diff options
-rw-r--r-- | makefile | 10 | ||||
-rw-r--r-- | src/build/buildpnor/defaultPnorLayout.xml | 17 | ||||
-rwxr-xr-x | src/build/buildpnor/genPnorImages.pl | 39 | ||||
-rw-r--r-- | src/build/buildpnor/pnorLayoutFSP.xml | 78 | ||||
-rwxr-xr-x | src/build/mkrules/hbfw/img/makefile | 30 | ||||
-rwxr-xr-x | src/build/tools/hbDistribute | 11 | ||||
-rw-r--r-- | src/usr/pnor/pnor_utils.C | 3 | ||||
-rw-r--r-- | src/usr/sbe/sbe_update.C | 14 | ||||
-rw-r--r-- | src/usr/secureboot/base/securerommgr.C | 1 |
9 files changed, 148 insertions, 55 deletions
@@ -5,7 +5,7 @@ # # OpenPOWER HostBoot Project # -# Contributors Listed Below - COPYRIGHT 2010,2016 +# Contributors Listed Below - COPYRIGHT 2010,2017 # [+] International Business Machines Corp. # # @@ -35,6 +35,9 @@ SKIP_CONFIG_FILE_LOAD = 1 IMAGE_PASS_POST += $(GENDIR)/hwp_id.html CLEAN_TARGETS += $(GENDIR)/hwp_id.html +# Name of file to indicate if hostboot is building an fsp release. +HB_FSP_RELEASE = $(GENDIR)/hb_fsp_release + ifndef BUILD_MINIMAL IMAGE_PASS_POST += cscope ctags endif @@ -69,6 +72,7 @@ check_istep_modules: $(OBJS) GENCONFIG_TOOL = src/build/tools/hbGenConfig +# At end of rule, create HB_FSP_RELEASE file if compiling with fsprelease.config $(GENDIR)/.$(notdir $(CONFIG_FILE)).config: \ $(shell find -name HBconfig) \ $(filter-out $(GENDIR)/.$(notdir $(CONFIG_FILE)).config,\ @@ -82,3 +86,7 @@ $(GENDIR)/.$(notdir $(CONFIG_FILE)).config: \ $(wildcard $(GENDIR)/.*.config),$^) @rm -f $(wildcard $(GENDIR)/.*.config) @touch $@ + @rm -f $(HB_FSP_RELEASE) + ifneq (,$(findstring fsprelease.config, $(strip $(CONFIG_FILE)))) + @touch $(HB_FSP_RELEASE) + endif diff --git a/src/build/buildpnor/defaultPnorLayout.xml b/src/build/buildpnor/defaultPnorLayout.xml index eb592147b..54d4bc516 100644 --- a/src/build/buildpnor/defaultPnorLayout.xml +++ b/src/build/buildpnor/defaultPnorLayout.xml @@ -215,17 +215,20 @@ Layout Description <ecc/> </section> <section> - <description>Hostboot Bootloader (22.5K)</description> + <description>Hostboot Bootloader (28K)</description> <eyeCatch>HBBL</eyeCatch> <physicalOffset>0x2ABB000</physicalOffset> - <physicalRegionSize>0x6000</physicalRegionSize> + <!-- Physical Size includes Header rounded to ECC valid size --> + <!-- Max size of actual HBBL content is 20K and 22.5K with ECC --> + <physicalRegionSize>0x7000</physicalRegionSize> <side>sideless</side> + <sha512Version/> <ecc/> </section> <section> <description>Global Data (36K)</description> <eyeCatch>GLOBAL</eyeCatch> - <physicalOffset>0x2AC1000</physicalOffset> + <physicalOffset>0x2AC2000</physicalOffset> <physicalRegionSize>0x9000</physicalRegionSize> <side>sideless</side> <ecc/> @@ -233,7 +236,7 @@ Layout Description <section> <description>Ref Image Ring Overrides (20K)</description> <eyeCatch>RINGOVD</eyeCatch> - <physicalOffset>0x2ACA000</physicalOffset> + <physicalOffset>0x2ACB000</physicalOffset> <physicalRegionSize>0x5000</physicalRegionSize> <side>sideless</side> <ecc/> @@ -241,7 +244,7 @@ Layout Description <section> <description>SecureBoot Key Transition Partition (16K)</description> <eyeCatch>SBKT</eyeCatch> - <physicalOffset>0x2ACF000</physicalOffset> + <physicalOffset>0x2AD0000</physicalOffset> <physicalRegionSize>0x4000</physicalRegionSize> <side>sideless</side> <ecc/> @@ -249,7 +252,7 @@ Layout Description <section> <description>OCC Lid (1.125M)</description> <eyeCatch>OCC</eyeCatch> - <physicalOffset>0x2AD3000</physicalOffset> + <physicalOffset>0x2AD4000</physicalOffset> <physicalRegionSize>0x120000</physicalRegionSize> <side>sideless</side> <ecc/> @@ -259,7 +262,7 @@ Layout Description <!-- We need 266KB per module sort, going to support 10 sorts by default, plus ECC --> <eyeCatch>WOFDATA</eyeCatch> - <physicalOffset>0x2BF3000</physicalOffset> + <physicalOffset>0x2BF4000</physicalOffset> <physicalRegionSize>0x300000</physicalRegionSize> <side>sideless</side> <ecc/> diff --git a/src/build/buildpnor/genPnorImages.pl b/src/build/buildpnor/genPnorImages.pl index b23f01a0a..54f1c82ba 100755 --- a/src/build/buildpnor/genPnorImages.pl +++ b/src/build/buildpnor/genPnorImages.pl @@ -42,6 +42,9 @@ use constant BASE_IMAGE_TOTAL_CONTAINER_SIZE => 0x000000000007EF80; use constant BASE_IMAGE_TARGET_HRMOR => 0x0000000008000000; use constant BASE_IMAGE_INSTRUCTION_START_STACK_POINTER => 0x0000000008280000; +# Max HBBL content size is 20K +my $MAX_HBBL_SIZE = 20480; + ################################################################################ # Be explicit with POSIX # Everything is exported by default (with a handful of exceptions). This is an @@ -115,6 +118,7 @@ my %partitionsToCorrupt = (); my $sign_mode = $DEVELOPMENT; my $sb_signing_config_file = ""; my $hwKeyHashFile = ""; +my $hb_standalone=""; GetOptions("binDir:s" => \$bin_dir, "secureboot" => \$secureboot, @@ -128,6 +132,7 @@ GetOptions("binDir:s" => \$bin_dir, "sign-mode:s" => \$sign_mode, "sb-signing-config-file:s" => \$sb_signing_config_file, "hwKeyHashFile:s" => \$hwKeyHashFile, + "hb-standalone" => \$hb_standalone, "help" => \$help); if ($help) @@ -318,6 +323,7 @@ my %sb_hdrs = ( # Print all settings in one print statement to avoid parallel build to mess # up output. my $SETTINGS = "\n//========== Generate PNOR Image Settings ==========/\n"; +$SETTINGS .= "PNOR Layout = ".$pnorLayoutFile."\n"; $SETTINGS .= $build_all ? "Build Phase = build_all\n" : ""; $SETTINGS .= $install_all ? "Build Phase = install_all\n" : ""; $SETTINGS .= $testRun ? "Test Mode = Yes\n" : "Test Mode = No\n"; @@ -500,18 +506,18 @@ sub manipulateImages # Sections that have secureboot support. Secureboot still must be # enabled for secureboot actions on these partitions to occur. # @TODO securebootp9 re-enable with SBE/SBEC/PAYLOAD secureboot ports - my $isNormalSecure = ($eyeCatch eq "SBE"); - #|| ($eyeCatch eq "HBRT"); - #|| ($eyeCatch eq "SBEC") - #|| ($eyeCatch eq "PAYLOAD") - #|| ($eyeCatch eq "OCC") - #|| ($eyeCatch eq "CAPP") - #|| ($eyeCatch eq "BOOTKERNEL"); - - my $isSpecialSecure = ($eyeCatch eq "HBB") - || ($eyeCatch eq "HBD"); - #|| ($eyeCatch eq "HBBL") - #|| ($eyeCatch eq "HBI") + my $isNormalSecure = ($eyeCatch eq "SBE"); + #$isNormalSecure ||= ($eyeCatch eq "HBRT"); + #$isNormalSecure ||= ($eyeCatch eq "SBEC"); + #$isNormalSecure ||= ($eyeCatch eq "PAYLOAD"); + #$isNormalSecure ||= ($eyeCatch eq "OCC"); + #$isNormalSecure ||= ($eyeCatch eq "CAPP"); + #$isNormalSecure ||= ($eyeCatch eq "BOOTKERNEL"); + + my $isSpecialSecure = ($eyeCatch eq "HBB"); + $isSpecialSecure ||= ($eyeCatch eq "HBD"); + $isSpecialSecure ||= ($eyeCatch eq "HBBL"); + #$isSpecialSecure ||= ($eyeCatch eq "HBI"); my $openSigningFlags = OP_SIGNING_FLAG.$sb_hdrs{DEFAULT}{flags}; my $secureboot_hdr = $sb_hdrs{DEFAULT}{file}; @@ -540,15 +546,15 @@ sub manipulateImages # Ensure there is enough room at the end of the HBBL partition # to store the HW keys' hash. my $hbblRawSize = (-s $bin_file or die "Cannot get size of file $bin_file"); - print "HBBL raw size (no padding/ecc) = $hbblRawSize/$size\n"; - if ($hbblRawSize > $size - HW_KEYS_HASH_SIZE) + print "HBBL raw size (no padding/ecc) = $hbblRawSize/$MAX_HBBL_SIZE\n"; + if ($hbblRawSize > $MAX_HBBL_SIZE - HW_KEYS_HASH_SIZE) { die "HBBL cannot fit HW Keys' Hash (64 bytes) at the end without overwriting real data"; } # Pad HBBL to max size run_command("cp $bin_file $tempImages{TEMP_BIN}"); - run_command("dd if=$tempImages{TEMP_BIN} of=$bin_file ibs=$size conv=sync"); + run_command("dd if=$tempImages{TEMP_BIN} of=$bin_file ibs=$MAX_HBBL_SIZE conv=sync"); # Add HW key hash to end of HBBL - 64 Bytes my $hwKeyHashStart = (-s $bin_file or die "Cannot get size of file $bin_file") @@ -560,8 +566,7 @@ sub manipulateImages } # Header Phase - if( ($sectionHash{$layoutKey}{sha512Version} eq "yes") - || ($secureboot && $isSpecialSecure) ) + if($sectionHash{$layoutKey}{sha512Version} eq "yes") { $fsp_prefix.=".header"; # Add secure container header diff --git a/src/build/buildpnor/pnorLayoutFSP.xml b/src/build/buildpnor/pnorLayoutFSP.xml index ca565a5f0..f1b160c60 100644 --- a/src/build/buildpnor/pnorLayoutFSP.xml +++ b/src/build/buildpnor/pnorLayoutFSP.xml @@ -5,7 +5,7 @@ <!-- --> <!-- OpenPOWER HostBoot Project --> <!-- --> -<!-- Contributors Listed Below - COPYRIGHT 2012,2017 --> +<!-- Contributors Listed Below - COPYRIGHT 2016,2017 --> <!-- [+] International Business Machines Corp. --> <!-- --> <!-- --> @@ -23,11 +23,10 @@ <!-- --> <!-- IBM_PROLOG_END_TAG --> <!-- -NOTE: This layout describes the standard PNOR layout for all P9 FSP systems -Layout Description +Layout Description - Used when building an FSP driver <metadata> Element -> Contains high-level information about the PNOR layout. - <imageSize> -> Size of PNOR image in bytes. <chipSize> -> Size of the chip that the pnor image will reside on + <imageSize> -> Size of PNOR image in bytes. <blockSize> -> size of erase blocks in bytes. <tocSize> -> size of each partition table <!- TODO:RTC:123734 - remove side offsets once hwsv implements new layout -> @@ -67,7 +66,7 @@ Layout Description <pnor> <metadata> <imageSize>0x4000000</imageSize> - <chipSize>0x8000000</chipSize> + <chipSize>0x4000000</chipSize> <blockSize>0x1000</blockSize> <tocSize>0x8000</tocSize> <!--TODO: RTC 123734 - remove side offsets once hwsv implements new @@ -141,10 +140,10 @@ Layout Description <ecc/> </section> <section> - <description>Hostboot Extended image (22MB w/o ECC)</description> + <description>Hostboot Extended image (11MB w/o ECC)</description> <eyeCatch>HBI</eyeCatch> <physicalOffset>0x301000</physicalOffset> - <physicalRegionSize>0x18C0000</physicalRegionSize> + <physicalRegionSize>0xC60000</physicalRegionSize> <sha512Version/> <side>sideless</side> <ecc/> @@ -163,7 +162,7 @@ Layout Description <section> <description>SBE-IPL (Staging Area) (288K)</description> <eyeCatch>SBE</eyeCatch> - <physicalOffset>0x1BC1000</physicalOffset> + <physicalOffset>0xF61000</physicalOffset> <physicalRegionSize>0x48000</physicalRegionSize> <sha512perEC/> <side>sideless</side> @@ -172,24 +171,63 @@ Layout Description <section> <description>HCODE Ref Image (1.125MB)</description> <eyeCatch>HCODE</eyeCatch> - <physicalOffset>0x1C09000</physicalOffset> + <physicalOffset>0xFA9000</physicalOffset> <physicalRegionSize>0x120000</physicalRegionSize> <sha512Version/> <side>sideless</side> <ecc/> </section> <section> - <description>Hostboot Bootloader (22.5K)</description> + <description>Hostboot Runtime Services for Sapphire (4.5MB)</description> + <eyeCatch>HBRT</eyeCatch> + <physicalOffset>0x10C9000</physicalOffset> + <physicalRegionSize>0x480000</physicalRegionSize> + <sha512Version/> + <side>sideless</side> + <ecc/> + </section> + <section> + <description>Payload (21.375MB)</description> + <eyeCatch>PAYLOAD</eyeCatch> + <physicalOffset>0x1549000</physicalOffset> + <physicalRegionSize>0x1560000</physicalRegionSize> + <side>sideless</side> + <ecc/> + </section> + <section> + <description>Special PNOR Test Space (36K)</description> + <eyeCatch>TEST</eyeCatch> + <physicalOffset>0x2AA9000</physicalOffset> + <physicalRegionSize>0x9000</physicalRegionSize> + <testonly/> + <side>sideless</side> + <ecc/> + </section> + <section> + <description>Special PNOR Test Space (36K)</description> + <eyeCatch>TESTRO</eyeCatch> + <physicalOffset>0x2AB2000</physicalOffset> + <physicalRegionSize>0x9000</physicalRegionSize> + <side>sideless</side> + <testonly/> + <preserved/> + <readOnly/> + <ecc/> + </section> + <section> + <description>Hostboot Bootloader (28K)</description> <eyeCatch>HBBL</eyeCatch> - <physicalOffset>0x1D29000</physicalOffset> - <physicalRegionSize>0x6000</physicalRegionSize> + <physicalOffset>0x2ABB000</physicalOffset> + <!-- Physical Size includes Header rounded to ECC valid size --> + <!-- Max size of actual HBBL content is 20K and 22.5K with ECC --> + <physicalRegionSize>0x7000</physicalRegionSize> <side>sideless</side> <ecc/> </section> <section> <description>Global Data (36K)</description> <eyeCatch>GLOBAL</eyeCatch> - <physicalOffset>0x1D2F000</physicalOffset> + <physicalOffset>0x2AC2000</physicalOffset> <physicalRegionSize>0x9000</physicalRegionSize> <side>sideless</side> <ecc/> @@ -197,7 +235,7 @@ Layout Description <section> <description>Ref Image Ring Overrides (20K)</description> <eyeCatch>RINGOVD</eyeCatch> - <physicalOffset>0x1D38000</physicalOffset> + <physicalOffset>0x2ACB000</physicalOffset> <physicalRegionSize>0x5000</physicalRegionSize> <side>sideless</side> <ecc/> @@ -205,17 +243,25 @@ Layout Description <section> <description>SecureBoot Key Transition Partition (16K)</description> <eyeCatch>SBKT</eyeCatch> - <physicalOffset>0x1D3D000</physicalOffset> + <physicalOffset>0x2AD0000</physicalOffset> <physicalRegionSize>0x4000</physicalRegionSize> <side>sideless</side> <ecc/> </section> + <section> + <description>OCC Lid (1.125M)</description> + <eyeCatch>OCC</eyeCatch> + <physicalOffset>0x2AD4000</physicalOffset> + <physicalRegionSize>0x120000</physicalRegionSize> + <side>sideless</side> + <ecc/> + </section> <section> <description>VFRT data for WOF (3MB)</description> <!-- We need 266KB per module sort, going to support 10 sorts by default, plus ECC --> <eyeCatch>WOFDATA</eyeCatch> - <physicalOffset>0x1D41000</physicalOffset> + <physicalOffset>0x2BF4000</physicalOffset> <physicalRegionSize>0x300000</physicalRegionSize> <side>sideless</side> <ecc/> diff --git a/src/build/mkrules/hbfw/img/makefile b/src/build/mkrules/hbfw/img/makefile index ff35113bc..fdc734f03 100755 --- a/src/build/mkrules/hbfw/img/makefile +++ b/src/build/mkrules/hbfw/img/makefile @@ -109,20 +109,26 @@ IMPRINT_HW_KEY_HASH = ${imprintHwKeyHash:P} # the same --systemBinFiles parameter for genPnorImages GEN_PNOR_IMAGE_SCRIPT = ${genPnorImages.pl:P} +# Default to using FSP layout for common file purposes and use existing hb +# techniques to enable default layout when appropriate. +PNOR_LAYOUT = ${pnorLayoutFSP.xml:P} +.if(${DEFAULT_PNOR} == 1) + PNOR_LAYOUT = ${defaultPnorLayout.xml:P} +.endif + # Decide which PNOR to build .if(${FAKEPNOR} == "") - DEFAULT_PNOR_LAYOUT = ${defaultPnorLayout.xml:P} # Parameters passed into GEN_PNOR_IMAGE_SCRIPT. GEN_DEFAULT_BIN_FILES = HBBL=${HBBL_IMG},HBB=${HBB_IMG},HBI=${HBI_IMG},HBRT=${HBRT_IMG},TEST=EMPTY,TESTRO=EMPTY,HBEL=EMPTY,GUARD=EMPTY,GLOBAL=EMPTY,PAYLOAD=EMPTY,CVPD=EMPTY,MVPD=EMPTY,DJVPD=EMPTY,RINGOVD=EMPTY,SBKT=EMPTY,WOFDATA=EMPTY - DEFAULT_PARAMS = --build-all ${TARGET_TEST:b--test} \ + DEFAULT_PARAMS = --build-all ${TARGET_TEST:b--test} ${HB_STANDALONE:b--hb-standalone} \ ${CONFIG_SECUREBOOT:b--secureboot} --systemBinFiles ${GEN_DEFAULT_BIN_FILES} \ - --pnorLayout ${DEFAULT_PNOR_LAYOUT} ${KEY_TRANSITION_PARAMS} ${CORRUPT_PARAMS} \ + --pnorLayout ${PNOR_LAYOUT} ${KEY_TRANSITION_PARAMS} ${CORRUPT_PARAMS} \ --hwKeyHashFile ${IMPRINT_HW_KEY_HASH} .else - DEFAULT_PNOR_LAYOUT = ${pnorLayoutFake.xml:P} + PNOR_LAYOUT = ${pnorLayoutFake.xml:P} # Parameters passed into GEN_PNOR_IMAGE_SCRIPT. GEN_DEFAULT_BIN_FILES = HBI=${HBI_IMG},HBEL=EMPTY,MVPD=${${VPO_FAKE_MVPD}:P},DJVPD=${${VPO_FAKE_DJVPD}:P} - DEFAULT_PARAMS = --systemBinFiles ${GEN_DEFAULT_BIN_FILES} --pnorLayout ${DEFAULT_PNOR_LAYOUT} + DEFAULT_PARAMS = --systemBinFiles ${GEN_DEFAULT_BIN_FILES} --pnorLayout ${PNOR_LAYOUT} .endif cp_hbfiles: .SPECTARG @@ -242,14 +248,14 @@ SBEC_FINAL_IMG = SBEC.bin # Paramemters passed into GEN_PNOR_IMAGE_SCRIPT. GEN_NIMBUS_BIN_FILES = ${NIMBUS}:SBE=${${NIMBUS_SBE_IMG}:P},HCODE=${${NIMBUS_HCODE_IMG}:P},OCC=${${NIMBUS_OCC_IMG}:P},HBD=${${NIMBUS_HBD_IMG}:P} #@TODO RTC:163810 - Put SBEC back "--systemBinFile SBEC=${${SBEC_IMG}:P}" - SYSTEM_SPECIFIC_PARAMS = ${TARGET_TEST:b--test} ${CONFIG_SECUREBOOT:b--secureboot} \ - --pnorLayout ${DEFAULT_PNOR_LAYOUT} ${CORRUPT_PARAMS} \ + SYSTEM_SPECIFIC_PARAMS = --install-all ${TARGET_TEST:b--test} ${CONFIG_SECUREBOOT:b--secureboot} \ + --pnorLayout ${PNOR_LAYOUT} ${CORRUPT_PARAMS} ${HB_STANDALONE:b--hb-standalone} \ --systemBinFiles ${GEN_NIMBUS_BIN_FILES} --hwKeyHashFile ${IMPRINT_HW_KEY_HASH} .else # Parameters passed into GEN_PNOR_IMAGE_SCRIPT. GEN_NIMBUS_BIN_FILES = ${NIMBUS}:HCODE=${${NIMBUS_HCODE_IMG}:P},HBD=${${NIMBUS_VPO_HBD_IMG}:P} #@TODO RTC:163810 - Put SBEC back "--systemBinFile SBEC=${${SBEC_IMG}:P}" - SYSTEM_SPECIFIC_PARAMS = --pnorLayout ${DEFAULT_PNOR_LAYOUT} \ + SYSTEM_SPECIFIC_PARAMS = --pnorLayout ${PNOR_LAYOUT} \ --systemBinFiles ${GEN_NIMBUS_BIN_FILES} .endif @@ -266,7 +272,7 @@ HOSTBOOT_DEFAULT_SECTIONS = HBBL=${HBBL_FINAL_IMG},HBB=${HBB_FINAL_IMG},HBI=${HB #@TODO RTC:163810 - Put SBEC back "SBEC=${SBEC_FINAL_IMG}," NIMBUS_SECT = HBD=${NIMBUS_HBD_FINAL_IMG},SBE=${NIMBUS_SBE_FINAL_IMG},HCODE=${NIMBUS_HCODE_FINAL_IMG},OCC=${NIMBUS_OCC_FINAL_IMG} PNOR_IMG_INFO = \ - nimbus.pnor:${DEFAULT_PNOR_LAYOUT}:${NIMBUS_SECT},${HOSTBOOT_DEFAULT_SECTIONS} \ + nimbus.pnor:${PNOR_LAYOUT}:${NIMBUS_SECT},${HOSTBOOT_DEFAULT_SECTIONS} \ ${FIPS_PNOR_INFO} # To build fake PNOR, set FAKEPNOR to filename of file to build, @@ -279,13 +285,13 @@ PNOR_IMG_INFO = \ HOSTBOOT_DEFAULT_SECTIONS = HBI=${HBI_FINAL_IMG},HBEL=${HBEL_FINAL_IMG},MVPD=${MVPD_FINAL_IMG},DJVPD=${DJVPD_FINAL_IMG},CVPD=${VPO_FAKE_DVPD} NIMBUS_SECT = HBD=${NIMBUS_HBD_FINAL_IMG},HCODE=${NIMBUS_HCODE_FINAL_IMG} PNOR_IMG_INFO = \ - ${FAKEPNOR}:${DEFAULT_PNOR_LAYOUT}:${NIMBUS_SECT},${HOSTBOOT_DEFAULT_SECTIONS} \ + ${FAKEPNOR}:${PNOR_LAYOUT}:${NIMBUS_SECT},${HOSTBOOT_DEFAULT_SECTIONS} \ ${FIPS_PNOR_INFO} .endif -# Added a different dependency chain for hostboot standalone so we can compile +# Added a different dependency chain for hostboot builds so we can compile # faster and call one rule in dist.targets.mk 'update_images_for_sandbox' -.if( ${HB_STANDALONE} == 1) +.if( ${HB_STANDALONE} == 1 ) __IMAGE_BUILD/% : .SPECTARG .PMAKE gen_default_images gen_system_specific_images # In FSP this is run at install_all phase, so it's assumed all build_all rules # have completed. If build_all rule dependencies are added they will run again. diff --git a/src/build/tools/hbDistribute b/src/build/tools/hbDistribute index 0bc53ddb5..003905e93 100755 --- a/src/build/tools/hbDistribute +++ b/src/build/tools/hbDistribute @@ -6,7 +6,7 @@ # # OpenPOWER HostBoot Project # -# Contributors Listed Below - COPYRIGHT 2012,2016 +# Contributors Listed Below - COPYRIGHT 2012,2017 # [+] International Business Machines Corp. # # @@ -190,6 +190,15 @@ else exit -1 fi +# Dynamically check if file exists indicating the fsprelease.config was used +# Note this file is generated in the hb config file rule in top level makefile +if [[ -f ${PROJECT_ROOT}/obj/genfiles/hb_fsp_release ]]; then + echo "FSP build, using fsp pnor xml layout" +else + echo "Non FSP build, using default pnor xml layout" + export DEFAULT_PNOR=1 +fi + # Execute makefile for distribution. mkdir -p $TARGET_DIR mkdir -p $SBFW_DIR diff --git a/src/usr/pnor/pnor_utils.C b/src/usr/pnor/pnor_utils.C index 5a8d39065..979b1cb1f 100644 --- a/src/usr/pnor/pnor_utils.C +++ b/src/usr/pnor/pnor_utils.C @@ -360,7 +360,8 @@ bool PNOR::isEnforcedSecureSection(const uint32_t i_section) #ifdef BOOTLOADER return i_section == HB_BASE_CODE; #else - return i_section == HB_EXT_CODE || + return i_section == HB_BOOTLOADER || + i_section == HB_EXT_CODE || i_section == HB_DATA || i_section == SBE_IPL || i_section == CENTAUR_SBE || diff --git a/src/usr/sbe/sbe_update.C b/src/usr/sbe/sbe_update.C index 86869bff9..8d045a85b 100644 --- a/src/usr/sbe/sbe_update.C +++ b/src/usr/sbe/sbe_update.C @@ -1846,6 +1846,7 @@ namespace SBE } const void* hbblPnorPtr = reinterpret_cast<const void*>( pnorInfo.vaddr); + // Use max hbbl size and not the PNOR size. The PNOR size can grow // to add a secure header, but the code size limit is still 20K. TRACFCOMP( g_trac_sbe, "getSbeInfoState() - " @@ -3709,6 +3710,12 @@ namespace SBE break; } + err = loadSecureSection(PNOR::HB_BOOTLOADER); + if(err) + { + TRACFCOMP( g_trac_sbe, ERR_MRK,"createSbeImageVmmSpace() - Error from loadSecureSection(PNOR::HB_BOOTLOADER)"); + break; + } #endif }while(0); @@ -3813,6 +3820,13 @@ namespace SBE TRACFCOMP( g_trac_sbe, ERR_MRK"cleanupSbeImageVmmSpace() - Error from unloadSecureSection(PNOR::SBE_IPL)"); break; } + + err = unloadSecureSection(PNOR::HB_BOOTLOADER); + if (err) + { + TRACFCOMP( g_trac_sbe, ERR_MRK,"cleanupSbeImageVmmSpace() - Error from unloadSecureSection(PNOR::HB_BOOTLOADER)"); + break; + } #endif }while(0); diff --git a/src/usr/secureboot/base/securerommgr.C b/src/usr/secureboot/base/securerommgr.C index 264f6a411..b51127820 100644 --- a/src/usr/secureboot/base/securerommgr.C +++ b/src/usr/secureboot/base/securerommgr.C @@ -264,6 +264,7 @@ errlHndl_t SecureRomManager::verifyContainer(void * i_container, // struct elements my_ecid, entry_point and log memset(&l_hw_parms, 0, sizeof(ROM_hw_params)); + // Now set hw_key_hash, which is of type sha2_hash_t, to iv_key_hash if (i_hwKeyHash == nullptr) { // Use current hw hash key |