summaryrefslogtreecommitdiffstats
path: root/src/include/securerom
Commit message (Collapse)AuthorAgeFilesLines
* Add page tables to read only partitionsChen Du2019-05-091-3/+5
| | | | | | | | | | | | | | | | | | Changed partitions (WOFDATA, MEMD) to be signed with a hash page table bit. This generates a hash page table in the protected payload which will be used to validate pages in the unprotected payload Change-Id: I9be4b1f6e65b9a52a8b6ba23affdacc4d89f5295 RTC: 179519 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72776 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Collect better FFDC on ROM verification errorsStephen Cprek2018-01-311-1/+8
| | | | | | | | | | | | | | | | | | | | Collect both the UTIL and RUNTIME component traces on a ROM verify failure Added a new Errlog User Details sections "Verify Info" containing the component name, ID(s), measured, and expected hashes Change-Id: I0d0408128e05807bb906be5ee365d56d1416693f CQ:SW413889 Backport:release-fips910 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/52593 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Integration of hardware vpd accessor functions into Hostboot.Donald Washburn2017-11-011-1/+1
| | | | | | | | | | | | | | | | | *Created macros and platform functions to invoke vpd accessor functions for reading attributes from Hostboot. *Create a unit test for calling each attribute accessor macro. RTC: 178950 Change-Id: Ia74406eabcdff238f6bbc4bd8dc43715ebfcd643 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/48185 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Prachi Gupta <pragupta@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secure Boot: Support reading component ID from container's SW headerNick Bofferding2017-09-211-5/+33
| | | | | | | | | | | | | | | | - Repurposed container SW header reserved field for component ID - Parse component ID when reading container header - Implement user API to read component ID Change-Id: I005f0e1cb20d4022333d05bfe86d88bf706f60de Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/46173 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Fix duplicate sha512 definitionsJaymes Wilks2017-08-043-14/+14
| | | | | | | | | | | | | | | | | All instances for sha2_hash_t have been replaced with SHA512_t and the SHA512_t typedef is now in securerom/contrib/sha512.H in place of the old definition. Change-Id: I32524524d755eb3b0264881317d9be5a294dc9a7 RTC:172333 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43610 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Stop kernel asserts from being no-op'edStephen Cprek2017-06-221-2/+0
| | | | | | | | | | | | | Change-Id: Iaf7ae4b48da327f89c29c8b394de4dad3c3ec7f2 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/42303 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Prachi Gupta <pragupta@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Matthew A. Ploetz <maploetz@us.ibm.com>
* Create map of SecureROM function types, versions, and offsetsStephen Cprek2017-06-061-0/+38
| | | | | | | | | | | | | | | Done to audit different algorithm versions and provide easy lookup to simplify filling in HDAT Change-Id: Iee1514efca9deb1af1341c2557c543b2ced81845 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/40776 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Update sha512 algorithm to correct licenseNick Bofferding2017-05-243-30/+137
| | | | | | | | | | | | | Change-Id: Ib671bc08cf7912ef1bee11505c9c5d4dc662b453 RTC: 172339 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/40731 Reviewed-by: Timothy R. Block <block@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Support setting security mode based on SBE key indicator bitNick Bofferding2017-04-281-6/+16
| | | | | | | | | | | | Change-Id: I9db3857b73116db5761b55eb3aa6ec7e47dd4c3d RTC: 170650 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/39515 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add SecureROM version info and Change SBE update to use max HBBL sizeStephen Cprek2017-03-011-2/+54
| | | | | | | | | | | | | | | The HBBL also contains the securerom code and hw keys' hash for verification purposes. So looking for the end of the HBBL code leaves out those sections Change-Id: I73a1b5c50e3a5b3f642ca569b90e79dbe4c4ba1e Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35979 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Verify HBB in HBBL using ROM codeStephen Cprek2017-02-011-2/+4
| | | | | | | | | | | | | | | | Puts ROM code into the HBBL image page aligned after the end of HBBL Change-Id: I1a07dd912c07557b2a43dfbadc5394a7d212c841 RTC: 143902 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/34293 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Use common ROM header files for rom, bootloader, and hostbootStephen Cprek2017-01-301-2/+87
| | | | | | | | | | | | Change-Id: I4d7db7293d44633cf1646f69ab98ddc8d66338ca RTC: 143902 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/34525 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Compile ROM code within HostbootStephen Cprek2017-01-305-288/+218
| | | | | | | | | | | | | | | Additionally added version id to resolve story 135747 RTC: 143902 Change-Id: I67ad4b28b76464aaa58ec2c344cd1f9ceef9ff73 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/33608 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add ROM code files in HostbootStephen Cprek2017-01-305-0/+782
RTC: 143902 Change-Id: Iff00250b1dd36c301c311147a1540a5f3c33f19b Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/33607 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
OpenPOWER on IntegriCloud