diff options
| author | Samuel Mendoza-Jonas <sjonas@au1.ibm.com> | 2018-06-27 13:35:35 +1000 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2018-10-16 13:55:50 -0500 |
| commit | cd400323aa493e656fb839202d6f6414a3b040af (patch) | |
| tree | b1a053b10829eaa30b267051579fcbcacdfdddf4 /src/usr | |
| parent | ce1ebd1460c3666a8e8553d0f57e5dc8bf5aa344 (diff) | |
| download | talos-hostboot-cd400323aa493e656fb839202d6f6414a3b040af.tar.gz talos-hostboot-cd400323aa493e656fb839202d6f6414a3b040af.zip | |
genPnorImages: Add VERSION to signed partitions
Mark VERSION as a signed partition and also check for it in the IPMI FRU
setup.
Change-Id: I6e8690c4f34d1f5ce92750960e6c73afcbf0a8e9
CQ:SW416159
Signed-off-by: Samuel Mendoza-Jonas <sjonas@au1.ibm.com>
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/61439
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr')
| -rw-r--r-- | src/usr/errl/errlentry.C | 23 | ||||
| -rw-r--r-- | src/usr/ipmiext/ipmifruinv.C | 47 | ||||
| -rw-r--r-- | src/usr/pnor/pnor_utils.C | 3 | ||||
| -rw-r--r-- | src/usr/pnor/pnorrp.C | 25 | ||||
| -rw-r--r-- | src/usr/pnor/pnorrp.H | 21 |
5 files changed, 108 insertions, 11 deletions
diff --git a/src/usr/errl/errlentry.C b/src/usr/errl/errlentry.C index b1715ad41..072a31ac1 100644 --- a/src/usr/errl/errlentry.C +++ b/src/usr/errl/errlentry.C @@ -48,6 +48,7 @@ #include <errl/errludattribute.H> #include <errl/errludstate.H> #include <trace/interface.H> +#include <config.h> #include "../trace/entry.H" #include <util/align.H> @@ -667,16 +668,21 @@ void ErrlEntry::addHbBuildId() void ErrlEntry::addVersionInfo() { + +// Start of IPL only block; runtime does not support secure loading of +// partitions +#ifndef __HOSTBOOT_RUNTIME + // Version section of PNOR is only available to OpenPOWER systems. - if (!INITSERVICE::spBaseServicesEnabled()) + if ( !INITSERVICE::spBaseServicesEnabled() + && PNOR::isSectionAvailable(PNOR::VERSION)) { - //TODO: CQ:SW416159 Uncomment when merged - // bool l_secureSectionLoaded = false; - errlHndl_t l_errl = nullptr/*, l_errl_loadSecureSection = nullptr*/; + bool l_secureSectionLoaded = false; + errlHndl_t l_errl = nullptr, l_errl_loadSecureSection = nullptr; do { -/* TODO: CQ:SW416159 Uncomment when merged + #ifdef CONFIG_SECUREBOOT l_errl_loadSecureSection = PNOR::loadSecureSection(PNOR::VERSION); if (l_errl_loadSecureSection) @@ -698,7 +704,7 @@ void ErrlEntry::addVersionInfo() l_secureSectionLoaded = true; } #endif -*/ + // Get PNOR Version PNOR::SectionInfo_t l_pnorVersionInfo; l_errl = getSectionInfo(PNOR::VERSION, l_pnorVersionInfo); @@ -737,7 +743,6 @@ void ErrlEntry::addVersionInfo() ErrlUserDetailsString(l_pVersionString).addToLog(this); } while(0); -/* TODO: CQ:SW416159 Uncomment when merged #ifdef CONFIG_SECUREBOOT if (l_secureSectionLoaded) { @@ -757,9 +762,11 @@ void ErrlEntry::addVersionInfo() } } #endif -*/ + } +#endif // End of IPL only block + } enum { diff --git a/src/usr/ipmiext/ipmifruinv.C b/src/usr/ipmiext/ipmifruinv.C index 8e49ed7ba..e3518e20a 100644 --- a/src/usr/ipmiext/ipmifruinv.C +++ b/src/usr/ipmiext/ipmifruinv.C @@ -8,6 +8,7 @@ /* Contributors Listed Below - COPYRIGHT 2014,2018 */ /* [+] International Business Machines Corp. */ /* [+] Jim Yuan */ +/* [+] Maxim Polyakov */ /* */ /* */ /* Licensed under the Apache License, Version 2.0 (the "License"); */ @@ -1389,7 +1390,7 @@ errlHndl_t systemFwIpmiFruInv::buildBoardInfoArea(std::vector<uint8_t> &io_data) errlHndl_t systemFwIpmiFruInv::buildProductInfoArea(std::vector<uint8_t> &io_data) { - errlHndl_t l_errl = NULL; + errlHndl_t l_errl = nullptr, l_errl_version = nullptr; do { //Set formatting data that goes at the beginning of the record @@ -1404,6 +1405,16 @@ errlHndl_t systemFwIpmiFruInv::buildProductInfoArea(std::vector<uint8_t> &l_data[0], &l_data[0] + (uint8_t(sizeof(l_data) / sizeof(uint8_t)))); +#ifdef CONFIG_SECUREBOOT + l_errl_version = PNOR::loadSecureSection(PNOR::VERSION); + if (l_errl_version) + { + TRACFCOMP(g_trac_ipmi, + "buildProductInfoArea: Failed to load secure VERSION"); + break; + } +#endif + //Get PNOR Version Here PNOR::SectionInfo_t l_pnorInfo; l_errl = getSectionInfo( PNOR::VERSION , l_pnorInfo); @@ -1535,6 +1546,40 @@ errlHndl_t systemFwIpmiFruInv::buildProductInfoArea(std::vector<uint8_t> } while(0); +#ifdef CONFIG_SECUREBOOT + if (l_errl_version == nullptr) + { + l_errl_version = unloadSecureSection(PNOR::VERSION); + if (l_errl_version) + { + TRACFCOMP(g_trac_ipmi, + "buildProductInfoArea: Failed to unload secure VERSION"); + if (l_errl) + { + errlCommit(l_errl_version, IPMI_COMP_ID); + } + else + { + l_errl = l_errl_version; + l_errl_version = nullptr; + } + } + } + else + { + if (l_errl) + { + errlCommit(l_errl_version, IPMI_COMP_ID); + } + else + { + l_errl = l_errl_version; + l_errl_version = nullptr; + } + } +#endif + + //Finalize section formatting postFormatProcessing(io_data); diff --git a/src/usr/pnor/pnor_utils.C b/src/usr/pnor/pnor_utils.C index 6174f6e60..3e2d64c83 100644 --- a/src/usr/pnor/pnor_utils.C +++ b/src/usr/pnor/pnor_utils.C @@ -377,7 +377,8 @@ bool PNOR::isEnforcedSecureSection(const uint32_t i_section) i_section == WOFDATA || i_section == MEMD || i_section == CAPP || - i_section == TESTLOAD; + i_section == TESTLOAD || + i_section == VERSION; #endif #else return false; diff --git a/src/usr/pnor/pnorrp.C b/src/usr/pnor/pnorrp.C index 1df1f7001..c9a5e5336 100644 --- a/src/usr/pnor/pnorrp.C +++ b/src/usr/pnor/pnorrp.C @@ -96,6 +96,14 @@ errlHndl_t PNOR::getSectionInfo( PNOR::SectionId i_section, } /** + * @brief Returns whether a given section is available or not + */ +bool PNOR::isSectionAvailable(const PNOR::SectionId i_section) +{ + return Singleton<PnorRP>::instance().isSectionAvailable(i_section); +} + +/** * @brief Clear pnor section */ errlHndl_t PNOR::clearSection(PNOR::SectionId i_section) @@ -395,6 +403,23 @@ errlHndl_t PnorRP::getSideInfo( PNOR::SideId i_side, } /** + * @brief Returns whether a given section is available or not + */ +bool PnorRP::isSectionAvailable(const PNOR::SectionId i_section) +{ + bool available = false; + uint64_t rc = 0; + if( (!didStartupFail(rc)) + && (i_section < PNOR::NUM_SECTIONS) + && (!isInhibitedSection(i_section)) + && (iv_TOC[i_section].size != 0)) + { + available = true; + } + return available; +} + +/** * @brief Return the size and address of a given section of PNOR data */ errlHndl_t PnorRP::getSectionInfo( PNOR::SectionId i_section, diff --git a/src/usr/pnor/pnorrp.H b/src/usr/pnor/pnorrp.H index f3519b576..9ab654678 100644 --- a/src/usr/pnor/pnorrp.H +++ b/src/usr/pnor/pnorrp.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2011,2017 */ +/* Contributors Listed Below - COPYRIGHT 2011,2018 */ /* [+] Google Inc. */ /* [+] International Business Machines Corp. */ /* */ @@ -79,6 +79,25 @@ class PnorRP errlHndl_t getSectionInfo( PNOR::SectionId i_section, PNOR::SectionInfo_t& o_info ); +#ifndef __HOSTBOOT_RUNTIME + /** + * @brief Returns whether requested section is available or not + * + * @par Detailed Description: + * Returns whether requested section is available or not. Resource + * provider must be functional, section ID must be valid, section must + * not be inhibited by secure boot, and section must exist in the PNOR + * to be considered available. + * + * @param[in] i_section PNOR section to check for availability + * + * @return boolean Whether section is available or not + * @retval true Section is available + * @retval false Section is not available + */ + bool isSectionAvailable(PNOR::SectionId i_section); +#endif + /** * @brief Clears the specified PNOR section with all FF's (w/ good ECC) * |
