summaryrefslogtreecommitdiffstats
path: root/src/usr/secureboot/base/securerommgr.C
diff options
context:
space:
mode:
Diffstat (limited to 'src/usr/secureboot/base/securerommgr.C')
-rw-r--r--src/usr/secureboot/base/securerommgr.C99
1 files changed, 71 insertions, 28 deletions
diff --git a/src/usr/secureboot/base/securerommgr.C b/src/usr/secureboot/base/securerommgr.C
index dc8e6155c..d596d5c64 100644
--- a/src/usr/secureboot/base/securerommgr.C
+++ b/src/usr/secureboot/base/securerommgr.C
@@ -64,6 +64,11 @@ errlHndl_t initializeSecureRomManager(void)
return Singleton<SecureRomManager>::instance().initialize();
}
+bool secureRomValidPolicy()
+{
+ return Singleton<SecureRomManager>::instance().secureRomValidPolicy();
+}
+
/**
* @brief Verify Signed Container
*/
@@ -71,8 +76,7 @@ errlHndl_t verifyContainer(void * i_container, const SHA512_t* i_hwKeyHash)
{
errlHndl_t l_errl = nullptr;
- // @TODO RTC:170136 remove isValid check
- if(Singleton<SecureRomManager>::instance().isValid())
+ if(Singleton<SecureRomManager>::instance().secureRomValidPolicy())
{
l_errl = Singleton<SecureRomManager>::instance().
verifyContainer(i_container,i_hwKeyHash);
@@ -87,12 +91,15 @@ errlHndl_t verifyContainer(void * i_container, const SHA512_t* i_hwKeyHash)
*/
void hashBlob(const void * i_blob, size_t i_size, SHA512_t o_buf)
{
- // @TODO RTC:170136 remove isValid check
- if(Singleton<SecureRomManager>::instance().isValid())
+ if(Singleton<SecureRomManager>::instance().secureRomValidPolicy())
{
return Singleton<SecureRomManager>::instance().
hashBlob(i_blob, i_size, o_buf);
}
+ else
+ {
+ memset(o_buf, 0, sizeof(SHA512_t));
+ }
}
/**
@@ -101,8 +108,7 @@ void hashBlob(const void * i_blob, size_t i_size, SHA512_t o_buf)
*/
void hashConcatBlobs(const blobPair_t &i_blobs, SHA512_t o_buf)
{
- // @TODO RTC:170136 remove isValid check
- if(Singleton<SecureRomManager>::instance().isValid())
+ if(Singleton<SecureRomManager>::instance().secureRomValidPolicy())
{
return Singleton<SecureRomManager>::instance().
hashConcatBlobs(i_blobs, o_buf);
@@ -115,7 +121,7 @@ void hashConcatBlobs(const blobPair_t &i_blobs, SHA512_t o_buf)
void getHwKeyHash(SHA512_t o_hash)
{
// @TODO RTC:170136 remove isValid check
- if(Singleton<SecureRomManager>::instance().isValid())
+ if(Singleton<SecureRomManager>::instance().secureRomValidPolicy())
{
return Singleton<SecureRomManager>::instance().getHwKeyHash(o_hash);
}
@@ -148,31 +154,54 @@ using namespace SECUREBOOT;
*/
errlHndl_t SecureRomManager::initialize()
{
- TRACDCOMP(g_trac_secure,ENTER_MRK"SecureRomManager::initialize()");
+ TRACFCOMP(g_trac_secure,ENTER_MRK"SecureRomManager::initialize()");
errlHndl_t l_errl = nullptr;
uint32_t l_rc = 0;
do{
- // @TODO RTC:170136 terminate in initialize if the securebit is on
- // and code is not valid. Remove all isValid() checks in rest of
- // SecureRomManager.
- // Check if secureboot data is valid.
+ // Check if bootloader to hostboot data is valid.
iv_secureromValid = g_BlToHbDataManager.isValid();
+
if (!iv_secureromValid)
{
- // The Secure ROM has already been initialized
- TRACDCOMP(g_trac_secure,"SecureRomManager::initialize(): SecureROM invalid, skipping functionality");
-
+ // Allow skipping functionality if secure rom is invalid if best
+ // effort policy enabled
+ if(SECUREBOOT::bestEffortPolicy())
+ {
+ TRACFCOMP(g_trac_secure,INFO_MRK"SecureRomManager::initialize(): SecureROM invalid, skipping functionality");
#ifdef CONFIG_CONSOLE
- CONSOLE::displayf(SECURE_COMP_NAME, "SecureROM invalid - skipping functionality");
+ CONSOLE::displayf(SECURE_COMP_NAME, "SecureROM invalid - skipping functionality");
#endif
-
- // Can skip the rest of this function
- break;
+ printk("SecureRomManager SecureROM invalid -- skipping functionality\n");
+ // Can skip the rest of this function
+ break;
+ }
+ // Otherwise enforce securerom to be valid.
+ else
+ {
+ TRACFCOMP(g_trac_secure,ERR_MRK"SecureRomManager::initialize(): SecureROM invalid");
+#ifdef CONFIG_CONSOLE
+ CONSOLE::displayf(SECURE_COMP_NAME, ERR_MRK"SecureROM invalid");
+#endif
+ printk("ERR> SecureRomManager SecureROM invalid\n");
+ /*@
+ * @errortype
+ * @moduleid SECUREBOOT::MOD_SECURE_ROM_INIT
+ * @reasoncode SECUREBOOT::RC_SECROM_INVALID
+ * @devdesc Valid securerom not present
+ * @custdesc Security failure occurred during the IPL of
+ * the system.
+ */
+ l_errl = new ERRORLOG::ErrlEntry( ERRORLOG::ERRL_SEV_UNRECOVERABLE,
+ SECUREBOOT::MOD_SECURE_ROM_INIT,
+ SECUREBOOT::RC_SECROM_INVALID);
+ l_errl->collectTrace(SECURE_COMP_NAME,ERROR_TRACE_SIZE);
+ break;
+ }
}
- TRACDCOMP(g_trac_secure,"SecureRomManager::initialize(): SecureROM valid, enabling functionality");
+ TRACFCOMP(g_trac_secure,"SecureRomManager::initialize(): SecureROM valid, enabling functionality");
#ifdef CONFIG_CONSOLE
CONSOLE::displayf(SECURE_COMP_NAME, "SecureROM valid - enabling functionality");
#endif
@@ -281,12 +310,11 @@ errlHndl_t SecureRomManager::verifyContainer(void * i_container,
do{
// Check if secureboot data is valid.
- if (!iv_secureromValid)
+ if (!secureRomValidPolicy())
{
// Can skip the rest of this function
break;
}
-
// Check to see if ROM has already been initialized
// This should have been done early in IPL so assert if this
// is not the case as system is in a bad state
@@ -393,7 +421,7 @@ void SecureRomManager::hashBlob(const void * i_blob, size_t i_size, SHA512_t o_b
TRACDCOMP(g_trac_secure,INFO_MRK"SecureRomManager::hashBlob()");
// Check if secureboot data is valid.
- if (iv_secureromValid)
+ if (secureRomValidPolicy())
{
// Check to see if ROM has already been initialized
// This should have been done early in IPL so assert if this
@@ -426,7 +454,7 @@ void SecureRomManager::hashConcatBlobs(const blobPair_t &i_blobs,
SHA512_t o_buf) const
{
// Check if secureboot data is valid.
- if (iv_secureromValid)
+ if (secureRomValidPolicy())
{
std::vector<uint8_t> concatBuf;
for (const auto &it : i_blobs)
@@ -443,9 +471,24 @@ void SecureRomManager::hashConcatBlobs(const blobPair_t &i_blobs,
}
}
-bool SecureRomManager::isValid()
+bool SecureRomManager::secureRomValidPolicy() const
{
- return iv_secureromValid;
+ bool l_policy = true;
+ if (bestEffortPolicy())
+ {
+ // Set policy based on secure ROM status
+ l_policy = iv_secureromValid;
+ }
+ else
+ {
+ // Assert secure rom is valid in this mode.
+ // The initialize function should have created an error log already if
+ // this case is false, so this code path should not be hit.
+ assert(iv_secureromValid==true, "SecureRomManager cannot operate with invalid secure rom");
+ l_policy = true;
+ }
+
+ return l_policy;
}
/********************
@@ -458,7 +501,7 @@ bool SecureRomManager::isValid()
void SecureRomManager::getHwKeyHash()
{
// Check if secureboot data is valid.
- if (iv_secureromValid)
+ if (secureRomValidPolicy())
{
iv_key_hash = reinterpret_cast<const SHA512_t*>(
g_BlToHbDataManager.getHwKeysHash());
@@ -471,7 +514,7 @@ void SecureRomManager::getHwKeyHash()
void SecureRomManager::getHwKeyHash(SHA512_t o_hash)
{
// Check if secureboot data is valid.
- if (iv_secureromValid)
+ if (secureRomValidPolicy())
{
memcpy(o_hash, iv_key_hash, sizeof(SHA512_t));
}
OpenPOWER on IntegriCloud