diff options
author | Stephen Cprek <smcprek@us.ibm.com> | 2017-03-16 14:55:36 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-03-30 10:59:38 -0400 |
commit | 7e53643075803b2654bebec85f693c90d1b503f6 (patch) | |
tree | 67d6fbfb13b8b74dcb72cca54320e0d4efab39bf /src/usr/pnor/spnorrp.C | |
parent | da8ebbbccc858f874bb9841a1a23390798d4f14d (diff) | |
download | talos-hostboot-7e53643075803b2654bebec85f693c90d1b503f6.tar.gz talos-hostboot-7e53643075803b2654bebec85f693c90d1b503f6.zip |
Secureboot best effort compatibility support
Change-Id: I1671459ca58684b14f65f322ff6dccddcaad40a2
RTC: 170685
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38104
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/pnor/spnorrp.C')
-rw-r--r-- | src/usr/pnor/spnorrp.C | 89 |
1 files changed, 18 insertions, 71 deletions
diff --git a/src/usr/pnor/spnorrp.C b/src/usr/pnor/spnorrp.C index 5f03f46c8..c17d493ef 100644 --- a/src/usr/pnor/spnorrp.C +++ b/src/usr/pnor/spnorrp.C @@ -278,9 +278,26 @@ uint64_t SPnorRP::verifySections(SectionId i_id, LoadRecord* o_rec) break; } + TRACDCOMP(g_trac_pnor,"SPnorRP::verifySections getSectionInfo" " succeeded for sec = %s", l_info.name); + if (!l_info.secure) + { +#ifdef CONFIG_SECUREBOOT_BEST_EFFORT + TRACFCOMP(g_trac_pnor,"PNOR::loadSecureSection> called on unsecured section - Best effort policy skipping"); + break; +#else + TRACFCOMP(g_trac_pnor,ERR_MRK"PNOR::loadSecureSection> called on " + "unsecured section"); + + // TODO securebootp9 revisit this assert code and replace with error log + // code if it is deemed that this assert could happen in the field + assert(false,"PNOR::loadSection> section %i is not a secure section", + i_id); +#endif + } + l_info.vaddr -= PAGESIZE; // back up a page to expose the secure header l_info.size += PAGESIZE; // add a page to size to account for the header @@ -682,34 +699,6 @@ errlHndl_t PNOR::loadSecureSection(const SectionId i_section) // Send message to secure provider to load the section errlHndl_t err = NULL; - if (!isSecureSection(i_section)) - { - TRACFCOMP(g_trac_pnor,ERR_MRK"PNOR::loadSecureSection> called on " - "unsecured section"); - // TODO securebootp9 remove below temporary code after all of the - // sections in the below if condition have been fully ported and added - // to isSecureSection. - // start temporary code - if (i_section == PNOR::HB_EXT_CODE || - i_section == PNOR::HB_DATA || - i_section == PNOR::SBE_IPL || - i_section == PNOR::CENTAUR_SBE || - i_section == PNOR::PAYLOAD || - i_section == PNOR::OCC || - i_section == PNOR::HB_RUNTIME) - { - // For now, ignore the attempt to load this section securely. - // Returning from the middle of a function is excusable because - // it keeps the temp code in one place, making it easier to remove. - return NULL; - } - // end temporary code - // TODO securebootp9 revisit this assert code and replace with error log - // code if it is deemed that this assert could happen in the field - assert(false,"PNOR::loadSection> section %i is not a secure section", - i_section); - } - msg_q_t spnorQ = msg_q_resolve(SPNORRP_MSG_Q); assert(spnorQ != NULL); @@ -917,46 +906,4 @@ errlHndl_t SPnorRP::keyTransitionCheck(const uint8_t *i_vaddr) const }while(0); return l_errl; -} - -bool PNOR::cmpSecurebootMagicNumber(const uint8_t* i_vaddr) -{ - return memcmp(&ROM_MAGIC_NUMBER, i_vaddr, sizeof(ROM_MAGIC_NUMBER)) == 0; -} - -errlHndl_t PNOR::hasSecurebootMagicNumber(const SectionId i_section, - bool &o_valid) -{ - errlHndl_t l_errl = NULL; - SectionInfo_t l_info; - - // Force to false - o_valid = false; - - // This will not work for HBB - assert(i_section != HB_BASE_CODE, "hasSecurebootMagicNumber() does not work for HBB section"); - - bool isSecure = PNOR::isSecureSection(i_section); - do { - l_errl = getSectionInfo(i_section, l_info); - if (l_errl) - { - TRACFCOMP(g_trac_pnor, ERR_MRK"PNOR::hasSecurebootMagicNumber(): - getSectionInfo failed"); - break; - } - - // Use PNOR vaddr - if(isSecure) - { - // back up a page to expose the secure header - l_info.vaddr = l_info.vaddr - VMM_VADDR_SPNOR_DELTA - - VMM_VADDR_SPNOR_DELTA - - PAGESIZE; - } - o_valid = cmpSecurebootMagicNumber(reinterpret_cast<uint8_t*> - (l_info.vaddr)); - }while(0); - - return l_errl; -} - +}
\ No newline at end of file |