diff options
| -rw-r--r-- | img/.gitignore | 2 | ||||
| -rwxr-xr-x | src/build/buildpnor/genPnorImages.pl | 7 | ||||
| -rw-r--r-- | src/build/mkrules/dist.targets.mk | 4 | ||||
| -rwxr-xr-x | src/build/mkrules/hbfw/img/makefile | 13 | ||||
| -rwxr-xr-x | src/usr/targeting/common/xmltohb/xmltohb.pl | 47 | ||||
| -rw-r--r-- | src/usr/targeting/xmltohb/makefile | 18 |
6 files changed, 68 insertions, 23 deletions
diff --git a/img/.gitignore b/img/.gitignore index e6fd8bd1b..cb339c260 100644 --- a/img/.gitignore +++ b/img/.gitignore @@ -18,3 +18,5 @@ errlparser *.prf test_signed_container secureboot_signed_container +*.protected +*.unprotected diff --git a/src/build/buildpnor/genPnorImages.pl b/src/build/buildpnor/genPnorImages.pl index 7d07bb7fb..8ad102eab 100755 --- a/src/build/buildpnor/genPnorImages.pl +++ b/src/build/buildpnor/genPnorImages.pl @@ -509,9 +509,10 @@ sub manipulateImages #|| ($eyeCatch eq "CAPP") #|| ($eyeCatch eq "BOOTKERNEL"); - my $isSpecialSecure = ($eyeCatch eq "HBB"); - #|| ($eyeCatch eq "HBI") - #|| ($eyeCatch eq "HBD"); + my $isSpecialSecure = ($eyeCatch eq "HBB") + || ($eyeCatch eq "HBD"); + #|| ($eyeCatch eq "HBBL") + #|| ($eyeCatch eq "HBI") my $openSigningFlags = OP_SIGNING_FLAG.$sb_hdrs{DEFAULT}{flags}; my $secureboot_hdr = $sb_hdrs{DEFAULT}{file}; diff --git a/src/build/mkrules/dist.targets.mk b/src/build/mkrules/dist.targets.mk index bef6756d4..2f047bcda 100644 --- a/src/build/mkrules/dist.targets.mk +++ b/src/build/mkrules/dist.targets.mk @@ -234,10 +234,14 @@ fsp.tar_CONTENTS = \ src/build/buildpnor/pnorLayoutFSP.xml \ $(if $(FAKEPNOR), src/build/buildpnor/pnorLayoutFake.xml, ) \ $(if $(FAKEPNOR), img/vbu_NIMBUS_targeting.bin, ) \ + $(if $(FAKEPNOR), img/vbu_NIMBUS_targeting.bin.protected, ) \ + $(if $(FAKEPNOR), img/vbu_NIMBUS_targeting.bin.unprotected, ) \ $(if $(FAKEPNOR), img/vpo_sysmvpd.dat, ) \ $(if $(FAKEPNOR), img/vpo_djvpd.dat, ) \ $(if $(FAKEPNOR), img/dvpd.dat, ) \ img/simics_NIMBUS_targeting.bin \ + img/simics_NIMBUS_targeting.bin.protected \ + img/simics_NIMBUS_targeting.bin.unprotected \ obj/genfiles/fapiattrs.xml \ obj/genfiles/hb_plat_attr_srvc.H \ src/import/hwpf/fapi2/xml/attribute_info/hb_temp_defaults.xml \ diff --git a/src/build/mkrules/hbfw/img/makefile b/src/build/mkrules/hbfw/img/makefile index ac2a6b2af..ff35113bc 100755 --- a/src/build/mkrules/hbfw/img/makefile +++ b/src/build/mkrules/hbfw/img/makefile @@ -236,21 +236,18 @@ NIMBUS_HCODE_FINAL_IMG = ${NIMBUS}.HCODE.bin NIMBUS_SBE_FINAL_IMG = ${NIMBUS}.SBE.bin NIMBUS_OCC_FINAL_IMG = ${NIMBUS}.OCC.bin SBEC_FINAL_IMG = SBEC.bin -TEMP_IMG = temp.bin # Decide which PNOR to build .if(${FAKEPNOR} == "") # Paramemters passed into GEN_PNOR_IMAGE_SCRIPT. - #@TODO securebootp9 - Put `HBD=${${NIMBUS_HBD_IMG}:P},` back into genPnorImage parameters - GEN_NIMBUS_BIN_FILES = ${NIMBUS}:SBE=${${NIMBUS_SBE_IMG}:P},HCODE=${${NIMBUS_HCODE_IMG}:P},OCC=${${NIMBUS_OCC_IMG}:P} + GEN_NIMBUS_BIN_FILES = ${NIMBUS}:SBE=${${NIMBUS_SBE_IMG}:P},HCODE=${${NIMBUS_HCODE_IMG}:P},OCC=${${NIMBUS_OCC_IMG}:P},HBD=${${NIMBUS_HBD_IMG}:P} #@TODO RTC:163810 - Put SBEC back "--systemBinFile SBEC=${${SBEC_IMG}:P}" SYSTEM_SPECIFIC_PARAMS = ${TARGET_TEST:b--test} ${CONFIG_SECUREBOOT:b--secureboot} \ --pnorLayout ${DEFAULT_PNOR_LAYOUT} ${CORRUPT_PARAMS} \ --systemBinFiles ${GEN_NIMBUS_BIN_FILES} --hwKeyHashFile ${IMPRINT_HW_KEY_HASH} .else # Parameters passed into GEN_PNOR_IMAGE_SCRIPT. - #@TODO securebootp9 - Put `HBD=${${NIMBUS_VPO_HBD_IMG}:P}` back into genPnorImage parameters - GEN_NIMBUS_BIN_FILES = ${NIMBUS}:HCODE=${${NIMBUS_HCODE_IMG}:P} + GEN_NIMBUS_BIN_FILES = ${NIMBUS}:HCODE=${${NIMBUS_HCODE_IMG}:P},HBD=${${NIMBUS_VPO_HBD_IMG}:P} #@TODO RTC:163810 - Put SBEC back "--systemBinFile SBEC=${${SBEC_IMG}:P}" SYSTEM_SPECIFIC_PARAMS = --pnorLayout ${DEFAULT_PNOR_LAYOUT} \ --systemBinFiles ${GEN_NIMBUS_BIN_FILES} @@ -259,15 +256,11 @@ TEMP_IMG = temp.bin gen_system_specific_images: build_sbe_partitions # Call script to generate final bin file for system specific images ${GEN_PNOR_IMAGE_SCRIPT} ${SYSTEM_SPECIFIC_PARAMS} - #@TODO securebootp9 - Remove all dd/ecc commands and add HBD back into genPnorImage - # HBD partition - dd if=${${NIMBUS_HBD_IMG}:P} of=${TEMP_IMG} ibs=1024k conv=sync - ecc --inject ${TEMP_IMG} --output ${NIMBUS_HBD_FINAL_IMG} --p8 + #for NIMBUS fake pnor skip version header .if(${FAKEPNOR} != "") dd if=${${NIMBUS_VPO_HBD_IMG}:P} of=${NIMBUS_HBD_FINAL_IMG} ibs=4k skip=1 conv=sync .endif - rm -f ${TEMP_IMG} HOSTBOOT_DEFAULT_SECTIONS = HBBL=${HBBL_FINAL_IMG},HBB=${HBB_FINAL_IMG},HBI=${HBI_FINAL_IMG},HBRT=${HBRT_FINAL_IMG},TEST=${TEST_FINAL_IMG},TESTRO=${TESTRO_FINAL_IMG},HBEL=${HBEL_FINAL_IMG},GUARD=${GUARD_FINAL_IMG},GLOBAL=${GLOBAL_FINAL_IMG},PAYLOAD=${PAYLOAD_FINAL_IMG},CVPD=${CVPD_FINAL_IMG},MVPD=${MVPD_FINAL_IMG},DJVPD=${DJVPD_FINAL_IMG},RINGOVD=${RINGOVD_FINAL_IMG},SBKT=${SBKT_FINAL_IMG},WOFDATA=${WOFDATA_FINAL_IMG} #@TODO RTC:163810 - Put SBEC back "SBEC=${SBEC_FINAL_IMG}," diff --git a/src/usr/targeting/common/xmltohb/xmltohb.pl b/src/usr/targeting/common/xmltohb/xmltohb.pl index e1cf4447f..9364e43ea 100755 --- a/src/usr/targeting/common/xmltohb/xmltohb.pl +++ b/src/usr/targeting/common/xmltohb/xmltohb.pl @@ -412,16 +412,44 @@ if( !($cfgImgOutputDir =~ "none") ) { $addRO_Section_VerPage = 1; } + + # Different portions of the targeting data split up. + my $combinedData; + my $protectedData; + my $unprotectedData; + #Pass the $addRO_Section_VerPage into the sub rotuine - my $Data = generateTargetingImage($cfgVmmConstsFile,$attributes,\%Target_t, - $addRO_Section_VerPage,$allAttributes); + generateTargetingImage($cfgVmmConstsFile,$attributes,\%Target_t, + $addRO_Section_VerPage,$allAttributes, + \$combinedData, + \$protectedData, + \$unprotectedData); + # Generate combined targeting file open(PNOR_TARGETING_FILE,">$cfgImgOutputDir".$cfgImgOutputFile) or fatal ("Targeting image file: \"$cfgImgOutputDir" . "$cfgImgOutputFile\" could not be opened."); binmode(PNOR_TARGETING_FILE); - print PNOR_TARGETING_FILE "$Data"; + print PNOR_TARGETING_FILE "$combinedData"; close(PNOR_TARGETING_FILE); + + # Generate protected payload file + open(PNOR_TARGETING_FILE,">$cfgImgOutputDir"."$cfgImgOutputFile.protected") + or fatal ("Targeting image file: \"$cfgImgOutputDir" + . "$cfgImgOutputFile.protected\" could not be opened."); + binmode(PNOR_TARGETING_FILE); + print PNOR_TARGETING_FILE "$protectedData"; + close(PNOR_TARGETING_FILE); + + # Generate unprotected payload file + open(PNOR_TARGETING_FILE, + ">$cfgImgOutputDir"."$cfgImgOutputFile.unprotected") + or fatal ("Targeting image file: \"$cfgImgOutputDir" + . "$cfgImgOutputFile.unprotected\" could not be opened."); + binmode(PNOR_TARGETING_FILE); + print PNOR_TARGETING_FILE "$unprotectedData"; + close(PNOR_TARGETING_FILE); + if ($CfgSMAttrFile ne "") { generateXMLforSM(); @@ -5095,7 +5123,8 @@ sub serializeAssociations sub generateTargetingImage { my($vmmConstsFile, $attributes,$Target_t,$addRO_Section_VerPage, - $allAttributes) = @_; + $allAttributes,$combinedDataRef, $protectedDataRef, + $unprotectedDataRef) = @_; # 128 MB virtual memory offset between sections my $vmmSectionOffset = 128 * 1024 * 1024; # 128MB @@ -6113,6 +6142,7 @@ sub generateTargetingImage { . "than allocated amount of $headerSize."); } + # Handle splitting up data into different files for secure signing purposes my $outFile; #HB Targeting binary file will contain <Version Page>+<Targeting Header>+ @@ -6175,6 +6205,11 @@ sub generateTargetingImage { $outFile .= pack("@".($sectionHoH{heapPnorInit}{size} - $heapPnorInitOffset)); + # Handle read-only data + ${$protectedDataRef} = $outFile; + ${$combinedDataRef} = $outFile; + $outFile = ""; + # Serialize PNOR RW section to multiple of 4k page size (pad if necessary) $outFile .= $rwAttrBinData; $outFile .= pack("@".($sectionHoH{pnorRw}{size} - $rwOffset)); @@ -6208,6 +6243,10 @@ sub generateTargetingImage { - $fspP1DefaultedFromP3Offset)); } + # Handle read-write data + ${$unprotectedDataRef} = $outFile; + ${$combinedDataRef} .= $outFile; + if(defined $cfgBiosXmlFile) { unless (-e $cfgBiosXmlFile) diff --git a/src/usr/targeting/xmltohb/makefile b/src/usr/targeting/xmltohb/makefile index ae3a41383..6e48e5a4b 100644 --- a/src/usr/targeting/xmltohb/makefile +++ b/src/usr/targeting/xmltohb/makefile @@ -5,7 +5,7 @@ # # OpenPOWER HostBoot Project # -# Contributors Listed Below - COPYRIGHT 2011,2016 +# Contributors Listed Below - COPYRIGHT 2011,2017 # [+] International Business Machines Corp. # # @@ -119,6 +119,11 @@ VMM_CONSTS_FILE = \ GENFILES = ${XMLTOHB_TARGETS} +XMLTOHB_SYSTEM_BINARIES += \ + $(if $(CONFIG_SECUREBOOT),simics_NIMBUS_targeting.bin.protected) +XMLTOHB_SYSTEM_BINARIES += \ + $(if $(CONFIG_SECUREBOOT),simics_NIMBUS_targeting.bin.unprotected) + #debug : # @echo COMMON_TARGETING_PATH_PREFIX = ${COMMON_TARGETING_PATH_PREFIX} # @echo COMMON_TARGETING_REL_PATH = ${COMMON_TARGETING_REL_PATH} @@ -229,12 +234,13 @@ ${GENDIR}/%.hb.xml: %.system.xml ${GENDIR}/${XMLTOHB_GENERIC_XML} %.mrw.xml ${COMMON_TARGETING_REL_PATH}/${XMLTOHB_MERGE_SCRIPT} $^ > $@ # create the binary files -${GENDIR}/%_targeting.bin: ${XMLTOHB_COMPILER_SCRIPT} ${GENDIR}/%.hb.xml \ +${GENDIR}/%_targeting.bin \ +${GENDIR}/%_targeting.bin.protected \ +${GENDIR}/%_targeting.bin.unprotected: \ + ${XMLTOHB_COMPILER_SCRIPT} ${GENDIR}/%.hb.xml \ ${GENDIR}/${XMLTOHB_FAPI_XML} ${VMM_CONSTS_FILE} $< $(addprefix --hb-xml-file=,${GENDIR}/$*.hb.xml) \ $(addprefix --fapi-attributes-xml-file=,${GENDIR}/${XMLTOHB_FAPI_XML}) \ --src-output-dir=none --img-output-dir=$(dir $@) \ - --img-output-file=$(notdir $@) \ - --vmm-consts-file=$(VMM_CONSTS_FILE) --noshort-enums \ - --version-page - + --img-output-file=$*_targeting.bin \ + --vmm-consts-file=$(VMM_CONSTS_FILE) --noshort-enums |
