diff options
author | Jaymes Wilks <mjwilks@us.ibm.com> | 2016-10-17 12:15:40 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2016-11-14 17:17:33 -0500 |
commit | 16263a641c48773091dd60b55e28ad77ca5a8574 (patch) | |
tree | 97120f76deb4132a1a1b7ceba8701318c5663a68 /src/usr/pnor/pnor_utils.C | |
parent | a904e156364a8f0fd5f6bc2b7094f79cf77da1b2 (diff) | |
download | talos-hostboot-16263a641c48773091dd60b55e28ad77ca5a8574.tar.gz talos-hostboot-16263a641c48773091dd60b55e28ad77ca5a8574.zip |
Secure PNOR Resource Provider port from p8
Adds a Secure PNOR Resource Provider (SPNORRP) layer on top of the
original PNORRP to handle verification of secured PNOR sections.
Change-Id: Iff25abf599f3c850197c6e6d23ff03e5edf945bb
RTC:163078
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/31588
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/pnor/pnor_utils.C')
-rw-r--r-- | src/usr/pnor/pnor_utils.C | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/src/usr/pnor/pnor_utils.C b/src/usr/pnor/pnor_utils.C index e522ea942..ee3355347 100644 --- a/src/usr/pnor/pnor_utils.C +++ b/src/usr/pnor/pnor_utils.C @@ -337,8 +337,8 @@ void PNOR::parseEntries (ffs_hdr* i_ffs_hdr, ((io_TOC[secId].size * 8 ) / 9); } - // TODO RTC:96009 handle version header w/secureboot - if (io_TOC[secId].version == FFS_VERS_SHA512) + if (io_TOC[secId].version == FFS_VERS_SHA512 + && !PNOR::isSecureSection(secId)) { //increment flash addr for sha header if (io_TOC[secId].integrity == FFS_INTEG_ECC_PROTECT) @@ -349,11 +349,31 @@ void PNOR::parseEntries (ffs_hdr* i_ffs_hdr, { io_TOC[secId].flashAddr += PAGESIZE ; } + + // now that we've skipped the header + // adjust the size to reflect that io_TOC[secId].size -= PAGESIZE; } } // For TOC Entries } - +bool PNOR::isSecureSection(const uint32_t i_section) +{ +// TODO securebootp9 uncomment these sections as they become ready for +// inclusion in p9. Remove this comment after the last one. +#ifdef CONFIG_SECUREBOOT +// return i_section == HB_EXT_CODE || +// i_section == HB_DATA || +// i_section == SBE_IPL || +// i_section == CENTAUR_SBE || +// i_section == PAYLOAD || +// i_section == SBKT || +// i_section == OCC || +// i_section == HB_RUNTIME; + return false; +#else + return false; +#endif +} |