diff options
| author | Stephen Cprek <smcprek@us.ibm.com> | 2017-10-31 13:01:30 -0500 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-11-19 15:54:51 -0500 |
| commit | 81279c1d146d8ee920494c7817cdd72f165dd373 (patch) | |
| tree | d616d0914823c8c25592e8276e0610ba1c9d2a28 /src/usr/secureboot/base | |
| parent | 63a026113332464fc3bcc73369ba35bfe8f62b6f (diff) | |
| download | talos-hostboot-81279c1d146d8ee920494c7817cdd72f165dd373.tar.gz talos-hostboot-81279c1d146d8ee920494c7817cdd72f165dd373.zip | |
Secure Boot: Fix lid load from HB reserved memory issues at runtime
- Force all PNOR sections we load from HB rserved memory to be secure
Only exception is the RINGOVD section, in which we use a fake header
- Add fake header when Secureboot compiled out or a section is never
signed as there is no secure header preserved in virtual memory
RTC: 171708
RTC: 180063
Change-Id: Ibbbd7be24ee7b199e73451c63b2c2d1f86a2c2d8
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49020
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot/base')
| -rw-r--r-- | src/usr/secureboot/base/test/securerommgrtest.H | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/src/usr/secureboot/base/test/securerommgrtest.H b/src/usr/secureboot/base/test/securerommgrtest.H index 4a445b52f..1355cc75d 100644 --- a/src/usr/secureboot/base/test/securerommgrtest.H +++ b/src/usr/secureboot/base/test/securerommgrtest.H @@ -45,6 +45,7 @@ #include "../../../vfs/vfsrp.H" #include <sys/vfs.h> #include <kernel/console.H> +#include <pnor/pnorif.H> // Quick change for unit testing //#define TRACUCOMP(args...) TRACFCOMP(args) @@ -525,6 +526,40 @@ class SecureRomManagerTest : public CxxTest::TestSuite unloadSignedFile( signedFile_pageAddr, signedFile_size); } } + + void test_fakeHeader(void) + { + TRACFCOMP(g_trac_secure,"SecureRomManagerTest::test_fakeHeader"); + + const size_t l_totalContainerSize = 0x10000; + // Purposely make a comp id larger than SW_HDR_COMP_ID_SIZE_BYTES + // otherwise strncmp below needs a different size + const char* l_compId = "FAKEHEADERTEST"; + + // Simple call constructor to create fake header and make sure it + // does not cause an error + SECUREBOOT::ContainerHeader l_fakeHdr(l_totalContainerSize, l_compId); + + // Check if Header is mising + if (!PNOR::cmpSecurebootMagicNumber(l_fakeHdr.fakeHeader())) + { + TS_FAIL("SecureRomManagerTest::test_fakeHeader: missing magic number"); + } + + // Payload Text Size should be the total container size minus the header + if(l_fakeHdr.payloadTextSize() != (l_totalContainerSize - PAGE_SIZE)) + { + TS_FAIL("SecureRomManagerTest::test_fakeHeader: payload text size was not parsed correctly"); + } + + // Ensure the parsed component ID matches what was passed in through + // SW_HDR_COMP_ID_SIZE_BYTES + if(strncmp(l_fakeHdr.componentId(), l_compId, + SW_HDR_COMP_ID_SIZE_BYTES) != 0) + { + TS_FAIL("SecureRomManagerTest::test_fakeHeader: component ID was not parsed correctly"); + } + } }; /**********************************************************************/ |
