diff options
author | Stephen Cprek <smcprek@us.ibm.com> | 2017-11-21 16:09:22 -0600 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-12-05 14:37:19 -0500 |
commit | ca52131dad3de16f44b9c9f07b5413edf1e9742a (patch) | |
tree | 56a0fcd4357510dee0fa25883dea463cfdb1433b /src/include/usr/secureboot | |
parent | 89f7297255af3b70c6c1f7a3845498d13eff5cfd (diff) | |
download | talos-hostboot-ca52131dad3de16f44b9c9f07b5413edf1e9742a.tar.gz talos-hostboot-ca52131dad3de16f44b9c9f07b5413edf1e9742a.zip |
Handle ContainerHeader asserts more nicely with error logs
Change-Id: I2dfd02bd7c7f5b5356cd93ca967482c2d7f79ec1
RTC: 178520
RTC: 181899
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49966
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/include/usr/secureboot')
-rw-r--r-- | src/include/usr/secureboot/containerheader.H | 78 | ||||
-rw-r--r-- | src/include/usr/secureboot/secure_reasoncodes.H | 5 |
2 files changed, 44 insertions, 39 deletions
diff --git a/src/include/usr/secureboot/containerheader.H b/src/include/usr/secureboot/containerheader.H index b5edfb325..1905ac39d 100644 --- a/src/include/usr/secureboot/containerheader.H +++ b/src/include/usr/secureboot/containerheader.H @@ -30,6 +30,9 @@ #include <securerom/ROM.H> #include <limits.h> #include <array> +#include <errl/errlentry.H> +#include <errl/errlmanager.H> +#include <initservice/initserviceif.H> // Forward Declaration class SecureRomManagerTest; @@ -45,38 +48,36 @@ class ContainerHeader public: /** - * @brief ContainerHeader - * - * This constructor parses the input container header and sets values - * accordingly so they can be retrieved later. - * - * @param[in] i_header Secure container header to parse. - * NULL input will assert + * @brief Default Constructor */ - ContainerHeader(const void* i_header): - iv_isValid(false),iv_hdrBytesRead(0) - { - assert(i_header != nullptr); - iv_pHdrStart = reinterpret_cast<const uint8_t*>(i_header); - initVars(); - parse_header(i_header); - }; + ContainerHeader(): + iv_componentId{}, iv_headerInfo{}, iv_isValid(false), + iv_pHdrStart(nullptr), iv_hdrBytesRead(0), iv_totalSwKeysSize(0), + iv_sbFlags{}, iv_hwKeyHash{}, iv_fakeHeader{} + {} /** - * @brief ContainerHeader - generate fake header + * @brief Sets Container header from virtual address provided and parses + * to set values accordingly so they can be retrieved later. * - * This constructor generates a fake header with minimal information + * @param[in] i_header virtual address pointing to a secure container + * header to parse. + * nullptr input will assert + * @return Error handle if error; otherwise nullptr + */ + errlHndl_t setHeader(const void* i_header); + + /** + * @brief Same as setHeader(), but generates a fake header from + * minimal input and then parses the header * * @param[in] i_totalSize Total Container Size * @param[in] i_compId Component ID + * + * @return Error handle if error; otherwise nullptr */ - ContainerHeader(const size_t i_totalSize, - const char* i_compId): - iv_isValid(false),iv_hdrBytesRead(0),iv_fakeHeader{} - { - initVars(); - genFakeHeader(i_totalSize, i_compId); - }; + errlHndl_t setFakeHeader(const size_t i_totalSize, + const char* i_compId); /** * @brief Initialize internal variables @@ -187,11 +188,6 @@ class ContainerHeader const uint8_t* fakeHeader() const; private: - /** - * @brief Default Constructor in private to prevent being instantiated - * by non friend/children derivatives. - */ - ContainerHeader(){}; /** * @brief Complete container header structure based on ROM structures @@ -253,8 +249,9 @@ class ContainerHeader /** * @brief Weak check to determine if secureboot header looks right. * Also sets iv_isValid private member + * @return Error handle if error; otherwise nullptr */ - void validate(); + errlHndl_t validate(); /** * @brief Print out useful sections of the container header @@ -266,32 +263,35 @@ class ContainerHeader * * Parses a secure container header defined by ROM structures and set * internal header structure. + * Note: nullptr header will assert * - * @param[in] i_containerHdr Secure container header to parse - * NULL input will assert + * @return Error handle if error; otherwise nullptr */ - void parse_header(const void* i_header); + errlHndl_t parse_header(); /** * @brief Checks bounds of parsing before mempy and increments pointer * * Ensures that we don't memcpy more bytes than the max size of a - * secure container header. Asserts on out of bounds memcpy. + * secure container header. Error log created on out of bounds memcpy. * * @param[in] i_dest Pointer to the memory location to copy to - * NULL input will assert + * nullptr input will assert * @param[in] io_hdr Pointer to current location of container header - * NULL input will assert + * nullptr input will assert * @param[in] i_size Number of bytes to copy + * + * @return Error handle if error; otherwise nullptr */ - void safeMemCpyAndInc(void* i_dest, const uint8_t* &io_hdr, - const size_t i_size); + errlHndl_t safeMemCpyAndInc(void* i_dest, const uint8_t* &io_hdr, + const size_t i_size); // Pointer to fake header generated std::array<uint8_t,PAGE_SIZE> iv_fakeHeader; /** - * @brief Generate fake header with limited information + * @brief Generate fake header with minimal information and stores in + * instance variable * * @param[in] i_totalSize Total container size * @param[in] i_compId Component ID diff --git a/src/include/usr/secureboot/secure_reasoncodes.H b/src/include/usr/secureboot/secure_reasoncodes.H index f633ef7b2..21c195b77 100644 --- a/src/include/usr/secureboot/secure_reasoncodes.H +++ b/src/include/usr/secureboot/secure_reasoncodes.H @@ -41,6 +41,9 @@ namespace SECUREBOOT MOD_SECURE_WRITE_REG = 0x07, MOD_SECURE_SETTINGS_INIT = 0x08, MOD_SECURE_VERIFY_COMPONENT = 0x09, + MOD_SECURE_CONT_HDR_PARSE = 0x0A, + MOD_SECURE_CONT_HDR_CPY_INC = 0x0B, + MOD_SECURE_CONT_VALIDATE = 0x0C, }; enum SECUREReasonCode @@ -56,6 +59,8 @@ namespace SECUREBOOT RC_SECURE_BAD_TARGET = SECURE_COMP_ID | 0x09, RC_SECURE_BOOT_DISABLED = SECURE_COMP_ID | 0x0A, RC_SECROM_INVALID = SECURE_COMP_ID | 0x0B, + RC_CONT_HDR_NO_SPACE = SECURE_COMP_ID | 0x0C, + RC_CONT_HDR_INVALID = SECURE_COMP_ID | 0x0D, // Reason codes 0xA0 - 0xEF reserved for trustedboot_reasoncodes.H }; |