blob: e761c1f2fedcc37d3bad431b4929d276847f57ba (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
# **'base'** Secureboot Services in Hostboot
This directory implements the core of the secureboot-related functionality
that Hostboot provides.
It is available in the Hostboot Base Image (ie the HBB partition) and all
non-runtime Hostboot code can invoke functions provided by it.
## Key Points
* The **libsecureboot_base.so** module created here is available in Hostboot's
base image and is used to securely bringup the rest of the Hostboot.
* It implements the functions in these header files:
* [service.H](../../../include/usr/secureboot/service.H)
* [settings.H](../../../include/usr/secureboot/settings.H)
* It is used to tell if security is enabled at the system or processor level
* It is used to determine the state of the secureboot jumper on the different
processors
* It provides the interface into the SecureRom to verify code packages run
on the system
## Files
* __header.C__
* Implements functions related to loading and retrieving the
Hostboot Base header from Hostboot Base (HBB) PNOR partition
* __makefile__
* Standard Hostboot makefile
* __purge.H__
* Defines a special purge function
* __[README.md](./README.md)__
* This file
* __securerommgr.C, securerommgr.H__
* Defines and implements the SecureRomManager class and its member functions
* These functions call into the securerom and takes advantage of
its functionality
* __service.C__
* Retrieves the secureboot registers on the processors in the system
* These functions are then used to add information to errorlogs and traces
* Initliaizes the SecureRomManager class
* Function to handle special secureboot failures
* Retrieves some global secureboot settings taken from Hostboot's bootloader
* NOTE: Functions in this file call into functions in settings.C when
appropriate
* __settings.C__
* Gets and Sets the two primary Secureboot-related SCOM registers:
* ProcSecurity (aka Proc Security Switch)
* ProcCbsControl
* Also applies knowledge of key bits of these two registers, like returning
if a processor is set in 'secureboot enabled mode' and what the state of its
secureboot jumper is
## sub-directories
* __test__
* Standard Hostboot test directory that implements CXX Unit Tests
|