diff options
| author | Nick Bofferding <bofferdn@us.ibm.com> | 2017-08-11 15:29:05 -0500 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-08-22 11:19:10 -0400 |
| commit | b3ad5819f9cbed67ceb0fa74d28d2f93227bbbcb (patch) | |
| tree | fccb1919f358ecfd47186d2141cee9980e467c09 /src | |
| parent | f01850d033176cb33c2396ed26377a3fc965787a (diff) | |
| download | talos-hostboot-b3ad5819f9cbed67ceb0fa74d28d2f93227bbbcb.tar.gz talos-hostboot-b3ad5819f9cbed67ceb0fa74d28d2f93227bbbcb.zip | |
Secure Boot: Support secure load of MEMD partition
- Added secure load of MEMD partition in istep 7
- Added sha512 header to MEMD partition
- Marked MEMD as enforced secureboot section in PNOR code and image generator
Change-Id: I5de934da7e50ad0de6674e2674869d1356f5232d
RTC: 176189
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/44606
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/build/buildpnor/defaultPnorLayout.xml | 1 | ||||
| -rwxr-xr-x | src/build/buildpnor/genPnorImages.pl | 1 | ||||
| -rw-r--r-- | src/build/buildpnor/pnorLayoutFSP.xml | 1 | ||||
| -rw-r--r-- | src/usr/isteps/istep07/call_mss_eff_config.C | 55 | ||||
| -rw-r--r-- | src/usr/pnor/pnor_utils.C | 3 |
5 files changed, 55 insertions, 6 deletions
diff --git a/src/build/buildpnor/defaultPnorLayout.xml b/src/build/buildpnor/defaultPnorLayout.xml index 4e7078c9f..414652c78 100644 --- a/src/build/buildpnor/defaultPnorLayout.xml +++ b/src/build/buildpnor/defaultPnorLayout.xml @@ -274,6 +274,7 @@ Layout Description <physicalOffset>0x38A1000</physicalOffset> <physicalRegionSize>0x6000</physicalRegionSize> <side>sideless</side> + <sha512Version/> <ecc/> </section> </pnor> diff --git a/src/build/buildpnor/genPnorImages.pl b/src/build/buildpnor/genPnorImages.pl index 709b51f48..b56de0273 100755 --- a/src/build/buildpnor/genPnorImages.pl +++ b/src/build/buildpnor/genPnorImages.pl @@ -551,6 +551,7 @@ sub manipulateImages # enabled for secureboot actions on these partitions to occur. my $isNormalSecure = ($eyeCatch eq "HBBL"); $isNormalSecure ||= ($eyeCatch eq "SBE"); + $isNormalSecure ||= ($eyeCatch eq "MEMD"); $isNormalSecure ||= ($eyeCatch eq "HBRT"); $isNormalSecure ||= ($eyeCatch eq "PAYLOAD"); $isNormalSecure ||= ($eyeCatch eq "OCC"); diff --git a/src/build/buildpnor/pnorLayoutFSP.xml b/src/build/buildpnor/pnorLayoutFSP.xml index d46a24e80..adc8e8fc2 100644 --- a/src/build/buildpnor/pnorLayoutFSP.xml +++ b/src/build/buildpnor/pnorLayoutFSP.xml @@ -275,6 +275,7 @@ Layout Description - Used when building an FSP driver <physicalOffset>0x3781000</physicalOffset> <physicalRegionSize>0x6000</physicalRegionSize> <side>sideless</side> + <sha512Version/> <ecc/> </section> </pnor> diff --git a/src/usr/isteps/istep07/call_mss_eff_config.C b/src/usr/isteps/istep07/call_mss_eff_config.C index e13dacecf..a698f8899 100644 --- a/src/usr/isteps/istep07/call_mss_eff_config.C +++ b/src/usr/isteps/istep07/call_mss_eff_config.C @@ -42,6 +42,8 @@ #include <initservice/isteps_trace.H> +#include <pnor/pnorif.H> + // targeting support #include <targeting/common/commontargeting.H> #include <targeting/common/utilFilter.H> @@ -65,7 +67,7 @@ using namespace TARGETING; errlHndl_t call_mss_eff_grouping(IStepError & io_istepErr) { - errlHndl_t l_err = NULL; + errlHndl_t l_err = nullptr; TARGETING::TargetHandleList l_procsList; getAllChips(l_procsList, TYPE_PROC); @@ -109,7 +111,7 @@ errlHndl_t call_mss_eff_grouping(IStepError & io_istepErr) errlHndl_t call_mss_eff_mb_interleave() { - errlHndl_t l_err = NULL; + errlHndl_t l_err = nullptr; /* TOOD RTC: 144076 --- cumulus only --- TARGETING::TargetHandleList l_membufTargetList; getAllChips(l_membufTargetList, TYPE_MEMBUF); @@ -147,13 +149,33 @@ errlHndl_t call_mss_eff_mb_interleave() void* call_mss_eff_config( void *io_pArgs ) { IStepError l_StepError; - errlHndl_t l_err = NULL; + errlHndl_t l_err = nullptr; + auto memdLoaded = false; + + do { + + #ifdef CONFIG_SECUREBOOT + // MEMD used by p9_mss_eff_config HWP + l_err = loadSecureSection(PNOR::MEMD); + if (l_err) + { + TRACFCOMP(ISTEPS_TRACE::g_trac_isteps_trace, + ERR_MRK "Failed in call to loadSecureSection for section " + "PNOR:MEMD"); + + // Create istep error and link it to PLID of original error + l_StepError.addErrorDetails(l_err); + errlCommit(l_err, HWPF_COMP_ID); + break; + } + memdLoaded = true; + #endif TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace, "call_mss_eff_config entry" ); - TARGETING::Target* l_sys = NULL; + TARGETING::Target* l_sys = nullptr; targetService().getTopLevelTarget(l_sys); - assert( l_sys != NULL ); + assert( l_sys != nullptr ); // The attribute ATTR_MEM_MIRROR_PLACEMENT_POLICY should already be // correctly set by default for all platforms except for sapphire. @@ -281,6 +303,29 @@ void* call_mss_eff_config( void *io_pArgs ) } } + } while (0); + + #ifdef CONFIG_SECUREBOOT + if(memdLoaded) + { + l_err = unloadSecureSection(PNOR::MEMD); + if (l_err) + { + TRACFCOMP(ISTEPS_TRACE::g_trac_isteps_trace, + ERR_MRK "Failed in call to unloadSecureSection for section " + "PNOR:MEMD"); + + // Create istep error and link it to PLID of original error + l_StepError.addErrorDetails(l_err); + errlCommit(l_err, HWPF_COMP_ID); + } + else + { + memdLoaded = false; + } + } + #endif + TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace, "call_mss_eff_config exit" ); return l_StepError.getErrorHandle(); } diff --git a/src/usr/pnor/pnor_utils.C b/src/usr/pnor/pnor_utils.C index 9945edada..0047b2016 100644 --- a/src/usr/pnor/pnor_utils.C +++ b/src/usr/pnor/pnor_utils.C @@ -393,7 +393,8 @@ bool PNOR::isEnforcedSecureSection(const uint32_t i_section) i_section == OCC || i_section == HCODE || i_section == HB_RUNTIME || - i_section == WOFDATA; + i_section == WOFDATA || + i_section == MEMD; #endif #else return false; |
