diff options
author | Mike Baiocchi <mbaiocch@us.ibm.com> | 2017-04-06 10:19:16 -0500 |
---|---|---|
committer | William G. Hoffa <wghoffa@us.ibm.com> | 2017-04-19 09:20:23 -0400 |
commit | 828c58031ebc7236836108b257725e67e0e9dce2 (patch) | |
tree | dd073e0d09ace15af8d4a7f392f522f4066bcbff /src/usr/sbe | |
parent | 909542d1ff7e5de27b6b671c5ffbb215dda834ab (diff) | |
download | talos-hostboot-828c58031ebc7236836108b257725e67e0e9dce2.tar.gz talos-hostboot-828c58031ebc7236836108b257725e67e0e9dce2.zip |
Update the HW Key Hash in HBBL from PNOR for SBE Update Operations
This commit updates the HW Key Hash section of the HBBL partition
pulled from PNOR before the SBE Update customization process.
By default the HW Key Hash used to boot the system is used, but
inside a Secureboot Key Transition (SBKT) IPL the new HW Key Hash
will be used.
Change-Id: I5ad235784cca53d746a46f5154c35f77540d24ba
RTC: 167585
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38926
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Martin Gloff <mgloff@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Diffstat (limited to 'src/usr/sbe')
-rw-r--r-- | src/usr/sbe/sbe_update.C | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/src/usr/sbe/sbe_update.C b/src/usr/sbe/sbe_update.C index b8cc92c8c..86869bff9 100644 --- a/src/usr/sbe/sbe_update.C +++ b/src/usr/sbe/sbe_update.C @@ -1852,6 +1852,58 @@ namespace SBE "hbblPnorPtr=%p, hbblMaxSize=0x%08X (%d)", hbblPnorPtr, MAX_HBBL_SIZE, MAX_HBBL_SIZE); + /*******************************************/ + /* Update the HW Key Hash in the HBBL */ + /*******************************************/ + if ( !g_do_hw_keys_hash_transition ) + { + // Use the HW Key Hash that the system used to boot + SHA512_t sys_hash = {0}; + SECUREBOOT::getHwKeyHash(sys_hash); + + // Create an 'all-zero' hash for comparison + SHA512_t tmp_hash = {0}; + + // Look for 'all-zero' system hash + if ( memcmp(sys_hash, tmp_hash, sizeof(SHA512_t)) == 0 ) + { + // System hash is all zeros, so use HW Key Hash in HBBL + // section from PNOR + TRACFCOMP( g_trac_sbe, "getSbeInfoState() - Using HW Key " + "Hash from HBBL section of PNOR: 0x%8X", + sha512_to_u32( + reinterpret_cast<uint8_t*>( + reinterpret_cast<uint64_t>(hbblPnorPtr) + + HBBL_HW_KEY_HASH_LOCATION))); + + } + else + { + // Use non-zero system hash + TRACFCOMP( g_trac_sbe, "getSbeInfoState() - Using System " + "HW Key Hash: 0x%8X", + sha512_to_u32(sys_hash)); + + memcpy (reinterpret_cast<void*>( + reinterpret_cast<uint64_t>(hbblPnorPtr) + + HBBL_HW_KEY_HASH_LOCATION), + sys_hash, + sizeof(SHA512_t)); + } + } + else + { + // Use the Secureboot Transition HW Key Hash found earlier + TRACFCOMP( g_trac_sbe, "getSbeInfoState() - Using Secureboot " + "Transition HW Key Hash: 0x%08X", + sha512_to_u32(g_hw_keys_hash_transition_data)); + + memcpy (reinterpret_cast<void*>( + reinterpret_cast<uint64_t>(hbblPnorPtr) + + HBBL_HW_KEY_HASH_LOCATION), + g_hw_keys_hash_transition_data, + sizeof(SHA512_t)); + } /*******************************************/ /* Append HBBL Image from PNOR to SBE */ |