diff options
| author | Nick Bofferding <bofferdn@us.ibm.com> | 2018-02-06 11:48:12 -0600 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2018-02-07 17:54:50 -0500 |
| commit | 1fe8dc52058372b081c1f835e44b212e2c5899bf (patch) | |
| tree | 05e4d0a10dad0e2d607f441025b22dde297b0aca /src/usr/secureboot/common | |
| parent | 0752d042e8fc1a6bdc1892bd349f7bb08b22c650 (diff) | |
| download | talos-hostboot-1fe8dc52058372b081c1f835e44b212e2c5899bf.tar.gz talos-hostboot-1fe8dc52058372b081c1f835e44b212e2c5899bf.zip | |
Secure Boot: Remove utilmem from verify container fail path
When the Hostboot extended image verification fails, it calls FFDC collection
routine which invokes UtilMem functionality that is contained in the extended
image. This creates a circular loop of dependency that cannot be satisfied.
The FFDC collection was fixed to remove use of UtilMem while providing same
function
Change-Id: Id7a15ae68ec316c5d6d6779143d1409f5333e816
Backport: release-fips910
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/53456
Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot/common')
| -rw-r--r-- | src/usr/secureboot/common/errlud_secure.C | 46 |
1 files changed, 26 insertions, 20 deletions
diff --git a/src/usr/secureboot/common/errlud_secure.C b/src/usr/secureboot/common/errlud_secure.C index 68a0efcc1..a6b9b3d1d 100644 --- a/src/usr/secureboot/common/errlud_secure.C +++ b/src/usr/secureboot/common/errlud_secure.C @@ -31,7 +31,6 @@ #include <secureboot/secure_reasoncodes.H> #include "errlud_secure.H" #include <kernel/bltohbdatamgr.H> -#include <util/utilmem.H> #include <securerom/ROM.H> #include <errl/errlentry.H> #include <errl/errlmanager.H> @@ -190,27 +189,34 @@ UdVerifyInfo::UdVerifyInfo(const char* i_compId, // 64 bytes : Measured Hash // 64 bytes : Expected Hash - UtilMem l_memBuf {}; - l_memBuf.write(i_compId, strlen(i_compId)+1); - l_memBuf << i_protectedSize; - l_memBuf << static_cast<uint32_t>(i_ids.size()); - for (auto id : i_ids) + const size_t compSize=strlen(i_compId)+1; + uint64_t protectedSize=i_protectedSize; + uint32_t ids=i_ids.size(); + uint32_t idType=0; + const size_t totalSize= + compSize + + sizeof(protectedSize) + + sizeof(ids) + + sizeof(idType)*ids + + PARSER_SIZEOF_SHA512_t + + PARSER_SIZEOF_SHA512_t; + + auto l_pBuf = reinterpret_cast<char *>(reallocUsrBuf(totalSize)); + memcpy(l_pBuf,i_compId,compSize); + l_pBuf+=compSize; + *reinterpret_cast<decltype(protectedSize)*>(l_pBuf)=i_protectedSize; + l_pBuf+=sizeof(protectedSize); + *reinterpret_cast<decltype(ids)*>(l_pBuf)=ids; + l_pBuf+=sizeof(ids); + for(const auto id : i_ids) { - l_memBuf << id; - } - l_memBuf.write(i_measuredHash, PARSER_SIZEOF_SHA512_t); - l_memBuf.write(i_expectedHash, PARSER_SIZEOF_SHA512_t); - - auto l_memBufErr = l_memBuf.getLastError(); - if(l_memBufErr) - { - errlCommit(l_memBufErr,SECURE_COMP_ID); - } - else - { - char * l_pBuf = reinterpret_cast<char *>(reallocUsrBuf(l_memBuf.size())); - memcpy(l_pBuf, l_memBuf.base(), l_memBuf.size()); + *reinterpret_cast<decltype(idType)*>(l_pBuf)=id; + l_pBuf+=sizeof(idType); } + memcpy(l_pBuf,i_measuredHash, PARSER_SIZEOF_SHA512_t); + l_pBuf+=PARSER_SIZEOF_SHA512_t; + memcpy(l_pBuf,i_expectedHash, PARSER_SIZEOF_SHA512_t); + l_pBuf+=PARSER_SIZEOF_SHA512_t; } } // end SECUREBOOT namespace |
