From 863b78e70f9b11e9948c380e1d5cd5790d8d9962 Mon Sep 17 00:00:00 2001
From: Stephen Cprek <smcprek@us.ibm.com>
Date: Mon, 10 Apr 2017 16:32:00 -0500
Subject: Port P8 HBI page verification functionality

Verify HBI pages via its securely signed hash page table

Change-Id: I86d29ee393c19aa0d9c5270b0b6c561a9fc4ab51
RTC: 167668
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/39071
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
---
 src/build/buildpnor/genPnorImages.pl | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

(limited to 'src/build/buildpnor/genPnorImages.pl')

diff --git a/src/build/buildpnor/genPnorImages.pl b/src/build/buildpnor/genPnorImages.pl
index 3c8d4c973..fb5c5f5d7 100755
--- a/src/build/buildpnor/genPnorImages.pl
+++ b/src/build/buildpnor/genPnorImages.pl
@@ -541,7 +541,7 @@ sub manipulateImages
         # Sections that have secureboot support. Secureboot still must be
         # enabled for secureboot actions on these partitions to occur.
         # @TODO securebootp9 re-enable with SBE/SBEC/PAYLOAD secureboot ports
-        my $isNormalSecure ||= ($eyeCatch eq "HBBL");
+        my $isNormalSecure = ($eyeCatch eq "HBBL");
         $isNormalSecure ||= ($eyeCatch eq "SBE");
         $isNormalSecure ||= ($eyeCatch eq "HBRT");
         #$isNormalSecure ||= ($eyeCatch eq "SBEC");
@@ -552,7 +552,7 @@ sub manipulateImages
 
         my $isSpecialSecure = ($eyeCatch eq "HBB");
         $isSpecialSecure ||= ($eyeCatch eq "HBD");
-        #$isSpecialSecure ||= ($eyeCatch eq "HBI");
+        $isSpecialSecure ||= ($eyeCatch eq "HBI");
 
         # Used to indicate security is supported in firmware
         my $secureSupported = $isNormalSecure || $isSpecialSecure;
@@ -620,8 +620,7 @@ sub manipulateImages
                 if ($secureboot && $secureSupported)
                 {
                     $callerHwHdrFields{configure} = 1;
-                    # @TODO securebootp9 re-enable hash page table with vfs page table port
-                    if (0) #exists $hashPageTablePartitions{$eyeCatch})
+                    if (exists $hashPageTablePartitions{$eyeCatch})
                     {
                         if ($eyeCatch eq "HBI")
                         {
@@ -635,8 +634,7 @@ sub manipulateImages
                         }
                     }
                     # Add hash page table
-                    # @TODO securebootp9 re-enable hash page table with vfs page table port
-                    if (0) #$tempImages{hashPageTable} ne "" && -e $tempImages{hashPageTable})
+                    if ($tempImages{hashPageTable} ne "" && -e $tempImages{hashPageTable})
                     {
                         trace(1,"Adding hash page table for $eyeCatch");
                         my $hashPageTableSize = -s $tempImages{hashPageTable};
-- 
cgit v1.2.1