From b70fc1ac984f9da0d9e4932b8a9e40b1ccf4da50 Mon Sep 17 00:00:00 2001
From: Jaymes Wilks <mjwilks@us.ibm.com>
Date: Wed, 13 Sep 2017 09:53:39 -0500
Subject: Implement Secure unload

Implement Secure unload of secure sections within PNOR.

Change-Id: I92a00013d23e0506f89f89ec41a193eac0b25d25
RTC:157475
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/46203
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
---
 src/usr/util/utillidmgr.C | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'src/usr/util')

diff --git a/src/usr/util/utillidmgr.C b/src/usr/util/utillidmgr.C
index a84f31e88..f8ef376e0 100644
--- a/src/usr/util/utillidmgr.C
+++ b/src/usr/util/utillidmgr.C
@@ -773,8 +773,9 @@ errlHndl_t UtilLidMgr::cleanup()
 #ifdef CONFIG_SECUREBOOT
         // If in SECUREBOOT the lid could be securely signed in PNOR (like OCC)
         // If so, unload it securely
-        // NOTE:  It is safe to unload it even if it was unloaded before
-        if (iv_lidPnorInfo.secure)
+        bool l_doUnload = (iv_lidPnorInfo.size != 0);
+
+        if (iv_lidPnorInfo.secure && l_doUnload)
         {
             l_err = PNOR::unloadSecureSection(iv_lidPnorInfo.id);
 
@@ -785,6 +786,10 @@ errlHndl_t UtilLidMgr::cleanup()
                                "unloading module : %s (id=0x%X)",
                                iv_lidPnorInfo.id, iv_lidFileName, iv_lidId);
             }
+            else
+            {
+                iv_lidPnorInfo.size = 0;
+            }
         }
 #endif
 
-- 
cgit v1.2.3