diff options
| author | Stephen M. Cprek <smcprek@us.ibm.com> | 2017-04-11 17:50:23 -0400 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-04-12 10:20:02 -0400 |
| commit | de498002f6503cccc046b1c4b4288316b48237e4 (patch) | |
| tree | da4c368331a29b6311905ec0d5e1fadaacf1c560 /src | |
| parent | e9c91c9d51b90d2fbc94e64d8fe8a109fcb3cbbc (diff) | |
| download | talos-hostboot-de498002f6503cccc046b1c4b4288316b48237e4.tar.gz talos-hostboot-de498002f6503cccc046b1c4b4288316b48237e4.zip | |
Revert "Add header to and verify Hostboot Bootloader for sbe update"
This reverts commit a7bf050d4ddba121d7502939fc0c4ce517ef8e42.
Change-Id: I95ddfe544cc537fcc847990dc9f85eec8f2912a1
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/39131
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/build/buildpnor/defaultPnorLayout.xml | 17 | ||||
| -rwxr-xr-x | src/build/buildpnor/genPnorImages.pl | 13 | ||||
| -rw-r--r-- | src/usr/pnor/pnor_utils.C | 3 | ||||
| -rw-r--r-- | src/usr/sbe/sbe_update.C | 21 | ||||
| -rw-r--r-- | src/usr/secureboot/base/securerommgr.C | 1 |
5 files changed, 12 insertions, 43 deletions
diff --git a/src/build/buildpnor/defaultPnorLayout.xml b/src/build/buildpnor/defaultPnorLayout.xml index 54d4bc516..eb592147b 100644 --- a/src/build/buildpnor/defaultPnorLayout.xml +++ b/src/build/buildpnor/defaultPnorLayout.xml @@ -215,20 +215,17 @@ Layout Description <ecc/> </section> <section> - <description>Hostboot Bootloader (28K)</description> + <description>Hostboot Bootloader (22.5K)</description> <eyeCatch>HBBL</eyeCatch> <physicalOffset>0x2ABB000</physicalOffset> - <!-- Physical Size includes Header rounded to ECC valid size --> - <!-- Max size of actual HBBL content is 20K and 22.5K with ECC --> - <physicalRegionSize>0x7000</physicalRegionSize> + <physicalRegionSize>0x6000</physicalRegionSize> <side>sideless</side> - <sha512Version/> <ecc/> </section> <section> <description>Global Data (36K)</description> <eyeCatch>GLOBAL</eyeCatch> - <physicalOffset>0x2AC2000</physicalOffset> + <physicalOffset>0x2AC1000</physicalOffset> <physicalRegionSize>0x9000</physicalRegionSize> <side>sideless</side> <ecc/> @@ -236,7 +233,7 @@ Layout Description <section> <description>Ref Image Ring Overrides (20K)</description> <eyeCatch>RINGOVD</eyeCatch> - <physicalOffset>0x2ACB000</physicalOffset> + <physicalOffset>0x2ACA000</physicalOffset> <physicalRegionSize>0x5000</physicalRegionSize> <side>sideless</side> <ecc/> @@ -244,7 +241,7 @@ Layout Description <section> <description>SecureBoot Key Transition Partition (16K)</description> <eyeCatch>SBKT</eyeCatch> - <physicalOffset>0x2AD0000</physicalOffset> + <physicalOffset>0x2ACF000</physicalOffset> <physicalRegionSize>0x4000</physicalRegionSize> <side>sideless</side> <ecc/> @@ -252,7 +249,7 @@ Layout Description <section> <description>OCC Lid (1.125M)</description> <eyeCatch>OCC</eyeCatch> - <physicalOffset>0x2AD4000</physicalOffset> + <physicalOffset>0x2AD3000</physicalOffset> <physicalRegionSize>0x120000</physicalRegionSize> <side>sideless</side> <ecc/> @@ -262,7 +259,7 @@ Layout Description <!-- We need 266KB per module sort, going to support 10 sorts by default, plus ECC --> <eyeCatch>WOFDATA</eyeCatch> - <physicalOffset>0x2BF4000</physicalOffset> + <physicalOffset>0x2BF3000</physicalOffset> <physicalRegionSize>0x300000</physicalRegionSize> <side>sideless</side> <ecc/> diff --git a/src/build/buildpnor/genPnorImages.pl b/src/build/buildpnor/genPnorImages.pl index 6d744d667..7d07bb7fb 100755 --- a/src/build/buildpnor/genPnorImages.pl +++ b/src/build/buildpnor/genPnorImages.pl @@ -42,9 +42,6 @@ use constant BASE_IMAGE_TOTAL_CONTAINER_SIZE => 0x000000000007EF80; use constant BASE_IMAGE_TARGET_HRMOR => 0x0000000008000000; use constant BASE_IMAGE_INSTRUCTION_START_STACK_POINTER => 0x0000000008280000; -# Max HBBL content size is 20K -my $MAX_HBBL_SIZE = 20480; - ################################################################################ # Be explicit with POSIX # Everything is exported by default (with a handful of exceptions). This is an @@ -512,9 +509,7 @@ sub manipulateImages #|| ($eyeCatch eq "CAPP") #|| ($eyeCatch eq "BOOTKERNEL"); - - my $isSpecialSecure = ($eyeCatch eq "HBB") - || ($eyeCatch eq "HBBL"); + my $isSpecialSecure = ($eyeCatch eq "HBB"); #|| ($eyeCatch eq "HBI") #|| ($eyeCatch eq "HBD"); @@ -545,15 +540,15 @@ sub manipulateImages # Ensure there is enough room at the end of the HBBL partition # to store the HW keys' hash. my $hbblRawSize = (-s $bin_file or die "Cannot get size of file $bin_file"); - print "HBBL raw size (no padding/ecc) = $hbblRawSize/$MAX_HBBL_SIZE\n"; - if ($hbblRawSize > $MAX_HBBL_SIZE - HW_KEYS_HASH_SIZE) + print "HBBL raw size (no padding/ecc) = $hbblRawSize/$size\n"; + if ($hbblRawSize > $size - HW_KEYS_HASH_SIZE) { die "HBBL cannot fit HW Keys' Hash (64 bytes) at the end without overwriting real data"; } # Pad HBBL to max size run_command("cp $bin_file $tempImages{TEMP_BIN}"); - run_command("dd if=$tempImages{TEMP_BIN} of=$bin_file ibs=$MAX_HBBL_SIZE conv=sync"); + run_command("dd if=$tempImages{TEMP_BIN} of=$bin_file ibs=$size conv=sync"); # Add HW key hash to end of HBBL - 64 Bytes my $hwKeyHashStart = (-s $bin_file or die "Cannot get size of file $bin_file") diff --git a/src/usr/pnor/pnor_utils.C b/src/usr/pnor/pnor_utils.C index 979b1cb1f..5a8d39065 100644 --- a/src/usr/pnor/pnor_utils.C +++ b/src/usr/pnor/pnor_utils.C @@ -360,8 +360,7 @@ bool PNOR::isEnforcedSecureSection(const uint32_t i_section) #ifdef BOOTLOADER return i_section == HB_BASE_CODE; #else - return i_section == HB_BOOTLOADER || - i_section == HB_EXT_CODE || + return i_section == HB_EXT_CODE || i_section == HB_DATA || i_section == SBE_IPL || i_section == CENTAUR_SBE || diff --git a/src/usr/sbe/sbe_update.C b/src/usr/sbe/sbe_update.C index 9a1a38ce3..3b333459e 100644 --- a/src/usr/sbe/sbe_update.C +++ b/src/usr/sbe/sbe_update.C @@ -1844,7 +1844,6 @@ namespace SBE } const void* hbblPnorPtr = reinterpret_cast<const void*>( pnorInfo.vaddr); - // Use max hbbl size and not the PNOR size. The PNOR size can grow // to add a secure header, but the code size limit is still 20K. TRACFCOMP( g_trac_sbe, "getSbeInfoState() - " @@ -3647,16 +3646,6 @@ namespace SBE break; } - // Load the Bootloader PNOR section into secure memory -#ifdef CONFIG_SECUREBOOT - err = loadSecureSection(PNOR::HB_BOOTLOADER); - if(err) - { - TRACFCOMP( g_trac_sbe, ERR_MRK,"createSbeImageVmmSpace() - Error from loadSecureSection(PNOR::HB_BOOTLOADER)"); - break; - } -#endif - }while(0); TRACDCOMP( g_trac_sbe, @@ -3743,16 +3732,6 @@ namespace SBE PNOR::flush( PNOR::SBE_IPL ); - // Unload the Bootloader PNOR section from secure memory -#ifdef CONFIG_SECUREBOOT - err = unloadSecureSection(PNOR::HB_BOOTLOADER); - if (err) - { - TRACFCOMP( g_trac_sbe, ERR_MRK,"cleanupSbeImageVmmSpace() - Error from unloadSecureSection(PNOR::HB_BOOTLOADER)"); - break; - } -#endif - }while(0); diff --git a/src/usr/secureboot/base/securerommgr.C b/src/usr/secureboot/base/securerommgr.C index b51127820..264f6a411 100644 --- a/src/usr/secureboot/base/securerommgr.C +++ b/src/usr/secureboot/base/securerommgr.C @@ -264,7 +264,6 @@ errlHndl_t SecureRomManager::verifyContainer(void * i_container, // struct elements my_ecid, entry_point and log memset(&l_hw_parms, 0, sizeof(ROM_hw_params)); - // Now set hw_key_hash, which is of type sha2_hash_t, to iv_key_hash if (i_hwKeyHash == nullptr) { // Use current hw hash key |
