diff options
author | Stephen Cprek <smcprek@us.ibm.com> | 2017-11-17 15:49:30 -0600 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-11-30 09:08:08 -0500 |
commit | c336a77283197bd63475f0773b78473c7c239567 (patch) | |
tree | 9cd1c13e5e106541c9e1914865aef18082f27187 /src/usr/runtime | |
parent | 4c1c57f0015efea51fb6c47ded6a6ec05ed27978 (diff) | |
download | talos-hostboot-c336a77283197bd63475f0773b78473c7c239567.tar.gz talos-hostboot-c336a77283197bd63475f0773b78473c7c239567.zip |
Handle comments from pre-verify and runtime lid loading commits
Change-Id: I224079808493c062f04b7c3a59d45128a8f2e699
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49875
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/runtime')
-rw-r--r-- | src/usr/runtime/common/runtime_utils.C | 4 | ||||
-rw-r--r-- | src/usr/runtime/populate_hbruntime.C | 13 | ||||
-rw-r--r-- | src/usr/runtime/test/testpreverifiedlidmgr.H | 11 |
3 files changed, 18 insertions, 10 deletions
diff --git a/src/usr/runtime/common/runtime_utils.C b/src/usr/runtime/common/runtime_utils.C index 7b900389f..d87847f85 100644 --- a/src/usr/runtime/common/runtime_utils.C +++ b/src/usr/runtime/common/runtime_utils.C @@ -27,11 +27,11 @@ namespace RUNTIME { -// -- Verified Images +// -- Images expected to have secure headers // -- OCC // -- WOFDATA // -- HCODE -// -- Non-verified Images +// -- Images that never have secure headers /// -- RINGOVD const PreVerifyVector preVerifiedPnorSections { {PNOR::OCC, true}, diff --git a/src/usr/runtime/populate_hbruntime.C b/src/usr/runtime/populate_hbruntime.C index eb7a5a7b5..2c97ac2f7 100644 --- a/src/usr/runtime/populate_hbruntime.C +++ b/src/usr/runtime/populate_hbruntime.C @@ -557,7 +557,7 @@ errlHndl_t fill_RsvMem_hbData(uint64_t & io_start_address, } errlHndl_t hbResvLoadSecureSection (const PNOR::SectionId i_sec, - bool i_verified) + const bool i_secHdrExpected) { TRACFCOMP( g_trac_runtime,ENTER_MRK"hbResvloadSecureSection() sec %s", PNOR::SectionIdToString(i_sec)); @@ -603,16 +603,21 @@ errlHndl_t hbResvLoadSecureSection (const PNOR::SectionId i_sec, auto l_pnorVaddr = l_info.vaddr; auto l_imgSize = l_info.size; - // If section is signed, only the protected size was loaded into memory - if (i_verified) + // Check if the section is expected to have a secure header regardless + // of compile options + if (i_secHdrExpected) { #ifdef CONFIG_SECUREBOOT + // If section is signed, only the protected size was loaded into memory l_imgSize = l_info.secureProtectedPayloadSize; // Include secure header + // NOTE: we do not preserve the header in virtual memory when SB + // is compiled out. So "-PAGESIZE" only works when SB is compiled in l_pnorVaddr -= PAGESIZE; #endif // Add size for secure header. - // NOTE: if SB compiled out, a header will be injected later + // NOTE: if SB compiled out, a header will be injected later so + // preserve space for the header. l_imgSize += PAGESIZE; } diff --git a/src/usr/runtime/test/testpreverifiedlidmgr.H b/src/usr/runtime/test/testpreverifiedlidmgr.H index 26879574e..47ba6c61b 100644 --- a/src/usr/runtime/test/testpreverifiedlidmgr.H +++ b/src/usr/runtime/test/testpreverifiedlidmgr.H @@ -98,14 +98,17 @@ class PreVerifiedLidMgrTest : public CxxTest::TestSuite break; } - // Each section has 2 lids each (Header, Content) except the RINGOVD - // section. It only has 1 or is inhibited in secure mode + // Each section has 2 lids each (Header, Content) + // Note: even the RINGOVD section adds a Header element, although it is + // INVALID_LID + // See runtime_utils.C for full list of PNOR sections and utillidpnor.C + // for the mappings (PnorToLidsMap) size_t l_numSections = RUNTIME::preVerifiedPnorSections.size(); - // See utillidpnor.C for more info on num of lids size_t l_expectedLids = (2 * l_numSections); if (SECUREBOOT::enabled()) { - // RINGOVD not permitted in secure mode + // RINGOVD not permitted in secure mode. Meaning the Header and + // Content lid will be missing. l_expectedLids -= 2; } |