summaryrefslogtreecommitdiffstats
path: root/src/usr/secureboot/runtime/test
Commit message (Collapse)AuthorAgeFilesLines
* Handle comments from pre-verify and runtime lid loading commitsStephen Cprek2017-11-301-5/+12
| | | | | | | | | | | | Change-Id: I224079808493c062f04b7c3a59d45128a8f2e699 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49875 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secure Boot: Fix lid load from HB reserved memory issues at runtimeStephen Cprek2017-11-191-40/+33
| | | | | | | | | | | | | | | | | | | | - Force all PNOR sections we load from HB rserved memory to be secure Only exception is the RINGOVD section, in which we use a fake header - Add fake header when Secureboot compiled out or a section is never signed as there is no secure header preserved in virtual memory RTC: 171708 RTC: 180063 Change-Id: Ibbbd7be24ee7b199e73451c63b2c2d1f86a2c2d8 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49020 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Fix getSectionInfo from failing on secure sectionsStephen Cprek2017-09-201-40/+49
| | | | | | | | | | | | | Instead restrict actions if a secure section but let all other info to be obtained Change-Id: I4ae72157f8a956dfe2bccf9a88c8e6332fd3ff6a CQ: SW402304 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/46341 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Refactor SecureBoot Workarounds to better control leniencyStephen Cprek2017-08-251-0/+62
| | | | | | | | | | | | | | | | | | At this time we are trying to secure OpenPOWER in secure mode, but allow best effort policies in other scenarios Change-Id: I9ec2b5be49dbfcff678c4d30bb85f8762e448cb6 RTC: 170136 RTC: 155374 RTC: 168021 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43640 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Fix SECUREBOOT runtime interfaces and testsMike Baiocchi2017-08-181-0/+46
| | | | | | | | | | | | | | | This commit fixes the SECUREBOOT::allowAttrOverrides() function and also allows for more accurate secureboot testing at runtime. Change-Id: Ife86bd3f6311247438dd68a1a191d5de86892512 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/44635 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secureboot: Inhibit attribute overrides and sync exposuresMike Baiocchi2017-08-091-1/+19
| | | | | | | | | | | | | | | | | For Secureboot purposes, we don't consider the FSP a secure source. So this commit inhibts attribute overrides and any sort of attribute syncing from the FSP. Change-Id: I941ab5083d3055bc29237839aaaf4b723a2b0e90 RTC:175071 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/42687 Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Register verify_container runtime interfaceNick Bofferding2016-07-072-0/+138
- Added verify_container API to runtime interface for secureboot - Added testcase to test API registration - Created common secureboot tracing files Change-Id: If755644ff6507f14fd0463f4accf05301fc91832 RTC: 156119 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/26104 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
OpenPOWER on IntegriCloud