diff options
| author | Stewart Smith <stewart@linux.vnet.ibm.com> | 2018-02-09 17:32:39 +1100 |
|---|---|---|
| committer | Stewart Smith <stewart@linux.vnet.ibm.com> | 2018-02-13 01:30:10 -0600 |
| commit | b94fbeaf137c3981976699ef5dcc8cf95088413a (patch) | |
| tree | abc4f6d1096b6319bd8bf48a9228bfff5d35a84b /libstb | |
| parent | 92a303dfeeb61c73ea4d9226af6c4d874db6bc89 (diff) | |
| download | talos-skiboot-b94fbeaf137c3981976699ef5dcc8cf95088413a.tar.gz talos-skiboot-b94fbeaf137c3981976699ef5dcc8cf95088413a.zip | |
stb: Put correct label (for skiboot) into container
Hostboot will expect the label field of the stb header to contain
"PAYLOAD" for skiboot or it will fail to load and run skiboot.
The failure looks something like this:
53.40896|ISTEP 20. 1 - host_load_payload
53.65840|secure|Secureboot Failure plid = 0x90000755, rc = 0x1E07
53.65881|System shutting down with error status 0x1E07
53.67547|================================================
53.67954|Error reported by secure (0x1E00) PLID 0x90000755
53.67560| Container's component ID does not match expected component ID
53.67561| ModuleId 0x09 SECUREBOOT::MOD_SECURE_VERIFY_COMPONENT
53.67845| ReasonCode 0x1e07 SECUREBOOT::RC_ROM_VERIFY
53.67998| UserData1 : 0x0000000000000000
53.67999| UserData2 : 0x0000000000000000
53.67999|------------------------------------------------
53.68000| Callout type : Procedure Callout
53.68000| Procedure : EPUB_PRC_HB_CODE
53.68001| Priority : SRCI_PRIORITY_HIGH
53.68001|------------------------------------------------
53.68002| Callout type : Procedure Callout
53.68003| Procedure : EPUB_PRC_FW_VERIFICATION_ERR
53.68003| Priority : SRCI_PRIORITY_HIGH
53.68004|------------------------------------------------
Reported-by: Pridhiviraj Paidipeddi <ppaidipe@linux.vnet.ibm.com>
Tested-by: Pridhiviraj Paidipeddi <ppaidipe@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Diffstat (limited to 'libstb')
| -rwxr-xr-x | libstb/sign-with-local-keys.sh | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/libstb/sign-with-local-keys.sh b/libstb/sign-with-local-keys.sh index edd2757f..efddabff 100755 --- a/libstb/sign-with-local-keys.sh +++ b/libstb/sign-with-local-keys.sh @@ -9,13 +9,19 @@ if [ ! -f $PAYLOAD ]; then fi KEYLOC=$3 +LABEL=$4 + T=`mktemp -d` +LABEL_ARG="" +if [ ! -z "$LABEL" ]; then + LABEL_ARG="-L $LABEL" +fi # Build enough of the container to create the Prefix and Software headers. # (reuse HW key for SW key P) ./libstb/create-container -a $KEYLOC/hw_key_a.key -b $KEYLOC/hw_key_b.key -c $KEYLOC/hw_key_c.key \ -p $KEYLOC/hw_key_a.key \ - --payload $PAYLOAD --imagefile $OUTPUT \ + --payload $PAYLOAD --imagefile $OUTPUT $LABEL_ARG \ --dumpPrefixHdr $T/prefix_hdr --dumpSwHdr $T/software_hdr # Sign the Prefix header. @@ -28,7 +34,7 @@ openssl dgst -SHA512 -sign $KEYLOC/hw_key_a.key $T/software_hdr > $T/sw_key_p.si # Build the full container with signatures. ./libstb/create-container -a $KEYLOC/hw_key_a.key -b $KEYLOC/hw_key_b.key -c $KEYLOC/hw_key_c.key \ - -p $KEYLOC/hw_key_a.key \ + -p $KEYLOC/hw_key_a.key $LABEL_ARG \ -A $T/hw_key_a.sig -B $T/hw_key_b.sig -C $T/hw_key_c.sig \ -P $T/sw_key_p.sig \ --payload $PAYLOAD --imagefile $OUTPUT |
