summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xsrc/build/buildpnor/genPnorImages.pl8
-rw-r--r--src/usr/sbe/sbe_update.C37
-rw-r--r--src/usr/sbe/test/sbeupdatetest.H49
3 files changed, 53 insertions, 41 deletions
diff --git a/src/build/buildpnor/genPnorImages.pl b/src/build/buildpnor/genPnorImages.pl
index 8ad102eab..b23f01a0a 100755
--- a/src/build/buildpnor/genPnorImages.pl
+++ b/src/build/buildpnor/genPnorImages.pl
@@ -500,9 +500,8 @@ sub manipulateImages
# Sections that have secureboot support. Secureboot still must be
# enabled for secureboot actions on these partitions to occur.
# @TODO securebootp9 re-enable with SBE/SBEC/PAYLOAD secureboot ports
- my $isNormalSecure = 0;
+ my $isNormalSecure = ($eyeCatch eq "SBE");
#|| ($eyeCatch eq "HBRT");
- #|| ($eyeCatch eq "SBE")
#|| ($eyeCatch eq "SBEC")
#|| ($eyeCatch eq "PAYLOAD")
#|| ($eyeCatch eq "OCC")
@@ -698,10 +697,7 @@ sub manipulateImages
run_command("cat $bin_file >> $tempImages{HDR_PHASE}");
}
}
- # @TODO securebootp9 re-enable with SBE/SBEC secureboot ports
- elsif(0) #$secureboot
- #&& ( ($sectionHash{$layoutKey}{sha512perEC} eq "yes")
- # || ($isNormalSecure)))
+ elsif ($secureboot && $isNormalSecure)
{
$callerHwHdrFields{configure} = 1;
if($openSigningTool)
diff --git a/src/usr/sbe/sbe_update.C b/src/usr/sbe/sbe_update.C
index 3b333459e..b8cc92c8c 100644
--- a/src/usr/sbe/sbe_update.C
+++ b/src/usr/sbe/sbe_update.C
@@ -727,7 +727,9 @@ namespace SBE
// Advance PNOR pointer 4k to move it past header page to the
// start of the non-customized SBE image
o_imgPtr = reinterpret_cast<void*>
- (reinterpret_cast<char*>(hdr_Ptr)+0x1000);
+ (reinterpret_cast<char*>(hdr_Ptr)+PAGE_SIZE);
+ // Do not include header in size
+ o_imgSize -= PAGE_SIZE;
}
if(NULL != o_version)
@@ -3646,6 +3648,17 @@ namespace SBE
break;
}
+ // Load PNOR sections into secure memory
+#ifdef CONFIG_SECUREBOOT
+ err = loadSecureSection(PNOR::SBE_IPL);
+ if (err)
+ {
+ TRACFCOMP( g_trac_sbe, ERR_MRK"createSbeImageVmmSpace() - Error from loadSecureSection(PNOR::SBE_IPL)");
+ break;
+ }
+
+#endif
+
}while(0);
TRACDCOMP( g_trac_sbe,
@@ -3730,7 +3743,25 @@ namespace SBE
break;
}
+#ifndef CONFIG_SECUREBOOT
+ // @TODO RTC 157475
+ // UnloadSecureSection is not fully implemented so we do not attempt
+ // to pull the SBE partition back in after the initial time.
+ // NOTE: PNOR::flush(PNOR::HB_BOOTLOADER) is another thing that
+ // could be flushed. It's only 20K, but it would be 5 pages
+ // freed up.
PNOR::flush( PNOR::SBE_IPL );
+#endif
+
+ // Unload PNOR sections from secure memory
+#ifdef CONFIG_SECUREBOOT
+ err = unloadSecureSection(PNOR::SBE_IPL);
+ if (err)
+ {
+ TRACFCOMP( g_trac_sbe, ERR_MRK"cleanupSbeImageVmmSpace() - Error from unloadSecureSection(PNOR::SBE_IPL)");
+ break;
+ }
+#endif
}while(0);
@@ -5031,7 +5062,7 @@ errlHndl_t secureKeyTransition()
l_errl = loadSecureSection(PNOR::SBKT);
if (l_errl)
{
- TRACFCOMP( g_trac_sbe, ERR_MRK,"secureKeyTransition() - Error from loadSecureSection(PNOR::SBKT)");
+ TRACFCOMP( g_trac_sbe, ERR_MRK"secureKeyTransition() - Error from loadSecureSection(PNOR::SBKT)");
break;
}
l_loaded = true;
@@ -5052,7 +5083,7 @@ errlHndl_t secureKeyTransition()
l_errl = unloadSecureSection(PNOR::SBKT);
if (l_errl)
{
- TRACFCOMP( g_trac_sbe, ERR_MRK,"secureKeyTransition() - Error from unloadSecureSection(PNOR::SBKT)");
+ TRACFCOMP( g_trac_sbe, ERR_MRK"secureKeyTransition() - Error from unloadSecureSection(PNOR::SBKT)");
break;
}
}
diff --git a/src/usr/sbe/test/sbeupdatetest.H b/src/usr/sbe/test/sbeupdatetest.H
index 876b8e874..9a0701f50 100644
--- a/src/usr/sbe/test/sbeupdatetest.H
+++ b/src/usr/sbe/test/sbeupdatetest.H
@@ -685,7 +685,6 @@ class SBEUpdateTest: public CxxTest::TestSuite
{
errlHndl_t err = NULL;
- errlHndl_t err_cleanup = NULL;
uint64_t fails = 0x0;
uint64_t total = 0x0;
@@ -711,16 +710,6 @@ class SBEUpdateTest: public CxxTest::TestSuite
uint8_t local_ec = theTarget->getAttr<TARGETING::ATTR_EC>();
- total++;
- err = createSbeImageVmmSpace();
- if(err)
- {
- fails++;
- TS_FAIL("testSbeUpdateTarget() - Call to createSbeImageVmmSpace() failed");
- break;
- }
-
-
/****************************************************/
/* Get SBE Info State */
/****************************************************/
@@ -864,16 +853,6 @@ class SBEUpdateTest: public CxxTest::TestSuite
}while(0);
- err_cleanup = cleanupSbeImageVmmSpace();
- if(err_cleanup)
- {
- total++;
- fails++;
- TS_FAIL("testSbeUpdateTarget() -Call to cleanupSbeImageVmmSpace() failed.");
- errlCommit( err_cleanup, SBE_COMP_ID );
-
- }
-
TRACFCOMP( g_trac_sbe,
EXIT_MRK"testSbeUpdateTarget() - %d/%d fails",
fails, total );
@@ -1235,20 +1214,23 @@ class SBEUpdateTest: public CxxTest::TestSuite
*/
SBEUpdateTest() : CxxTest::TestSuite()
{
- errlHndl_t err = NULL;
- uint64_t fails = 0x0;
- uint64_t total = 0x0;
+ errlHndl_t err = nullptr;
bool sbe_loaded = false;
err = loadSbeModule(sbe_loaded);
if(err)
{
- total++;
- fails++;
TS_FAIL("SBEUpdateTest() - Constuctor: failed to load modules");
errlCommit( err, SBE_COMP_ID );
}
+ err = createSbeImageVmmSpace();
+ if(err)
+ {
+ TS_FAIL("SBEUpdateTest() - Constructor: Call to createSbeImageVmmSpace() failed");
+ errlCommit( err, SBE_COMP_ID );
+ }
+
};
@@ -1257,16 +1239,19 @@ class SBEUpdateTest: public CxxTest::TestSuite
*/
~SBEUpdateTest()
{
- errlHndl_t err = NULL;
- uint64_t fails = 0x0;
- uint64_t total = 0x0;
+ errlHndl_t err = nullptr;
+
+ err = cleanupSbeImageVmmSpace();
+ if(err)
+ {
+ TS_FAIL("~SBEUpdateTest() - Destructor: Call to cleanupSbeImageVmmSpace() failed.");
+ errlCommit( err, SBE_COMP_ID );
+ }
err = unloadSbeModule();
if(err)
{
- total++;
- fails++;
- TS_FAIL("~SBEUpdateTest() - Destuctor: failed to load modules");
+ TS_FAIL("~SBEUpdateTest() - Destructor: failed to load modules");
errlCommit( err, SBE_COMP_ID );
}
OpenPOWER on IntegriCloud