1 files changed, 48 insertions, 18 deletions

diff --git a/src/usr/secureboot/base/securerom.C b/src/usr/secureboot/base/securerom.C
index dd1428f33..74c2a18bb 100644
--- a/src/usr/secureboot/base/securerom.C
+++ b/src/usr/secureboot/base/securerom.C
@@ -84,20 +84,27 @@ errlHndl_t verifyContainer(void * i_container, const sha2_hash_t* i_hwKeyHash)
 errlHndl_t hashBlob(const void * i_blob, size_t i_size, SHA512_t io_buf)
 {
     return Singleton<SecureROM>::instance().hashBlob(i_blob, i_size, io_buf);
+}
 
+/**
+ * @brief Hash concatenation of 2 Blobs
+ *
+ */
+errlHndl_t hashConcatBlobs(const blobPair_t &i_blobs, SHA512_t o_buf)
+{
+    return Singleton<SecureROM>::instance().hashConcatBlobs(i_blobs, o_buf);
 }
 
 /*
- * @brief  Externally available hardware hash key function
+ * @brief  Externally available hardware keys' hash retrieval function
  */
-void getHwHashKeys(sha2_hash_t o_hash)
+void getHwKeyHash(sha2_hash_t o_hash)
 {
-    return Singleton<SecureROM>::instance().getHwHashKeys(o_hash);
+    return Singleton<SecureROM>::instance().getHwKeyHash(o_hash);
 }
 
 }; //end SECUREBOOT namespace
 
-
 /********************
  Public Methods
  ********************/
@@ -259,13 +266,13 @@ errlHndl_t SecureROM::initialize()
         /*  Retrieve HW Hash Keys From The System                      */
         /***************************************************************/
 
-        // @todo RTC:RTC:34080 - Support for SecureROM::getHwHashKeys()
-        l_errl = SecureROM::getHwHashKeys();
+        // @todo RTC:RTC:34080 - Support for SecureROM::getHwKeyHash()
+        l_errl = SecureROM::getHwKeyHash();
 
         if (l_errl != NULL)
         {
             TRACFCOMP(g_trac_secure,ERR_MRK"SecureROM::initialize():"
-            " SecureROM::getHwHashKeys() returned an error");
+            " SecureROM::getHwKeyHash() returned an error");
 
             l_errl->collectTrace(SECURE_COMP_NAME,256);
             break;
@@ -329,8 +336,8 @@ errlHndl_t SecureROM::verifyContainer(void * i_container,
         // struct elements my_ecid, entry_point and log
         memset(&l_hw_parms, 0, sizeof(ROM_hw_params));
 
-        // Now set hw_key_hash, which is of type sha2_hash_t, to iv_hash_key
-        memcpy (&l_hw_parms.hw_key_hash, &iv_hash_key, sizeof(sha2_hash_t));
+        // Now set hw_key_hash, which is of type sha2_hash_t, to iv_key_hash
+        memcpy (&l_hw_parms.hw_key_hash, &iv_key_hash, sizeof(sha2_hash_t));
         TRACFBIN(g_trac_secure,"SecureROM::verifyContainer(): hw_key_hash",
                  l_hw_parms.hw_key_hash, sizeof(sha2_hash_t));
 
@@ -384,6 +391,7 @@ errlHndl_t SecureROM::verifyContainer(void * i_container,
 
             /*@
              * @errortype
+             * @severity     ERRL_SEV_UNRECOVERABLE
              * @moduleid     SECUREBOOT::MOD_SECURE_ROM_VERIFY
              * @reasoncode   SECUREBOOT::RC_ROM_VERIFY
              * @userdata1    l_rc
@@ -457,6 +465,28 @@ errlHndl_t SecureROM::hashBlob(const void * i_blob, size_t i_size, SHA512_t io_b
     return l_errl;
 }
 
+/**
+ * @brief Hash concatenation of N Blobs
+ */
+errlHndl_t SecureROM::hashConcatBlobs(const blobPair_t &i_blobs,
+                                      SHA512_t o_buf) const
+{
+    errlHndl_t pError = nullptr;
+    std::vector<uint8_t> concatBuf;
+    for (const auto &it : i_blobs)
+    {
+        assert(it.first != nullptr, "BUG! In SecureROM::hashConcatBlobs(), "
+            "User passed in nullptr blob pointer");
+        const uint8_t* const blob =  static_cast<const uint8_t*>(it.first);
+        const auto blobSize = it.second;
+        concatBuf.insert(concatBuf.end(), blob, blob + blobSize);
+    }
+
+    // Call hash blob on new concatenated buffer
+    pError = hashBlob(concatBuf.data(),concatBuf.size(),o_buf);
+
+    return pError;
+}
 
 /********************
  Internal Methods
@@ -470,8 +500,8 @@ SecureROM::SecureROM()
 {
     TRACDCOMP(g_trac_secure, "SecureROM::SecureROM()>");
 
-    // Clear out iv_hash_keys, which is of type sha2_hash_t
-    memset(&iv_hash_key, 0, sizeof(sha2_hash_t) );
+    // Clear out iv_key_hash, which is of type sha2_hash_t
+    memset(&iv_key_hash, 0, sizeof(sha2_hash_t) );
 
 }
 
@@ -547,26 +577,26 @@ void SecureROM::_cleanup()
 
 
 /**
- * @brief Retrieves HW Keys from the system
+ * @brief Retrieves HW keys' hash from the system
  */
-errlHndl_t SecureROM::getHwHashKeys()
+errlHndl_t SecureROM::getHwKeyHash()
 {
 
     errlHndl_t  l_errl      =   NULL;
 
-    TRACFCOMP(g_trac_secure,INFO_MRK"SecureROM::getHwHashKeys() NOT supported");
+    TRACFCOMP(g_trac_secure,INFO_MRK"SecureROM::getHwKeyHash() NOT supported");
 
-    // @todo RTC:34080 - Add support for getting HW Hash Keys from System
+    // @todo RTC:34080 - Add support for getting HW keys' hash from System
 
     return l_errl;
 }
 
 /**
- * @brief  Retrieve the internal hardware hash key from secure ROM object.
+ * @brief  Retrieve the internal hardware keys' hash from secure ROM object.
  */
-void SecureROM::getHwHashKeys(sha2_hash_t o_hash)
+void SecureROM::getHwKeyHash(sha2_hash_t o_hash)
 {
-    memcpy(o_hash, iv_hash_key, sizeof(sha2_hash_t));
+    memcpy(o_hash, iv_key_hash, sizeof(sha2_hash_t));
 }
 
 /**