secureboot compiled out or unsigned sections need a header
+    //           added so runtime can parse it for the section size
+    static bool cv_addFakeHdrs;
+
+    // Current Pnor section ID we are processing. Used to generate fake header
+    static PNOR::SectionId cv_curPnorSecId;
+
     /**
      * @brief Get aligned reserved memory size for OPAL
      *        Note: Historically we have used the aligned size for OPAL