diff options
author | Nick Bofferding <bofferdn@us.ibm.com> | 2018-03-05 23:58:01 -0600 |
---|---|---|
committer | William G. Hoffa <wghoffa@us.ibm.com> | 2018-03-12 14:20:57 -0400 |
commit | 0b02cc8314bebe97354a57614fa5464ec931363e (patch) | |
tree | ce965a305264e3dfca229420c07a441d186ff926 /src/include/usr/secureboot/secure_reasoncodes.H | |
parent | 586b8b1e6088353e34358658ddaad2e15a2e6cf0 (diff) | |
download | talos-hostboot-0b02cc8314bebe97354a57614fa5464ec931363e.tar.gz talos-hostboot-0b02cc8314bebe97354a57614fa5464ec931363e.zip |
Secure Boot: Check integrity of dynamically sized secure header copies
When reading a secure header, the container header object can overrun a buffer
when number of ECIDs or software keys specified is greater than the supported
amount. This change implements hard enforcement to ensure that this is no
longer possible.
Change-Id: Ife9194763f858b37e2de6f12fa01d74da1145df3
CQ: SW419735
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/55088
CI-Ready: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Diffstat (limited to 'src/include/usr/secureboot/secure_reasoncodes.H')
-rw-r--r-- | src/include/usr/secureboot/secure_reasoncodes.H | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/include/usr/secureboot/secure_reasoncodes.H b/src/include/usr/secureboot/secure_reasoncodes.H index bee232ee7..5dcb4bf5a 100644 --- a/src/include/usr/secureboot/secure_reasoncodes.H +++ b/src/include/usr/secureboot/secure_reasoncodes.H @@ -47,6 +47,7 @@ namespace SECUREBOOT MOD_SECURE_SET_SBE_SECURE_MODE = 0x0D, MOD_SECURE_GET_ALL_SEC_REGS = 0x0E, MOD_SECURE_LOAD_HEADER = 0x0F, + MOD_SECURE_VALIDATE_ECID_COUNT = 0x10, }; enum SECUREReasonCode @@ -70,7 +71,7 @@ namespace SECUREBOOT RC_PROC_NOT_SCOMABLE = SECURE_COMP_ID | 0x10, RC_DEVICE_READ_ERR = SECURE_COMP_ID | 0x11, RC_INVALID_BASE_HEADER = SECURE_COMP_ID | 0x12, - + RC_INVALID_ECID_COUNT = SECURE_COMP_ID | 0x13, // Reason codes 0xA0 - 0xEF reserved for trustedboot_reasoncodes.H }; |