diff options
| author | Stephen Cprek <smcprek@us.ibm.com> | 2017-10-31 13:01:30 -0500 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-11-19 15:54:51 -0500 |
| commit | 81279c1d146d8ee920494c7817cdd72f165dd373 (patch) | |
| tree | d616d0914823c8c25592e8276e0610ba1c9d2a28 /src/usr/runtime/test | |
| parent | 63a026113332464fc3bcc73369ba35bfe8f62b6f (diff) | |
| download | talos-hostboot-81279c1d146d8ee920494c7817cdd72f165dd373.tar.gz talos-hostboot-81279c1d146d8ee920494c7817cdd72f165dd373.zip | |
Secure Boot: Fix lid load from HB reserved memory issues at runtime
- Force all PNOR sections we load from HB rserved memory to be secure
Only exception is the RINGOVD section, in which we use a fake header
- Add fake header when Secureboot compiled out or a section is never
signed as there is no secure header preserved in virtual memory
RTC: 171708
RTC: 180063
Change-Id: Ibbbd7be24ee7b199e73451c63b2c2d1f86a2c2d8
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49020
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/runtime/test')
| -rw-r--r-- | src/usr/runtime/test/testpreverifiedlidmgr.H | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/src/usr/runtime/test/testpreverifiedlidmgr.H b/src/usr/runtime/test/testpreverifiedlidmgr.H index 3863ed27e..26879574e 100644 --- a/src/usr/runtime/test/testpreverifiedlidmgr.H +++ b/src/usr/runtime/test/testpreverifiedlidmgr.H @@ -83,7 +83,8 @@ class PreVerifiedLidMgrTest : public CxxTest::TestSuite // Handle all Pre verified PNOR sections for (const auto & secIdPair : RUNTIME::preVerifiedPnorSections) { - l_errl = RUNTIME::hbResvLoadSecureSection(secIdPair.first); + l_errl = RUNTIME::hbResvLoadSecureSection(secIdPair.first, + secIdPair.second); if (l_errl) { errlCommit(l_errl, RUNTIME_COMP_ID); @@ -100,16 +101,20 @@ class PreVerifiedLidMgrTest : public CxxTest::TestSuite // Each section has 2 lids each (Header, Content) except the RINGOVD // section. It only has 1 or is inhibited in secure mode size_t l_numSections = RUNTIME::preVerifiedPnorSections.size(); - size_t l_expectedLids = (2 * l_numSections) - 1; + // See utillidpnor.C for more info on num of lids + size_t l_expectedLids = (2 * l_numSections); if (SECUREBOOT::enabled()) { - l_expectedLids--; + // RINGOVD not permitted in secure mode + l_expectedLids -= 2; } // Ensure the expected number of lids were loaded. if (l_preVerLidMgr.cv_lidsLoaded.size() != l_expectedLids) { - TS_FAIL("testLoadFromPnor> Num of lids loaded not correct"); + TS_FAIL("testLoadFromPnor> Num of lids loaded not correct %d expected %d", + l_preVerLidMgr.cv_lidsLoaded.size(), + l_expectedLids); break; } |
