From bbbd68a140c9b34ccded9273d91e6b5bc97d0f28 Mon Sep 17 00:00:00 2001 From: Chen Du Date: Mon, 4 Mar 2019 10:56:19 -0600 Subject: Add page tables to read only partitions Changed partitions (WOFDATA, MEMD) to be signed with a hash page table bit. This generates a hash page table in the protected payload which will be used to validate pages in the unprotected payload Change-Id: I9be4b1f6e65b9a52a8b6ba23affdacc4d89f5295 RTC: 179519 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72776 Tested-by: Jenkins Server Reviewed-by: Nicholas E. Bofferding Tested-by: Jenkins OP Build CI Tested-by: FSP CI Jenkins Tested-by: Jenkins OP HW Reviewed-by: Michael Baiocchi Reviewed-by: Daniel M. Crowell --- src/usr/util/runtime/utillidmgr_rt.C | 23 +++++++++++++++++------ src/usr/util/utillidpnor.C | 8 +++++++- 2 files changed, 24 insertions(+), 7 deletions(-) (limited to 'src/usr/util') diff --git a/src/usr/util/runtime/utillidmgr_rt.C b/src/usr/util/runtime/utillidmgr_rt.C index ad5a7cd48..55bebdeb3 100644 --- a/src/usr/util/runtime/utillidmgr_rt.C +++ b/src/usr/util/runtime/utillidmgr_rt.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2013,2018 */ +/* Contributors Listed Below - COPYRIGHT 2013,2019 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -192,13 +192,24 @@ errlHndl_t UtilLidMgr::loadLid() UTIL_FT(ERR_MRK"UtilLidMgr::loadLid - setheader failed"); break; } - iv_lidSize = l_conHdr.payloadTextSize(); UTIL_FT("UtilLidMgr::loadLid - resv mem section has secure header"); - - // Increment by page size to not expose secure header - iv_lidBuffer = static_cast(iv_lidBuffer) + - PAGESIZE; + if (l_conHdr.sb_flags()->sw_hash) + { + // Size of lid has to be size of unprotected data. So we + // need to take out header and hash table sizes + iv_lidSize = l_conHdr.totalContainerSize() - PAGESIZE - + l_conHdr.payloadTextSize(); + iv_lidBuffer = static_cast(iv_lidBuffer) + + PAGESIZE + l_conHdr.payloadTextSize(); + } + else + { + iv_lidSize = l_conHdr.payloadTextSize(); + // Increment by page size to not expose secure header + iv_lidBuffer = static_cast(iv_lidBuffer) + + PAGESIZE; + } } } else if(iv_isLidInVFS) diff --git a/src/usr/util/utillidpnor.C b/src/usr/util/utillidpnor.C index 7e910f6eb..8d81ad0c1 100644 --- a/src/usr/util/utillidpnor.C +++ b/src/usr/util/utillidpnor.C @@ -179,7 +179,13 @@ errlHndl_t UtilLidMgr::getLidPnorSectionInfo(const uint32_t i_lidId, // downstream logic from going past the end of the image. // NOTE: This assumes that any secure lid loaded from PNOR by // UtilLidMgr does not contain an unprotected section - iv_lidPnorInfo.size = iv_lidPnorInfo.secureProtectedPayloadSize; + // In this case of hash tables, we need to load the entire + // partition size because the user data is part of the + // unprotected payload + if (!iv_lidPnorInfo.hasHashTable) + { + iv_lidPnorInfo.size = iv_lidPnorInfo.secureProtectedPayloadSize; + } } #endif #endif -- cgit v1.2.3