diff options
author | Jaymes Wilks <mjwilks@us.ibm.com> | 2016-10-17 12:15:40 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2016-11-14 17:17:33 -0500 |
commit | 16263a641c48773091dd60b55e28ad77ca5a8574 (patch) | |
tree | 97120f76deb4132a1a1b7ceba8701318c5663a68 /src/include/usr/secureboot/trustedbootif.H | |
parent | a904e156364a8f0fd5f6bc2b7094f79cf77da1b2 (diff) | |
download | talos-hostboot-16263a641c48773091dd60b55e28ad77ca5a8574.tar.gz talos-hostboot-16263a641c48773091dd60b55e28ad77ca5a8574.zip |
Secure PNOR Resource Provider port from p8
Adds a Secure PNOR Resource Provider (SPNORRP) layer on top of the
original PNORRP to handle verification of secured PNOR sections.
Change-Id: Iff25abf599f3c850197c6e6d23ff03e5edf945bb
RTC:163078
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/31588
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/include/usr/secureboot/trustedbootif.H')
-rw-r--r-- | src/include/usr/secureboot/trustedbootif.H | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/src/include/usr/secureboot/trustedbootif.H b/src/include/usr/secureboot/trustedbootif.H index ae6d183af..eaef78a74 100644 --- a/src/include/usr/secureboot/trustedbootif.H +++ b/src/include/usr/secureboot/trustedbootif.H @@ -37,6 +37,8 @@ #include <i2c/tpmddif.H> #include <errl/errlentry.H> #include <list> +#include <pnor/pnorif.H> +#include <secureboot/containerheader.H> namespace TRUSTEDBOOT { @@ -160,6 +162,32 @@ namespace TRUSTEDBOOT */ bool enabled(); + /** + * @brief Wrapper around pcrExtend for measuring PNOR sections + * @param[in] i_conHdr Reference to ContainerHeader of a section + * @param[in] i_vaddr Pointer to a virtual address for the protected + * portion of the PNOR section. + * [Not used if SECUREBOOT::enabled()] + * @param[in] i_sec Section ID of PNOR section + * @return errlHndl_t NULL if successful, otherwise a pointer to the + * error log. + */ + errlHndl_t extendPnorSectionHash(const SECUREBOOT::ContainerHeader& i_conHdr, + const void* i_vaddr, + const PNOR::SectionId i_sec); + + /** + * + * @brief Extends the Hostboot base image to the TPM + * + * @warning No-op if trusted boot compiled out + * + * @return errHndl_t Error log pointer + * @retval NULL Successfully extended Hostboot base image to the TPM + * @retval !NULL Failed to extend Hostboot base image to TPM + * */ + errlHndl_t extendBaseImage(); + } // end TRUSTEDBOOT namespace |