diff options
author | Stephen Cprek <smcprek@us.ibm.com> | 2017-01-06 16:26:20 -0600 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-01-30 11:20:12 -0500 |
commit | b83556b80737f7098ce5cae73a61068f8bf56184 (patch) | |
tree | bc3d819601baba51459664152955c70da0bc2111 /src/usr/secureboot | |
parent | 6b650f5428297e8dde075d25e7862a20c8d47f04 (diff) | |
download | talos-hostboot-b83556b80737f7098ce5cae73a61068f8bf56184.tar.gz talos-hostboot-b83556b80737f7098ce5cae73a61068f8bf56184.zip |
Use common ROM header files for rom, bootloader, and hostboot
Change-Id: I4d7db7293d44633cf1646f69ab98ddc8d66338ca
RTC: 143902
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/34525
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot')
-rw-r--r-- | src/usr/secureboot/base/containerheader.C | 6 | ||||
-rw-r--r-- | src/usr/secureboot/base/securerom.H | 93 |
2 files changed, 5 insertions, 94 deletions
diff --git a/src/usr/secureboot/base/containerheader.C b/src/usr/secureboot/base/containerheader.C index a807d7d12..7c518adbf 100644 --- a/src/usr/secureboot/base/containerheader.C +++ b/src/usr/secureboot/base/containerheader.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2016 */ +/* Contributors Listed Below - COPYRIGHT 2016,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -44,7 +44,7 @@ void ContainerHeader::parse_header(const void* i_header) // Early check if magic number is valid, as a quick check to try and prevent // any storage exceptions while parsing header. - assert(iv_headerInfo.hw_hdr.magic_number == MAGIC_NUMBER, + assert(iv_headerInfo.hw_hdr.magic_number == ROM_MAGIC_NUMBER, "ContainerHeader: magic number = 0x%08X not valid", iv_headerInfo.hw_hdr.magic_number); @@ -195,7 +195,7 @@ const SHA512_t* ContainerHeader::hwKeyHash() const void ContainerHeader::validate() { iv_isValid = (iv_hdrBytesRead <= MAX_SECURE_HEADER_SIZE) - && (iv_headerInfo.hw_hdr.magic_number == MAGIC_NUMBER) + && (iv_headerInfo.hw_hdr.magic_number == ROM_MAGIC_NUMBER) && (iv_headerInfo.hw_hdr.version == ROM_VERSION) && (iv_headerInfo.hw_prefix_hdr.ver_alg.version == ROM_VERSION) && (iv_headerInfo.hw_prefix_hdr.ver_alg.hash_alg == ROM_HASH_ALG) diff --git a/src/usr/secureboot/base/securerom.H b/src/usr/secureboot/base/securerom.H index bfb16f88b..4bb4fd54e 100644 --- a/src/usr/secureboot/base/securerom.H +++ b/src/usr/secureboot/base/securerom.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2013,2016 */ +/* Contributors Listed Below - COPYRIGHT 2013,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -26,97 +26,8 @@ #ifndef __SECUREBOOT_SECUREROM_H #define __SECUREBOOT_SECUREROM_H -/** @file SecureRom.H - * - * @brief SecureROM class definition and miscellaneious defines - * needed to work with Secure ROM binary - */ - #include <errl/errlentry.H> - - -/******************************************************************/ -/* Start of Chip Logic Secure ROM include section */ -/******************************************************************/ -// These defines come from the following directory: -// /afs/awd/projects/eclipz/c22/libs/tp/logic/p8m/head/trusted_boot_rom/src -// and are needed to run functions in the SecureROM code stored in memory - -/* From hw_utils.h: */ -#define ECID_SIZE 16 - - -/* From ecverify.h */ -#define EC_COORDBYTES 66 /* P-521 */ -typedef uint8_t ecc_key_t[2*EC_COORDBYTES]; - - -/* From sha512.h: */ -#define SHA512_DIGEST_LENGTH 64 -typedef uint8_t __attribute__((aligned(8))) sha2_hash_t[ \ - SHA512_DIGEST_LENGTH / sizeof(uint8_t) ]; - -typedef uint8_t sha2_byte; /* Exactly 1 byte */ - -// This is the interface that call_rom_SHA512 calls into -// void SHA512_Hash(const sha2_byte *data, size_t len, sha2_hash_t *result); - - -/* From ROM.h */ -typedef enum { ROM_DONE, ROM_FAILED, PHYP_PARTIAL } ROM_response; - -typedef struct { - uint32_t magic_number; // (17082011) - uint16_t version; // (1: see versions above) - uint64_t container_size; // filled by caller - uint64_t target_hrmor; // filled by caller - uint64_t stack_pointer; // filled by caller - //bottom of stack -> 128k added by rom code to get real stack pointer - ecc_key_t hw_pkey_a; - ecc_key_t hw_pkey_b; - ecc_key_t hw_pkey_c; - uint64_t prefix; // prefix header place holder - // followed by sw header (if not special prefix) - // followed by optional unprotected payload data -}__attribute__((packed)) ROM_container_raw; - - -typedef struct { - sha2_hash_t hw_key_hash; - uint8_t my_ecid[ECID_SIZE]; - uint64_t entry_point; - uint64_t log; -}__attribute__((packed)) ROM_hw_params; - - -// Need this for the following definition -#ifdef __cplusplus -extern "C" -{ -#endif - -// Interfaces for Assembly Functions to call into Secure ROM -// - 1st parameter is address of function offset into Secure ROM, -// followed by additional parameters as necssary - -ROM_response call_rom_verify(void*, ROM_container_raw*, ROM_hw_params*); -void call_rom_SHA512(void*, const sha2_byte *, size_t, sha2_hash_t*); - -#ifdef __cplusplus -} -#endif - - -/* Offsets needed to call functions in jump table at start of */ -/* SecureROM code - see .../trusted_boot_rom/bootrom.dis */ -#define SHA512_HASH_FUNCTION_OFFSET 0x20 -#define ROM_VERIFY_FUNCTION_OFFSET 0x30 - - -/******************************************************************/ -/* End of Chip Logic Secure ROM include section */ -/******************************************************************/ - +#include <securerom/ROM.H> /** @class SecureROM * @brief Class for loading and interacting with SecureROM in memory |