diff options
| author | Stephen Cprek <smcprek@us.ibm.com> | 2017-07-26 10:33:24 -0500 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-08-25 23:16:28 -0400 |
| commit | cefc4c2c1bf3a43a993f2091813ee181779ddee4 (patch) | |
| tree | f6b15a971c3207dbae3b1800f8555b55d5dd8ae7 /src/usr/secureboot/runtime | |
| parent | b8f86e3a6bb4f491360dc3771854e36e903f8a71 (diff) | |
| download | talos-hostboot-cefc4c2c1bf3a43a993f2091813ee181779ddee4.tar.gz talos-hostboot-cefc4c2c1bf3a43a993f2091813ee181779ddee4.zip | |
Refactor SecureBoot Workarounds to better control leniency
At this time we are trying to secure OpenPOWER in secure mode,
but allow best effort policies in other scenarios
Change-Id: I9ec2b5be49dbfcff678c4d30bb85f8762e448cb6
RTC: 170136
RTC: 155374
RTC: 168021
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43640
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot/runtime')
| -rw-r--r-- | src/usr/secureboot/runtime/test/testsecureboot_rt.H | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/src/usr/secureboot/runtime/test/testsecureboot_rt.H b/src/usr/secureboot/runtime/test/testsecureboot_rt.H index a7bd93830..6d63b4fd7 100644 --- a/src/usr/secureboot/runtime/test/testsecureboot_rt.H +++ b/src/usr/secureboot/runtime/test/testsecureboot_rt.H @@ -42,6 +42,8 @@ #include "common/securetrace.H" #include <secureboot/service.H> #include <secureboot/settings.H> +#include <pnor/pnorif.H> +#include <pnor/pnor_reasoncodes.H> class SecurebootRtTestSuite: public CxxTest::TestSuite { @@ -158,6 +160,66 @@ class SecurebootRtTestSuite: public CxxTest::TestSuite SB_EXIT("SecurebootRtTestSuite::testBaseInterfaces"); } + void testAccessSecurePnorSection() + { + SB_ENTER("testAccessSecurePnorSection"); + + errlHndl_t l_err = nullptr; + PNOR::SectionId l_id = PNOR::OCC; + PNOR::SectionInfo_t l_info; + + // Ensure we cannot read secure sections from PNOR at Runtime + l_err = PNOR::getSectionInfo(l_id, l_info); + if(l_err) + { + if (l_err->reasonCode() == PNOR::RC_RTPNOR_INVALID_SECTION) + { + delete l_err; + l_err = nullptr; + } + else + { + TS_FAIL("testAccessSecurePnorSection: unexpected reason code for Secure Section %s. Expected RC 0x%.4X Actual RC 0x%.4X", + PNOR::SectionIdToString(l_id), + PNOR::RC_RTPNOR_INVALID_SECTION, + l_err->reasonCode()); + errlCommit(l_err, SECURE_COMP_ID); + } + } + else + { + TS_FAIL("testAccessSecurePnorSection: Did not catch illegal PNOR access of Secure Section %s", + PNOR::SectionIdToString(l_id)); + } + + l_id = PNOR::HB_EXT_CODE; + l_err = PNOR::getSectionInfo(l_id, l_info); + if(l_err) + { + if (l_err->reasonCode() == PNOR::RC_RTPNOR_INVALID_SECTION) + { + delete l_err; + l_err = nullptr; + } + else + { + TS_FAIL("testAccessSecurePnorSection: unexpected reason code for Secure Section %s. Expected RC 0x%.4X Actual RC 0x%.4X", + PNOR::SectionIdToString(l_id), + PNOR::RC_RTPNOR_INVALID_SECTION, + l_err->reasonCode()); + errlCommit(l_err, SECURE_COMP_ID); + } + } + else + { + TS_FAIL("testAccessSecurePnorSection: Did not catch illegal PNOR access of Secure Section %s", + PNOR::SectionIdToString(l_id)); + } + + + SB_EXIT("testAccessSecurePnorSection"); + } + private: |
