diff options
| author | Chen Du <duchen@us.ibm.com> | 2019-03-04 10:56:19 -0600 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2019-05-09 16:10:29 -0500 |
| commit | bbbd68a140c9b34ccded9273d91e6b5bc97d0f28 (patch) | |
| tree | 930afab97b728563743d597510fe3e473bd998b3 /src/usr/util | |
| parent | 6aeba3917d4d42f6b99a059eeacc57c850dca6b9 (diff) | |
| download | talos-hostboot-bbbd68a140c9b34ccded9273d91e6b5bc97d0f28.tar.gz talos-hostboot-bbbd68a140c9b34ccded9273d91e6b5bc97d0f28.zip | |
Add page tables to read only partitions
Changed partitions (WOFDATA, MEMD)
to be signed with a hash page table bit. This generates
a hash page table in the protected payload which will be
used to validate pages in the unprotected payload
Change-Id: I9be4b1f6e65b9a52a8b6ba23affdacc4d89f5295
RTC: 179519
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72776
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/util')
| -rw-r--r-- | src/usr/util/runtime/utillidmgr_rt.C | 23 | ||||
| -rw-r--r-- | src/usr/util/utillidpnor.C | 8 |
2 files changed, 24 insertions, 7 deletions
diff --git a/src/usr/util/runtime/utillidmgr_rt.C b/src/usr/util/runtime/utillidmgr_rt.C index ad5a7cd48..55bebdeb3 100644 --- a/src/usr/util/runtime/utillidmgr_rt.C +++ b/src/usr/util/runtime/utillidmgr_rt.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2013,2018 */ +/* Contributors Listed Below - COPYRIGHT 2013,2019 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -192,13 +192,24 @@ errlHndl_t UtilLidMgr::loadLid() UTIL_FT(ERR_MRK"UtilLidMgr::loadLid - setheader failed"); break; } - iv_lidSize = l_conHdr.payloadTextSize(); UTIL_FT("UtilLidMgr::loadLid - resv mem section has secure header"); - - // Increment by page size to not expose secure header - iv_lidBuffer = static_cast<uint8_t*>(iv_lidBuffer) + - PAGESIZE; + if (l_conHdr.sb_flags()->sw_hash) + { + // Size of lid has to be size of unprotected data. So we + // need to take out header and hash table sizes + iv_lidSize = l_conHdr.totalContainerSize() - PAGESIZE - + l_conHdr.payloadTextSize(); + iv_lidBuffer = static_cast<uint8_t*>(iv_lidBuffer) + + PAGESIZE + l_conHdr.payloadTextSize(); + } + else + { + iv_lidSize = l_conHdr.payloadTextSize(); + // Increment by page size to not expose secure header + iv_lidBuffer = static_cast<uint8_t*>(iv_lidBuffer) + + PAGESIZE; + } } } else if(iv_isLidInVFS) diff --git a/src/usr/util/utillidpnor.C b/src/usr/util/utillidpnor.C index 7e910f6eb..8d81ad0c1 100644 --- a/src/usr/util/utillidpnor.C +++ b/src/usr/util/utillidpnor.C @@ -179,7 +179,13 @@ errlHndl_t UtilLidMgr::getLidPnorSectionInfo(const uint32_t i_lidId, // downstream logic from going past the end of the image. // NOTE: This assumes that any secure lid loaded from PNOR by // UtilLidMgr does not contain an unprotected section - iv_lidPnorInfo.size = iv_lidPnorInfo.secureProtectedPayloadSize; + // In this case of hash tables, we need to load the entire + // partition size because the user data is part of the + // unprotected payload + if (!iv_lidPnorInfo.hasHashTable) + { + iv_lidPnorInfo.size = iv_lidPnorInfo.secureProtectedPayloadSize; + } } #endif #endif |
