This directory implements the core of the secureboot-related functionality that Hostboot provides. It is available in the Hostboot Base Image (ie the HBB partition) and all non-runtime Hostboot code can invoke functions provided by it.
- The libsecureboot_base.so module created here is available in Hostboot's base image and is used to securely bringup the rest of the Hostboot.
- It implements the functions in these header files:
- It is used to tell if security is enabled at the system or processor level
- It is used to determine the state of the secureboot jumper on the different processors
- It provides the interface into the SecureRom to verify code packages run on the system
-
header.C
- Implements functions related to loading and retrieving the Hostboot Base header from Hostboot Base (HBB) PNOR partition
-
makefile
- Standard Hostboot makefile
-
purge.H
- Defines a special purge function
-
- This file
-
securerommgr.C, securerommgr.H
- Defines and implements the SecureRomManager class and its member functions
- These functions call into the securerom and takes advantage of its functionality
-
service.C
- Retrieves the secureboot registers on the processors in the system
- These functions are then used to add information to errorlogs and traces
- Initliaizes the SecureRomManager class
- Function to handle special secureboot failures
- Retrieves some global secureboot settings taken from Hostboot's bootloader
- NOTE: Functions in this file call into functions in settings.C when appropriate
- Retrieves the secureboot registers on the processors in the system
-
settings.C
- Gets and Sets the two primary Secureboot-related SCOM registers:
- ProcSecurity (aka Proc Security Switch)
- ProcCbsControl
- Also applies knowledge of key bits of these two registers, like returning if a processor is set in 'secureboot enabled mode' and what the state of its secureboot jumper is
- Gets and Sets the two primary Secureboot-related SCOM registers:
- test
- Standard Hostboot test directory that implements CXX Unit Tests