Fix incorrect size for entries going into hb resv memory

Sections that do not have Secure Headers and need one injected were
not passing in the correct size to preverifiedlidmgr.
e.g. RINGOVD section or when SB is compiled out

Change-Id: I6e8c775a9a1d3f89473c55af6efc8109fb378c99
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/50545
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

src/include/usr/secureboot/containerheader.H

@@ -293,10 +293,10 @@ class ContainerHeader
          * @brief Generate fake header with minimal information and stores in
          *        instance variable
          *
-         * @param[in] i_totalSize   Total container size
+         * @param[in] i_size        Size of content to add header to
          * @param[in] i_compId      Component ID
          */
-        void genFakeHeader(const size_t i_totalSize,
+        void genFakeHeader(const size_t i_size,
                            const char* const i_compId);
 
         friend class ::SecureRomManagerTest;

src/usr/runtime/populate_hbruntime.C

@@ -605,21 +605,22 @@ errlHndl_t hbResvLoadSecureSection (const PNOR::SectionId i_sec,
 
         // Check if the section is expected to have a secure header regardless
         // of compile options
+#ifdef CONFIG_SECUREBOOT
         if (i_secHdrExpected)
         {
-#ifdef CONFIG_SECUREBOOT
             // If section is signed, only the protected size was loaded into memory
             l_imgSize = l_info.secureProtectedPayloadSize;
             // Include secure header
             // NOTE: we do not preserve the header in virtual memory when SB
             // is compiled out. So "-PAGESIZE" only works when SB is compiled in
             l_pnorVaddr -= PAGESIZE;
-#endif
-            // Add size for secure header.
-            // NOTE: if SB compiled out, a header will be injected later so
-            // preserve space for the header.
-            l_imgSize += PAGESIZE;
         }
+#endif
+        // Add size for secure header, as a header is REQUIRED for lid load
+        // from hostboot reserved memory to work in every scenario.
+        // NOTE: if SB compiled out or a header is never added, one will be
+        // injected later with min information. So preserve space for the header.
+        l_imgSize += PAGESIZE;
 
         // Load Pnor section into HB reserved memory
         l_elog = PreVerifiedLidMgr::loadFromPnor(i_sec, l_pnorVaddr, l_imgSize);

src/usr/secureboot/base/test/securerommgrtest.H

@@ -555,7 +555,7 @@ class SecureRomManagerTest : public CxxTest::TestSuite
     {
         TRACFCOMP(g_trac_secure,"SecureRomManagerTest::test_fakeHeader");
 
-        const size_t l_totalContainerSize = 0x10000;
+        const size_t l_payloadSize = 0x10000;
         // Purposely make a comp id larger than SW_HDR_COMP_ID_SIZE_BYTES
         // otherwise strncmp below needs a different size
         const char* l_compId = "FAKEHEADERTEST";
@@ -564,7 +564,7 @@ class SecureRomManagerTest : public CxxTest::TestSuite
         // Simple call constructor to create fake header and make sure it
         // does not cause an error
         SECUREBOOT::ContainerHeader l_fakeHdr;
-        errlHndl_t l_errl = l_fakeHdr.setFakeHeader(l_totalContainerSize,
+        errlHndl_t l_errl = l_fakeHdr.setFakeHeader(l_payloadSize,
                                                     l_compId);
         if (l_errl)
         {
@@ -573,8 +573,14 @@ class SecureRomManagerTest : public CxxTest::TestSuite
             break;
         }
 
-        // Payload Text Size should be the total container size minus the header
-        if(l_fakeHdr.payloadTextSize() != (l_totalContainerSize - PAGE_SIZE))
+        // Total Container size should be payload size + PAGE_SIZE(header size)
+        if(l_fakeHdr.totalContainerSize() != (l_payloadSize + PAGE_SIZE))
+        {
+            TS_FAIL("SecureRomManagerTest::test_fakeHeader: total container size was not parsed correctly");
+        }
+
+        // Check that payload text size was assigned correctly.
+        if(l_fakeHdr.payloadTextSize() != (l_payloadSize))
         {
             TS_FAIL("SecureRomManagerTest::test_fakeHeader: payload text size was not parsed correctly");
             break;

src/usr/secureboot/common/containerheader.C

@@ -171,7 +171,7 @@ void ContainerHeader::initVars()
     memset(iv_componentId,0x00,sizeof(iv_componentId));
 }
 
-void ContainerHeader::genFakeHeader(const size_t i_totalSize,
+void ContainerHeader::genFakeHeader(const size_t i_size,
                                     const char* const i_compId)
 {
     SecureHeaderInfo info {};
@@ -182,7 +182,7 @@ void ContainerHeader::genFakeHeader(const size_t i_totalSize,
      /*---- ROM_container_raw ----*/
     info.hw_hdr.magic_number = ROM_MAGIC_NUMBER;
     info.hw_hdr.version = CONTAINER_VERSION;
-    info.hw_hdr.container_size = i_totalSize;
+    info.hw_hdr.container_size = i_size + PAGE_SIZE;
     // The rom code has a placeholder for the prefix in the first struct so
     // skip it
     size_t l_size = offsetof(ROM_container_raw, prefix);
@@ -212,7 +212,7 @@ void ContainerHeader::genFakeHeader(const size_t i_totalSize,
     strncpy(info.sw_hdr.component_id, i_compId,SW_HDR_COMP_ID_SIZE_BYTES);
     info.sw_hdr.ver_alg.hash_alg = HASH_ALG_SHA512;
     info.sw_hdr.ver_alg.sig_alg = SIG_ALG_ECDSA521;
-    info.sw_hdr.payload_size = i_totalSize - PAGE_SIZE;
+    info.sw_hdr.payload_size = i_size;
 
     l_size = offsetof(ROM_sw_header_raw, ecid);
     l_size += info.hw_prefix_hdr.ecid_count * ECID_SIZE;