diff options
| author | Claudio Carvalho <cclaudio@linux.vnet.ibm.com> | 2017-12-09 02:52:29 -0200 |
|---|---|---|
| committer | Stewart Smith <stewart@linux.vnet.ibm.com> | 2017-12-18 21:30:57 -0600 |
| commit | 48fd73cfc7073911a1ecdf0ff62e1800ef544d2a (patch) | |
| tree | b27fbf121782036044b0e31854b840a6bd10ea30 /hdata/Makefile.inc | |
| parent | ccdbfdac637c2ddabfcc36371344cd5c6c648e1b (diff) | |
| download | talos-skiboot-48fd73cfc7073911a1ecdf0ff62e1800ef544d2a.tar.gz talos-skiboot-48fd73cfc7073911a1ecdf0ff62e1800ef544d2a.zip | |
hdata/spira: add ibm, secureboot node in P9
In P9, skiboot builds the device tree from the HDAT. These are the
"ibm,secureboot" node changes compared to P8:
- The Container-Verification-Code (CVC), a.k.a. ROM code, is no longer
stored in a secure ROM with static address. In P9, it is stored in a
hostboot reserved memory and each service provided also has a version,
not only an offset.
- The hash-algo property is not provided via HDAT, instead it provides
the hw-key-hash-size, which is indeed the information required by the
CVC to verify containers.
This parses the iplparams_sysparams HDAT structure and creates the
"ibm,secureboot", which is bumped to "ibm,secureboot-v2".
In "ibm,secureboot-v2":
- hash-algo property is superseded by hw-key-hash-size.
- container verification code is explicitly described by a child node.
Added in a subsequent patch.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Reviewed-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Reviewed-by: Oliver O'Halloran <oohall@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Diffstat (limited to 'hdata/Makefile.inc')
0 files changed, 0 insertions, 0 deletions
