diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/include/usr/secureboot/containerheader.H | 4 | ||||
-rw-r--r-- | src/usr/runtime/populate_hbruntime.C | 13 | ||||
-rw-r--r-- | src/usr/secureboot/base/test/securerommgrtest.H | 14 | ||||
-rw-r--r-- | src/usr/secureboot/common/containerheader.C | 6 |
4 files changed, 22 insertions, 15 deletions
diff --git a/src/include/usr/secureboot/containerheader.H b/src/include/usr/secureboot/containerheader.H index 1905ac39d..daebbcfb6 100644 --- a/src/include/usr/secureboot/containerheader.H +++ b/src/include/usr/secureboot/containerheader.H @@ -293,10 +293,10 @@ class ContainerHeader * @brief Generate fake header with minimal information and stores in * instance variable * - * @param[in] i_totalSize Total container size + * @param[in] i_size Size of content to add header to * @param[in] i_compId Component ID */ - void genFakeHeader(const size_t i_totalSize, + void genFakeHeader(const size_t i_size, const char* const i_compId); friend class ::SecureRomManagerTest; diff --git a/src/usr/runtime/populate_hbruntime.C b/src/usr/runtime/populate_hbruntime.C index e7ebbea54..b4c700de2 100644 --- a/src/usr/runtime/populate_hbruntime.C +++ b/src/usr/runtime/populate_hbruntime.C @@ -605,21 +605,22 @@ errlHndl_t hbResvLoadSecureSection (const PNOR::SectionId i_sec, // Check if the section is expected to have a secure header regardless // of compile options +#ifdef CONFIG_SECUREBOOT if (i_secHdrExpected) { -#ifdef CONFIG_SECUREBOOT // If section is signed, only the protected size was loaded into memory l_imgSize = l_info.secureProtectedPayloadSize; // Include secure header // NOTE: we do not preserve the header in virtual memory when SB // is compiled out. So "-PAGESIZE" only works when SB is compiled in l_pnorVaddr -= PAGESIZE; -#endif - // Add size for secure header. - // NOTE: if SB compiled out, a header will be injected later so - // preserve space for the header. - l_imgSize += PAGESIZE; } +#endif + // Add size for secure header, as a header is REQUIRED for lid load + // from hostboot reserved memory to work in every scenario. + // NOTE: if SB compiled out or a header is never added, one will be + // injected later with min information. So preserve space for the header. + l_imgSize += PAGESIZE; // Load Pnor section into HB reserved memory l_elog = PreVerifiedLidMgr::loadFromPnor(i_sec, l_pnorVaddr, l_imgSize); diff --git a/src/usr/secureboot/base/test/securerommgrtest.H b/src/usr/secureboot/base/test/securerommgrtest.H index 115813d3d..3dee8952e 100644 --- a/src/usr/secureboot/base/test/securerommgrtest.H +++ b/src/usr/secureboot/base/test/securerommgrtest.H @@ -555,7 +555,7 @@ class SecureRomManagerTest : public CxxTest::TestSuite { TRACFCOMP(g_trac_secure,"SecureRomManagerTest::test_fakeHeader"); - const size_t l_totalContainerSize = 0x10000; + const size_t l_payloadSize = 0x10000; // Purposely make a comp id larger than SW_HDR_COMP_ID_SIZE_BYTES // otherwise strncmp below needs a different size const char* l_compId = "FAKEHEADERTEST"; @@ -564,7 +564,7 @@ class SecureRomManagerTest : public CxxTest::TestSuite // Simple call constructor to create fake header and make sure it // does not cause an error SECUREBOOT::ContainerHeader l_fakeHdr; - errlHndl_t l_errl = l_fakeHdr.setFakeHeader(l_totalContainerSize, + errlHndl_t l_errl = l_fakeHdr.setFakeHeader(l_payloadSize, l_compId); if (l_errl) { @@ -573,8 +573,14 @@ class SecureRomManagerTest : public CxxTest::TestSuite break; } - // Payload Text Size should be the total container size minus the header - if(l_fakeHdr.payloadTextSize() != (l_totalContainerSize - PAGE_SIZE)) + // Total Container size should be payload size + PAGE_SIZE(header size) + if(l_fakeHdr.totalContainerSize() != (l_payloadSize + PAGE_SIZE)) + { + TS_FAIL("SecureRomManagerTest::test_fakeHeader: total container size was not parsed correctly"); + } + + // Check that payload text size was assigned correctly. + if(l_fakeHdr.payloadTextSize() != (l_payloadSize)) { TS_FAIL("SecureRomManagerTest::test_fakeHeader: payload text size was not parsed correctly"); break; diff --git a/src/usr/secureboot/common/containerheader.C b/src/usr/secureboot/common/containerheader.C index 47ccfebea..e01b09b8b 100644 --- a/src/usr/secureboot/common/containerheader.C +++ b/src/usr/secureboot/common/containerheader.C @@ -171,7 +171,7 @@ void ContainerHeader::initVars() memset(iv_componentId,0x00,sizeof(iv_componentId)); } -void ContainerHeader::genFakeHeader(const size_t i_totalSize, +void ContainerHeader::genFakeHeader(const size_t i_size, const char* const i_compId) { SecureHeaderInfo info {}; @@ -182,7 +182,7 @@ void ContainerHeader::genFakeHeader(const size_t i_totalSize, /*---- ROM_container_raw ----*/ info.hw_hdr.magic_number = ROM_MAGIC_NUMBER; info.hw_hdr.version = CONTAINER_VERSION; - info.hw_hdr.container_size = i_totalSize; + info.hw_hdr.container_size = i_size + PAGE_SIZE; // The rom code has a placeholder for the prefix in the first struct so // skip it size_t l_size = offsetof(ROM_container_raw, prefix); @@ -212,7 +212,7 @@ void ContainerHeader::genFakeHeader(const size_t i_totalSize, strncpy(info.sw_hdr.component_id, i_compId,SW_HDR_COMP_ID_SIZE_BYTES); info.sw_hdr.ver_alg.hash_alg = HASH_ALG_SHA512; info.sw_hdr.ver_alg.sig_alg = SIG_ALG_ECDSA521; - info.sw_hdr.payload_size = i_totalSize - PAGE_SIZE; + info.sw_hdr.payload_size = i_size; l_size = offsetof(ROM_sw_header_raw, ecid); l_size += info.hw_prefix_hdr.ecid_count * ECID_SIZE; |