diff options
| author | Stephen Cprek <smcprek@us.ibm.com> | 2017-03-29 16:43:32 -0500 |
|---|---|---|
| committer | William G. Hoffa <wghoffa@us.ibm.com> | 2017-04-19 09:16:17 -0400 |
| commit | 909542d1ff7e5de27b6b671c5ffbb215dda834ab (patch) | |
| tree | 3df115102d38a196582553b8907c4891404890cd /src/usr/sbe | |
| parent | 5334b1e8d4f2ff7463defcf39c8c9c9c6b6012f7 (diff) | |
| download | talos-hostboot-909542d1ff7e5de27b6b671c5ffbb215dda834ab.tar.gz talos-hostboot-909542d1ff7e5de27b6b671c5ffbb215dda834ab.zip | |
Sign and securely load SBE partition
Change-Id: I92d1b9544168cfa8780d5be1a666fb3e748bf942
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38627
Reviewed-by: Martin Gloff <mgloff@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Diffstat (limited to 'src/usr/sbe')
| -rw-r--r-- | src/usr/sbe/sbe_update.C | 37 | ||||
| -rw-r--r-- | src/usr/sbe/test/sbeupdatetest.H | 49 |
2 files changed, 51 insertions, 35 deletions
diff --git a/src/usr/sbe/sbe_update.C b/src/usr/sbe/sbe_update.C index 3b333459e..b8cc92c8c 100644 --- a/src/usr/sbe/sbe_update.C +++ b/src/usr/sbe/sbe_update.C @@ -727,7 +727,9 @@ namespace SBE // Advance PNOR pointer 4k to move it past header page to the // start of the non-customized SBE image o_imgPtr = reinterpret_cast<void*> - (reinterpret_cast<char*>(hdr_Ptr)+0x1000); + (reinterpret_cast<char*>(hdr_Ptr)+PAGE_SIZE); + // Do not include header in size + o_imgSize -= PAGE_SIZE; } if(NULL != o_version) @@ -3646,6 +3648,17 @@ namespace SBE break; } + // Load PNOR sections into secure memory +#ifdef CONFIG_SECUREBOOT + err = loadSecureSection(PNOR::SBE_IPL); + if (err) + { + TRACFCOMP( g_trac_sbe, ERR_MRK"createSbeImageVmmSpace() - Error from loadSecureSection(PNOR::SBE_IPL)"); + break; + } + +#endif + }while(0); TRACDCOMP( g_trac_sbe, @@ -3730,7 +3743,25 @@ namespace SBE break; } +#ifndef CONFIG_SECUREBOOT + // @TODO RTC 157475 + // UnloadSecureSection is not fully implemented so we do not attempt + // to pull the SBE partition back in after the initial time. + // NOTE: PNOR::flush(PNOR::HB_BOOTLOADER) is another thing that + // could be flushed. It's only 20K, but it would be 5 pages + // freed up. PNOR::flush( PNOR::SBE_IPL ); +#endif + + // Unload PNOR sections from secure memory +#ifdef CONFIG_SECUREBOOT + err = unloadSecureSection(PNOR::SBE_IPL); + if (err) + { + TRACFCOMP( g_trac_sbe, ERR_MRK"cleanupSbeImageVmmSpace() - Error from unloadSecureSection(PNOR::SBE_IPL)"); + break; + } +#endif }while(0); @@ -5031,7 +5062,7 @@ errlHndl_t secureKeyTransition() l_errl = loadSecureSection(PNOR::SBKT); if (l_errl) { - TRACFCOMP( g_trac_sbe, ERR_MRK,"secureKeyTransition() - Error from loadSecureSection(PNOR::SBKT)"); + TRACFCOMP( g_trac_sbe, ERR_MRK"secureKeyTransition() - Error from loadSecureSection(PNOR::SBKT)"); break; } l_loaded = true; @@ -5052,7 +5083,7 @@ errlHndl_t secureKeyTransition() l_errl = unloadSecureSection(PNOR::SBKT); if (l_errl) { - TRACFCOMP( g_trac_sbe, ERR_MRK,"secureKeyTransition() - Error from unloadSecureSection(PNOR::SBKT)"); + TRACFCOMP( g_trac_sbe, ERR_MRK"secureKeyTransition() - Error from unloadSecureSection(PNOR::SBKT)"); break; } } diff --git a/src/usr/sbe/test/sbeupdatetest.H b/src/usr/sbe/test/sbeupdatetest.H index 876b8e874..9a0701f50 100644 --- a/src/usr/sbe/test/sbeupdatetest.H +++ b/src/usr/sbe/test/sbeupdatetest.H @@ -685,7 +685,6 @@ class SBEUpdateTest: public CxxTest::TestSuite { errlHndl_t err = NULL; - errlHndl_t err_cleanup = NULL; uint64_t fails = 0x0; uint64_t total = 0x0; @@ -711,16 +710,6 @@ class SBEUpdateTest: public CxxTest::TestSuite uint8_t local_ec = theTarget->getAttr<TARGETING::ATTR_EC>(); - total++; - err = createSbeImageVmmSpace(); - if(err) - { - fails++; - TS_FAIL("testSbeUpdateTarget() - Call to createSbeImageVmmSpace() failed"); - break; - } - - /****************************************************/ /* Get SBE Info State */ /****************************************************/ @@ -864,16 +853,6 @@ class SBEUpdateTest: public CxxTest::TestSuite }while(0); - err_cleanup = cleanupSbeImageVmmSpace(); - if(err_cleanup) - { - total++; - fails++; - TS_FAIL("testSbeUpdateTarget() -Call to cleanupSbeImageVmmSpace() failed."); - errlCommit( err_cleanup, SBE_COMP_ID ); - - } - TRACFCOMP( g_trac_sbe, EXIT_MRK"testSbeUpdateTarget() - %d/%d fails", fails, total ); @@ -1235,20 +1214,23 @@ class SBEUpdateTest: public CxxTest::TestSuite */ SBEUpdateTest() : CxxTest::TestSuite() { - errlHndl_t err = NULL; - uint64_t fails = 0x0; - uint64_t total = 0x0; + errlHndl_t err = nullptr; bool sbe_loaded = false; err = loadSbeModule(sbe_loaded); if(err) { - total++; - fails++; TS_FAIL("SBEUpdateTest() - Constuctor: failed to load modules"); errlCommit( err, SBE_COMP_ID ); } + err = createSbeImageVmmSpace(); + if(err) + { + TS_FAIL("SBEUpdateTest() - Constructor: Call to createSbeImageVmmSpace() failed"); + errlCommit( err, SBE_COMP_ID ); + } + }; @@ -1257,16 +1239,19 @@ class SBEUpdateTest: public CxxTest::TestSuite */ ~SBEUpdateTest() { - errlHndl_t err = NULL; - uint64_t fails = 0x0; - uint64_t total = 0x0; + errlHndl_t err = nullptr; + + err = cleanupSbeImageVmmSpace(); + if(err) + { + TS_FAIL("~SBEUpdateTest() - Destructor: Call to cleanupSbeImageVmmSpace() failed."); + errlCommit( err, SBE_COMP_ID ); + } err = unloadSbeModule(); if(err) { - total++; - fails++; - TS_FAIL("~SBEUpdateTest() - Destuctor: failed to load modules"); + TS_FAIL("~SBEUpdateTest() - Destructor: failed to load modules"); errlCommit( err, SBE_COMP_ID ); } |
