From 1fe8dc52058372b081c1f835e44b212e2c5899bf Mon Sep 17 00:00:00 2001
From: Nick Bofferding <bofferdn@us.ibm.com>
Date: Tue, 6 Feb 2018 11:48:12 -0600
Subject: Secure Boot: Remove utilmem from verify container fail path

When the Hostboot extended image verification fails, it calls FFDC collection
routine which invokes UtilMem functionality that is contained in the extended
image.  This creates a circular loop of dependency that cannot be satisfied.
The FFDC collection was fixed to remove use of UtilMem while providing same
function

Change-Id: Id7a15ae68ec316c5d6d6779143d1409f5333e816
Backport: release-fips910
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/53456
Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
---
 src/usr/secureboot/common/errlud_secure.C | 46 +++++++++++++++++--------------
 1 file changed, 26 insertions(+), 20 deletions(-)

(limited to 'src/usr/secureboot')

diff --git a/src/usr/secureboot/common/errlud_secure.C b/src/usr/secureboot/common/errlud_secure.C
index 68a0efcc1..a6b9b3d1d 100644
--- a/src/usr/secureboot/common/errlud_secure.C
+++ b/src/usr/secureboot/common/errlud_secure.C
@@ -31,7 +31,6 @@
 #include <secureboot/secure_reasoncodes.H>
 #include "errlud_secure.H"
 #include <kernel/bltohbdatamgr.H>
-#include <util/utilmem.H>
 #include <securerom/ROM.H>
 #include <errl/errlentry.H>
 #include <errl/errlmanager.H>
@@ -190,27 +189,34 @@ UdVerifyInfo::UdVerifyInfo(const char* i_compId,
     // 64 bytes  : Measured Hash
     // 64 bytes  : Expected Hash
 
-    UtilMem l_memBuf {};
-    l_memBuf.write(i_compId, strlen(i_compId)+1);
-    l_memBuf << i_protectedSize;
-    l_memBuf << static_cast<uint32_t>(i_ids.size());
-    for (auto id : i_ids)
+    const size_t compSize=strlen(i_compId)+1;
+    uint64_t protectedSize=i_protectedSize;
+    uint32_t ids=i_ids.size();
+    uint32_t idType=0;
+    const size_t totalSize=
+          compSize
+        + sizeof(protectedSize)
+        + sizeof(ids)
+        + sizeof(idType)*ids
+        + PARSER_SIZEOF_SHA512_t
+        + PARSER_SIZEOF_SHA512_t;
+
+    auto l_pBuf = reinterpret_cast<char *>(reallocUsrBuf(totalSize));
+    memcpy(l_pBuf,i_compId,compSize);
+    l_pBuf+=compSize;
+    *reinterpret_cast<decltype(protectedSize)*>(l_pBuf)=i_protectedSize;
+    l_pBuf+=sizeof(protectedSize);
+    *reinterpret_cast<decltype(ids)*>(l_pBuf)=ids;
+    l_pBuf+=sizeof(ids);
+    for(const auto id : i_ids)
     {
-        l_memBuf << id;
-    }
-    l_memBuf.write(i_measuredHash, PARSER_SIZEOF_SHA512_t);
-    l_memBuf.write(i_expectedHash, PARSER_SIZEOF_SHA512_t);
-
-    auto l_memBufErr =  l_memBuf.getLastError();
-    if(l_memBufErr)
-    {
-        errlCommit(l_memBufErr,SECURE_COMP_ID);
-    }
-    else
-    {
-        char * l_pBuf = reinterpret_cast<char *>(reallocUsrBuf(l_memBuf.size()));
-        memcpy(l_pBuf, l_memBuf.base(), l_memBuf.size());
+        *reinterpret_cast<decltype(idType)*>(l_pBuf)=id;
+        l_pBuf+=sizeof(idType);
     }
+    memcpy(l_pBuf,i_measuredHash, PARSER_SIZEOF_SHA512_t);
+    l_pBuf+=PARSER_SIZEOF_SHA512_t;
+    memcpy(l_pBuf,i_expectedHash, PARSER_SIZEOF_SHA512_t);
+    l_pBuf+=PARSER_SIZEOF_SHA512_t;
 }
 
 } // end SECUREBOOT namespace
-- 
cgit v1.2.3