From 246654c69f0b76642662a20c374792ea21e2076f Mon Sep 17 00:00:00 2001
From: Stephen Cprek <smcprek@us.ibm.com>
Date: Wed, 19 Apr 2017 15:20:50 -0500
Subject: Sign and Verify the payload partition (port from p8)

Change-Id: I1925f347448accc2c85f57fe63726b2589929881
RTC:171706
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/39659
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
---
 src/build/buildpnor/genPnorImages.pl            |  2 +-
 src/usr/isteps/istep20/call_host_load_payload.C | 23 +++++++++++++++++++----
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/src/build/buildpnor/genPnorImages.pl b/src/build/buildpnor/genPnorImages.pl
index 54f1c82ba..a9052c972 100755
--- a/src/build/buildpnor/genPnorImages.pl
+++ b/src/build/buildpnor/genPnorImages.pl
@@ -509,7 +509,7 @@ sub manipulateImages
         my $isNormalSecure = ($eyeCatch eq "SBE");
         #$isNormalSecure ||= ($eyeCatch eq "HBRT");
         #$isNormalSecure ||= ($eyeCatch eq "SBEC");
-        #$isNormalSecure ||= ($eyeCatch eq "PAYLOAD");
+        $isNormalSecure ||= ($eyeCatch eq "PAYLOAD");
         #$isNormalSecure ||= ($eyeCatch eq "OCC");
         #$isNormalSecure ||= ($eyeCatch eq "CAPP");
         #$isNormalSecure ||= ($eyeCatch eq "BOOTKERNEL");
diff --git a/src/usr/isteps/istep20/call_host_load_payload.C b/src/usr/isteps/istep20/call_host_load_payload.C
index c89004e56..6251eaf80 100644
--- a/src/usr/isteps/istep20/call_host_load_payload.C
+++ b/src/usr/isteps/istep20/call_host_load_payload.C
@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2016                             */
+/* Contributors Listed Below - COPYRIGHT 2016,2017                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -38,6 +38,7 @@
 #include <arch/ppc.H>
 #include <kernel/console.H>
 #include <xz/xz.h>
+#include <config.h>
 
 using namespace ERRORLOG;
 using namespace ISTEP;
@@ -136,11 +137,25 @@ void* call_host_load_payload (void *io_pArgs)
 static errlHndl_t load_pnor_section(PNOR::SectionId i_section,
         uint64_t i_physAddr)
 {
+    TRACFCOMP(ISTEPS_TRACE::g_trac_isteps_trace,ENTER_MRK"load_pnor_section()");
+    errlHndl_t err = nullptr;
+
+#ifdef CONFIG_SECUREBOOT
+    // Securely load section
+    TRACFCOMP(ISTEPS_TRACE::g_trac_isteps_trace,"load_pnor_section: secure section load of secId=0x%X (%s)",
+              i_section, PNOR::SectionIdToString(i_section));
+    err = PNOR::loadSecureSection(i_section);
+    if (err)
+    {
+        return err;
+    }
+    // Do not need to unload since we have plenty of memory at this point.
+#endif
+
     // Get the section info from PNOR.
     PNOR::SectionInfo_t pnorSectionInfo;
-    errlHndl_t err = PNOR::getSectionInfo( i_section,
-                    pnorSectionInfo );
-    if( err != NULL )
+    err = PNOR::getSectionInfo( i_section, pnorSectionInfo );
+    if( err != nullptr )
     {
         TRACFCOMP(ISTEPS_TRACE::g_trac_isteps_trace,
                  "load_pnor_section: Could not get section info from %x",
-- 
cgit v1.2.1