diff options
Diffstat (limited to 'src/usr')
-rw-r--r-- | src/usr/pnor/pnor_utils.C | 3 | ||||
-rw-r--r-- | src/usr/sbe/sbe_update.C | 14 | ||||
-rw-r--r-- | src/usr/secureboot/base/securerommgr.C | 1 |
3 files changed, 17 insertions, 1 deletions
diff --git a/src/usr/pnor/pnor_utils.C b/src/usr/pnor/pnor_utils.C index 5a8d39065..979b1cb1f 100644 --- a/src/usr/pnor/pnor_utils.C +++ b/src/usr/pnor/pnor_utils.C @@ -360,7 +360,8 @@ bool PNOR::isEnforcedSecureSection(const uint32_t i_section) #ifdef BOOTLOADER return i_section == HB_BASE_CODE; #else - return i_section == HB_EXT_CODE || + return i_section == HB_BOOTLOADER || + i_section == HB_EXT_CODE || i_section == HB_DATA || i_section == SBE_IPL || i_section == CENTAUR_SBE || diff --git a/src/usr/sbe/sbe_update.C b/src/usr/sbe/sbe_update.C index 86869bff9..8d045a85b 100644 --- a/src/usr/sbe/sbe_update.C +++ b/src/usr/sbe/sbe_update.C @@ -1846,6 +1846,7 @@ namespace SBE } const void* hbblPnorPtr = reinterpret_cast<const void*>( pnorInfo.vaddr); + // Use max hbbl size and not the PNOR size. The PNOR size can grow // to add a secure header, but the code size limit is still 20K. TRACFCOMP( g_trac_sbe, "getSbeInfoState() - " @@ -3709,6 +3710,12 @@ namespace SBE break; } + err = loadSecureSection(PNOR::HB_BOOTLOADER); + if(err) + { + TRACFCOMP( g_trac_sbe, ERR_MRK,"createSbeImageVmmSpace() - Error from loadSecureSection(PNOR::HB_BOOTLOADER)"); + break; + } #endif }while(0); @@ -3813,6 +3820,13 @@ namespace SBE TRACFCOMP( g_trac_sbe, ERR_MRK"cleanupSbeImageVmmSpace() - Error from unloadSecureSection(PNOR::SBE_IPL)"); break; } + + err = unloadSecureSection(PNOR::HB_BOOTLOADER); + if (err) + { + TRACFCOMP( g_trac_sbe, ERR_MRK,"cleanupSbeImageVmmSpace() - Error from unloadSecureSection(PNOR::HB_BOOTLOADER)"); + break; + } #endif }while(0); diff --git a/src/usr/secureboot/base/securerommgr.C b/src/usr/secureboot/base/securerommgr.C index 264f6a411..b51127820 100644 --- a/src/usr/secureboot/base/securerommgr.C +++ b/src/usr/secureboot/base/securerommgr.C @@ -264,6 +264,7 @@ errlHndl_t SecureRomManager::verifyContainer(void * i_container, // struct elements my_ecid, entry_point and log memset(&l_hw_parms, 0, sizeof(ROM_hw_params)); + // Now set hw_key_hash, which is of type sha2_hash_t, to iv_key_hash if (i_hwKeyHash == nullptr) { // Use current hw hash key |