diff options
| author | Stephen Cprek <smcprek@us.ibm.com> | 2017-03-01 10:44:16 -0600 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-04-10 17:46:57 -0400 |
| commit | a7bf050d4ddba121d7502939fc0c4ce517ef8e42 (patch) | |
| tree | e2f58591ec40a0f113d258f5b69dbbfcb1b397ab /src/usr | |
| parent | b8169717c26a8eb780569c50cce29ca47d3bb9fa (diff) | |
| download | talos-hostboot-a7bf050d4ddba121d7502939fc0c4ce517ef8e42.tar.gz talos-hostboot-a7bf050d4ddba121d7502939fc0c4ce517ef8e42.zip | |
Add header to and verify Hostboot Bootloader for sbe update
Change-Id: I2704ad9a110a52fe0ff0e290fdd9205a42bbd050
RTC:159915
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38326
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Martin Gloff <mgloff@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr')
| -rw-r--r-- | src/usr/pnor/pnor_utils.C | 3 | ||||
| -rw-r--r-- | src/usr/sbe/sbe_update.C | 21 | ||||
| -rw-r--r-- | src/usr/secureboot/base/securerommgr.C | 4 |
3 files changed, 24 insertions, 4 deletions
diff --git a/src/usr/pnor/pnor_utils.C b/src/usr/pnor/pnor_utils.C index 5a8d39065..979b1cb1f 100644 --- a/src/usr/pnor/pnor_utils.C +++ b/src/usr/pnor/pnor_utils.C @@ -360,7 +360,8 @@ bool PNOR::isEnforcedSecureSection(const uint32_t i_section) #ifdef BOOTLOADER return i_section == HB_BASE_CODE; #else - return i_section == HB_EXT_CODE || + return i_section == HB_BOOTLOADER || + i_section == HB_EXT_CODE || i_section == HB_DATA || i_section == SBE_IPL || i_section == CENTAUR_SBE || diff --git a/src/usr/sbe/sbe_update.C b/src/usr/sbe/sbe_update.C index c602fbf9b..4a85db350 100644 --- a/src/usr/sbe/sbe_update.C +++ b/src/usr/sbe/sbe_update.C @@ -1821,6 +1821,7 @@ namespace SBE } const void* hbblPnorPtr = reinterpret_cast<const void*>( pnorInfo.vaddr); + // Use max hbbl size and not the PNOR size. The PNOR size can grow // to add a secure header, but the code size limit is still 20K. TRACFCOMP( g_trac_sbe, "getSbeInfoState() - " @@ -3623,6 +3624,16 @@ namespace SBE break; } + // Load the Bootloader PNOR section into secure memory +#ifdef CONFIG_SECUREBOOT + err = loadSecureSection(PNOR::HB_BOOTLOADER); + if(err) + { + TRACFCOMP( g_trac_sbe, ERR_MRK,"createSbeImageVmmSpace() - Error from loadSecureSection(PNOR::HB_BOOTLOADER)"); + break; + } +#endif + }while(0); TRACDCOMP( g_trac_sbe, @@ -3709,6 +3720,16 @@ namespace SBE PNOR::flush( PNOR::SBE_IPL ); + // Unload the Bootloader PNOR section from secure memory +#ifdef CONFIG_SECUREBOOT + err = unloadSecureSection(PNOR::HB_BOOTLOADER); + if (err) + { + TRACFCOMP( g_trac_sbe, ERR_MRK,"cleanupSbeImageVmmSpace() - Error from unloadSecureSection(PNOR::HB_BOOTLOADER)"); + break; + } +#endif + }while(0); diff --git a/src/usr/secureboot/base/securerommgr.C b/src/usr/secureboot/base/securerommgr.C index 1a21f3350..b51127820 100644 --- a/src/usr/secureboot/base/securerommgr.C +++ b/src/usr/secureboot/base/securerommgr.C @@ -265,12 +265,10 @@ errlHndl_t SecureRomManager::verifyContainer(void * i_container, memset(&l_hw_parms, 0, sizeof(ROM_hw_params)); // Now set hw_key_hash, which is of type sha2_hash_t, to iv_key_hash - memcpy (&l_hw_parms.hw_key_hash, &iv_key_hash, sizeof(sha2_hash_t)); - if (i_hwKeyHash == nullptr) { // Use current hw hash key - memcpy (&l_hw_parms.hw_key_hash, &iv_key_hash, sizeof(sha2_hash_t)); + memcpy (&l_hw_parms.hw_key_hash, iv_key_hash, sizeof(sha2_hash_t)); } else { |
