diff options
| author | Mike Baiocchi <mbaiocch@us.ibm.com> | 2017-07-01 01:43:12 -0500 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-08-09 13:47:00 -0400 |
| commit | 776d1086a7ed224c482d2da3c49b2c597b8776ab (patch) | |
| tree | 1da81d9f9edec18550b4bd69dcfd95140e741fa1 /src/include | |
| parent | e676209189922c5105629a9785a25958ba0972a9 (diff) | |
| download | talos-hostboot-776d1086a7ed224c482d2da3c49b2c597b8776ab.tar.gz talos-hostboot-776d1086a7ed224c482d2da3c49b2c597b8776ab.zip | |
Secureboot: Inhibit attribute overrides and sync exposures
For Secureboot purposes, we don't consider the FSP a secure source. So
this commit inhibts attribute overrides and any sort of attribute syncing
from the FSP.
Change-Id: I941ab5083d3055bc29237839aaaf4b723a2b0e90
RTC:175071
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/42687
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/kernel/bltohbdatamgr.H | 3 | ||||
| -rw-r--r-- | src/include/usr/secureboot/service.H | 9 |
2 files changed, 12 insertions, 0 deletions
diff --git a/src/include/kernel/bltohbdatamgr.H b/src/include/kernel/bltohbdatamgr.H index 6b6f8b831..42ded91cc 100644 --- a/src/include/kernel/bltohbdatamgr.H +++ b/src/include/kernel/bltohbdatamgr.H @@ -66,6 +66,9 @@ class BlToHbDataManager // Converts HBB header pointer to a 64-bit address const uint64_t getHbbHeaderAddr() const; + // Needed for testcases + friend class AttrTankTest; + public: /** diff --git a/src/include/usr/secureboot/service.H b/src/include/usr/secureboot/service.H index 2f0430d83..27c35f6d4 100644 --- a/src/include/usr/secureboot/service.H +++ b/src/include/usr/secureboot/service.H @@ -290,6 +290,15 @@ namespace SECUREBOOT */ void addSecureUserDetailsToErrolog(errlHndl_t & io_err); + /* + * @brief Determines if Attribute Overrides are Allowed + * If Secureboot is enabled, check allowAttrOverrides setting; + * If Secureboot is not enabled, always allow Attribute Overrides + * + * @return bool TRUE if Attribute Overrides Are Allowed; FALSE otherwise + */ + bool allowAttrOverrides(); + } #endif |
