diff options
| author | Mike Baiocchi <mbaiocch@us.ibm.com> | 2017-07-01 01:43:12 -0500 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-08-09 13:47:00 -0400 |
| commit | 776d1086a7ed224c482d2da3c49b2c597b8776ab (patch) | |
| tree | 1da81d9f9edec18550b4bd69dcfd95140e741fa1 /src/usr/secureboot/base | |
| parent | e676209189922c5105629a9785a25958ba0972a9 (diff) | |
| download | talos-hostboot-776d1086a7ed224c482d2da3c49b2c597b8776ab.tar.gz talos-hostboot-776d1086a7ed224c482d2da3c49b2c597b8776ab.zip | |
Secureboot: Inhibit attribute overrides and sync exposures
For Secureboot purposes, we don't consider the FSP a secure source. So
this commit inhibts attribute overrides and any sort of attribute syncing
from the FSP.
Change-Id: I941ab5083d3055bc29237839aaaf4b723a2b0e90
RTC:175071
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/42687
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot/base')
| -rw-r--r-- | src/usr/secureboot/base/service.C | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/src/usr/secureboot/base/service.C b/src/usr/secureboot/base/service.C index fc4498908..6d0bf8ff3 100644 --- a/src/usr/secureboot/base/service.C +++ b/src/usr/secureboot/base/service.C @@ -41,6 +41,7 @@ #include "purge.H" #include <kernel/misc.H> #include <kernel/console.H> +#include <kernel/bltohbdatamgr.H> #include <console/consoleif.H> #include <util/misc.H> @@ -559,4 +560,35 @@ void addSecureUserDetailsToErrolog(errlHndl_t & io_err) //Note: adding UdTargetHwKeyHash left to Extended image } +#ifndef __HOSTBOOT_RUNTIME +bool allowAttrOverrides() +{ + bool retVal = false; + + if (enabled()) + { + if (g_BlToHbDataManager.getAllowAttrOverrides()) + { + retVal = true; + SB_INF("allowAttrOverrides: Allowing Attr Overrides in " + "Secure Mode: retVal=%d", retVal); + } + else + { + retVal = false; + SB_INF("allowAttrOverrides: DO NOT Allow Attr Overrides in " + "Secure Mode: retVal=%d", retVal); + } + } + else + { + retVal = true; + SB_DBG("allowAttrOverrides: Allow Attr Overrides in " + "Unsecure Mode: retVal=%d", retVal); + } + + return retVal; +}; +#endif + } //namespace SECUREBOOT |
