diff options
author | Stephen Cprek <smcprek@us.ibm.com> | 2017-11-21 16:09:22 -0600 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-12-05 14:37:19 -0500 |
commit | ca52131dad3de16f44b9c9f07b5413edf1e9742a (patch) | |
tree | 56a0fcd4357510dee0fa25883dea463cfdb1433b /src/usr/pnor/spnorrp.C | |
parent | 89f7297255af3b70c6c1f7a3845498d13eff5cfd (diff) | |
download | talos-hostboot-ca52131dad3de16f44b9c9f07b5413edf1e9742a.tar.gz talos-hostboot-ca52131dad3de16f44b9c9f07b5413edf1e9742a.zip |
Handle ContainerHeader asserts more nicely with error logs
Change-Id: I2dfd02bd7c7f5b5356cd93ca967482c2d7f79ec1
RTC: 178520
RTC: 181899
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49966
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/pnor/spnorrp.C')
-rw-r--r-- | src/usr/pnor/spnorrp.C | 39 |
1 files changed, 35 insertions, 4 deletions
diff --git a/src/usr/pnor/spnorrp.C b/src/usr/pnor/spnorrp.C index b45ac3e71..b9fd587c6 100644 --- a/src/usr/pnor/spnorrp.C +++ b/src/usr/pnor/spnorrp.C @@ -423,7 +423,14 @@ uint64_t SPnorRP::verifySections(SectionId i_id, memcpy(l_tempAddr, l_unsecuredAddr, l_info.secureProtectedPayloadSize + PAGESIZE); // plus header size - SECUREBOOT::ContainerHeader l_conHdr(l_tempAddr); + SECUREBOOT::ContainerHeader l_conHdr; + l_errhdl = l_conHdr.setHeader(l_tempAddr); + if (l_errhdl) + { + TRACFCOMP(g_trac_pnor, ERR_MRK"SPnorRP::verifySections> setheader failed"); + break; + } + size_t l_totalContainerSize = l_conHdr.totalContainerSize(); auto l_prefixHdrFlags = l_conHdr.prefixHeaderFlags(); @@ -1195,6 +1202,7 @@ errlHndl_t SPnorRP::baseExtVersCheck(const uint8_t *i_vaddr) const errlHndl_t l_errl = NULL; assert(i_vaddr != NULL); + do { // Check if measured and build time hashes of HBB sw signatures match. // Query the HBB header const void* l_pHbbHeader = NULL; @@ -1202,7 +1210,13 @@ errlHndl_t SPnorRP::baseExtVersCheck(const uint8_t *i_vaddr) const // Fatal code bug if either address is NULL assert(l_pHbbHeader!=NULL,"ERORR: Cached header address is NULL"); // Build a container header object from the raw header - SECUREBOOT::ContainerHeader l_hbbContainerHeader(l_pHbbHeader); + SECUREBOOT::ContainerHeader l_hbbContainerHeader; + l_errl = l_hbbContainerHeader.setHeader(l_pHbbHeader); + if (l_errl) + { + TRACFCOMP(g_trac_pnor, ERR_MRK"SPnorRP::baseExtVersCheck> setheader failed"); + break; + } // Calculate hash of HBB's sw signatures SHA512_t l_hashSwSigs = {0}; @@ -1251,8 +1265,11 @@ errlHndl_t SPnorRP::baseExtVersCheck(const uint8_t *i_vaddr) const TO_UINT64(*reinterpret_cast<const uint64_t*>(l_hashPageTableSaltEntry))); l_errl->collectTrace(PNOR_COMP_NAME); l_errl->collectTrace(SECURE_COMP_NAME); + break; } + } while(0); + return l_errl; } @@ -1263,7 +1280,13 @@ errlHndl_t SPnorRP::keyTransitionCheck(const uint8_t *i_vaddr) const do { // Check if the header flags have the key transition bit set - SECUREBOOT::ContainerHeader l_outerConHdr(i_vaddr); + SECUREBOOT::ContainerHeader l_outerConHdr; + l_errl = l_outerConHdr.setHeader(i_vaddr); + if (l_errl) + { + TRACFCOMP(g_trac_pnor, ERR_MRK"SPnorRP::keyTransitionCheck> outer setheader failed"); + break; + } if (!l_outerConHdr.sb_flags()->hw_key_transition) { TRACFCOMP( g_trac_pnor, ERR_MRK"SPnorRP::keyTransitionCheck() - Key transition flag not set"); @@ -1290,7 +1313,14 @@ errlHndl_t SPnorRP::keyTransitionCheck(const uint8_t *i_vaddr) const // Validate nested container is properly signed using new hw keys uint8_t * l_nestedVaddr = const_cast<uint8_t*>(i_vaddr) + PAGESIZE; - SECUREBOOT::ContainerHeader l_nestedConHdr(l_nestedVaddr); + SECUREBOOT::ContainerHeader l_nestedConHdr; + l_errl = l_nestedConHdr.setHeader(l_nestedVaddr); + if (l_errl) + { + TRACFCOMP(g_trac_pnor, ERR_MRK"SPnorRP::keyTransitionCheck> nested setheader failed"); + break; + } + l_errl = SECUREBOOT::verifyContainer(l_nestedVaddr, l_nestedConHdr.hwKeyHash()); if (l_errl) @@ -1298,6 +1328,7 @@ errlHndl_t SPnorRP::keyTransitionCheck(const uint8_t *i_vaddr) const TRACFCOMP( g_trac_pnor, ERR_MRK"SPnorRP::keyTransitionCheck() - failed verifyContainer"); break; } + }while(0); return l_errl; |