diff options
author | Stephen Cprek <smcprek@us.ibm.com> | 2017-09-18 10:25:22 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-09-20 18:03:22 -0400 |
commit | 4b2859591b45f9b83c6856c4d242e20fc236ebf0 (patch) | |
tree | 22d2aae4c0dc8d40f2d11a7238a9452426987c83 /src/usr/pnor/runtime | |
parent | a1f8b1f54e626cac01de5a9b3911fe72331a512c (diff) | |
download | talos-hostboot-4b2859591b45f9b83c6856c4d242e20fc236ebf0.tar.gz talos-hostboot-4b2859591b45f9b83c6856c4d242e20fc236ebf0.zip |
Fix getSectionInfo from failing on secure sections
Instead restrict actions if a secure section but let all other
info to be obtained
Change-Id: I4ae72157f8a956dfe2bccf9a88c8e6332fd3ff6a
CQ: SW402304
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/46341
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/pnor/runtime')
-rw-r--r-- | src/usr/pnor/runtime/rt_pnor.C | 87 | ||||
-rw-r--r-- | src/usr/pnor/runtime/rt_pnor.H | 2 |
2 files changed, 51 insertions, 38 deletions
diff --git a/src/usr/pnor/runtime/rt_pnor.C b/src/usr/pnor/runtime/rt_pnor.C index ae187a057..a9c3e4d1e 100644 --- a/src/usr/pnor/runtime/rt_pnor.C +++ b/src/usr/pnor/runtime/rt_pnor.C @@ -155,13 +155,15 @@ errlHndl_t RtPnor::getSectionInfo(PNOR::SectionId i_section, errlHndl_t l_err = nullptr; do { + + // TODO: RTC:180063 change this to error out on secure sections as it + // did previously in HB commit cefc4c + // Check if Section is invalid or inhibited from loading at runtime. bool l_inhibited = false; - bool l_secure = false; #ifdef CONFIG_SECUREBOOT l_inhibited = PNOR::isInhibitedSection(i_section); - l_secure = iv_TOC[i_section].secure; #endif - if (i_section == PNOR::INVALID_SECTION || l_inhibited || l_secure) + if (i_section == PNOR::INVALID_SECTION || l_inhibited) { TRACFCOMP(g_trac_pnor, "RtPnor::getSectionInfo: Invalid Section %d", static_cast<int>(i_section)); @@ -170,18 +172,13 @@ errlHndl_t RtPnor::getSectionInfo(PNOR::SectionId i_section, { TRACFCOMP(g_trac_pnor, ERR_MRK"RtPnor::getSectionInfo: attribute overrides inhibited by secureboot"); } - else if (l_secure) - { - TRACFCOMP(g_trac_pnor, ERR_MRK"RtPnor::getSectionInfo: secure sections should be loaded via Hostboot Reserved Memory"); - } #endif /*@ * @errortype * @moduleid PNOR::MOD_RTPNOR_GETSECTIONINFO * @reasoncode PNOR::RC_RTPNOR_INVALID_SECTION * @userdata1 PNOR::SectionId - * @userdata2[0:31] Inhibited by secureboot - * @userdata2[32:63] Indication of a secure section + * @userdata2[0:63] Inhibited by secureboot * @devdesc invalid section passed to getSectionInfo or * section prohibited by secureboot */ @@ -189,8 +186,7 @@ errlHndl_t RtPnor::getSectionInfo(PNOR::SectionId i_section, PNOR::MOD_RTPNOR_GETSECTIONINFO, PNOR::RC_RTPNOR_INVALID_SECTION, i_section, - TWO_UINT32_TO_UINT64(l_inhibited, - l_secure), + l_inhibited, true); break; } @@ -200,7 +196,7 @@ errlHndl_t RtPnor::getSectionInfo(PNOR::SectionId i_section, if (l_sizeBytes == 0) { TRACFCOMP(g_trac_pnor,"RtPnor::getSectionInfo: Section %d" - " size is 0", (int)i_section); + " size is 0", static_cast<int>(i_section)); /*@ * @errortype * @moduleid PNOR::MOD_RTPNOR_GETSECTIONINFO @@ -219,44 +215,58 @@ errlHndl_t RtPnor::getSectionInfo(PNOR::SectionId i_section, bool l_ecc = (iv_TOC[i_section].integrity&FFS_INTEG_ECC_PROTECT) ? true : false; - void* l_pWorking = nullptr; - void* l_pClean = nullptr; - - //find the section in the map first - if(iv_pnorMap.find(i_section) != iv_pnorMap.end()) + // TODO: RTC:180063 change this to error out on secure sections as it + // did previously in HB commit cefc4c + // Only do mapping and read from device to set vaddr if not a secure + // section. Secure sections should load from HB resv memory and will set + // vaddr to 0 + if (iv_TOC[i_section].secure) { - //get the addresses from the map - PnorAddrPair_t l_addrPair = iv_pnorMap[i_section]; - l_pWorking = l_addrPair.first; - l_pClean = l_addrPair.second; + TRACFCOMP(g_trac_pnor,"RtPnor::getSectionInfo: Warning> Section is secure, so must be loaded from Hb resv memory. vaddr will be set to 0"); + o_info.vaddr = 0; } else { - //malloc twice -- one working copy and one clean copy - //So, we can diff and write only the dirty bytes - l_pWorking = malloc(l_sizeBytes); - l_pClean = malloc(l_sizeBytes); - - //offset = 0 : read the entire section - l_err = readFromDevice(iv_masterProcId, i_section, 0, l_sizeBytes, - l_ecc, l_pWorking); - if(l_err) + void* l_pWorking = nullptr; + void* l_pClean = nullptr; + + //find the section in the map first + if(iv_pnorMap.find(i_section) != iv_pnorMap.end()) { - TRACFCOMP(g_trac_pnor, "RtPnor::getSectionInfo:readFromDevice" - " failed"); - break; + //get the addresses from the map + PnorAddrPair_t l_addrPair = iv_pnorMap[i_section]; + l_pWorking = l_addrPair.first; + l_pClean = l_addrPair.second; } + else + { + //malloc twice -- one working copy and one clean copy + //So, we can diff and write only the dirty bytes + l_pWorking = malloc(l_sizeBytes); + l_pClean = malloc(l_sizeBytes); + + //offset = 0 : read the entire section + l_err = readFromDevice(iv_masterProcId, i_section, 0, l_sizeBytes, + l_ecc, l_pWorking); + if(l_err) + { + TRACFCOMP(g_trac_pnor, "RtPnor::getSectionInfo:readFromDevice" + " failed"); + break; + } - //copy data to another pointer to save a clean copy of data - memcpy(l_pClean, l_pWorking, l_sizeBytes); + //copy data to another pointer to save a clean copy of data + memcpy(l_pClean, l_pWorking, l_sizeBytes); - //save it in the map - iv_pnorMap [i_section] = PnorAddrPair_t(l_pWorking, l_pClean); + //save it in the map + iv_pnorMap [i_section] = PnorAddrPair_t(l_pWorking, l_pClean); + } + o_info.vaddr = reinterpret_cast<uint64_t>(l_pWorking); } + //return the data in the struct o_info.id = i_section; o_info.name = SectionIdToString(i_section); - o_info.vaddr = (uint64_t)l_pWorking; o_info.flashAddr = iv_TOC[i_section].flashAddr; o_info.size = l_sizeBytes; o_info.eccProtected = l_ecc; @@ -264,6 +274,7 @@ errlHndl_t RtPnor::getSectionInfo(PNOR::SectionId i_section, (iv_TOC[i_section].version & FFS_VERS_SHA512) ? true : false; o_info.sha512perEC = (iv_TOC[i_section].version & FFS_VERS_SHA512_PER_EC) ? true : false; + o_info.secure = iv_TOC[i_section].secure; } while (0); TRACFCOMP(g_trac_pnor, EXIT_MRK"RtPnor::getSectionInfo"); diff --git a/src/usr/pnor/runtime/rt_pnor.H b/src/usr/pnor/runtime/rt_pnor.H index 6af111995..b2433a19f 100644 --- a/src/usr/pnor/runtime/rt_pnor.H +++ b/src/usr/pnor/runtime/rt_pnor.H @@ -50,6 +50,8 @@ class RtPnor * * @param[in] i_section PNOR section * @param[out] o_info Location and size information + * NOTE: vaddr is 0 if section is secure. + * It should be loaded from Hb resv memory * * @return errlHndl_t Error log if request was invalid */ |