summaryrefslogtreecommitdiffstats
path: root/src/usr
diff options
context:
space:
mode:
Diffstat (limited to 'src/usr')
-rw-r--r--src/usr/pnor/spnorrp.C4
-rw-r--r--src/usr/secureboot/base/securerommgr.C4
-rw-r--r--src/usr/secureboot/base/test/securerommgrtest.H16
-rw-r--r--src/usr/util/test/testmclmgr.H6
-rw-r--r--src/usr/util/utilmclmgr.C29
5 files changed, 19 insertions, 40 deletions
diff --git a/src/usr/pnor/spnorrp.C b/src/usr/pnor/spnorrp.C
index 3abdf2eb6..f5fc25b3d 100644
--- a/src/usr/pnor/spnorrp.C
+++ b/src/usr/pnor/spnorrp.C
@@ -477,11 +477,11 @@ uint64_t SPnorRP::verifySections(SectionId i_id,
}
auto const * const pPnorString = PNOR::SectionIdToString(i_id);
- l_errhdl = SECUREBOOT::verifyComponent(l_conHdr,pPnorString);
+ l_errhdl = SECUREBOOT::verifyComponentId(l_conHdr,pPnorString);
if(l_errhdl)
{
TRACFCOMP(g_trac_pnor, ERR_MRK"SPnorrRP::verifySections: "
- "Failed in call to SECUREBOOT::verifyComponent");
+ "Failed in call to SECUREBOOT::verifyComponentId");
failedVerify = true;
break;
}
diff --git a/src/usr/secureboot/base/securerommgr.C b/src/usr/secureboot/base/securerommgr.C
index 6f8e980a7..b894be4a9 100644
--- a/src/usr/secureboot/base/securerommgr.C
+++ b/src/usr/secureboot/base/securerommgr.C
@@ -87,7 +87,7 @@ errlHndl_t verifyContainer(void * i_container, const SHA512_t* i_hwKeyHash)
return l_errl;
}
-errlHndl_t verifyComponent(
+errlHndl_t verifyComponentId(
const ContainerHeader& i_containerHeader,
const char* const i_pComponentId)
{
@@ -105,7 +105,7 @@ errlHndl_t verifyComponent(
i_pComponentId,
sizeof(ROM_sw_header_raw::component_id));
- TRACFCOMP(g_trac_secure,ERR_MRK"SECUREROM::verifyComponent: "
+ TRACFCOMP(g_trac_secure,ERR_MRK"SECUREROM::verifyComponentId: "
"Secure Boot verification failure; container's component ID of "
"[%s] does not match expected component ID of [%s] (truncated "
"from [%s]",
diff --git a/src/usr/secureboot/base/test/securerommgrtest.H b/src/usr/secureboot/base/test/securerommgrtest.H
index 590258ec0..115813d3d 100644
--- a/src/usr/secureboot/base/test/securerommgrtest.H
+++ b/src/usr/secureboot/base/test/securerommgrtest.H
@@ -414,7 +414,7 @@ class SecureRomManagerTest : public CxxTest::TestSuite
TRACFCOMP(g_trac_secure,EXIT_MRK"SecureRomManagerTest::test_hash_page_table_verify");
}
- void test_verifyComponent(void)
+ void test_verifyComponentId(void)
{
errlHndl_t pError = nullptr;
@@ -426,14 +426,14 @@ class SecureRomManagerTest : public CxxTest::TestSuite
do {
- struct verifyComponentTest
+ struct verifyComponentIdTest
{
const char* pActualCompId;
const char* pRefCompId;
bool shouldPass;
};
- const std::vector<verifyComponentTest> tests =
+ const std::vector<verifyComponentIdTest> tests =
{ {"ABCD1234","ABCD12345", true },
{"ABCD1234","ABCD1234" , true },
{"ABCD1234","ABCD123" , false},
@@ -455,7 +455,7 @@ class SecureRomManagerTest : public CxxTest::TestSuite
if (pError)
{
- TS_FAIL("SecureRomManagerTest::test_verifyComponent: "
+ TS_FAIL("SecureRomManagerTest::test_verifyComponentId: "
"loadSignedFile() Failed");
errlCommit(pError, SECURE_COMP_ID);
break;
@@ -488,7 +488,7 @@ class SecureRomManagerTest : public CxxTest::TestSuite
}
- pError = SECUREBOOT::verifyComponent(
+ pError = SECUREBOOT::verifyComponentId(
containerHeader,
test.pRefCompId);
if(pError)
@@ -496,7 +496,7 @@ class SecureRomManagerTest : public CxxTest::TestSuite
if(test.shouldPass)
{
TS_FAIL("SecureRomManagerTest::test_verifyContainer: "
- "Expected SECUREBOOT::verifyComponent to pass, but it "
+ "Expected SECUREBOOT::verifyComponentId to pass, but it "
"failed. Actual component ID was [%s], reference "
"component ID was [%s]",
test.pActualCompId,
@@ -512,7 +512,7 @@ class SecureRomManagerTest : public CxxTest::TestSuite
!= SECUREBOOT::MOD_SECURE_VERIFY_COMPONENT))
{
TS_FAIL("SecureRomManagerTest::test_verifyContainer: "
- "Expected SECUREBOOT::verifyComponent to fail with "
+ "Expected SECUREBOOT::verifyComponentId to fail with "
"reason code of 0x%04X and module ID of 0x%02, but "
"failed with reason code of 0x%04X and module ID "
"of 0x%02X. Actual component ID was [%s], "
@@ -535,7 +535,7 @@ class SecureRomManagerTest : public CxxTest::TestSuite
else if(!test.shouldPass)
{
TS_FAIL("SecureRomManagerTest::test_verifyContainer: "
- "Expected SECUREBOOT::verifyComponent to fail, but it "
+ "Expected SECUREBOOT::verifyComponentId to fail, but it "
"passed. Actual component ID was [%s], reference "
"component ID was [%s]",
test.pActualCompId,
diff --git a/src/usr/util/test/testmclmgr.H b/src/usr/util/test/testmclmgr.H
index 290c73d5c..97c606a9d 100644
--- a/src/usr/util/test/testmclmgr.H
+++ b/src/usr/util/test/testmclmgr.H
@@ -48,6 +48,8 @@ const ComponentID COMP_TEST3 {"TEST3"};
// ASCII: TESTMAXSIZEOFSTR
const ComponentID COMP_TEST4 {0x54,0x45,0x53,0x54,0x4d,0x41,0x58,0x53,
0x49,0x5a,0x45,0x4f,0x46,0x53,0x54,0x52};
+// Comp ID for pnor section TESTRO
+const ComponentID COMP_TESTRO {"TESTRO"};
// Define deault vectors to simplify syntax
const std::vector<uint32_t> defaultLids {0xA1234567, 0x89ABCDEF, 0x13579246};
@@ -293,7 +295,7 @@ public:
// Generate test MCL with Secure Lids
TestMcl l_TestMcl { {Util::TEST_LIDID},
- {{COMP_TEST2,true}}
+ {{COMP_TESTRO,true}}
};
// Pass test MCL to MCL manager
@@ -338,7 +340,7 @@ public:
// So we will get a mismatch between the Secure header's total container
// size and what the UtilLidMgr reads out.
TestMcl l_TestMcl { {Util::TEST_LIDID, Util::TEST_LIDID},
- {{COMP_TEST2,true}}
+ {{COMP_TESTRO,true}}
};
// Pass test MCL to MCL manager
diff --git a/src/usr/util/utilmclmgr.C b/src/usr/util/utilmclmgr.C
index 81e1c8cff..e6efc56e0 100644
--- a/src/usr/util/utilmclmgr.C
+++ b/src/usr/util/utilmclmgr.C
@@ -636,33 +636,10 @@ errlHndl_t MasterContainerLidMgr::verifyExtend(const ComponentID& i_compId,
io_compInfo.unprotectedSize = l_conHdr.totalContainerSize() -
l_conHdr.payloadTextSize();
- // @TODO RTC:181848 re-enable when component id is supported in lids
- if (0)// memcmp(l_conHdr.componentId(), i_compId.data(),
- // SW_HDR_COMP_ID_SIZE_BYTES) != 0 )
+ // Verify the component in the Secure Header matches the MCL
+ l_errl = SECUREBOOT::verifyComponentId(l_conHdr, iv_curCompIdStr);
+ if (l_errl)
{
- uint64_t l_secHdrCompId {};
- uint64_t l_mclCompId {};
- memcpy(&l_secHdrCompId, l_conHdr.componentId(), SW_HDR_COMP_ID_SIZE_BYTES);
- memcpy(&l_mclCompId, i_compId.data(), SW_HDR_COMP_ID_SIZE_BYTES);
-
- UTIL_FT(ERR_MRK"MasterContainerLidMgr::verifyExtend - ComponentID mismatch between secure header = %.16llX and master container lid %.16llX",
- l_secHdrCompId, l_mclCompId);
- /*@
- * @errortype
- * @moduleid Util::UTIL_MCL_VERIFY_EXT
- * @reasoncode Util::UTIL_MCL_COMPID_MISMATCH
- * @userdata1 Secure Header Comp ID
- * @userdata2 Master Container Lid Comp ID
- * @devdesc Error processing component for Mcl Mgr
- * @custdesc Firmware Error
- */
- l_errl = new ERRORLOG::ErrlEntry(
- ERRORLOG::ERRL_SEV_UNRECOVERABLE,
- Util::UTIL_MCL_VERIFY_EXT,
- Util::UTIL_MCL_COMPID_MISMATCH,
- l_secHdrCompId,
- l_mclCompId,
- true); //software callout
l_errl->collectTrace(UTIL_COMP_NAME);
break;
}
OpenPOWER on IntegriCloud