diff options
author | Stephen Cprek <smcprek@us.ibm.com> | 2017-11-20 16:56:44 -0600 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-12-18 17:27:59 -0500 |
commit | 9ae6e9595f9773d295b7e3ade47088f554c1ed48 (patch) | |
tree | f33427b681154991423fb9faad3476bf4aa17ff4 /src/usr/pnor/pnorrp.C | |
parent | 8392e4f606607e505bb99de2a8d229ae69be5efe (diff) | |
download | talos-hostboot-9ae6e9595f9773d295b7e3ade47088f554c1ed48.tar.gz talos-hostboot-9ae6e9595f9773d295b7e3ade47088f554c1ed48.zip |
Remove Secure Boot workarounds
- Removing the magic number checks that would block sb functionality
if things didn't appear secure
- Remove Best Effort Policy and all of its related code
- Remove the legacy PCR extension
- Remove the non-secure header preservation path.
- Always load HB base image header from the bl to hb data path
vs settings unsecurely out of pnor
Change-Id: Ie638384ac50ed47850985c959ea7a32e5757d64e
RTC: 178520
RTC: 155374
RTC: 173489
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49925
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/pnor/pnorrp.C')
-rw-r--r-- | src/usr/pnor/pnorrp.C | 79 |
1 files changed, 0 insertions, 79 deletions
diff --git a/src/usr/pnor/pnorrp.C b/src/usr/pnor/pnorrp.C index da2548ebc..a874d3735 100644 --- a/src/usr/pnor/pnorrp.C +++ b/src/usr/pnor/pnorrp.C @@ -160,36 +160,6 @@ errlHndl_t PNOR::fixECC(PNOR::SectionId i_section) return Singleton<PnorRP>::instance().fixECC(i_section); } -// @TODO RTC 173489 -// Remove API once FSP fully supports signing of PNOR sections that did not -// previously have a sha512 header -errlHndl_t PNOR::readHeaderMagic( - const PNOR::SectionId i_secId, - const PNOR::SectionData_t& i_TOC, - const size_t i_size, - void* const o_pData) -{ - errlHndl_t pError = nullptr; - assert(o_pData != nullptr,"Output buffer pointer was nullptr"); - - do { - - size_t size = i_size; - auto pTarget = TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL; - // Read first <=8 bytes of section data from the PNOR DD - // Note: Do not need to worry about ECC as the 9th byte is the first - // ECC byte. - pError = DeviceFW::deviceRead(pTarget, o_pData, size, - DEVICE_PNOR_ADDRESS(0,i_TOC.flashAddr)); - if (pError) - { - break; - } - - } while(0); - - return pError; -} /** * STATIC @@ -369,55 +339,6 @@ void PnorRP::initDaemon() break; } - // @TODO RTC 178520 Remove the non-secure extension path and - // always used the converged HBB extension path. - - // If secured, extend base image (HBB) when Hostboot first starts. - // Since HBB is never re-loaded, inhibit extending this image in - // runtime code. - #ifndef __HOSTBOOT_RUNTIME - #ifdef CONFIG_SECUREBOOT - if(!SECUREBOOT::enabled()) - { - // If compliant bootloader was present, it saved the HBB header - // to a known location accessible to HBB. Until that bootloader - // is widely distributed, when in non-secure mode in lab, - // manufacturing, etc., read the header directly from PNOR. - PNOR::SideInfo_t pnorInfo = {PNOR::WORKING}; - l_errhdl = PnorRP::getSideInfo(PNOR::WORKING, pnorInfo); - if(l_errhdl != nullptr) - { - break; - } - - const SectionData_t* const pHbb = &iv_TOC[PNOR::HB_BASE_CODE]; - const bool ecc = (pHbb->integrity == FFS_INTEG_ECC_PROTECT) ? - true :false; - - uint8_t pHeader[PAGESIZE] = {0}; - uint64_t fatalError = 0; - l_errhdl = readFromDevice( - pnorInfo.hbbAddress, - pHbb->chip, - ecc, - pHeader, - fatalError); - - // If fatalError != 0 there is an uncorrectable ECC error (UE). - // In that case, continue on with inaccurate data, as - // readFromDevice API will initiate a shutdown - if(l_errhdl != nullptr) - { - break; - } - - // Cache the header - (void)SECUREBOOT::baseHeader().setNonSecurely( - pHeader); - } - #endif - #endif - // start task to wait on the queue task_create( wait_for_message, NULL ); } while(0); |