diff options
| author | Mike Baiocchi <mbaiocch@us.ibm.com> | 2017-04-27 12:51:41 -0500 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-05-02 00:02:23 -0400 |
| commit | 146e0ee7f3ad8d31e2421a325acc07ed4516e6e8 (patch) | |
| tree | 46ff503a09591d5e62eb47a55e3acec36d6d1c32 /src | |
| parent | b4eb096bd19d6b4aee4aa87424818bff1d5605eb (diff) | |
| download | talos-hostboot-146e0ee7f3ad8d31e2421a325acc07ed4516e6e8.tar.gz talos-hostboot-146e0ee7f3ad8d31e2421a325acc07ed4516e6e8.zip | |
Sign and Verify the OCC partition (port from P8)
Change-Id: Id7e8668f92a8a702f709d15647f2a288783730a0
RTC: 167671
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/39774
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src')
| -rwxr-xr-x | src/build/buildpnor/genPnorImages.pl | 2 | ||||
| -rw-r--r-- | src/usr/util/test/testlidmgr.H | 23 | ||||
| -rw-r--r-- | src/usr/util/utillidmgr.C | 85 | ||||
| -rw-r--r-- | src/usr/util/utillidpnor.C | 37 |
4 files changed, 116 insertions, 31 deletions
diff --git a/src/build/buildpnor/genPnorImages.pl b/src/build/buildpnor/genPnorImages.pl index fb5c5f5d7..f02d0433b 100755 --- a/src/build/buildpnor/genPnorImages.pl +++ b/src/build/buildpnor/genPnorImages.pl @@ -546,7 +546,7 @@ sub manipulateImages $isNormalSecure ||= ($eyeCatch eq "HBRT"); #$isNormalSecure ||= ($eyeCatch eq "SBEC"); $isNormalSecure ||= ($eyeCatch eq "PAYLOAD"); - #$isNormalSecure ||= ($eyeCatch eq "OCC"); + $isNormalSecure ||= ($eyeCatch eq "OCC"); #$isNormalSecure ||= ($eyeCatch eq "CAPP"); #$isNormalSecure ||= ($eyeCatch eq "BOOTKERNEL"); diff --git a/src/usr/util/test/testlidmgr.H b/src/usr/util/test/testlidmgr.H index e9c3b4cf3..334c1d810 100644 --- a/src/usr/util/test/testlidmgr.H +++ b/src/usr/util/test/testlidmgr.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2014,2016 */ +/* Contributors Listed Below - COPYRIGHT 2014,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -177,6 +177,18 @@ public: break; } +#ifdef CONFIG_SECUREBOOT + // For secureboot sections, PNOR .secureProtectedPayloadSize + // is used rather than full PNOR size + if (l_lidSize != l_lidPnorInfo.secureProtectedPayloadSize) + { + TS_FAIL("testLidInPnorOcc: lidSize does not match pnor OCC" + " section size 0x%.8X != 0x%.8X", + l_lidSize, l_lidPnorInfo.secureProtectedPayloadSize); + break; + } + +#else if (l_lidSize != l_lidPnorInfo.size) { TS_FAIL("testLidInPnorOcc: lidSize does not match pnor OCC" @@ -184,9 +196,10 @@ public: l_lidSize, l_lidPnorInfo.size); break; } +#endif - char * l_ptrOcc = new char[l_lidPnorInfo.size]; - l_errl = l_lidMgr.getLid(l_ptrOcc, l_lidPnorInfo.size); + char * l_ptrOcc = new char[l_lidSize]; + l_errl = l_lidMgr.getLid(l_ptrOcc, l_lidSize); if(l_errl) { errlCommit(l_errl, UTIL_COMP_ID); @@ -204,11 +217,11 @@ public: TS_FAIL("testLidInPnorOcc: failed to store lid from PNOR"); } - if (l_lidImageSize != l_lidPnorInfo.size) + if (l_lidImageSize != l_lidSize) { TS_FAIL("testLidInPnorOcc: lidImageSize does not match pnor OCC" " section size 0x%.8X != 0x%.8X", - l_lidImageSize, l_lidPnorInfo.size); + l_lidImageSize, l_lidSize); } l_errl = l_lidMgr.releaseLidImage(); diff --git a/src/usr/util/utillidmgr.C b/src/usr/util/utillidmgr.C index 4a358b3b1..8882e205d 100644 --- a/src/usr/util/utillidmgr.C +++ b/src/usr/util/utillidmgr.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2013,2016 */ +/* Contributors Listed Below - COPYRIGHT 2013,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -35,6 +35,11 @@ #include <initservice/initserviceif.H> #include <sys/mm.h> +#include <config.h> +#ifdef CONFIG_SECUREBOOT +#include <pnor/pnorif.H> +#endif + using namespace ERRORLOG; mutex_t UtilLidMgr::cv_mutex = MUTEX_INITIALIZER; @@ -711,30 +716,64 @@ errlHndl_t UtilLidMgr::cleanup() // laying around if(iv_isLidInPnor) { - int rc = mm_remove_pages( RELEASE, - reinterpret_cast<void *>(iv_lidPnorInfo.vaddr), - iv_lidPnorInfo.size ); - if( rc ) + bool skip_remove_pages = false; + +#ifdef CONFIG_SECUREBOOT + // If in SECUREBOOT the lid could be securely signed in PNOR (like OCC) + // If so, unload it securely below rather than call mm_remove_pages + if (iv_lidPnorInfo.secure) { - UTIL_FT( ERR_MRK"rc=%d from mm_remove_pages(%llX,%llX)", iv_lidPnorInfo.vaddr, iv_lidPnorInfo.size ); - /*@ - * @errortype - * @moduleid Util::UTIL_LIDMGR_CLEANUP - * @reasoncode Util::UTIL_LIDMGR_MM_FAIL - * @userdata1[00:31] LID ID - * @userdata1[32:63] rc from mm_remove_pages - * @userdata2 Virtual address being removed - * @devdesc Error returned from mm_remove_pages - * when evicting lid from memory. - * @custdesc Firmware error during boot. - */ - l_err = new ErrlEntry(ERRL_SEV_UNRECOVERABLE, - Util::UTIL_LIDMGR_CLEANUP, - Util::UTIL_LIDMGR_MM_FAIL, - TWO_UINT32_TO_UINT64(iv_lidId,rc), - iv_lidPnorInfo.vaddr, - true /*sw fail*/); + skip_remove_pages = true; } +#endif + + if (skip_remove_pages == false) + { + int rc = mm_remove_pages( RELEASE, + reinterpret_cast<void *>( + iv_lidPnorInfo.vaddr), + iv_lidPnorInfo.size ); + if( rc ) + { + UTIL_FT( ERR_MRK"rc=%d from mm_remove_pages(%llX,%llX)", iv_lidPnorInfo.vaddr, iv_lidPnorInfo.size ); + /*@ + * @errortype + * @moduleid Util::UTIL_LIDMGR_CLEANUP + * @reasoncode Util::UTIL_LIDMGR_MM_FAIL + * @userdata1[00:31] LID ID + * @userdata1[32:63] rc from mm_remove_pages + * @userdata2 Virtual address being removed + * @devdesc Error returned from mm_remove_pages + * when evicting lid from memory. + * @custdesc Firmware error during boot. + */ + l_err = new ErrlEntry(ERRL_SEV_UNRECOVERABLE, + Util::UTIL_LIDMGR_CLEANUP, + Util::UTIL_LIDMGR_MM_FAIL, + TWO_UINT32_TO_UINT64(iv_lidId,rc), + iv_lidPnorInfo.vaddr, + true /*sw fail*/); + } + } + +#ifdef CONFIG_SECUREBOOT + // If in SECUREBOOT the lid could be securely signed in PNOR (like OCC) + // If so, unload it securely + // NOTE: It is safe to unload it even if it was unloaded before + if (iv_lidPnorInfo.secure) + { + l_err = PNOR::unloadSecureSection(iv_lidPnorInfo.id); + + if (l_err) + { + UTIL_FT(ERR_MRK"UtilLidMgr::cleanup: Error from " + "unloadSecureSection(PNOR::OCC): " + "unloading module : %s (id=0x%X)", + iv_lidFileName, iv_lidId); + } + } +#endif + } if(iv_pLidImage != nullptr) diff --git a/src/usr/util/utillidpnor.C b/src/usr/util/utillidpnor.C index bd178d85a..e98e97a7d 100644 --- a/src/usr/util/utillidpnor.C +++ b/src/usr/util/utillidpnor.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2014,2015 */ +/* Contributors Listed Below - COPYRIGHT 2014,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -26,6 +26,11 @@ #include <util/utillidmgr.H> #include <utility> #include "utillidpnor.H" +#include <config.h> +#ifdef CONFIG_SECUREBOOT +#include <pnor/pnorif.H> +#include <errl/errlmanager.H> +#endif bool UtilLidMgr::getLidPnorSection(uint32_t i_lidId, PNOR::SectionInfo_t &o_lidPnorInfo) @@ -58,8 +63,36 @@ bool UtilLidMgr::getLidPnorSection(uint32_t i_lidId, else { l_lidInPnor = true; + +#ifdef CONFIG_SECUREBOOT +#ifndef __HOSTBOOT_RUNTIME + // The lid could be securely signed in PNOR + if(o_lidPnorInfo.secure) + { + // Load the secure section + l_err = loadSecureSection(l_result->second); + + // If secure section fails to load log the error and assert + if (l_err) + { + errlCommit(l_err, UTIL_COMP_ID); + assert(false,"UtilLidMgr::getLidPnorSection: attempt to " + "load Secure Section %d failed", + l_result->second); + } + + // In Secureboot, rather than using the whole partition size, + // only use the protected payload size that the Secure PnorRP + // handles. This limits the memory footprint and prevents + // downstream logic from going past the end of the image. + // NOTE: This assumes that any secure lid loaded from PNOR by + // UtilLidMgr does not contain an unprotected section + iv_lidPnorInfo.size = iv_lidPnorInfo.secureProtectedPayloadSize; + } +#endif +#endif } } return l_lidInPnor; -}
\ No newline at end of file +} |
