Handle ContainerHeader asserts more nicely with error logs

Change-Id: I2dfd02bd7c7f5b5356cd93ca967482c2d7f79ec1 RTC: 178520 RTC: 181899 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49966 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
author: Stephen Cprek <smcprek@us.ibm.com> 2017-11-21 16:09:22 -0600
committer: Daniel M. Crowell <dcrowell@us.ibm.com> 2017-12-05 14:37:19 -0500
commit: ca52131dad3de16f44b9c9f07b5413edf1e9742a (patch)
tree: 56a0fcd4357510dee0fa25883dea463cfdb1433b /src/usr/pnor/spnorrp.C
parent: 89f7297255af3b70c6c1f7a3845498d13eff5cfd (diff)
download: talos-hostboot-ca52131dad3de16f44b9c9f07b5413edf1e9742a.tar.gz
talos-hostboot-ca52131dad3de16f44b9c9f07b5413edf1e9742a.zip
1 files changed, 35 insertions, 4 deletions
diff --git a/src/usr/pnor/spnorrp.C b/src/usr/pnor/spnorrp.C
index b45ac3e71..b9fd587c6 100644
--- a/src/usr/pnor/spnorrp.C
+++ b/src/usr/pnor/spnorrp.C
@@ -423,7 +423,14 @@ uint64_t SPnorRP::verifySections(SectionId i_id,
         memcpy(l_tempAddr, l_unsecuredAddr, l_info.secureProtectedPayloadSize
                                           + PAGESIZE); // plus header size
 
-        SECUREBOOT::ContainerHeader l_conHdr(l_tempAddr);
+        SECUREBOOT::ContainerHeader l_conHdr;
+        l_errhdl = l_conHdr.setHeader(l_tempAddr);
+        if (l_errhdl)
+        {
+            TRACFCOMP(g_trac_pnor, ERR_MRK"SPnorRP::verifySections> setheader failed");
+            break;
+        }
+
         size_t l_totalContainerSize = l_conHdr.totalContainerSize();
         auto l_prefixHdrFlags = l_conHdr.prefixHeaderFlags();
 
@@ -1195,6 +1202,7 @@ errlHndl_t SPnorRP::baseExtVersCheck(const uint8_t *i_vaddr) const
     errlHndl_t l_errl = NULL;
     assert(i_vaddr != NULL);
 
+    do {
     // Check if measured and build time hashes of HBB sw signatures match.
     // Query the HBB header
     const void* l_pHbbHeader = NULL;
@@ -1202,7 +1210,13 @@ errlHndl_t SPnorRP::baseExtVersCheck(const uint8_t *i_vaddr) const
     // Fatal code bug if either address is NULL
     assert(l_pHbbHeader!=NULL,"ERORR: Cached header address is NULL");
     // Build a container header object from the raw header
-    SECUREBOOT::ContainerHeader l_hbbContainerHeader(l_pHbbHeader);
+    SECUREBOOT::ContainerHeader l_hbbContainerHeader;
+    l_errl = l_hbbContainerHeader.setHeader(l_pHbbHeader);
+    if (l_errl)
+    {
+        TRACFCOMP(g_trac_pnor, ERR_MRK"SPnorRP::baseExtVersCheck> setheader failed");
+        break;
+    }
 
     // Calculate hash of HBB's sw signatures
     SHA512_t l_hashSwSigs = {0};
@@ -1251,8 +1265,11 @@ errlHndl_t SPnorRP::baseExtVersCheck(const uint8_t *i_vaddr) const
             TO_UINT64(*reinterpret_cast<const uint64_t*>(l_hashPageTableSaltEntry)));
         l_errl->collectTrace(PNOR_COMP_NAME);
         l_errl->collectTrace(SECURE_COMP_NAME);
+        break;
     }
 
+    } while(0);
+
     return l_errl;
 }
 
@@ -1263,7 +1280,13 @@ errlHndl_t SPnorRP::keyTransitionCheck(const uint8_t *i_vaddr) const
 
     do {
     // Check if the header flags have the key transition bit set
-    SECUREBOOT::ContainerHeader l_outerConHdr(i_vaddr);
+    SECUREBOOT::ContainerHeader l_outerConHdr;
+    l_errl = l_outerConHdr.setHeader(i_vaddr);
+    if (l_errl)
+    {
+        TRACFCOMP(g_trac_pnor, ERR_MRK"SPnorRP::keyTransitionCheck> outer setheader failed");
+        break;
+    }
     if (!l_outerConHdr.sb_flags()->hw_key_transition)
     {
         TRACFCOMP( g_trac_pnor, ERR_MRK"SPnorRP::keyTransitionCheck() - Key transition flag not set");
@@ -1290,7 +1313,14 @@ errlHndl_t SPnorRP::keyTransitionCheck(const uint8_t *i_vaddr) const
 
     // Validate nested container is properly signed using new hw keys
     uint8_t * l_nestedVaddr = const_cast<uint8_t*>(i_vaddr) + PAGESIZE;
-    SECUREBOOT::ContainerHeader l_nestedConHdr(l_nestedVaddr);
+    SECUREBOOT::ContainerHeader l_nestedConHdr;
+    l_errl = l_nestedConHdr.setHeader(l_nestedVaddr);
+    if (l_errl)
+    {
+        TRACFCOMP(g_trac_pnor, ERR_MRK"SPnorRP::keyTransitionCheck> nested setheader failed");
+        break;
+    }
+
     l_errl = SECUREBOOT::verifyContainer(l_nestedVaddr,
                                          l_nestedConHdr.hwKeyHash());
     if (l_errl)
@@ -1298,6 +1328,7 @@ errlHndl_t SPnorRP::keyTransitionCheck(const uint8_t *i_vaddr) const
         TRACFCOMP( g_trac_pnor, ERR_MRK"SPnorRP::keyTransitionCheck() - failed verifyContainer");
         break;
     }
+
     }while(0);
 
     return l_errl;
author	Stephen Cprek <smcprek@us.ibm.com>	2017-11-21 16:09:22 -0600
committer	Daniel M. Crowell <dcrowell@us.ibm.com>	2017-12-05 14:37:19 -0500
commit	ca52131dad3de16f44b9c9f07b5413edf1e9742a (patch)
tree	56a0fcd4357510dee0fa25883dea463cfdb1433b /src/usr/pnor/spnorrp.C
parent	89f7297255af3b70c6c1f7a3845498d13eff5cfd (diff)
download	talos-hostboot-ca52131dad3de16f44b9c9f07b5413edf1e9742a.tar.gz talos-hostboot-ca52131dad3de16f44b9c9f07b5413edf1e9742a.zip