diff options
| -rwxr-xr-x | src/build/buildpnor/genPnorImages.pl | 11 | ||||
| -rw-r--r-- | src/usr/runtime/populate_hbruntime.C | 8 | ||||
| -rw-r--r-- | src/usr/testcore/rtloader/loader.H | 21 |
3 files changed, 33 insertions, 7 deletions
diff --git a/src/build/buildpnor/genPnorImages.pl b/src/build/buildpnor/genPnorImages.pl index 5edc38d0a..d343c50c9 100755 --- a/src/build/buildpnor/genPnorImages.pl +++ b/src/build/buildpnor/genPnorImages.pl @@ -537,8 +537,9 @@ sub manipulateImages # Sections that have secureboot support. Secureboot still must be # enabled for secureboot actions on these partitions to occur. # @TODO securebootp9 re-enable with SBE/SBEC/PAYLOAD secureboot ports - my $isNormalSecure = ($eyeCatch eq "SBE"); - #$isNormalSecure ||= ($eyeCatch eq "HBRT"); + my $isNormalSecure ||= ($eyeCatch eq "HBBL"); + $isNormalSecure ||= ($eyeCatch eq "SBE"); + $isNormalSecure ||= ($eyeCatch eq "HBRT"); #$isNormalSecure ||= ($eyeCatch eq "SBEC"); $isNormalSecure ||= ($eyeCatch eq "PAYLOAD"); #$isNormalSecure ||= ($eyeCatch eq "OCC"); @@ -547,9 +548,11 @@ sub manipulateImages my $isSpecialSecure = ($eyeCatch eq "HBB"); $isSpecialSecure ||= ($eyeCatch eq "HBD"); - $isSpecialSecure ||= ($eyeCatch eq "HBBL"); #$isSpecialSecure ||= ($eyeCatch eq "HBI"); + # Used to indicate security is supported in firmware + my $secureSupported = $isNormalSecure || $isSpecialSecure; + # If there is a non-default header for this section, use it instead my $header = $sb_hdrs{DEFAULT}; if(exists $sb_hdrs{$eyeCatch}) @@ -609,7 +612,7 @@ sub manipulateImages $fsp_prefix.=".header"; # Add secure container header # @TODO RTC:155374 Remove when official signing supported - if ($secureboot && $isSpecialSecure) + if ($secureboot && $secureSupported) { $callerHwHdrFields{configure} = 1; # @TODO securebootp9 re-enable hash page table with vfs page table port diff --git a/src/usr/runtime/populate_hbruntime.C b/src/usr/runtime/populate_hbruntime.C index 995f76302..93ed6e4ee 100644 --- a/src/usr/runtime/populate_hbruntime.C +++ b/src/usr/runtime/populate_hbruntime.C @@ -913,6 +913,14 @@ errlHndl_t populate_HbRsvMem(uint64_t i_nodeId) l_label = HBRT_RSVD_MEM__CODE; l_labelSize = strlen(l_label) + 1; +#ifdef CONFIG_SECUREBOOT + l_elog = loadSecureSection(PNOR::HB_RUNTIME); + if(l_elog) + { + break; + } +#endif + PNOR::SectionInfo_t l_pnorInfo; l_elog = getSectionInfo( PNOR::HB_RUNTIME , l_pnorInfo); if (l_elog) diff --git a/src/usr/testcore/rtloader/loader.H b/src/usr/testcore/rtloader/loader.H index 8914c709b..a5167ff45 100644 --- a/src/usr/testcore/rtloader/loader.H +++ b/src/usr/testcore/rtloader/loader.H @@ -43,6 +43,7 @@ #include <pnor/ecc.H> #include <ipmi/ipmiif.H> #include <targeting/common/attributeTank.H> +#include <config.h> trace_desc_t* g_trac_hbrt = NULL; TRAC_INIT(&g_trac_hbrt, "HBRT_TEST", 2*KILOBYTE); @@ -54,11 +55,25 @@ class RuntimeLoaderTest : public CxxTest::TestSuite void testLoader() { static const uint64_t HEADER_OFFSET = 0x2000; - + errlHndl_t l_errl = nullptr; + +#ifdef CONFIG_SECUREBOOT + // load secure section + // TODO RTC: 157475 Since this is a test case and unload is + // merely a stub function at this point in time, add a call + // to unload later when the aforementioned story is implemented. + l_errl = loadSecureSection(PNOR::HB_RUNTIME); + if(l_errl) + { + TS_WARN("Could not securely load runtime section."); + delete l_errl; + l_errl = nullptr; + return; + } +#endif PNOR::SectionInfo_t runtimeSection; - errlHndl_t l_errl = - PNOR::getSectionInfo(PNOR::HB_RUNTIME, runtimeSection); + l_errl = PNOR::getSectionInfo(PNOR::HB_RUNTIME, runtimeSection); if (l_errl) { |
