diff options
author | Stephen Cprek <smcprek@us.ibm.com> | 2017-07-26 10:33:24 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-08-25 23:16:28 -0400 |
commit | cefc4c2c1bf3a43a993f2091813ee181779ddee4 (patch) | |
tree | f6b15a971c3207dbae3b1800f8555b55d5dd8ae7 /src/usr/pnor/spnorrp.C | |
parent | b8f86e3a6bb4f491360dc3771854e36e903f8a71 (diff) | |
download | talos-hostboot-cefc4c2c1bf3a43a993f2091813ee181779ddee4.tar.gz talos-hostboot-cefc4c2c1bf3a43a993f2091813ee181779ddee4.zip |
Refactor SecureBoot Workarounds to better control leniency
At this time we are trying to secure OpenPOWER in secure mode,
but allow best effort policies in other scenarios
Change-Id: I9ec2b5be49dbfcff678c4d30bb85f8762e448cb6
RTC: 170136
RTC: 155374
RTC: 168021
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43640
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/pnor/spnorrp.C')
-rw-r--r-- | src/usr/pnor/spnorrp.C | 44 |
1 files changed, 32 insertions, 12 deletions
diff --git a/src/usr/pnor/spnorrp.C b/src/usr/pnor/spnorrp.C index d6dd6fefb..0b298afeb 100644 --- a/src/usr/pnor/spnorrp.C +++ b/src/usr/pnor/spnorrp.C @@ -284,18 +284,38 @@ uint64_t SPnorRP::verifySections(SectionId i_id, LoadRecord* o_rec) if (!l_info.secure) { -#ifdef CONFIG_SECUREBOOT_BEST_EFFORT - TRACFCOMP(g_trac_pnor,"PNOR::verifySections> called on unsecured section - Best effort policy skipping"); - break; -#else - TRACFCOMP(g_trac_pnor,ERR_MRK"PNOR::verifySections> called on " - "unsecured section"); - - // TODO securebootp9 revisit this assert code and replace with error log - // code if it is deemed that this assert could happen in the field - assert(false,"PNOR::loadSection> section %i is not a secure section", - i_id); -#endif + if(SECUREBOOT::bestEffortPolicy()) + { + TRACFCOMP(g_trac_pnor,"PNOR::verifySections> called on unsecured section - Best effort policy skipping"); + break; + } + else + { + TRACFCOMP(g_trac_pnor,ERR_MRK"PNOR::verifySections> called on " + "unsecured section"); + + /*@ + * @errortype + * @severity ERRL_SEV_CRITICAL_SYS_TERM + * @moduleid PNOR::MOD_SPNORRP_VERIFYSECTIONS + * @reasoncode PNOR::RC_UNSIGNED_PNOR_SECTION + * @userdata1 PNOR section requested to verify + * @userdata2 0 + * @devdesc Cannot verify unsigned PNOR section + * @custdesc Security failure: unable to securely load + * requested firmware. + */ + l_errhdl = new ERRORLOG::ErrlEntry( + ERRORLOG::ERRL_SEV_CRITICAL_SYS_TERM, + PNOR::MOD_SPNORRP_VERIFYSECTIONS, + PNOR::RC_UNSIGNED_PNOR_SECTION, + TO_UINT64(i_id), + 0, + true /*Add HB SW Callout*/); + l_errhdl->collectTrace(PNOR_COMP_NAME); + l_errhdl->collectTrace(SECURE_COMP_NAME); + break; + } } l_info.vaddr -= PAGESIZE; // back up a page to expose the secure header |