diff options
author | Nick Bofferding <bofferdn@us.ibm.com> | 2018-03-19 23:26:08 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2018-05-08 09:44:28 -0400 |
commit | 2fe71f4ddc13e3c730fbb7e1fcfe0d319eddc333 (patch) | |
tree | 6717b134419978a4b0836382364f98f620d1630c /src/usr/scom/makefile | |
parent | 3c2b4bf2adc3e076d7dc9e2876b64b813a799260 (diff) | |
download | talos-hostboot-2fe71f4ddc13e3c730fbb7e1fcfe0d319eddc333.tar.gz talos-hostboot-2fe71f4ddc13e3c730fbb7e1fcfe0d319eddc333.zip |
Secure Boot: Implement Centaur SCOM cache
This change implements a Centaur SCOM cache for sensitive SCOM registers. The
cache is initialized and enabled before the first Centaur SCOM, and disabled
just prior to locking down the Centaur configuration. Once the Centaur has been
locked down, the real register values are compared to the cache entries, and the
Centaur is deconfigured (not garded) on any mismatch in assumptions.
RTC: 187288
Change-Id: I7b13bfd7eb6b427aba115d6944958bf55e171008
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/57532
Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/scom/makefile')
-rw-r--r-- | src/usr/scom/makefile | 36 |
1 files changed, 33 insertions, 3 deletions
diff --git a/src/usr/scom/makefile b/src/usr/scom/makefile index 8ca16f829..461ad44e6 100644 --- a/src/usr/scom/makefile +++ b/src/usr/scom/makefile @@ -5,7 +5,7 @@ # # OpenPOWER HostBoot Project # -# Contributors Listed Below - COPYRIGHT 2011,2017 +# Contributors Listed Below - COPYRIGHT 2011,2018 # [+] International Business Machines Corp. # # @@ -28,8 +28,38 @@ MODULE = scom #include common ojects between hostboot and runtime hostboot include scom.mk -#include unique object modules - currently none -# OBJS += +# Configure virtual paths +GENDIR = ${ROOTPATH}/obj/genfiles +VPATH += ${ROOTPATH}/src/import/chips/p9/security/ +VPATH += ${GENDIR} + +# Defines for targets/prereqs +CENTAUR_SCOM_REG_DEF_SCRIPT=genCentaurScomCacheRegDefs.pl +CENTAUR_SCOM_REG_DEF_BASE=centaurScomCacheRegDefs +CENTAUR_SCOM_REG_DEF_OBJ=${CENTAUR_SCOM_REG_DEF_BASE}.o +CENTAUR_SCOM_REG_DEF_SRC=${CENTAUR_SCOM_REG_DEF_BASE}.C +CENTAUR_SCOM_REG_DEF_CSV=Centaur_Register_List.csv + +#include unique object modules +OBJS += $(if $(CONFIG_SECUREBOOT),centaurScomCache.o,) +OBJS += $(if $(CONFIG_SECUREBOOT),${CENTAUR_SCOM_REG_DEF_OBJ},) +OBJS += $(if $(CONFIG_SECUREBOOT),errlud_cache.o,) + +# Build rules +all: GENPASS + +GENPASS: ${GENDIR}/${CENTAUR_SCOM_REG_DEF_SRC} + +# Bring the Centaur SCOM cache register definition initialization source file +# up to date by executing the generation script (first dependency), passing +# it the input .csv file (second dependency) and passing it the output dir +# (the directory part of the rule target .. namely obj/genfiles) +${GENDIR}/${CENTAUR_SCOM_REG_DEF_SRC}: \ + ${CENTAUR_SCOM_REG_DEF_SCRIPT} \ + ${CENTAUR_SCOM_REG_DEF_CSV} + ./$< \ + --csv=$(word 2,$^) \ + --output-dir=$(@D) SUBDIRS += test.d SUBDIRS += runtime.d |