summaryrefslogtreecommitdiffstats
path: root/src/usr/secureboot/base
Commit message (Collapse)AuthorAgeFilesLines
...
* Invert polarity of secure jumper bitNick Bofferding2017-02-071-2/+6
| | | | | | | | | | | | Change-Id: I58b67d83225bd72a25b275cca61845719dfb1245 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35803 Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Fix to compile without secureboot config optionDean Sanner2017-02-071-0/+2
| | | | | | | | | | | Change-Id: I6fca0b735447087317228c567b7762b397db87e5 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35949 Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Support extending sections to PCRsNick Bofferding2017-02-025-66/+123
| | | | | | | | | | | | | | - Ported p8 secureboot PCR extension code Change-Id: I2bbf6ee6b2980c2fbe32dfb9cad25e9e2aba3285 RTC: 167581 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35632 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Verify HBB in HBBL using ROM codeStephen Cprek2017-02-012-51/+1
| | | | | | | | | | | | | | | | Puts ROM code into the HBBL image page aligned after the end of HBBL Change-Id: I1a07dd912c07557b2a43dfbadc5394a7d212c841 RTC: 143902 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/34293 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Generalize secure boot settings for all processorsJaymes Wilks2017-01-304-34/+134
| | | | | | | | | | | | | | | Adds the ability to specify which processor target user code is interested in when querying secure boot settings. Change-Id: I0375af03ce8f4e33029736ff2e2d60416629a295 RTC:161916 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/32556 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Use common ROM header files for rom, bootloader, and hostbootStephen Cprek2017-01-302-94/+5
| | | | | | | | | | | | Change-Id: I4d7db7293d44633cf1646f69ab98ddc8d66338ca RTC: 143902 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/34525 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* port p8 secureboot settings code to p9Jaymes Wilks2017-01-055-26/+62
| | | | | | | | | | | | | | | | Update the p9 branch to handle the secure settings states as per p8 code but with the new updated p9 constant values. Remove caching of register values. Change-Id: I0a29ce0103a8f9b60b421a4bb625f12adcd916f8 RTC:161916 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/32490 Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Secure PNORRP port resync from p8Jaymes Wilks2016-12-121-9/+9
| | | | | | | | | | | | | | Brings SPNORRP p9 up to date with the latest changes from p8. Change-Id: I9e80199ffad1b3082339069264560029e83a3d78 RTC:163078 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/32260 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Matthew A. Ploetz <maploetz@us.ibm.com>
* Secure PNOR Resource Provider port from p8Jaymes Wilks2016-11-147-45/+383
| | | | | | | | | | | | | | Adds a Secure PNOR Resource Provider (SPNORRP) layer on top of the original PNORRP to handle verification of secured PNOR sections. Change-Id: Iff25abf599f3c850197c6e6d23ff03e5edf945bb RTC:163078 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/31588 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Trustedboot PCR Extend reworked to use task message queueChris Engel2016-07-181-2/+1
| | | | | | | | | | | | | | Removed TPM log manager and required functions from HBB and replaced with a simple message queue Change-Id: I5f5a418b6ea8c0228229e8c45523385b488e2b6b RTC: 155519 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/27133 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Fix P9 expansion into bottom 512K cacheDean Sanner2016-07-111-9/+5
| | | | | | | | | | Change-Id: Ie7d8ab2ae3730b57448a07f0367c8715d61b6124 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/26495 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Matthew A. Ploetz <maploetz@us.ibm.com>
* Update purge of L3 cache during initial bootElizabeth Liner2016-06-103-174/+7
| | | | | | | | | | Change-Id: Ic6cfabbdfe8f10cf5fa1cd9a4a13093452b61978 RTC:118832 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/24021 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Trustedboot add TPM and associated i2c master to the devtreeChris Engel2016-06-082-0/+24
| | | | | | | | | | | Change-Id: Ic2edee549d23669f046a6e78f0cfae838faaec2d RTC: 125287 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/25470 Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add P9 vpo build config, config compile and extra traces for debugPrachi Gupta2016-06-061-3/+3
| | | | | | | | | | | Change-Id: Id377c921327940cc7b720e601dada4af2068d94e Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/22177 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: Dean Sanner <dsanner@us.ibm.com> Reviewed-by: Prachi Gupta <pragupta@us.ibm.com> Reviewed-by: Christian R. Geddes <crgeddes@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Change securerom test to use current hw hash keyStephen Cprek2016-05-183-65/+41
| | | | | | | | | | | | | | | Change-Id: Icb596e6c69fadd2f7b8109876a92db04763f206f RTC: 68883 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/23066 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Christian R. Geddes <crgeddes@us.ibm.com> Reviewed-by: Matthew A. Ploetz <maploetz@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/23070
* Extend basic config entries to TPMChris Engel2016-05-131-1/+8
| | | | | | | | | | | | Change-Id: I17c215c3120782d022ade0ac8343934c64e2e13e Original-Change-Id: I92e2c7758ebac2912caa9f449c3531c584487bd5 FowardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/22002 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/24481 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Send hash of pnor sections to TPMChris Engel2016-05-112-15/+41
| | | | | | | | | | | | | Replay log events to TPM after initialization Change-Id: Ibab5e28790324c28a7cd9fb2805041d7a896376a RTC:125290 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/23898 Tested-by: Jenkins Server Reviewed-by: Timothy R. Block <block@us.ibm.com> Tested-by: FSP CI Jenkins Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Trustedboot TPM Event log managerChris Engel2016-03-151-1/+3
| | | | | | | | | | | | | | | Change-Id: I4a8c2010421a63e44112666bdd424e2e5d010e7f RTC: 125289 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/960 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/22009
* Base kernel changes for Nimbus/CumulusCorey Swenson2015-12-112-4/+9
| | | | | | | | | Change-Id: Ic5dfde1e975453d760631335bab674919e1109e7 RTC: 126637 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/18321 Tested-by: Jenkins Server Reviewed-by: Christian Geddes <crgeddes@us.ibm.com> Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Trustedboot: Move data to Hostboot base and add pcrExtend stub functionChris Engel2015-11-181-1/+7
| | | | | | | | | | | | Change-Id: Id488af88c7f1796606434a062a9001f31f413ac0 RTC: 125288 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/21475 Tested-by: Jenkins Server Reviewed-by: Timothy R. Block <block@us.ibm.com> Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* P8+ VPO - HB supports to istep 7 for NVLINK testThi Tran2015-01-161-5/+12
| | | | | | | | | | Change-Id: I79ec79e1601ae51bf759b80a07c5b4cf2d97fc5c RTC: 95236 Depends-On: I19823ac32a963d7072d21140b828c30ab326a19f Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/14468 Tested-by: Jenkins Server Reviewed-by: Thi N. Tran <thi@us.ibm.com> Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Fix spelling mistakes using codespell.Patrick Williams2015-01-151-2/+4
| | | | | | | | | | | | - See https://github.com/lucasdemarchi/codespell Change-Id: I03e102d1ebb9473b6226fa9b6edb684fa0218a2f Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/15031 Tested-by: Jenkins Server Reviewed-by: STEPHEN M. CPREK <smcprek@us.ibm.com> Reviewed-by: Zane Shelley <zshelle@us.ibm.com> Reviewed-by: Brian Silver <bsilver@us.ibm.com> Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Add customer error descriptions to error log headers.Doug Gilbert2014-06-231-0/+4
| | | | | | | | | | Change-Id: Ibb2f1219b6f2ff27e9b09fea4d36c2616fb7ddf9 RTC: 110397 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/11079 Tested-by: Jenkins Server Reviewed-by: Andrew J. Geissler <andrewg@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Change copyright prolog for all files to Apache.Patrick Williams2014-05-2111-117/+117
| | | | | | | Change-Id: I5664587b4f889099290ef50d50fa9ce5e580e1eb Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/11167 Tested-by: Jenkins Server Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Update makefiles & included .mk files to use += convention.Brian Silver2014-05-211-3/+8
| | | | | | | | Change-Id: I4148bc4c770b7c3c10fe25aa18d57d1a4301e5a9 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/11194 Tested-by: Jenkins Server Reviewed-by: Christopher T. Phan <cphan@us.ibm.com> Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Create SRC description file during buildDoug Gilbert2014-05-081-1/+1
| | | | | | | | Change-Id: I636dbfad6cc695e42e6de403e26a91634a4b370d Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/10715 Tested-by: Jenkins Server Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Remove leftover fixme/todo and update error calloutsDan Crowell2014-01-103-14/+39
| | | | | | | | | | | | | | | | Remove all untagged fixme/todo comments Adde new parm to error log constructor to avoid extra code in common software error case Update error callouts Add strncpy Change-Id: I8bd8f48193a96b79db91ed35c4fd485e6da38dba RTC: 67921 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/7921 Tested-by: Jenkins Server Reviewed-by: Michael Baiocchi <baiocchi@us.ibm.com> Reviewed-by: Brian H. Horton <brianh@linux.ibm.com> Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Restart IPL after SBE UpdateMike Baiocchi2013-12-091-1/+0
| | | | | | | | | | | | | | | Along with some SBE Update improvements, this commit adds additional code to re-IPL the system after an SBE Update has taken place. NOTE: Full SBE Update code path to be enabled with RTC 89503. Change-Id: I6beaee026d3fc6aaa76bfc7ca387d6765754f0c3 RTC: 47033 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/6986 Tested-by: Jenkins Server Reviewed-by: ADAM R. MUHLE <armuhle@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Fix SecureROM Cleanup FunctionMike Baiocchi2013-07-102-3/+35
| | | | | | | | | | | The SecureROM::_cleanup() function was not putting all of the memory reserved for the secure rom device back into the proper state. Change-Id: I9b11736d7e3cae8f5e21872ad740aef67ac4298e Reviewed-on: http://gfw160.austin.ibm.com:8080/gerrit/5365 Tested-by: Jenkins Server Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Base Support for Secure ROM verificationMike Baiocchi2013-07-088-2/+1072
| | | | | | | | | | | | This change adds the basic structure needed to call and implement a verifcation of a signed container via the loaded/initliaized Secure ROM device. Change-Id: Ieada4eb0b557fc556cd12647a698bbfa16aba278 RTC:64764 Reviewed-on: http://gfw160.austin.ibm.com:8080/gerrit/4958 Tested-by: Jenkins Server Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Secureboot memory layout support.Patrick Williams2013-06-146-0/+382
* Start kernel in 1/4 cache mode per Secureboot. * Copy Secureboot header for base image for later use. * Blind-purge bottom half of cache. * Add bottom of cache into memory maps for 1/2 cache mode. RTC: 64762 Change-Id: I1b45f30a2d45c9709d4fd486cfe0ca2ce86b051c Reviewed-on: http://gfw160.austin.ibm.com:8080/gerrit/3773 Reviewed-by: Michael Baiocchi <baiocchi@us.ibm.com> Tested-by: Jenkins Server Reviewed-by: ADAM R. MUHLE <armuhle@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
OpenPOWER on IntegriCloud