diff options
author | Mike Baiocchi <mbaiocch@us.ibm.com> | 2017-07-01 01:43:12 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-08-09 13:47:00 -0400 |
commit | 776d1086a7ed224c482d2da3c49b2c597b8776ab (patch) | |
tree | 1da81d9f9edec18550b4bd69dcfd95140e741fa1 /src/usr/targeting/attrsync.C | |
parent | e676209189922c5105629a9785a25958ba0972a9 (diff) | |
download | talos-hostboot-776d1086a7ed224c482d2da3c49b2c597b8776ab.tar.gz talos-hostboot-776d1086a7ed224c482d2da3c49b2c597b8776ab.zip |
Secureboot: Inhibit attribute overrides and sync exposures
For Secureboot purposes, we don't consider the FSP a secure source. So
this commit inhibts attribute overrides and any sort of attribute syncing
from the FSP.
Change-Id: I941ab5083d3055bc29237839aaaf4b723a2b0e90
RTC:175071
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/42687
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/targeting/attrsync.C')
-rw-r--r-- | src/usr/targeting/attrsync.C | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/src/usr/targeting/attrsync.C b/src/usr/targeting/attrsync.C index 6faca132a..4201776be 100644 --- a/src/usr/targeting/attrsync.C +++ b/src/usr/targeting/attrsync.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2012,2016 */ +/* Contributors Listed Below - COPYRIGHT 2012,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -27,7 +27,7 @@ #include <targeting/common/trace.H> #include <initservice/initserviceif.H> #include <errl/hberrltypes.H> - +#include <secureboot/service.H> using namespace ERRORLOG; @@ -67,6 +67,14 @@ namespace TARGETING "section type %u total pages %d", iv_section_to_sync, iv_total_pages ); + if (!SECUREBOOT::allowAttrOverrides()) + { + TARG_INF("AttributeSync::updateSectionData(): skipping since " + "attribute overrides are not allowed and we don't " + "trust the FSP, but still returning ATTR_SYNC_SUCCESS"); + return ATTR_SYNC_SUCCESS; + } + ATTR_SYNC_RC l_rc = ATTR_SYNC_SUCCESS; // call the targeting function here to get context. @@ -167,6 +175,13 @@ namespace TARGETING memset( &l_page, 0, sizeof(TARGETING::sectionRefData) ); do{ + if (!SECUREBOOT::allowAttrOverrides()) + { + TARG_INF("AttributeSync::syncSectionFromFsp(): skipping since " + "attribute overrides are not allowed and we don't " + "trust the FSP"); + break; + } // send a request to FSP to sync to Hostboot l_errl = sendSyncToHBRequestMessage(); @@ -554,6 +569,14 @@ namespace TARGETING break; } + if (!SECUREBOOT::allowAttrOverrides()) + { + TARG_INF("syncAllAttributesFromFsp(): skipping since " + "attribute overrides are not allowed and we don't " + "trust the FSP"); + break; + } + // create Hostboot message queue msg_q_t l_pHbMsgQ = msg_q_create(); |