diff options
author | Stephen Cprek <smcprek@us.ibm.com> | 2017-10-31 13:01:30 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-11-19 15:54:51 -0500 |
commit | 81279c1d146d8ee920494c7817cdd72f165dd373 (patch) | |
tree | d616d0914823c8c25592e8276e0610ba1c9d2a28 /src/usr/secureboot/runtime | |
parent | 63a026113332464fc3bcc73369ba35bfe8f62b6f (diff) | |
download | talos-hostboot-81279c1d146d8ee920494c7817cdd72f165dd373.tar.gz talos-hostboot-81279c1d146d8ee920494c7817cdd72f165dd373.zip |
Secure Boot: Fix lid load from HB reserved memory issues at runtime
- Force all PNOR sections we load from HB rserved memory to be secure
Only exception is the RINGOVD section, in which we use a fake header
- Add fake header when Secureboot compiled out or a section is never
signed as there is no secure header preserved in virtual memory
RTC: 171708
RTC: 180063
Change-Id: Ibbbd7be24ee7b199e73451c63b2c2d1f86a2c2d8
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49020
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot/runtime')
-rw-r--r-- | src/usr/secureboot/runtime/test/testsecureboot_rt.H | 73 |
1 files changed, 33 insertions, 40 deletions
diff --git a/src/usr/secureboot/runtime/test/testsecureboot_rt.H b/src/usr/secureboot/runtime/test/testsecureboot_rt.H index 33ca4cd48..f728357e2 100644 --- a/src/usr/secureboot/runtime/test/testsecureboot_rt.H +++ b/src/usr/secureboot/runtime/test/testsecureboot_rt.H @@ -44,6 +44,7 @@ #include <secureboot/settings.H> #include <pnor/pnorif.H> #include <pnor/pnor_reasoncodes.H> +#include "../../../pnor/pnor_utils.H" class SecurebootRtTestSuite: public CxxTest::TestSuite { @@ -163,70 +164,62 @@ class SecurebootRtTestSuite: public CxxTest::TestSuite /** * @brief Helper to test case that runs getSectionInfo scenarios and checks * for desired results. + * If secure, should throw an error + * Otherwise no error * @param[in] i_id, Pnor Section ID - * @param[in] i_secure, Indicates if section is expected to be secure or not * * @return N/A */ - void runAccessSecurePnorTest(PNOR::SectionId i_id, bool i_secure) + void runAccessSecurePnorTest(PNOR::SectionId i_id) { errlHndl_t l_errl = nullptr; + bool l_secure = PNOR::isEnforcedSecureSection(i_id); PNOR::SectionInfo_t l_info; - l_errl = PNOR::getSectionInfo(i_id, l_info); - if(l_errl) - { - TS_FAIL("testAccessSecurePnorSection: Failed for section %s", - PNOR::SectionIdToString(i_id)); - errlCommit(l_errl, SECURE_COMP_ID); - } + SB_ENTER("runAccessSecurePnorTest %s", PNOR::SectionIdToString(i_id)); - // TODO: RTC:180063 change this test case back to how it was before - // having secure sections return vaddr = 0 - // previously in HB commit cefc4c - // If we expect the section to be secure, make sure it returns secure - // and a vaddr of 0 - if (i_secure) + l_errl = PNOR::getSectionInfo(i_id, l_info); + if(l_secure) { - if (l_info.secure != 1) + SB_INF("runAccessSecurePnorTest is secure"); + if (l_errl && + (l_errl->reasonCode() == PNOR::RC_RTPNOR_INVALID_SECTION)) { - TS_FAIL("testAccessSecurePnorSection: Did not return %s as a secure section", - PNOR::SectionIdToString(i_id)); + SB_INF("runAccessSecurePnorTest caught correct error"); + delete l_errl; + l_errl = nullptr; } - else if (l_info.vaddr != 0) + else { - TS_FAIL("testAccessSecurePnorSection: Did not return a vaddr of 0 for secure section %s", - PNOR::SectionIdToString(i_id)); + TS_FAIL("testAccessSecurePnorSection: unexpected reason code for Secure Section %s. Expected RC 0x%.4X Actual RC 0x%.4X", + PNOR::SectionIdToString(i_id), + PNOR::RC_RTPNOR_INVALID_SECTION, + l_errl->reasonCode()); + errlCommit(l_errl, SECURE_COMP_ID); } } - // If we expect the section to be secure, make sure it returns secure - // and a vaddr of 0 - else + else if(l_errl) { - if (l_info.vaddr == 0) - { - TS_FAIL("testAccessSecurePnorSection: Did not return a vaddr of non-zero for a non-secure section %s", - PNOR::SectionIdToString(i_id)); - } + TS_FAIL("testAccessSecurePnorSection: getSectionInfo failed for section %s", + PNOR::SectionIdToString(i_id)); + errlCommit(l_errl, SECURE_COMP_ID); } + + SB_EXIT("runAccessSecurePnorTest"); } - // TODO: RTC:180063 change this test case back to how it was before - // having secure sections return vaddr = 0 previously - // in HB commit cefc4c void testAccessSecurePnorSection() { +#ifdef CONFIG_SECUREBOOT SB_ENTER("testAccessSecurePnorSection"); + // Should thow an error for trying to read a secure section + runAccessSecurePnorTest(PNOR::OCC); + runAccessSecurePnorTest(PNOR::HB_EXT_CODE); - // Ensure we get a vaddr of 0 at Runtime - runAccessSecurePnorTest(PNOR::OCC, true); - runAccessSecurePnorTest(PNOR::HB_EXT_CODE, true); - - // Ensure we get a vaddr of at Runtime - runAccessSecurePnorTest(PNOR::TEST, false); - - SB_EXIT("testAccessSecurePnorSection"); + // No error for trying to read a secure section + runAccessSecurePnorTest(PNOR::TEST); +#endif } |