diff options
| author | Mike Baiocchi <mbaiocch@us.ibm.com> | 2017-05-09 13:51:43 -0500 |
|---|---|---|
| committer | William G. Hoffa <wghoffa@us.ibm.com> | 2017-05-15 08:53:18 -0400 |
| commit | 9f8db13fa628edccf3c81fc9a0467fe75d5f23ca (patch) | |
| tree | 79f8728078e8617d55920c32ae9f1d924e0a6644 /src/usr/isteps/istep15 | |
| parent | 5d6ef02f7aaae15ec2cccaae05ddc160beca6972 (diff) | |
| download | talos-hostboot-9f8db13fa628edccf3c81fc9a0467fe75d5f23ca.tar.gz talos-hostboot-9f8db13fa628edccf3c81fc9a0467fe75d5f23ca.zip | |
Sign and Verify the HCODE partition
Change-Id: If594c350ed52ee6b40a5aa9e021c8e5ede8fb8aa
RTC:51086
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/40294
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Diffstat (limited to 'src/usr/isteps/istep15')
| -rw-r--r-- | src/usr/isteps/istep15/host_build_stop_image.C | 47 |
1 files changed, 46 insertions, 1 deletions
diff --git a/src/usr/isteps/istep15/host_build_stop_image.C b/src/usr/isteps/istep15/host_build_stop_image.C index e6a549275..0e4e9ed0a 100644 --- a/src/usr/isteps/istep15/host_build_stop_image.C +++ b/src/usr/isteps/istep15/host_build_stop_image.C @@ -31,6 +31,7 @@ #include <usr/vmmconst.h> #include <arch/pirformat.H> #include <isteps/pm/pm_common_ext.H> +#include <config.h> //Error handling and tracing #include <errl/errlentry.H> @@ -84,7 +85,22 @@ errlHndl_t loadHcodeImage( char *& o_rHcodeAddr) do { - // Get WINK PNOR section info from PNOR RP + +#ifdef CONFIG_SECUREBOOT + l_errl = loadSecureSection(PNOR::HCODE); + if (l_errl) + { + TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace, + ERR_MRK"loadHcodeImage() - Error from " + "loadSecureSection(PNOR::HCODE)"); + + //No need to commit error here, it gets handled later + //just break out to escape this function + break; + } +#endif + + // Get HCODE/WINK PNOR section info from PNOR RP l_errl = PNOR::getSectionInfo( PNOR::HCODE, l_info ); if( l_errl ) { @@ -339,6 +355,11 @@ void* host_build_stop_image (void *io_pArgs) errlHndl_t l_errl = NULL; ISTEP_ERROR::IStepError l_StepError; + // unload of HCODE PNOR section only necessary if SECUREBOOT compiled in +#ifdef CONFIG_SECUREBOOT + bool unload_hcode_pnor_section = false; +#endif + char* l_pHcodeImage = NULL; void* l_pRealMemBase = NULL; void* l_pVirtMemBase = NULL; @@ -404,6 +425,9 @@ void* host_build_stop_image (void *io_pArgs) // drop out of do block with errorlog. break; } +#ifdef CONFIG_SECUREBOOT + unload_hcode_pnor_section = true; +#endif // Loop through all functional Procs and generate images for them. TARGETING::TargetHandleList l_procChips; @@ -551,6 +575,27 @@ void* host_build_stop_image (void *io_pArgs) if( l_temp_buffer1 ) { free(l_temp_buffer1); } if( l_temp_buffer2 ) { free(l_temp_buffer2); } +#ifdef CONFIG_SECUREBOOT + // securely unload HCODE PNOR section, if necessary + if ( unload_hcode_pnor_section == true ) + { + l_errl = unloadSecureSection(PNOR::HCODE); + if (l_errl) + { + TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace, + ERR_MRK"host_build_stop_image() - Error from " + "unloadSecureSection(PNOR::HCODE)"); + + // Create IStep error log and cross reference error that occurred + l_StepError.addErrorDetails( l_errl ); + + // Commit error + errlCommit( l_errl, ISTEP_COMP_ID ); + } + } +#endif + + if(l_pVirtMemBase) { int rc = 0; |
