summaryrefslogtreecommitdiffstats
path: root/src/include/usr/secureboot/secure_reasoncodes.H
diff options
context:
space:
mode:
authorNick Bofferding <bofferdn@us.ibm.com>2018-03-05 23:58:01 -0600
committerWilliam G. Hoffa <wghoffa@us.ibm.com>2018-03-12 14:20:57 -0400
commit0b02cc8314bebe97354a57614fa5464ec931363e (patch)
treece965a305264e3dfca229420c07a441d186ff926 /src/include/usr/secureboot/secure_reasoncodes.H
parent586b8b1e6088353e34358658ddaad2e15a2e6cf0 (diff)
downloadtalos-hostboot-0b02cc8314bebe97354a57614fa5464ec931363e.tar.gz
talos-hostboot-0b02cc8314bebe97354a57614fa5464ec931363e.zip
Secure Boot: Check integrity of dynamically sized secure header copies
When reading a secure header, the container header object can overrun a buffer when number of ECIDs or software keys specified is greater than the supported amount. This change implements hard enforcement to ensure that this is no longer possible. Change-Id: Ife9194763f858b37e2de6f12fa01d74da1145df3 CQ: SW419735 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/55088 CI-Ready: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Diffstat (limited to 'src/include/usr/secureboot/secure_reasoncodes.H')
-rw-r--r--src/include/usr/secureboot/secure_reasoncodes.H3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/include/usr/secureboot/secure_reasoncodes.H b/src/include/usr/secureboot/secure_reasoncodes.H
index bee232ee7..5dcb4bf5a 100644
--- a/src/include/usr/secureboot/secure_reasoncodes.H
+++ b/src/include/usr/secureboot/secure_reasoncodes.H
@@ -47,6 +47,7 @@ namespace SECUREBOOT
MOD_SECURE_SET_SBE_SECURE_MODE = 0x0D,
MOD_SECURE_GET_ALL_SEC_REGS = 0x0E,
MOD_SECURE_LOAD_HEADER = 0x0F,
+ MOD_SECURE_VALIDATE_ECID_COUNT = 0x10,
};
enum SECUREReasonCode
@@ -70,7 +71,7 @@ namespace SECUREBOOT
RC_PROC_NOT_SCOMABLE = SECURE_COMP_ID | 0x10,
RC_DEVICE_READ_ERR = SECURE_COMP_ID | 0x11,
RC_INVALID_BASE_HEADER = SECURE_COMP_ID | 0x12,
-
+ RC_INVALID_ECID_COUNT = SECURE_COMP_ID | 0x13,
// Reason codes 0xA0 - 0xEF reserved for trustedboot_reasoncodes.H
};
OpenPOWER on IntegriCloud