diff options
Diffstat (limited to 'src')
-rwxr-xr-x | src/build/buildpnor/genPnorImages.pl | 8 | ||||
-rw-r--r-- | src/usr/sbe/sbe_update.C | 37 | ||||
-rw-r--r-- | src/usr/sbe/test/sbeupdatetest.H | 49 |
3 files changed, 53 insertions, 41 deletions
diff --git a/src/build/buildpnor/genPnorImages.pl b/src/build/buildpnor/genPnorImages.pl index 8ad102eab..b23f01a0a 100755 --- a/src/build/buildpnor/genPnorImages.pl +++ b/src/build/buildpnor/genPnorImages.pl @@ -500,9 +500,8 @@ sub manipulateImages # Sections that have secureboot support. Secureboot still must be # enabled for secureboot actions on these partitions to occur. # @TODO securebootp9 re-enable with SBE/SBEC/PAYLOAD secureboot ports - my $isNormalSecure = 0; + my $isNormalSecure = ($eyeCatch eq "SBE"); #|| ($eyeCatch eq "HBRT"); - #|| ($eyeCatch eq "SBE") #|| ($eyeCatch eq "SBEC") #|| ($eyeCatch eq "PAYLOAD") #|| ($eyeCatch eq "OCC") @@ -698,10 +697,7 @@ sub manipulateImages run_command("cat $bin_file >> $tempImages{HDR_PHASE}"); } } - # @TODO securebootp9 re-enable with SBE/SBEC secureboot ports - elsif(0) #$secureboot - #&& ( ($sectionHash{$layoutKey}{sha512perEC} eq "yes") - # || ($isNormalSecure))) + elsif ($secureboot && $isNormalSecure) { $callerHwHdrFields{configure} = 1; if($openSigningTool) diff --git a/src/usr/sbe/sbe_update.C b/src/usr/sbe/sbe_update.C index 3b333459e..b8cc92c8c 100644 --- a/src/usr/sbe/sbe_update.C +++ b/src/usr/sbe/sbe_update.C @@ -727,7 +727,9 @@ namespace SBE // Advance PNOR pointer 4k to move it past header page to the // start of the non-customized SBE image o_imgPtr = reinterpret_cast<void*> - (reinterpret_cast<char*>(hdr_Ptr)+0x1000); + (reinterpret_cast<char*>(hdr_Ptr)+PAGE_SIZE); + // Do not include header in size + o_imgSize -= PAGE_SIZE; } if(NULL != o_version) @@ -3646,6 +3648,17 @@ namespace SBE break; } + // Load PNOR sections into secure memory +#ifdef CONFIG_SECUREBOOT + err = loadSecureSection(PNOR::SBE_IPL); + if (err) + { + TRACFCOMP( g_trac_sbe, ERR_MRK"createSbeImageVmmSpace() - Error from loadSecureSection(PNOR::SBE_IPL)"); + break; + } + +#endif + }while(0); TRACDCOMP( g_trac_sbe, @@ -3730,7 +3743,25 @@ namespace SBE break; } +#ifndef CONFIG_SECUREBOOT + // @TODO RTC 157475 + // UnloadSecureSection is not fully implemented so we do not attempt + // to pull the SBE partition back in after the initial time. + // NOTE: PNOR::flush(PNOR::HB_BOOTLOADER) is another thing that + // could be flushed. It's only 20K, but it would be 5 pages + // freed up. PNOR::flush( PNOR::SBE_IPL ); +#endif + + // Unload PNOR sections from secure memory +#ifdef CONFIG_SECUREBOOT + err = unloadSecureSection(PNOR::SBE_IPL); + if (err) + { + TRACFCOMP( g_trac_sbe, ERR_MRK"cleanupSbeImageVmmSpace() - Error from unloadSecureSection(PNOR::SBE_IPL)"); + break; + } +#endif }while(0); @@ -5031,7 +5062,7 @@ errlHndl_t secureKeyTransition() l_errl = loadSecureSection(PNOR::SBKT); if (l_errl) { - TRACFCOMP( g_trac_sbe, ERR_MRK,"secureKeyTransition() - Error from loadSecureSection(PNOR::SBKT)"); + TRACFCOMP( g_trac_sbe, ERR_MRK"secureKeyTransition() - Error from loadSecureSection(PNOR::SBKT)"); break; } l_loaded = true; @@ -5052,7 +5083,7 @@ errlHndl_t secureKeyTransition() l_errl = unloadSecureSection(PNOR::SBKT); if (l_errl) { - TRACFCOMP( g_trac_sbe, ERR_MRK,"secureKeyTransition() - Error from unloadSecureSection(PNOR::SBKT)"); + TRACFCOMP( g_trac_sbe, ERR_MRK"secureKeyTransition() - Error from unloadSecureSection(PNOR::SBKT)"); break; } } diff --git a/src/usr/sbe/test/sbeupdatetest.H b/src/usr/sbe/test/sbeupdatetest.H index 876b8e874..9a0701f50 100644 --- a/src/usr/sbe/test/sbeupdatetest.H +++ b/src/usr/sbe/test/sbeupdatetest.H @@ -685,7 +685,6 @@ class SBEUpdateTest: public CxxTest::TestSuite { errlHndl_t err = NULL; - errlHndl_t err_cleanup = NULL; uint64_t fails = 0x0; uint64_t total = 0x0; @@ -711,16 +710,6 @@ class SBEUpdateTest: public CxxTest::TestSuite uint8_t local_ec = theTarget->getAttr<TARGETING::ATTR_EC>(); - total++; - err = createSbeImageVmmSpace(); - if(err) - { - fails++; - TS_FAIL("testSbeUpdateTarget() - Call to createSbeImageVmmSpace() failed"); - break; - } - - /****************************************************/ /* Get SBE Info State */ /****************************************************/ @@ -864,16 +853,6 @@ class SBEUpdateTest: public CxxTest::TestSuite }while(0); - err_cleanup = cleanupSbeImageVmmSpace(); - if(err_cleanup) - { - total++; - fails++; - TS_FAIL("testSbeUpdateTarget() -Call to cleanupSbeImageVmmSpace() failed."); - errlCommit( err_cleanup, SBE_COMP_ID ); - - } - TRACFCOMP( g_trac_sbe, EXIT_MRK"testSbeUpdateTarget() - %d/%d fails", fails, total ); @@ -1235,20 +1214,23 @@ class SBEUpdateTest: public CxxTest::TestSuite */ SBEUpdateTest() : CxxTest::TestSuite() { - errlHndl_t err = NULL; - uint64_t fails = 0x0; - uint64_t total = 0x0; + errlHndl_t err = nullptr; bool sbe_loaded = false; err = loadSbeModule(sbe_loaded); if(err) { - total++; - fails++; TS_FAIL("SBEUpdateTest() - Constuctor: failed to load modules"); errlCommit( err, SBE_COMP_ID ); } + err = createSbeImageVmmSpace(); + if(err) + { + TS_FAIL("SBEUpdateTest() - Constructor: Call to createSbeImageVmmSpace() failed"); + errlCommit( err, SBE_COMP_ID ); + } + }; @@ -1257,16 +1239,19 @@ class SBEUpdateTest: public CxxTest::TestSuite */ ~SBEUpdateTest() { - errlHndl_t err = NULL; - uint64_t fails = 0x0; - uint64_t total = 0x0; + errlHndl_t err = nullptr; + + err = cleanupSbeImageVmmSpace(); + if(err) + { + TS_FAIL("~SBEUpdateTest() - Destructor: Call to cleanupSbeImageVmmSpace() failed."); + errlCommit( err, SBE_COMP_ID ); + } err = unloadSbeModule(); if(err) { - total++; - fails++; - TS_FAIL("~SBEUpdateTest() - Destuctor: failed to load modules"); + TS_FAIL("~SBEUpdateTest() - Destructor: failed to load modules"); errlCommit( err, SBE_COMP_ID ); } |