summaryrefslogtreecommitdiffstats
path: root/src/usr/secureboot/common/errlud_secure.C
diff options
context:
space:
mode:
authorStephen Cprek <smcprek@us.ibm.com>2018-01-23 14:27:17 -0600
committerDaniel M. Crowell <dcrowell@us.ibm.com>2018-01-31 11:09:11 -0500
commit8443a65a3599f433bd47c2ea03e863240db28b89 (patch)
tree1fb9f8b5fedaf2d6e8fe371ed3f0f46dd5e85f9d /src/usr/secureboot/common/errlud_secure.C
parentd999ed144f949e318fbd0523f0dfaa56d291596f (diff)
downloadtalos-hostboot-8443a65a3599f433bd47c2ea03e863240db28b89.tar.gz
talos-hostboot-8443a65a3599f433bd47c2ea03e863240db28b89.zip
Collect better FFDC on ROM verification errors
Collect both the UTIL and RUNTIME component traces on a ROM verify failure Added a new Errlog User Details sections "Verify Info" containing the component name, ID(s), measured, and expected hashes Change-Id: I0d0408128e05807bb906be5ee365d56d1416693f CQ:SW413889 Backport:release-fips910 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/52593 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot/common/errlud_secure.C')
-rw-r--r--src/usr/secureboot/common/errlud_secure.C51
1 files changed, 50 insertions, 1 deletions
diff --git a/src/usr/secureboot/common/errlud_secure.C b/src/usr/secureboot/common/errlud_secure.C
index 1af61daba..68a0efcc1 100644
--- a/src/usr/secureboot/common/errlud_secure.C
+++ b/src/usr/secureboot/common/errlud_secure.C
@@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
-/* Contributors Listed Below - COPYRIGHT 2014,2017 */
+/* Contributors Listed Below - COPYRIGHT 2014,2018 */
/* [+] International Business Machines Corp. */
/* */
/* */
@@ -31,6 +31,10 @@
#include <secureboot/secure_reasoncodes.H>
#include "errlud_secure.H"
#include <kernel/bltohbdatamgr.H>
+#include <util/utilmem.H>
+#include <securerom/ROM.H>
+#include <errl/errlentry.H>
+#include <errl/errlmanager.H>
namespace SECUREBOOT
{
@@ -164,5 +168,50 @@ UdSecuritySettings::~UdSecuritySettings()
}
+//------------------------------------------------------------------------------
+// SECURE Verify Info User Details
+//------------------------------------------------------------------------------
+UdVerifyInfo::UdVerifyInfo(const char* i_compId,
+ const uint64_t i_protectedSize,
+ const RomVerifyIds& i_ids,
+ const SHA512_t& i_measuredHash,
+ const SHA512_t& i_expectedHash)
+{
+ // Set up Ud instance variables
+ iv_CompId = SECURE_COMP_ID;
+ iv_Version = SECURE_UDT_VERSION_1;
+ iv_SubSection = SECURE_UDT_VERIFY_INFO;
+
+ //***** Version SECURE_UDT_VERSION_1 Memory Layout *****
+ // 9 bytes Max : Component ID (8 byte string + NULL) use strlen
+ // 8 bytes : Protected Payload Size
+ // 4 bytes : Number of IDs
+ // 4*N bytes : IDs (PNOR id or LidID) multiplied by number of ids
+ // 64 bytes : Measured Hash
+ // 64 bytes : Expected Hash
+
+ UtilMem l_memBuf {};
+ l_memBuf.write(i_compId, strlen(i_compId)+1);
+ l_memBuf << i_protectedSize;
+ l_memBuf << static_cast<uint32_t>(i_ids.size());
+ for (auto id : i_ids)
+ {
+ l_memBuf << id;
+ }
+ l_memBuf.write(i_measuredHash, PARSER_SIZEOF_SHA512_t);
+ l_memBuf.write(i_expectedHash, PARSER_SIZEOF_SHA512_t);
+
+ auto l_memBufErr = l_memBuf.getLastError();
+ if(l_memBufErr)
+ {
+ errlCommit(l_memBufErr,SECURE_COMP_ID);
+ }
+ else
+ {
+ char * l_pBuf = reinterpret_cast<char *>(reallocUsrBuf(l_memBuf.size()));
+ memcpy(l_pBuf, l_memBuf.base(), l_memBuf.size());
+ }
+}
+
} // end SECUREBOOT namespace
OpenPOWER on IntegriCloud