diff options
| author | Jaymes Wilks <mjwilks@us.ibm.com> | 2017-09-13 09:53:39 -0500 |
|---|---|---|
| committer | William G. Hoffa <wghoffa@us.ibm.com> | 2017-10-20 12:50:04 -0400 |
| commit | b70fc1ac984f9da0d9e4932b8a9e40b1ccf4da50 (patch) | |
| tree | 509a1189bbbb420583dadd61603a08eb6691e2c3 /src/usr/pnor/spnorrp.H | |
| parent | 3f4963bae6821005c0d355587e43ca17512e5a3b (diff) | |
| download | talos-hostboot-b70fc1ac984f9da0d9e4932b8a9e40b1ccf4da50.tar.gz talos-hostboot-b70fc1ac984f9da0d9e4932b8a9e40b1ccf4da50.zip | |
Implement Secure unload
Implement Secure unload of secure sections within PNOR.
Change-Id: I92a00013d23e0506f89f89ec41a193eac0b25d25
RTC:157475
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/46203
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Diffstat (limited to 'src/usr/pnor/spnorrp.H')
| -rw-r--r-- | src/usr/pnor/spnorrp.H | 34 |
1 files changed, 31 insertions, 3 deletions
diff --git a/src/usr/pnor/spnorrp.H b/src/usr/pnor/spnorrp.H index 889b70f43..878d69625 100644 --- a/src/usr/pnor/spnorrp.H +++ b/src/usr/pnor/spnorrp.H @@ -116,6 +116,13 @@ class SPnorRP uint8_t* secAddr; size_t textSize; size_t infoSize; + size_t refCount; + SHA512_t payloadTextHash; + LoadRecord() + :secAddr(nullptr), textSize(0), infoSize(0), refCount(0) + { + memset(&payloadTextHash[0], 0, SHA512_DIGEST_LENGTH); + } }; std::map<PNOR::SectionId, LoadRecord*> iv_loadedSections; @@ -127,11 +134,22 @@ class SPnorRP /** * @brief Load secure sections into temporary address space and verify them - * @param[in] i_secId - PNOR section id to verify - * @param[in] o_rec - Load record to store section information in + * @note The Load record is not only used for output of the section info + * from the verifySections, but is also used as input via the + * payloadTextHash field, which is used (if i_loadedPreviously is + * true) to help determine if the PCR extend should be recalculated. + * + * @param[in] i_secId - PNOR section id to verify + * @param[in] i_loadedPreviously - indicates section has been securely + * loaded previously + * @param[in/out] io_rec - Load record to store section information in + * io_rec->payloadTextHash is used for comparision if + * i_loadedPreviusly is true. * @return uint64_t - Return code to pass back to message handler */ - uint64_t verifySections(PNOR::SectionId i_id, LoadRecord* o_rec); + uint64_t verifySections(PNOR::SectionId i_id, + bool i_loadedPreviously, + LoadRecord* io_rec); /** * @brief Message receiver for secure space @@ -161,6 +179,16 @@ class SPnorRP uint64_t accessType) const; /** + * @brief A wrapper for mm_remove_pages that encapsulates an error log + * @note This is a special case of mm_remove_pages that makes use of + * PAGE_REMOVAL_OPS "RELEASE" setting + * + * @param[in] i_va - virtual start address of pages to be removed + * @param[in] i_size - size of block to remove + */ + errlHndl_t removePages(void* i_va, uint64_t i_size) const; + + /** * @brief Handles any additional section specific verification checks. * @param[in] i_vaddr - vaddr of PNOR section to verify. Includes header * NULL will assert |
