Recognise signed VERSION partition

[ Upstream commit 3cd749c ] A few things need to change to support a signed VERSION partition: - A signed VERSION partition will be 4K + SECURE_BOOT_HEADERS_SIZE (4K). - The VERSION partition needs to be loaded after secure/trusted boot is set up, and therefore after nvram_init(). - Added to the trustedboot resources array. This also moves the ipmi_dt_add_bmc_info() call to after flash_dt_add_fw_version() since it adds info to ibm,firmware-versions. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com> Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
open-power · Oct 31, 2018 · c7e0902 · c7e0902
1 parent 5e66c88
commit c7e0902
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 10 deletions.
diff --git a/core/flash.c b/core/flash.c
@@ -51,7 +51,7 @@ static u32 nvram_offset, nvram_size;
 
 /* ibm,firmware-versions support */
 static char *version_buf;
-static size_t version_buf_size = 0x1000;
+static size_t version_buf_size = 0x2000;
 
 bool flash_reserve(void)
 {
@@ -246,6 +246,8 @@ void flash_dt_add_fw_version(void)
 	fw_version = dt_new(dt_root, "ibm,firmware-versions");
 	assert(fw_version);
 
+	if (stb_is_container(version_buf, version_buf_size))
+		numbytes += SECURE_BOOT_HEADERS_SIZE;
 	for ( ; (numbytes < version_buf_size) && version_buf[numbytes]; numbytes++) {
 		if (version_buf[numbytes] == '\n') {
 			version_data[i] = '\0';

diff --git a/core/init.c b/core/init.c
@@ -1069,6 +1069,13 @@ void __noreturn __nomcount main_cpu_entry(const void *fdt)
 	secureboot_init();
 	trustedboot_init();
 
+	/*
+	 * BMC platforms load version information from flash after
+	 * secure/trustedboot init.
+	 */
+	if (platform.bmc)
+		flash_fw_version_preload();
+
         /* preload the IMC catalog dtb */
         imc_catalog_preload();
 
@@ -1116,6 +1123,12 @@ void __noreturn __nomcount main_cpu_entry(const void *fdt)
 	/* Add OPAL timer related properties */
 	late_init_timers();
 
+	/* Setup ibm,firmware-versions if able */
+	if (platform.bmc) {
+		flash_dt_add_fw_version();
+		ipmi_dt_add_bmc_info();
+	}
+
 	ipmi_set_fw_progress_sensor(IPMI_FW_PCI_INIT);
 
 	/*

diff --git a/libstb/trustedboot.c b/libstb/trustedboot.c
@@ -46,6 +46,7 @@ static struct {
 	{ RESOURCE_ID_IMA_CATALOG, PCR_2 },
 	{ RESOURCE_ID_KERNEL, PCR_4 },
 	{ RESOURCE_ID_CAPP,   PCR_2 },
+	{ RESOURCE_ID_VERSION, PCR_3 },
 };
 
 /*

diff --git a/platforms/astbmc/common.c b/platforms/astbmc/common.c
@@ -138,9 +138,6 @@ void astbmc_init(void)
 	astbmc_fru_init();
 	ipmi_sensor_init();
 
-	/* Preload PNOR VERSION section */
-	flash_fw_version_preload();
-
 	/* Request BMC information */
 	ipmi_get_bmc_info_request();
 
@@ -154,12 +151,6 @@ void astbmc_init(void)
 
 	/* Setup UART console for use by Linux via OPAL API */
 	set_opal_console(&uart_opal_con);
-
-	/* Add ibm,firmware-versions node */
-	flash_dt_add_fw_version();
-
-	/* Add BMC firmware info to device tree */
-	ipmi_dt_add_bmc_info();
 }
 
 int64_t astbmc_ipmi_power_down(uint64_t request)