Fix incorrect size for entries going into hb resv memory

Sections that do not have Secure Headers and need one injected were not passing in the correct size to preverifiedlidmgr. e.g. RINGOVD section or when SB is compiled out Change-Id: I6e8c775a9a1d3f89473c55af6efc8109fb378c99 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/50545 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
author: Stephen Cprek <smcprek@us.ibm.com> 2017-12-05 16:46:54 -0600
committer: Daniel M. Crowell <dcrowell@us.ibm.com> 2017-12-12 17:16:19 -0500
commit: 82f341573515e1dd39c622a955e08d3ab669b458 (patch)
tree: 6fce1174aa6d97efd8d84101216f1cc6cc1ee0db /src
parent: fa2acdeb7202692ab0153579b007c70b372a88b4 (diff)
download: talos-hostboot-82f341573515e1dd39c622a955e08d3ab669b458.tar.gz
talos-hostboot-82f341573515e1dd39c622a955e08d3ab669b458.zip
4 files changed, 22 insertions, 15 deletions
diff --git a/src/include/usr/secureboot/containerheader.H b/src/include/usr/secureboot/containerheader.H
index 1905ac39d..daebbcfb6 100644
--- a/src/include/usr/secureboot/containerheader.H
+++ b/src/include/usr/secureboot/containerheader.H
@@ -293,10 +293,10 @@ class ContainerHeader
          * @brief Generate fake header with minimal information and stores in
          *        instance variable
          *
-         * @param[in] i_totalSize   Total container size
+         * @param[in] i_size        Size of content to add header to
          * @param[in] i_compId      Component ID
          */
-        void genFakeHeader(const size_t i_totalSize,
+        void genFakeHeader(const size_t i_size,
                            const char* const i_compId);
 
         friend class ::SecureRomManagerTest;
diff --git a/src/usr/runtime/populate_hbruntime.C b/src/usr/runtime/populate_hbruntime.C
index e7ebbea54..b4c700de2 100644
--- a/src/usr/runtime/populate_hbruntime.C
+++ b/src/usr/runtime/populate_hbruntime.C
@@ -605,21 +605,22 @@ errlHndl_t hbResvLoadSecureSection (const PNOR::SectionId i_sec,
 
         // Check if the section is expected to have a secure header regardless
         // of compile options
+#ifdef CONFIG_SECUREBOOT
         if (i_secHdrExpected)
         {
-#ifdef CONFIG_SECUREBOOT
             // If section is signed, only the protected size was loaded into memory
             l_imgSize = l_info.secureProtectedPayloadSize;
             // Include secure header
             // NOTE: we do not preserve the header in virtual memory when SB
             // is compiled out. So "-PAGESIZE" only works when SB is compiled in
             l_pnorVaddr -= PAGESIZE;
-#endif
-            // Add size for secure header.
-            // NOTE: if SB compiled out, a header will be injected later so
-            // preserve space for the header.
-            l_imgSize += PAGESIZE;
         }
+#endif
+        // Add size for secure header, as a header is REQUIRED for lid load
+        // from hostboot reserved memory to work in every scenario.
+        // NOTE: if SB compiled out or a header is never added, one will be
+        // injected later with min information. So preserve space for the header.
+        l_imgSize += PAGESIZE;
 
         // Load Pnor section into HB reserved memory
         l_elog = PreVerifiedLidMgr::loadFromPnor(i_sec, l_pnorVaddr, l_imgSize);
diff --git a/src/usr/secureboot/base/test/securerommgrtest.H b/src/usr/secureboot/base/test/securerommgrtest.H
index 115813d3d..3dee8952e 100644
--- a/src/usr/secureboot/base/test/securerommgrtest.H
+++ b/src/usr/secureboot/base/test/securerommgrtest.H
@@ -555,7 +555,7 @@ class SecureRomManagerTest : public CxxTest::TestSuite
     {
         TRACFCOMP(g_trac_secure,"SecureRomManagerTest::test_fakeHeader");
 
-        const size_t l_totalContainerSize = 0x10000;
+        const size_t l_payloadSize = 0x10000;
         // Purposely make a comp id larger than SW_HDR_COMP_ID_SIZE_BYTES
         // otherwise strncmp below needs a different size
         const char* l_compId = "FAKEHEADERTEST";
@@ -564,7 +564,7 @@ class SecureRomManagerTest : public CxxTest::TestSuite
         // Simple call constructor to create fake header and make sure it
         // does not cause an error
         SECUREBOOT::ContainerHeader l_fakeHdr;
-        errlHndl_t l_errl = l_fakeHdr.setFakeHeader(l_totalContainerSize,
+        errlHndl_t l_errl = l_fakeHdr.setFakeHeader(l_payloadSize,
                                                     l_compId);
         if (l_errl)
         {
@@ -573,8 +573,14 @@ class SecureRomManagerTest : public CxxTest::TestSuite
             break;
         }
 
-        // Payload Text Size should be the total container size minus the header
-        if(l_fakeHdr.payloadTextSize() != (l_totalContainerSize - PAGE_SIZE))
+        // Total Container size should be payload size + PAGE_SIZE(header size)
+        if(l_fakeHdr.totalContainerSize() != (l_payloadSize + PAGE_SIZE))
+        {
+            TS_FAIL("SecureRomManagerTest::test_fakeHeader: total container size was not parsed correctly");
+        }
+
+        // Check that payload text size was assigned correctly.
+        if(l_fakeHdr.payloadTextSize() != (l_payloadSize))
         {
             TS_FAIL("SecureRomManagerTest::test_fakeHeader: payload text size was not parsed correctly");
             break;
diff --git a/src/usr/secureboot/common/containerheader.C b/src/usr/secureboot/common/containerheader.C
index 47ccfebea..e01b09b8b 100644
--- a/src/usr/secureboot/common/containerheader.C
+++ b/src/usr/secureboot/common/containerheader.C
@@ -171,7 +171,7 @@ void ContainerHeader::initVars()
     memset(iv_componentId,0x00,sizeof(iv_componentId));
 }
 
-void ContainerHeader::genFakeHeader(const size_t i_totalSize,
+void ContainerHeader::genFakeHeader(const size_t i_size,
                                     const char* const i_compId)
 {
     SecureHeaderInfo info {};
@@ -182,7 +182,7 @@ void ContainerHeader::genFakeHeader(const size_t i_totalSize,
      /*---- ROM_container_raw ----*/
     info.hw_hdr.magic_number = ROM_MAGIC_NUMBER;
     info.hw_hdr.version = CONTAINER_VERSION;
-    info.hw_hdr.container_size = i_totalSize;
+    info.hw_hdr.container_size = i_size + PAGE_SIZE;
     // The rom code has a placeholder for the prefix in the first struct so
     // skip it
     size_t l_size = offsetof(ROM_container_raw, prefix);
@@ -212,7 +212,7 @@ void ContainerHeader::genFakeHeader(const size_t i_totalSize,
     strncpy(info.sw_hdr.component_id, i_compId,SW_HDR_COMP_ID_SIZE_BYTES);
     info.sw_hdr.ver_alg.hash_alg = HASH_ALG_SHA512;
     info.sw_hdr.ver_alg.sig_alg = SIG_ALG_ECDSA521;
-    info.sw_hdr.payload_size = i_totalSize - PAGE_SIZE;
+    info.sw_hdr.payload_size = i_size;
 
     l_size = offsetof(ROM_sw_header_raw, ecid);
     l_size += info.hw_prefix_hdr.ecid_count * ECID_SIZE;
author	Stephen Cprek <smcprek@us.ibm.com>	2017-12-05 16:46:54 -0600
committer	Daniel M. Crowell <dcrowell@us.ibm.com>	2017-12-12 17:16:19 -0500
commit	82f341573515e1dd39c622a955e08d3ab669b458 (patch)
tree	6fce1174aa6d97efd8d84101216f1cc6cc1ee0db /src
parent	fa2acdeb7202692ab0153579b007c70b372a88b4 (diff)
download	talos-hostboot-82f341573515e1dd39c622a955e08d3ab669b458.tar.gz talos-hostboot-82f341573515e1dd39c622a955e08d3ab669b458.zip