From bcd6d6f29b70fa9714ea7b211c0b1435a59cb956 Mon Sep 17 00:00:00 2001
From: Mike Baiocchi <mbaiocch@us.ibm.com>
Date: Fri, 19 Jul 2019 15:37:48 -0500
Subject: [PATCH] Secureboot: Enable verifying OPAL Payload before starting
 instructions

For Enterprise systems that will boot OPAL, hostboot code will now
securely verify the OPAL payload before starting instructions if
secureboot is enabled.

Change-Id: I1c392758f90c4a886d2a7731d78980bdaa21837f
RTC:187304
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/80818
Reviewed-by: Ilya Smirnov <ismirno@us.ibm.com>
Reviewed-by: Zachary Clark <zach@ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: William G Hoffa <wghoffa@us.ibm.com>
---
 src/usr/isteps/istep21/call_host_runtime_setup.C | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/usr/isteps/istep21/call_host_runtime_setup.C b/src/usr/isteps/istep21/call_host_runtime_setup.C
index 4a87ddefdc6..55d46e1d350 100644
--- a/src/usr/isteps/istep21/call_host_runtime_setup.C
+++ b/src/usr/isteps/istep21/call_host_runtime_setup.C
@@ -290,8 +290,8 @@ errlHndl_t verifyAndMovePayload(void)
         break;
     }
 
-    // If in Secure Mode Verify PHYP at Temporary TCE-related Memory Location
-    if (SECUREBOOT::enabled() && is_phyp)
+    // If in Secure Mode Verify Payload at Temporary TCE-related Memory Location
+    if (SECUREBOOT::enabled())
     {
         TRACDCOMP( ISTEPS_TRACE::g_trac_isteps_trace,"verifyAndMovePayload() "
                    "Verifying PAYLOAD: physAddr=0x%.16llX, virtAddr=0x%.16llX",