diff options
author | Mike Baiocchi <mbaiocch@us.ibm.com> | 2017-04-27 14:57:31 -0500 |
---|---|---|
committer | Matthew A. Ploetz <maploetz@us.ibm.com> | 2017-05-02 10:04:42 -0400 |
commit | cf23d7932144fcce653725dcd989dd262192f5a9 (patch) | |
tree | cf9eeb02d992f65afbe1650d83320cdb1a6afdaf /src/usr/util | |
parent | 146e0ee7f3ad8d31e2421a325acc07ed4516e6e8 (diff) | |
download | talos-hostboot-cf23d7932144fcce653725dcd989dd262192f5a9.tar.gz talos-hostboot-cf23d7932144fcce653725dcd989dd262192f5a9.zip |
Check that LidMgr will only use PNOR or VFS LIDs in OpenPower
Change-Id: I03db54bea20d9d8ab0532b7ed7b7a29f4bfbfbda
RTC:167671
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/39779
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Matthew A. Ploetz <maploetz@us.ibm.com>
Diffstat (limited to 'src/usr/util')
-rw-r--r-- | src/usr/util/utillidmgr.C | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/usr/util/utillidmgr.C b/src/usr/util/utillidmgr.C index 8882e205d..872ec4363 100644 --- a/src/usr/util/utillidmgr.C +++ b/src/usr/util/utillidmgr.C @@ -40,6 +40,12 @@ #include <pnor/pnorif.H> #endif +#include <config.h> +#ifdef CONFIG_SECUREBOOT +#include <pnor/pnorif.H> +#include <secureboot/service.H> +#endif + using namespace ERRORLOG; mutex_t UtilLidMgr::cv_mutex = MUTEX_INITIALIZER; @@ -55,6 +61,17 @@ UtilLidMgr::UtilLidMgr(uint32_t i_lidId) { updateLid(i_lidId); iv_spBaseServicesEnabled = INITSERVICE::spBaseServicesEnabled(); + +#ifdef CONFIG_SECUREBOOT + // In SECUREBOOT mode ensure that OpenPower systems only get LIDs from + // either PNOR or VFS where we can trust the security + assert( !(( iv_spBaseServicesEnabled == false ) && + ( iv_isLidInPnor == false ) && + ( iv_isLidInVFS == false ) + ), "UtilLidMgr::UtilLidMgr: Secureboot: OpenPower requesting LID " + "that is not in PNOR or VFS" + ); +#endif } /////////////////////////////////////////////////////////// |