Secure WOF data support in HB standalone

Adds secure signing of WOF data for HB standalone and ensures the section is loaded when needed and available for reuse more than once during the IPL. Change-Id: Idd5f611030033ea165cde51ace987fa6847b78e7 RTC:170715 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/41172 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
open-power · May 31, 2017 · e263958 · e263958
1 parent ddfce1b
commit e263958
Show file tree

Hide file tree

Showing 5 changed files with 6 additions and 3 deletions.
diff --git a/src/build/buildpnor/defaultPnorLayout.xml b/src/build/buildpnor/defaultPnorLayout.xml
@@ -268,6 +268,7 @@ Layout Description
         <physicalOffset>0x2BF4000</physicalOffset>
         <physicalRegionSize>0x300000</physicalRegionSize>
         <side>sideless</side>
+        <sha512Version/>
         <ecc/>
     </section>
 </pnor>
diff --git a/src/build/buildpnor/genPnorImages.pl b/src/build/buildpnor/genPnorImages.pl
@@ -550,6 +550,7 @@ sub manipulateImages
         #$isNormalSecure ||= ($eyeCatch eq "CAPP");
         #$isNormalSecure ||= ($eyeCatch eq "BOOTKERNEL");
         $isNormalSecure ||= ($eyeCatch eq "HCODE");
+        $isNormalSecure ||= ($eyeCatch eq "WOFDATA");
 
         my $isSpecialSecure = ($eyeCatch eq "HBB");
         $isSpecialSecure ||= ($eyeCatch eq "HBD");

diff --git a/src/usr/pnor/pnor_utils.C b/src/usr/pnor/pnor_utils.C
@@ -393,7 +393,8 @@ bool PNOR::isEnforcedSecureSection(const uint32_t i_section)
                i_section == SBKT ||
                i_section == OCC ||
                i_section == HCODE ||
-               i_section == HB_RUNTIME;
+               i_section == HB_RUNTIME ||
+               i_section == WOFDATA;
     #endif
 #else
     return false;

diff --git a/src/usr/pnor/pnorrp.C b/src/usr/pnor/pnorrp.C
@@ -103,7 +103,7 @@ errlHndl_t PNOR::clearSection(PNOR::SectionId i_section)
 }
 
 /**
- * @brief  Write the data for a given sectino into PNOR
+ * @brief  Write the data for a given section into PNOR
  */
 errlHndl_t PNOR::flush( PNOR::SectionId i_section)
 {

diff --git a/src/usr/pnor/runtime/rt_pnor.C b/src/usr/pnor/runtime/rt_pnor.C
@@ -62,7 +62,7 @@ errlHndl_t PNOR::getSectionInfo( PNOR::SectionId i_section,
 }
 
 /**
- * @brief  Write the data for a given sectino into PNOR
+ * @brief  Write the data for a given section into PNOR
  */
 errlHndl_t PNOR::flush( PNOR::SectionId i_section)
 {