From a42bbccdd949bc4b78e856087019c73a126420d4 Mon Sep 17 00:00:00 2001
From: Nick Bofferding <bofferdn@us.ibm.com>
Date: Wed, 25 Jan 2017 13:10:08 -0600
Subject: Support extending sections to PCRs

- Ported p8 secureboot PCR extension code

Change-Id: I2bbf6ee6b2980c2fbe32dfb9cad25e9e2aba3285
RTC: 167581
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35632
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
---
 src/include/usr/secureboot/service.H | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

(limited to 'src/include/usr/secureboot/service.H')

diff --git a/src/include/usr/secureboot/service.H b/src/include/usr/secureboot/service.H
index 99772b429..afb3ed934 100644
--- a/src/include/usr/secureboot/service.H
+++ b/src/include/usr/secureboot/service.H
@@ -28,9 +28,13 @@
 #include <errl/errlentry.H>
 #include <config.h>
 #include <secureboot/settings.H>
+#include <utility>
 #include <cstdint>
 
 typedef uint8_t SHA512_t[64];
+
+typedef std::vector< std::pair<void*,size_t> > blobPair_t;
+
 /* From sha512.h:  */
 #define SHA512_DIGEST_LENGTH 64
 typedef uint8_t __attribute__((aligned(8))) sha2_hash_t[ \
@@ -160,12 +164,26 @@ namespace SECUREBOOT
     errlHndl_t hashBlob(const void * i_blob, size_t i_size, SHA512_t o_buf);
 
     /**
-     * @brief Retrieve the internal hardware hash key from secure ROM
-     *        object.
+     * @brief Retrieve the internal hardware keys' hash used to validate
+     *     containers
      * @param[out] o_hash  Reference to the sha2_hash_t array to copy the
      *                     hash to.
      */
-    void getHwHashKeys(sha2_hash_t o_hash);
+     void getHwKeyHash(sha2_hash_t o_hash);
+
+     /*
+      * @brief Hash the concatenation of N Blobs
+      *
+      *  Asserts if any blob pointer is NULL
+      *
+      * @param[in]  i_blobs     Vector of pairs composed of a void
+      *                         pointer to effective address and size
+      *                         of the blob to concatenate
+      * @param[out] o_buf       SHA512 hash
+      *
+      * @return errlHndl_t  NULL on success
+      */
+    errlHndl_t hashConcatBlobs(const blobPair_t &i_blobs, SHA512_t o_buf);
 
     /**
      * @brief Common secureboot handler for secureboot failures.
-- 
cgit v1.2.1