diff options
| author | Jaymes Wilks <mjwilks@us.ibm.com> | 2017-05-24 10:44:49 -0500 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-05-31 16:08:46 -0400 |
| commit | e263958ff610eeee6500ef6c08c6ec07fd135afe (patch) | |
| tree | ebd177b22e96fc6eeaba44039687441d079e30f7 /src | |
| parent | ddfce1bdb0777724f17eda1559db2a8270912eac (diff) | |
| download | talos-hostboot-e263958ff610eeee6500ef6c08c6ec07fd135afe.tar.gz talos-hostboot-e263958ff610eeee6500ef6c08c6ec07fd135afe.zip | |
Secure WOF data support in HB standalone
Adds secure signing of WOF data for HB standalone and ensures
the section is loaded when needed and available for reuse
more than once during the IPL.
Change-Id: Idd5f611030033ea165cde51ace987fa6847b78e7
RTC:170715
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/41172
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/build/buildpnor/defaultPnorLayout.xml | 1 | ||||
| -rwxr-xr-x | src/build/buildpnor/genPnorImages.pl | 1 | ||||
| -rw-r--r-- | src/usr/pnor/pnor_utils.C | 3 | ||||
| -rw-r--r-- | src/usr/pnor/pnorrp.C | 2 | ||||
| -rw-r--r-- | src/usr/pnor/runtime/rt_pnor.C | 2 |
5 files changed, 6 insertions, 3 deletions
diff --git a/src/build/buildpnor/defaultPnorLayout.xml b/src/build/buildpnor/defaultPnorLayout.xml index 06e65006a..4cb289d34 100644 --- a/src/build/buildpnor/defaultPnorLayout.xml +++ b/src/build/buildpnor/defaultPnorLayout.xml @@ -268,6 +268,7 @@ Layout Description <physicalOffset>0x2BF4000</physicalOffset> <physicalRegionSize>0x300000</physicalRegionSize> <side>sideless</side> + <sha512Version/> <ecc/> </section> </pnor> diff --git a/src/build/buildpnor/genPnorImages.pl b/src/build/buildpnor/genPnorImages.pl index cb0cbbf90..e3aa776f8 100755 --- a/src/build/buildpnor/genPnorImages.pl +++ b/src/build/buildpnor/genPnorImages.pl @@ -550,6 +550,7 @@ sub manipulateImages #$isNormalSecure ||= ($eyeCatch eq "CAPP"); #$isNormalSecure ||= ($eyeCatch eq "BOOTKERNEL"); $isNormalSecure ||= ($eyeCatch eq "HCODE"); + $isNormalSecure ||= ($eyeCatch eq "WOFDATA"); my $isSpecialSecure = ($eyeCatch eq "HBB"); $isSpecialSecure ||= ($eyeCatch eq "HBD"); diff --git a/src/usr/pnor/pnor_utils.C b/src/usr/pnor/pnor_utils.C index 2a7552390..2ba31c8cc 100644 --- a/src/usr/pnor/pnor_utils.C +++ b/src/usr/pnor/pnor_utils.C @@ -393,7 +393,8 @@ bool PNOR::isEnforcedSecureSection(const uint32_t i_section) i_section == SBKT || i_section == OCC || i_section == HCODE || - i_section == HB_RUNTIME; + i_section == HB_RUNTIME || + i_section == WOFDATA; #endif #else return false; diff --git a/src/usr/pnor/pnorrp.C b/src/usr/pnor/pnorrp.C index ce38d87ad..5aad259fa 100644 --- a/src/usr/pnor/pnorrp.C +++ b/src/usr/pnor/pnorrp.C @@ -103,7 +103,7 @@ errlHndl_t PNOR::clearSection(PNOR::SectionId i_section) } /** - * @brief Write the data for a given sectino into PNOR + * @brief Write the data for a given section into PNOR */ errlHndl_t PNOR::flush( PNOR::SectionId i_section) { diff --git a/src/usr/pnor/runtime/rt_pnor.C b/src/usr/pnor/runtime/rt_pnor.C index 6a1541721..cde36a487 100644 --- a/src/usr/pnor/runtime/rt_pnor.C +++ b/src/usr/pnor/runtime/rt_pnor.C @@ -62,7 +62,7 @@ errlHndl_t PNOR::getSectionInfo( PNOR::SectionId i_section, } /** - * @brief Write the data for a given sectino into PNOR + * @brief Write the data for a given section into PNOR */ errlHndl_t PNOR::flush( PNOR::SectionId i_section) { |
