diff options
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/usr/pnor/pnor_const.H | 2 | ||||
-rw-r--r-- | src/include/usr/runtime/common/runtime_utils.H | 11 | ||||
-rw-r--r-- | src/include/usr/runtime/populate_hbruntime.H | 8 | ||||
-rw-r--r-- | src/include/usr/runtime/preverifiedlidmgr.H | 8 | ||||
-rw-r--r-- | src/include/usr/secureboot/containerheader.H | 50 |
5 files changed, 71 insertions, 8 deletions
diff --git a/src/include/usr/pnor/pnor_const.H b/src/include/usr/pnor/pnor_const.H index e820bdac6..81ebf0385 100644 --- a/src/include/usr/pnor/pnor_const.H +++ b/src/include/usr/pnor/pnor_const.H @@ -123,11 +123,9 @@ struct SectionInfo_t bool Volatile; /**< Section loses contents on non HB reboots */ bool secure; /**< Indicates if a section is secure */ bool clearOnEccErr; /**< Indicates on ECC errors, clear and reboot*/ -#ifdef CONFIG_SECUREBOOT size_t secureProtectedPayloadSize; /**< Cache the secure payload size so that the secure container only needs to be parsed once */ -#endif }; /** diff --git a/src/include/usr/runtime/common/runtime_utils.H b/src/include/usr/runtime/common/runtime_utils.H index d63a24d7b..c7f318bc1 100644 --- a/src/include/usr/runtime/common/runtime_utils.H +++ b/src/include/usr/runtime/common/runtime_utils.H @@ -45,4 +45,15 @@ extern const PreVerifyVector preVerifiedPnorSections; */ bool isPreVerifiedSection(const PNOR::SectionId i_section); +/** + * @brief Determines whether the given section is pre-verified and if so, if + * it's expected to be secure + * + * @param[in] i_section PNOR section to test. + * + * @return bool True if pre-verified section is expected to be secure, +* false otherwise. + */ +bool isPreVerifiedSectionSecure(const PNOR::SectionId i_section); + }
\ No newline at end of file diff --git a/src/include/usr/runtime/populate_hbruntime.H b/src/include/usr/runtime/populate_hbruntime.H index 03d8b80de..9f0466172 100644 --- a/src/include/usr/runtime/populate_hbruntime.H +++ b/src/include/usr/runtime/populate_hbruntime.H @@ -23,6 +23,8 @@ /* */ /* IBM_PROLOG_END_TAG */ #include <hdat/hdat.H> +#include <vector> +#include <utility> namespace RUNTIME { @@ -68,9 +70,13 @@ errlHndl_t unmapVirtAddr(uint64_t i_addr); * @brief Pre verify Pnor sections and load into HB reserved memory * * @param[in] i_sec - pnor section to pre-verify and load + * @param[in] i_verified - Indicates if pnor section is expected to have a + * secure header. + * e.g. RINGOVD currently never has a secure header * * @return Error handle if error */ -errlHndl_t hbResvLoadSecureSection (const PNOR::SectionId i_sec); +errlHndl_t hbResvLoadSecureSection (const PNOR::SectionId i_sec, + const bool i_verified); } // End of Namespace
\ No newline at end of file diff --git a/src/include/usr/runtime/preverifiedlidmgr.H b/src/include/usr/runtime/preverifiedlidmgr.H index 185a0d24f..4b087e102 100644 --- a/src/include/usr/runtime/preverifiedlidmgr.H +++ b/src/include/usr/runtime/preverifiedlidmgr.H @@ -171,6 +171,14 @@ class PreVerifiedLidMgr // Depends on the payload kind uint64_t (*getNextAddress)(const size_t); + // Add fake headers during pnor loads + // Use Case: Secureboot compiled out or unsigned sections need a header + // added so runtime can parse it for the section size + static bool cv_addFakeHdrs; + + // Current Pnor section ID we are processing. Used to generate fake header + static PNOR::SectionId cv_curPnorSecId; + /** * @brief Get aligned reserved memory size for OPAL * Note: Historically we have used the aligned size for OPAL diff --git a/src/include/usr/secureboot/containerheader.H b/src/include/usr/secureboot/containerheader.H index 255566c9d..f7e924d9b 100644 --- a/src/include/usr/secureboot/containerheader.H +++ b/src/include/usr/secureboot/containerheader.H @@ -28,6 +28,8 @@ #include <errl/errlentry.H> #include <secureboot/service.H> #include <securerom/ROM.H> +#include <limits.h> +#include <array> // Forward Declaration class SecureRomManagerTest; @@ -54,18 +56,37 @@ class ContainerHeader ContainerHeader(const void* i_header): iv_isValid(false),iv_hdrBytesRead(0) { - assert(i_header != NULL); + assert(i_header != nullptr); iv_pHdrStart = reinterpret_cast<const uint8_t*>(i_header); - memset(&iv_headerInfo, 0x00, sizeof(iv_headerInfo)); - memset(iv_hwKeyHash, 0, sizeof(SHA512_t)); - memset(iv_componentId,0x00,sizeof(iv_componentId)); + initVars(); parse_header(i_header); }; /** + * @brief ContainerHeader + * + * This constructor generates a fake header with minimal information + * + * @param[in] i_totalSize Total Container Size + * @param[in] i_compId Component ID + */ + ContainerHeader(const size_t i_totalSize, + const char* i_compId): + iv_isValid(false),iv_hdrBytesRead(0),iv_fakeHeader{} + { + initVars(); + genFakeHeader(i_totalSize, i_compId); + }; + + /** + * @brief Initialize internal variables + */ + void initVars(); + + /** * @brief Destructor */ - ~ContainerHeader(){}; + ~ContainerHeader(){} /** * @brief Retrieves total container size (includes header, payload text, @@ -158,6 +179,13 @@ class ContainerHeader */ const char* componentId() const; + /** + * @brief Returns the container's fake header + * + * @return const uint8_t* fake header + */ + const uint8_t* fakeHeader() const; + private: /** * @brief Default Constructor in private to prevent being instantiated @@ -259,6 +287,18 @@ class ContainerHeader void safeMemCpyAndInc(void* i_dest, const uint8_t* &io_hdr, const size_t i_size); + // Pointer to fake header generated + std::array<uint8_t,PAGE_SIZE> iv_fakeHeader; + + /** + * @brief Generate fake header with limited information + * + * @param[in] i_totalSize Total container size + * @param[in] i_compId Component ID + */ + void genFakeHeader(const size_t i_totalSize, + const char* const i_compId); + friend class ::SecureRomManagerTest; }; |