summaryrefslogtreecommitdiffstats
path: root/src/usr
diff options
context:
space:
mode:
authorNick Bofferding <bofferdn@us.ibm.com>2017-02-08 22:48:49 -0600
committerDaniel M. Crowell <dcrowell@us.ibm.com>2017-03-17 11:20:48 -0400
commitf1f81170d75cfbbc44d7f7d11b63f24367ddf7a7 (patch)
treea5c1cec88eee7cbe377e26bd6098276e40564104 /src/usr
parentac0ff7b373da5e6bc16365d9c1421e701bb1e613 (diff)
downloadtalos-hostboot-f1f81170d75cfbbc44d7f7d11b63f24367ddf7a7.tar.gz
talos-hostboot-f1f81170d75cfbbc44d7f7d11b63f24367ddf7a7.zip
Enable HBB measurement based on secure mode enablement
Change-Id: Ia731f7ee2fff280d078da9878322f69beb3aa7cc RTC: 167581 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/36221 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr')
-rw-r--r--src/usr/pnor/pnor_common.C33
-rw-r--r--src/usr/pnor/pnorrp.C5
-rw-r--r--src/usr/secureboot/base/header.C57
3 files changed, 43 insertions, 52 deletions
diff --git a/src/usr/pnor/pnor_common.C b/src/usr/pnor/pnor_common.C
index 2414a15c2..93978c277 100644
--- a/src/usr/pnor/pnor_common.C
+++ b/src/usr/pnor/pnor_common.C
@@ -304,21 +304,26 @@ errlHndl_t PNOR::parseTOC( uint8_t* i_tocBuffer,SectionData_t * o_TOC)
if ( o_TOC[l_secId].version == FFS_VERS_SHA512
&& !isSecure)
{
- // For non-secure sections with a SHA512 header, the
- // flash address has incremented past the header, so
- // back up by the header size (accounting for ECC) in order
- // to extend the header
- auto addr = o_TOC[l_secId].flashAddr;
- size_t headerSize =
- (o_TOC[l_secId].integrity == FFS_INTEG_ECC_PROTECT) ?
- PAGESIZE_PLUS_ECC : PAGESIZE;
- addr -= headerSize;
-
- l_errhdl = PNOR::extendHash(addr, headerSize,
- cv_EYECATCHER[l_secId]);
- if (l_errhdl)
+ // Never extend the base image through this path, it will be
+ // handled elsewhere
+ if(l_secId != PNOR::HB_BASE_CODE)
{
- break;
+ // For non-secure sections with a SHA512 header, the
+ // flash address has incremented past the header, so
+ // back up by the header size (accounting for ECC) in order
+ // to extend the header
+ auto addr = o_TOC[l_secId].flashAddr;
+ size_t headerSize =
+ (o_TOC[l_secId].integrity == FFS_INTEG_ECC_PROTECT) ?
+ PAGESIZE_PLUS_ECC : PAGESIZE;
+ addr -= headerSize;
+
+ l_errhdl = PNOR::extendHash(addr, headerSize,
+ cv_EYECATCHER[l_secId]);
+ if (l_errhdl)
+ {
+ break;
+ }
}
}
}
diff --git a/src/usr/pnor/pnorrp.C b/src/usr/pnor/pnorrp.C
index 6bca58f25..b3f394e51 100644
--- a/src/usr/pnor/pnorrp.C
+++ b/src/usr/pnor/pnorrp.C
@@ -337,10 +337,7 @@ void PnorRP::initDaemon()
// runtime code.
#ifndef __HOSTBOOT_RUNTIME
#ifdef CONFIG_SECUREBOOT
- //TODO: RTC 167581
- // When RTC 166848 is available, add restrictions back in when
- // base image header copy availability is detected
- // if(!SECUREBOOT::enabled())
+ if(!SECUREBOOT::enabled())
{
// If compliant bootloader was present, it saved the HBB header
// to a known location accessible to HBB. Until that bootloader
diff --git a/src/usr/secureboot/base/header.C b/src/usr/secureboot/base/header.C
index 4aba9481f..2f62f804c 100644
--- a/src/usr/secureboot/base/header.C
+++ b/src/usr/secureboot/base/header.C
@@ -27,6 +27,7 @@
#include <sys/mmio.h>
#include <kernel/console.H>
#include <errno.h>
+#include <kernel/bltohbdatamgr.H>
namespace SECUREBOOT
{
@@ -39,10 +40,13 @@ namespace SECUREBOOT
// header
void Header::loadSecurely()
{
- //@TODO RTC 167581
- // When RTC 166848 is available, pull in real header
+ const void* const pSecureHeader = g_BlToHbDataManager.getHbbHeader();
- return;
+ // Fatal code bug if called with nullptr pointer
+ assert(pSecureHeader != nullptr,
+ "BUG! In Header::loadSecurely(), expected valid address for base "
+ "image header in secure mode, but got nullptr.");
+ _set(pSecureHeader);
}
// @TODO RTC 168021 Converge on a single method of reading the secure
@@ -50,16 +54,27 @@ namespace SECUREBOOT
void Header::setNonSecurely(
const void* const i_pHeader)
{
+ // Fatal code bug if called with nullptr pointer
+ assert(i_pHeader != nullptr,"BUG! In Header::setNonSecurely(), "
+ "caller passed a nullptr header address.");
+ _set(i_pHeader);
+ }
+
+ void Header::_set(
+ const void* const i_pHeader)
+ {
// Fatal code bug if already loaded
- assert(iv_data == nullptr,"BUG! In setNonSecurely(), "
+ assert(iv_data == nullptr,"BUG! In Header::_set(), "
"a cached header is already present.");
// Fatal code bug if called with nullptr pointer
- assert(i_pHeader != nullptr,"BUG! In setNonSecurely(), "
- "caller passed a nullptr header.");
+ assert(i_pHeader != nullptr,"BUG! In Header::_set(), "
+ "caller passed a nullptr header address.");
- iv_data = calloc(1,PAGESIZE);
- memcpy(iv_data,i_pHeader,PAGE_SIZE);
+ void* pData = malloc(PAGESIZE);
+ memcpy(pData,i_pHeader,PAGE_SIZE);
+ iv_data = pData;
+ pData = nullptr;
}
void Header::getHeader(
@@ -70,30 +85,4 @@ namespace SECUREBOOT
"header is not present.");
o_pHeader = iv_data;
}
-
- void Header::_calcSecureLoadAddr(
- const void*& o_pCode) const
- {
- //@TODO RTC 167581
- // When RTC 166848 is available, pull in real header
-
- // Determine the secure address where the HBB image was loaded by SBE.
- // Regardless of whether security is enabled or not, HBB always ends up
- // at the secure load address (which corresponds to the HRMOR).
- //
- // Zero is purposefully not mapped into the VMM tables, so we
- // can't use that for the virtual-to-real translation. Since
- // this object is in the base (HBB) image, PA = HRMOR | EA, so we can
- // use PA - EA to find the HRMOR.
- const void* hrmor = reinterpret_cast<const void*>(
- mm_virt_to_phys(
- const_cast<SECUREBOOT::Header*>(this)) -
- reinterpret_cast<uint64_t>(this));
-
- // HRMOR lookup should never fail
- assert( reinterpret_cast<uint64_t>(hrmor)
- != static_cast<uint64_t>(-EFAULT));
-
- o_pCode = hrmor;
- }
}
OpenPOWER on IntegriCloud