Collect better FFDC on ROM verification errors

Collect both the UTIL and RUNTIME component traces on a ROM verify failure Added a new Errlog User Details sections "Verify Info" containing the component name, ID(s), measured, and expected hashes Change-Id: I0d0408128e05807bb906be5ee365d56d1416693f CQ:SW413889 Backport:release-fips910 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/52593 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
author: Stephen Cprek <smcprek@us.ibm.com> 2018-01-23 14:27:17 -0600
committer: Daniel M. Crowell <dcrowell@us.ibm.com> 2018-01-31 11:09:11 -0500
commit: 8443a65a3599f433bd47c2ea03e863240db28b89 (patch)
tree: 1fb9f8b5fedaf2d6e8fe371ed3f0f46dd5e85f9d /src/include/usr/secureboot
parent: d999ed144f949e318fbd0523f0dfaa56d291596f (diff)
download: talos-hostboot-8443a65a3599f433bd47c2ea03e863240db28b89.tar.gz
talos-hostboot-8443a65a3599f433bd47c2ea03e863240db28b89.zip
2 files changed, 6 insertions, 1 deletions
diff --git a/src/include/usr/secureboot/secure_reasoncodes.H b/src/include/usr/secureboot/secure_reasoncodes.H
index 347907234..bee232ee7 100644
--- a/src/include/usr/secureboot/secure_reasoncodes.H
+++ b/src/include/usr/secureboot/secure_reasoncodes.H
@@ -84,6 +84,7 @@ namespace SECUREBOOT
         SECURE_UDT_SYSTEM_HW_KEY_HASH = 0x1,
         SECURE_UDT_TARGET_HW_KEY_HASH = 0x2,
         SECURE_UDT_SECURITY_SETTINGS  = 0x3,
+        SECURE_UDT_VERIFY_INFO        = 0x4,
     };
 
 }
diff --git a/src/include/usr/secureboot/service.H b/src/include/usr/secureboot/service.H
index 7d8953cde..c467c3800 100644
--- a/src/include/usr/secureboot/service.H
+++ b/src/include/usr/secureboot/service.H
@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2013,2017                        */
+/* Contributors Listed Below - COPYRIGHT 2013,2018                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -216,12 +216,16 @@ namespace SECUREBOOT
      * @brief Verify Signed Container
      *
      * @param[in] i_container  Void pointer to effective address of container
+     * @param[in] i_ids  Vector of IDs (PNOR or Lid Id(s)) associated with
+     *                   the blob that is being verified.
+     *                   [default = empty vector]
      * @param[in] i_hwKeyHash  Custom hw keys' hash to test against
      *                         [default = nullptr, use current hw hash key]
      *
      * @return errlHndl_t  NULL on success
      */
     errlHndl_t verifyContainer(void * i_container,
+                               const RomVerifyIds& i_ids = RomVerifyIds(),
                                const SHA512_t* i_hwKeyHash = nullptr);
 
     /**
author	Stephen Cprek <smcprek@us.ibm.com>	2018-01-23 14:27:17 -0600
committer	Daniel M. Crowell <dcrowell@us.ibm.com>	2018-01-31 11:09:11 -0500
commit	8443a65a3599f433bd47c2ea03e863240db28b89 (patch)
tree	1fb9f8b5fedaf2d6e8fe371ed3f0f46dd5e85f9d /src/include/usr/secureboot
parent	d999ed144f949e318fbd0523f0dfaa56d291596f (diff)
download	talos-hostboot-8443a65a3599f433bd47c2ea03e863240db28b89.tar.gz talos-hostboot-8443a65a3599f433bd47c2ea03e863240db28b89.zip