diff options
Diffstat (limited to 'src/usr/runtime')
-rw-r--r-- | src/usr/runtime/populate_hbruntime.C | 67 |
1 files changed, 65 insertions, 2 deletions
diff --git a/src/usr/runtime/populate_hbruntime.C b/src/usr/runtime/populate_hbruntime.C index a30317a69..193cb71f6 100644 --- a/src/usr/runtime/populate_hbruntime.C +++ b/src/usr/runtime/populate_hbruntime.C @@ -640,6 +640,10 @@ errlHndl_t hbResvLoadSecureSection (const PNOR::SectionId i_sec, errlHndl_t l_elog = nullptr; +#ifdef CONFIG_SECUREBOOT + auto l_sectionSecurelyLoaded = false; +#endif + do { // Check for inhibited sections @@ -673,6 +677,7 @@ errlHndl_t hbResvLoadSecureSection (const PNOR::SectionId i_sec, "loadSecureSection(%s)", PNOR::SectionIdToString(i_sec)); break; } + l_sectionSecurelyLoaded = true; } #endif @@ -704,9 +709,36 @@ errlHndl_t hbResvLoadSecureSection (const PNOR::SectionId i_sec, { break; } - } while(0); + +#ifdef CONFIG_SECUREBOOT + // Skip unload if a section was not securely loaded in the first place + if (l_sectionSecurelyLoaded ) + { + // Unload Secure PNOR section + auto l_unloadErrlog = unloadSecureSection(i_sec); + if (l_unloadErrlog) + { + TRACFCOMP( g_trac_runtime, + ERR_MRK"hbResvloadSecureSection() - Error from " + "unloadSecureSection(%s)", PNOR::SectionIdToString(i_sec)); + // Link unload error log to existing errorlog plid and commit error + if(l_elog) + { + l_unloadErrlog->plid(l_elog->plid()); + ERRORLOG::errlCommit(l_unloadErrlog, RUNTIME_COMP_ID); + } + // This is the only error so return that. + else + { + l_elog = l_unloadErrlog; + l_unloadErrlog = nullptr; + } + } + } +#endif + return l_elog; } @@ -722,6 +754,10 @@ errlHndl_t populate_HbRsvMem(uint64_t i_nodeId) errlHndl_t l_elog = nullptr; bool l_preVerLidMgrLock = false; +#ifdef CONFIG_SECUREBOOT + auto l_hbrtSecurelyLoaded = false; +#endif + do { // Wipe out our cache of the NACA/SPIRA pointers RUNTIME::rediscover_hdat(); @@ -918,13 +954,13 @@ errlHndl_t populate_HbRsvMem(uint64_t i_nodeId) if(TARGETING::is_sapphire_load()) { uint64_t l_hbrtImageAddr = 0x0; - #ifdef CONFIG_SECUREBOOT l_elog = loadSecureSection(PNOR::HB_RUNTIME); if(l_elog) { break; } + l_hbrtSecurelyLoaded = true; #endif PNOR::SectionInfo_t l_pnorInfo; @@ -1196,6 +1232,33 @@ errlHndl_t populate_HbRsvMem(uint64_t i_nodeId) } } while(0); +#ifdef CONFIG_SECUREBOOT + // Skip unload if a section was not securely loaded in the first place + if (l_hbrtSecurelyLoaded ) + { + // Unload HBRT PNOR section + auto l_unloadErrlog = unloadSecureSection(PNOR::HB_RUNTIME); + if (l_unloadErrlog) + { + TRACFCOMP( g_trac_runtime, + ERR_MRK"hbResvloadSecureSection() - Error from " + "unloadSecureSection(%s)", PNOR::SectionIdToString(PNOR::HB_RUNTIME)); + // Link unload error log to existing errorlog plid and commit error + if(l_elog) + { + l_unloadErrlog->plid(l_elog->plid()); + ERRORLOG::errlCommit(l_unloadErrlog, RUNTIME_COMP_ID); + } + // This is the only error so return that. + else + { + l_elog = l_unloadErrlog; + l_unloadErrlog = nullptr; + } + } + } +#endif + // If lock obtained, always unlock Pre verified lid manager if (l_preVerLidMgrLock) { |