Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
libstb: fix failure of calling cvc verify without STB initialization.
Currently in OPAL init time at various stages we are loading various PNOR partition containers from the flash device. When we load a flash resource STB calls the CVC verify and trusted measure(sha512) functions. So when we have a flash resource gets loaded before STB initialization, then cvc verify function fails to start the verify and enforce the boot. Below is one of the example failure where our VERSION partition gets loading early in the boot stage without STB initialization done. This is with secure mode off. STB: VERSION NOT VERIFIED, invalid param. buf=0x305ed930, len=4096 key-hash=0x0 hash-size=0 In the same code path when secure mode is on, the boot process will abort. So this patch fixes this issue by calling cvc verify only if we have STB init was done. And also we need a permanent fix in init path to ensure STB init gets done at first place and then start loading all other flash resources. Signed-off-by: Pridhiviraj Paidipeddi <ppaidipe@linux.vnet.ibm.com> Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
- Loading branch information