diff options
author | Nick Bofferding <bofferdn@us.ibm.com> | 2017-10-20 21:13:34 -0500 |
---|---|---|
committer | William G. Hoffa <wghoffa@us.ibm.com> | 2017-11-03 09:45:20 -0400 |
commit | 07d75753d59419ea6ba9ee3bd930e0aa8e7e7fd5 (patch) | |
tree | 78633da60312ff8cfd54807f787219036e976621 /src/usr/pnor | |
parent | 47f275a6bd3b2104a82d9786122afd6fe25f05de (diff) | |
download | talos-hostboot-07d75753d59419ea6ba9ee3bd930e0aa8e7e7fd5.tar.gz talos-hostboot-07d75753d59419ea6ba9ee3bd930e0aa8e7e7fd5.zip |
Secure Boot: Enforce PNOR section component IDs
- In secure mode, bootloader will enforce that HBB component ID is set
- In secure mode, Hostboot will enforce that PNOR component IDs are set
Change-Id: I04f3bbc45417b3229003c56e1083e1fc31c01cd7
RTC: 179422
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/48711
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Diffstat (limited to 'src/usr/pnor')
-rw-r--r-- | src/usr/pnor/spnorrp.C | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/usr/pnor/spnorrp.C b/src/usr/pnor/spnorrp.C index 78453f59c..1643215fd 100644 --- a/src/usr/pnor/spnorrp.C +++ b/src/usr/pnor/spnorrp.C @@ -465,6 +465,17 @@ uint64_t SPnorRP::verifySections(SectionId i_id, failedVerify = true; break; } + + auto const * const pPnorString = PNOR::SectionIdToString(i_id); + l_errhdl = SECUREBOOT::verifyComponent(l_conHdr,pPnorString); + if(l_errhdl) + { + TRACFCOMP(g_trac_pnor, ERR_MRK"SPnorrRP::verifySections: " + "Failed in call to SECUREBOOT::verifyComponent"); + failedVerify = true; + break; + } + l_errhdl = miscSectionVerification(l_tempAddr, i_id); if (l_errhdl) { |