diff options
author | Stephen Cprek <smcprek@us.ibm.com> | 2017-09-18 10:25:22 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-09-20 18:03:22 -0400 |
commit | 4b2859591b45f9b83c6856c4d242e20fc236ebf0 (patch) | |
tree | 22d2aae4c0dc8d40f2d11a7238a9452426987c83 /src/usr/secureboot | |
parent | a1f8b1f54e626cac01de5a9b3911fe72331a512c (diff) | |
download | talos-hostboot-4b2859591b45f9b83c6856c4d242e20fc236ebf0.tar.gz talos-hostboot-4b2859591b45f9b83c6856c4d242e20fc236ebf0.zip |
Fix getSectionInfo from failing on secure sections
Instead restrict actions if a secure section but let all other
info to be obtained
Change-Id: I4ae72157f8a956dfe2bccf9a88c8e6332fd3ff6a
CQ: SW402304
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/46341
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot')
-rw-r--r-- | src/usr/secureboot/runtime/test/testsecureboot_rt.H | 89 |
1 files changed, 49 insertions, 40 deletions
diff --git a/src/usr/secureboot/runtime/test/testsecureboot_rt.H b/src/usr/secureboot/runtime/test/testsecureboot_rt.H index 6d63b4fd7..33ca4cd48 100644 --- a/src/usr/secureboot/runtime/test/testsecureboot_rt.H +++ b/src/usr/secureboot/runtime/test/testsecureboot_rt.H @@ -160,62 +160,71 @@ class SecurebootRtTestSuite: public CxxTest::TestSuite SB_EXIT("SecurebootRtTestSuite::testBaseInterfaces"); } - void testAccessSecurePnorSection() + /** + * @brief Helper to test case that runs getSectionInfo scenarios and checks + * for desired results. + * @param[in] i_id, Pnor Section ID + * @param[in] i_secure, Indicates if section is expected to be secure or not + * + * @return N/A + */ + void runAccessSecurePnorTest(PNOR::SectionId i_id, bool i_secure) { - SB_ENTER("testAccessSecurePnorSection"); - - errlHndl_t l_err = nullptr; - PNOR::SectionId l_id = PNOR::OCC; + errlHndl_t l_errl = nullptr; PNOR::SectionInfo_t l_info; - // Ensure we cannot read secure sections from PNOR at Runtime - l_err = PNOR::getSectionInfo(l_id, l_info); - if(l_err) - { - if (l_err->reasonCode() == PNOR::RC_RTPNOR_INVALID_SECTION) - { - delete l_err; - l_err = nullptr; - } - else - { - TS_FAIL("testAccessSecurePnorSection: unexpected reason code for Secure Section %s. Expected RC 0x%.4X Actual RC 0x%.4X", - PNOR::SectionIdToString(l_id), - PNOR::RC_RTPNOR_INVALID_SECTION, - l_err->reasonCode()); - errlCommit(l_err, SECURE_COMP_ID); - } - } - else + l_errl = PNOR::getSectionInfo(i_id, l_info); + if(l_errl) { - TS_FAIL("testAccessSecurePnorSection: Did not catch illegal PNOR access of Secure Section %s", - PNOR::SectionIdToString(l_id)); + TS_FAIL("testAccessSecurePnorSection: Failed for section %s", + PNOR::SectionIdToString(i_id)); + errlCommit(l_errl, SECURE_COMP_ID); } - l_id = PNOR::HB_EXT_CODE; - l_err = PNOR::getSectionInfo(l_id, l_info); - if(l_err) + // TODO: RTC:180063 change this test case back to how it was before + // having secure sections return vaddr = 0 + // previously in HB commit cefc4c + // If we expect the section to be secure, make sure it returns secure + // and a vaddr of 0 + if (i_secure) { - if (l_err->reasonCode() == PNOR::RC_RTPNOR_INVALID_SECTION) + if (l_info.secure != 1) { - delete l_err; - l_err = nullptr; + TS_FAIL("testAccessSecurePnorSection: Did not return %s as a secure section", + PNOR::SectionIdToString(i_id)); } - else + else if (l_info.vaddr != 0) { - TS_FAIL("testAccessSecurePnorSection: unexpected reason code for Secure Section %s. Expected RC 0x%.4X Actual RC 0x%.4X", - PNOR::SectionIdToString(l_id), - PNOR::RC_RTPNOR_INVALID_SECTION, - l_err->reasonCode()); - errlCommit(l_err, SECURE_COMP_ID); + TS_FAIL("testAccessSecurePnorSection: Did not return a vaddr of 0 for secure section %s", + PNOR::SectionIdToString(i_id)); } } + // If we expect the section to be secure, make sure it returns secure + // and a vaddr of 0 else { - TS_FAIL("testAccessSecurePnorSection: Did not catch illegal PNOR access of Secure Section %s", - PNOR::SectionIdToString(l_id)); + if (l_info.vaddr == 0) + { + TS_FAIL("testAccessSecurePnorSection: Did not return a vaddr of non-zero for a non-secure section %s", + PNOR::SectionIdToString(i_id)); + } } + } + + // TODO: RTC:180063 change this test case back to how it was before + // having secure sections return vaddr = 0 previously + // in HB commit cefc4c + void testAccessSecurePnorSection() + { + SB_ENTER("testAccessSecurePnorSection"); + + + // Ensure we get a vaddr of 0 at Runtime + runAccessSecurePnorTest(PNOR::OCC, true); + runAccessSecurePnorTest(PNOR::HB_EXT_CODE, true); + // Ensure we get a vaddr of at Runtime + runAccessSecurePnorTest(PNOR::TEST, false); SB_EXIT("testAccessSecurePnorSection"); } |