summaryrefslogtreecommitdiffstats
path: root/src/usr/pnor/pnor_utils.C
Commit message (Collapse)AuthorAgeFilesLines
* Populate OCMBFW partition with packaged imageGlenn Miles2019-04-171-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | -Adds pkgOcmbFw.pl script for packaging image from microsemi with header containing SHA512 hash of image. Script can also be used to verify existing header and parse/display header contents. -Changed dist.targets.mk to copy pkgOcmbFw.pl tool into fsp/op environments. -Changes to mkrules/hbfw/img/makefile to create 4k fake image (zero filled) and add header to file prior to signing and creating pnor partition. This is done for axone-simics only. -Minor changes to hostboot pnor code to recognize the OCMBFW PNOR partition. Change-Id: I21cd15af9ab63517491ad1897afd3a2223db0dd6 RTC: 193924 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/75669 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Matt Derksen <mderkse1@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Christian R. Geddes <crgeddes@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Revert "SMF: Create New UVBWLIST Partition"Ilya Smirnov2019-03-051-3/+1
| | | | | | | | | | | | | | | | | | | This reverts commit 9de9d8f7c5b5c73247dc69925a594fcd07ce060c. The logic for passing the XSCOM white/blacklist to Ultravisor will change drastically. The change in logic makes the UVBWLIST partition unneeded. This commit reverts all changes associated with UVBWLIST partition. Change-Id: Ife2b983a90be766f494c12bd60f5ac8cb394aa24 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72487 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Matthew Raybuck <matthew.raybuck@ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* SMF: Create New UVBWLIST PartitionIlya Smirnov2019-01-241-1/+3
| | | | | | | | | | | | | | | | | | | A new partition was added for the contents of the XSCOM white/blacklist called UVBWLIST. When the time comes, this partition will hold the binary representation of the aforementioned lists. The partition is dumped into hostboot reserved memory for Ultravisor consumption. Change-Id: I06ebce74aae3c0df987e5a057967842042db2bae RTC: 192422 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/68869 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add new pnorLayoutAxone.xml w/ new EECACHE sectionChristian Geddes2019-01-141-1/+2
| | | | | | | | | | | | | | | | | | | | This commit introduces a new pnor layout which will be used when the simics_axone.config file is used. (Note: axone.config was renamed to simics_axone.config). This new layout introduces the EECACHE section which will be used to store copies of the various EEPROMS in the system. The eventual goal is to be able to remove the MVPD/DJVPD sections in PNOR and only use this EECACHE section Change-Id: Ifae610c4dd7f3aa9c87a5ca911cc4faa1ba2a98a Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/70172 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Matt Derksen <mderkse1@us.ibm.com> Reviewed-by: Roland Veloz <rveloz@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* all scripts for hdat pnor partitionSampa Misra2018-11-271-0/+1
| | | | | | | | | | | Change-Id: Ied9c154d544d65eebfe5cfb0185ccb26545ee130 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/67144 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Jayashankar Padath <jayashankar.padath@in.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* genPnorImages: Add VERSION to signed partitionsSamuel Mendoza-Jonas2018-10-161-1/+2
| | | | | | | | | | | | | | | | | Mark VERSION as a signed partition and also check for it in the IPMI FRU setup. Change-Id: I6e8690c4f34d1f5ce92750960e6c73afcbf0a8e9 CQ:SW416159 Signed-off-by: Samuel Mendoza-Jonas <sjonas@au1.ibm.com> Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/61439 Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Fix bad traces in pnor utility functionsDan Crowell2018-07-111-3/+3
| | | | | | | | | | | | Noticed a couple of malformed strings, fixed them. Change-Id: Ic38e88061117adc1fdaf9180015265fa27371e5e Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/61714 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Revert "Check the Section Headers in Non-Secure Mode"Nicholas E. Bofferding2018-03-261-0/+22
| | | | | | | | | | | | | | This reverts commit c82b626e6ea1d56c0d25cbd5954064e256135002. Change-Id: I0ae2328866e0f90ec583b19044ff917a4f52726c Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/56126 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Check the Section Headers in Non-Secure ModeIlya Smirnov2018-03-121-23/+1
| | | | | | | | | | | | | | | | | | | | | When a PNOR section without a header is flashed onto a system that doesn't have SECUREBOOT compiled in, no header checks are performed, but the code still acts as if the header is present, and so the virtual address of the section is set to point past the secure header, which is 0x1000 into the section image, which causes all kinds of issues. This change adds logic to check the headers even when Secure Boot features are compiled out. Change-Id: Ieece371014192f160273939a35cb175aef0ddb25 Resolves: #126 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/54831 Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Remove Secure Boot workaroundsStephen Cprek2017-12-181-37/+11
| | | | | | | | | | | | | | | | | | | | | | | - Removing the magic number checks that would block sb functionality if things didn't appear secure - Remove Best Effort Policy and all of its related code - Remove the legacy PCR extension - Remove the non-secure header preservation path. - Always load HB base image header from the bl to hb data path vs settings unsecurely out of pnor Change-Id: Ie638384ac50ed47850985c959ea7a32e5757d64e RTC: 178520 RTC: 155374 RTC: 173489 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49925 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add new pnor section for Centaur hw ref imageRichard J. Knight2017-12-071-0/+2
| | | | | | | | | | | | Change-Id: Id5b75f4a929456efa5da7f173ecba71af513744f RTC:144141 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49369 Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Create new test only PNOR section to test secure Load/UnloadsJaymes Wilks2017-11-151-1/+3
| | | | | | | | | | | | | | | | | | Created a test PNOR section called TESTLOAD that only exists in standalone solely for the purpose of testing loadSecureSection and unloadSecureSection functions of secure boot. Change-Id: I8d397f96c9199b46a20dae0263822eaf3766f83f RTC:181598 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49501 Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Secure Boot: Mark CAPP as enforced secure sectionNick Bofferding2017-09-221-1/+2
| | | | | | | | | | | | Change-Id: Ie01e5998bff83d7828ed862b02009b38905b0472 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/46546 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Refactor SecureBoot Workarounds to better control leniencyStephen Cprek2017-08-251-1/+1
| | | | | | | | | | | | | | | | | | At this time we are trying to secure OpenPOWER in secure mode, but allow best effort policies in other scenarios Change-Id: I9ec2b5be49dbfcff678c4d30bb85f8762e448cb6 RTC: 170136 RTC: 155374 RTC: 168021 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43640 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secure Boot: Support secure load of MEMD partitionNick Bofferding2017-08-221-1/+2
| | | | | | | | | | | | | | | | | | - Added secure load of MEMD partition in istep 7 - Added sha512 header to MEMD partition - Marked MEMD as enforced secureboot section in PNOR code and image generator Change-Id: I5de934da7e50ad0de6674e2674869d1356f5232d RTC: 176189 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/44606 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Refactor lid to pnor mapping and add pnor to lid pair mappingStephen Cprek2017-08-111-3/+9
| | | | | | | | | | | | | Change-Id: Ib4f3afef44cdab96c66b13426da86049b896757a RTC: 175115 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43809 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Remove SBEC pnor partition from p9 codeStephen Cprek2017-07-241-2/+0
| | | | | | | | | | | | | Change-Id: I13e79a6542353e42ac809cc60295947dfb1acb96 RTC: 163810 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43048 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Base support for MEMD partition in PNORDan Crowell2017-06-291-0/+1
| | | | | | | | | | | | Change-Id: I46d90997a1e4aa57264f0d539659e0aec8795f95 RTC: 175158 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/42514 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Elizabeth K. Liner <eliner@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Corey V. Swenson <cswenson@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secure WOF data support in HB standaloneJaymes Wilks2017-05-311-1/+2
| | | | | | | | | | | | | | | | Adds secure signing of WOF data for HB standalone and ensures the section is loaded when needed and available for reuse more than once during the IPL. Change-Id: Idd5f611030033ea165cde51ace987fa6847b78e7 RTC:170715 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/41172 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Fix up Event Types for PCR ExtendJaymes Wilks2017-05-251-3/+20
| | | | | | | | | | | | | | | | | | | Trusted Boot will now use correct event types when performing PCR extend for PNOR sections that are meant to establish a core root of trust. Change-Id: I3cb62e2899083c898e1af6a2031cc8a0a365015e RTC:172332 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/40601 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Add support for remembering deconfigs without GUARDDean Sanner2017-05-251-0/+1
| | | | | | | | | | | | | | | | | | | | | | Currently on reconfig reboots only parts that are GUARDed are remembered and reapplied. - Add suport for a semi persisent PNOR partition, HB_VOLATILE which Hostboot uses to keep track of the reconfig reboots vs power off - Add a new GUARD type specifically for reconfig loops - Add RECALL_DECONFIG_ON_RECONFIG config flag to control what gets added to GUARD partition - During boot will add/clear guard records on deconfig based on config flags and semi persisent state. Change-Id: Iec636058cde8095c0c4216d1f95ae4fda554395e Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/39780 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Save space in Bootloader image with minimized section ID arrayMarty Gloff2017-05-231-5/+11
| | | | | | | | | | | | | | | | The PNOR section ID array takes a large amount of space to store the character strings and pointers to them. Space can be reclaimed by just storing the HBB ID. One trace is also turned off for Bootloader since it is then hit for all the other PNOR sections. Change-Id: I59585c2b976aa0351e75f477532415c669447541 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/40330 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Corey V. Swenson <cswenson@us.ibm.com> Reviewed-by: Christian R. Geddes <crgeddes@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Sign and Verify the HCODE partitionMike Baiocchi2017-05-151-0/+1
| | | | | | | | | | | | Change-Id: If594c350ed52ee6b40a5aa9e021c8e5ede8fb8aa RTC:51086 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/40294 Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Support gracefully adding signing headers to PNOR sectionsNick Bofferding2017-05-081-1/+23
| | | | | | | | | | | | | Change-Id: Ie8ce7672a41c0b6230918911f59ada5443c552f5 RTC: 170650 CMVC-Coreq: 1022416 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/39869 Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Implement Best Effort Secureboot Policy for Hostboot RuntimeStephen Cprek2017-04-281-2/+2
| | | | | | | | | | | | | Optimized getting the master proc id in rt_pnor Change-Id: Iab5c194553dddfbb642cfc9dec6398a93ab56d4a Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/39520 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Fix for Add header and verify Hostboot Bootloader for sbe updateStephen M. Cprek2017-04-251-1/+2
| | | | | | | | | | | | | | Also enable the use of the FSP specific pnor layout. CMVC-prereq:1021911 Change-Id: If346c59537928d12af1dfbd085b2a492398cbf27 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/39159 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Revert "Add header to and verify Hostboot Bootloader for sbe update"Stephen M. Cprek2017-04-121-2/+1
| | | | | | | | | | This reverts commit a7bf050d4ddba121d7502939fc0c4ce517ef8e42. Change-Id: I95ddfe544cc537fcc847990dc9f85eec8f2912a1 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/39131 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add header to and verify Hostboot Bootloader for sbe updateStephen Cprek2017-04-101-1/+2
| | | | | | | | | | | | Change-Id: I2704ad9a110a52fe0ff0e290fdd9205a42bbd050 RTC:159915 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38326 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Move certain pnor_utils.H function to pnorif.H that are used externallyStephen Cprek2017-04-101-3/+0
| | | | | | | | | | | | Change-Id: Ic44c769f777a458d627bc306458f3e1c3c532a63 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38542 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Switch bootloader assert to do a bl_terminateStephen Cprek2017-04-061-37/+12
| | | | | | | | | | | | | | Also provide options to provide a bootloader trace byte or return code Change-Id: Id1ae0fdd349258aa16f43dd25b787b005d8661d6 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38389 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secureboot best effort compatibility supportStephen Cprek2017-03-301-31/+88
| | | | | | | | | | | | Change-Id: I1671459ca58684b14f65f322ff6dccddcaad40a2 RTC: 170685 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38104 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add PNOR SectionIdToString to replace direct access to cv_EYECATCHERStephen Cprek2017-03-231-38/+83
| | | | | | | | | | | | | | | | This catches if the const array size does not match the number of pnor sections and out of range index errors Also it adds genErrlParsing for bootloader files Change-Id: I0a90816a7620022dec16bc7358a68ffbdade0083 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38159 Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Add SecureROM version info and Change SBE update to use max HBBL sizeStephen Cprek2017-03-011-12/+15
| | | | | | | | | | | | | | | The HBBL also contains the securerom code and hw keys' hash for verification purposes. So looking for the end of the HBBL code leaves out those sections Change-Id: I73a1b5c50e3a5b3f642ca569b90e79dbe4c4ba1e Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35979 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add WOFDATA to PNORDan Crowell2017-02-161-1/+2
| | | | | | | | | | | | | | | The WOFDATA partition will contain the VFRT data that is used for the WOF algorithm. The data is system-specific but was split out from the MRW due to its extreme size. Change-Id: I73a062038897987d6a989c77d6163db058cb8dc0 RTC: 167303 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35651 Reviewed-by: Christian R. Geddes <crgeddes@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Verify HBB in HBBL using ROM codeStephen Cprek2017-02-011-1/+2
| | | | | | | | | | | | | | | | Puts ROM code into the HBBL image page aligned after the end of HBBL Change-Id: I1a07dd912c07557b2a43dfbadc5394a7d212c841 RTC: 143902 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/34293 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secure PNOR Resource Provider port from p8Jaymes Wilks2016-11-141-3/+23
| | | | | | | | | | | | | | Adds a Secure PNOR Resource Provider (SPNORRP) layer on top of the original PNORRP to handle verification of secured PNOR sections. Change-Id: Iff25abf599f3c850197c6e6d23ff03e5edf945bb RTC:163078 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/31588 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Create new ring override section in PNORAndrew Geissler2016-09-221-0/+1
| | | | | | | | | | | | Change-Id: I3565abc10b38ab52b7dcc3d3c37ddbce89aa558f RTC: 156833 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/28548 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Christian R. Geddes <crgeddes@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com> Reviewed-by: Matthew A. Ploetz <maploetz@us.ibm.com>
* Update pnor section names WINK -> HCODE and PAYLOAD -> POWERVMcrgeddes2016-08-041-1/+2
| | | | | | | | | | | Change-Id: I66cc8a060f0eb7b50275a42970661247d2916035 RTC:154286 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/27228 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Elizabeth K. Liner <eliner@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Changing XZ decompressor to verify without pnor changesElizabeth Liner2016-07-181-3/+0
| | | | | | | | | | | | | This patch set is reverting previous pnor changes for XZ verification, and instead is checking the MAGIC_HEADER to verify if a section is XZ compressed. Change-Id: I17c6ec76aef0261e07042f91df550ef34c3d60b3 RTC:149915 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/26728 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Bootloader needs to dcbz the cache before using itMarty Gloff2016-04-051-1/+1
| | | | | | | | | | | | | | | | | | Add loops to do dcbz instructions. One loop covers L3 cache from the end of the Bootloader load to the end of the area used for storing a copy of HBB with ECC. The other loop covers L3 cache from the start of the area for storing the running copy of HBB to the start of the Bootloader load. Change-Id: If3bb157fe0ea1e61ed5db6c1264b5756cc8453d9 RTC:147380 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/22413 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: Christian R. Geddes <crgeddes@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-by: CHRISTINA L. GRAVES <clgraves@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Adding xz decompression functionality for the skiboot imageElizabeth Liner2016-03-211-0/+3
| | | | | | | | | | Change-Id: I50d1eaa8bc76a030b42f982e2a967773e113f123 RTC:125550 depends-on: I2a104ec955966a6fcb9ed94dde54ab763c30210a Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/21854 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* FFS Support for Bootloadercrgeddes2016-03-031-0/+357
This commit moves functionality out of pnor_common.C and puts it in a new file pnor_utils.C this file will be shared with bootloader and hostboot code. Quite a few files were pulled apart in order to make includes easier across modules. These are lpc_const.H and pnor_const.H. bl_pnorAccess leverages the new pnor_utils.C file that will help the bootloader parse pnor TOC Change-Id: I740f6f8a707760756a261535e62e2d0a849324f8 RTC:134064 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/696 Tested-by: Jenkins Server Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
OpenPOWER on IntegriCloud