Secure PNOR Resource Provider port from p8

Adds a Secure PNOR Resource Provider (SPNORRP) layer on top of the original PNORRP to handle verification of secured PNOR sections. Change-Id: Iff25abf599f3c850197c6e6d23ff03e5edf945bb RTC:163078 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/31588 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
author: Jaymes Wilks <mjwilks@us.ibm.com> 2016-10-17 12:15:40 -0500
committer: Daniel M. Crowell <dcrowell@us.ibm.com> 2016-11-14 17:17:33 -0500
commit: 16263a641c48773091dd60b55e28ad77ca5a8574 (patch)
tree: 97120f76deb4132a1a1b7ceba8701318c5663a68 /src/include/usr/secureboot/trustedbootif.H
parent: a904e156364a8f0fd5f6bc2b7094f79cf77da1b2 (diff)
download: talos-hostboot-16263a641c48773091dd60b55e28ad77ca5a8574.tar.gz
talos-hostboot-16263a641c48773091dd60b55e28ad77ca5a8574.zip
1 files changed, 28 insertions, 0 deletions
diff --git a/src/include/usr/secureboot/trustedbootif.H b/src/include/usr/secureboot/trustedbootif.H
index ae6d183af..eaef78a74 100644
--- a/src/include/usr/secureboot/trustedbootif.H
+++ b/src/include/usr/secureboot/trustedbootif.H
@@ -37,6 +37,8 @@
 #include <i2c/tpmddif.H>
 #include <errl/errlentry.H>
 #include <list>
+#include <pnor/pnorif.H>
+#include <secureboot/containerheader.H>
 
 namespace TRUSTEDBOOT
 {
@@ -160,6 +162,32 @@ namespace TRUSTEDBOOT
      */
     bool enabled();
 
+    /**
+     * @brief Wrapper around pcrExtend for measuring PNOR sections
+     * @param[in] i_conHdr  Reference to ContainerHeader of a section
+     * @param[in] i_vaddr   Pointer to a virtual address for the protected
+     *                      portion of the PNOR section.
+     *                      [Not used if SECUREBOOT::enabled()]
+     * @param[in] i_sec     Section ID of PNOR section
+     * @return errlHndl_t NULL if successful, otherwise a pointer to the
+     *      error log.
+     */
+    errlHndl_t extendPnorSectionHash(const SECUREBOOT::ContainerHeader& i_conHdr,
+                                     const void* i_vaddr,
+                                     const PNOR::SectionId i_sec);
+
+    /**
+     *
+     *  @brief Extends the Hostboot base image to the TPM
+     *
+     *  @warning No-op if trusted boot compiled out
+     *
+     *  @return errHndl_t Error log pointer
+     *  @retval NULL  Successfully extended Hostboot base image to the TPM
+     *  @retval !NULL Failed to extend Hostboot base image to TPM
+     *                                     */
+    errlHndl_t extendBaseImage();
+
 } // end TRUSTEDBOOT namespace
author	Jaymes Wilks <mjwilks@us.ibm.com>	2016-10-17 12:15:40 -0500
committer	Daniel M. Crowell <dcrowell@us.ibm.com>	2016-11-14 17:17:33 -0500
commit	16263a641c48773091dd60b55e28ad77ca5a8574 (patch)
tree	97120f76deb4132a1a1b7ceba8701318c5663a68 /src/include/usr/secureboot/trustedbootif.H
parent	a904e156364a8f0fd5f6bc2b7094f79cf77da1b2 (diff)
download	talos-hostboot-16263a641c48773091dd60b55e28ad77ca5a8574.tar.gz talos-hostboot-16263a641c48773091dd60b55e28ad77ca5a8574.zip