diff options
| author | Samuel Mendoza-Jonas <sam@mendozajonas.com> | 2018-07-10 16:25:32 +1000 |
|---|---|---|
| committer | Stewart Smith <stewart@linux.ibm.com> | 2018-07-17 00:01:23 -0500 |
| commit | 3cd749c99791d43ee929b9401fb14fc6739ce360 (patch) | |
| tree | dac79c5a11e20050cd9ffe3330dc38d04a94fac8 | |
| parent | 2c30ddb93baf34c0191e5c23579c03a8f76f27c4 (diff) | |
| download | skiboot-3cd749c99791d43ee929b9401fb14fc6739ce360.zip skiboot-3cd749c99791d43ee929b9401fb14fc6739ce360.tar.gz skiboot-3cd749c99791d43ee929b9401fb14fc6739ce360.tar.bz2 | |
Recognise signed VERSION partition
A few things need to change to support a signed VERSION partition:
- A signed VERSION partition will be 4K + SECURE_BOOT_HEADERS_SIZE (4K).
- The VERSION partition needs to be loaded after secure/trusted boot is
set up, and therefore after nvram_init().
- Added to the trustedboot resources array.
This also moves the ipmi_dt_add_bmc_info() call to after
flash_dt_add_fw_version() since it adds info to ibm,firmware-versions.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
| -rw-r--r-- | core/flash.c | 4 | ||||
| -rw-r--r-- | core/init.c | 13 | ||||
| -rw-r--r-- | libstb/trustedboot.c | 1 | ||||
| -rw-r--r-- | platforms/astbmc/common.c | 9 |
4 files changed, 17 insertions, 10 deletions
diff --git a/core/flash.c b/core/flash.c index e3be576..e258fe1 100644 --- a/core/flash.c +++ b/core/flash.c @@ -51,7 +51,7 @@ static u32 nvram_offset, nvram_size; /* ibm,firmware-versions support */ static char *version_buf; -static size_t version_buf_size = 0x1000; +static size_t version_buf_size = 0x2000; bool flash_reserve(void) { @@ -235,6 +235,8 @@ void flash_dt_add_fw_version(void) fw_version = dt_new(dt_root, "ibm,firmware-versions"); assert(fw_version); + if (stb_is_container(version_buf, version_buf_size)) + numbytes += SECURE_BOOT_HEADERS_SIZE; for ( ; (numbytes < version_buf_size) && version_buf[numbytes]; numbytes++) { if (version_buf[numbytes] == '\n') { version_data[i] = '\0'; diff --git a/core/init.c b/core/init.c index b660af2..ca6c468 100644 --- a/core/init.c +++ b/core/init.c @@ -1070,6 +1070,13 @@ void __noreturn __nomcount main_cpu_entry(const void *fdt) secureboot_init(); trustedboot_init(); + /* + * BMC platforms load version information from flash after + * secure/trustedboot init. + */ + if (platform.bmc) + flash_fw_version_preload(); + /* preload the IMC catalog dtb */ imc_catalog_preload(); @@ -1128,6 +1135,12 @@ void __noreturn __nomcount main_cpu_entry(const void *fdt) /* Add OPAL timer related properties */ late_init_timers(); + /* Setup ibm,firmware-versions if able */ + if (platform.bmc) { + flash_dt_add_fw_version(); + ipmi_dt_add_bmc_info(); + } + ipmi_set_fw_progress_sensor(IPMI_FW_PCI_INIT); /* diff --git a/libstb/trustedboot.c b/libstb/trustedboot.c index 8fa1179..ae2cc55 100644 --- a/libstb/trustedboot.c +++ b/libstb/trustedboot.c @@ -46,6 +46,7 @@ static struct { { RESOURCE_ID_IMA_CATALOG, PCR_2 }, { RESOURCE_ID_KERNEL, PCR_4 }, { RESOURCE_ID_CAPP, PCR_2 }, + { RESOURCE_ID_VERSION, PCR_3 }, }; /* diff --git a/platforms/astbmc/common.c b/platforms/astbmc/common.c index aa278a0..6c90b7d 100644 --- a/platforms/astbmc/common.c +++ b/platforms/astbmc/common.c @@ -134,9 +134,6 @@ void astbmc_init(void) astbmc_fru_init(); ipmi_sensor_init(); - /* Preload PNOR VERSION section */ - flash_fw_version_preload(); - /* Request BMC information */ ipmi_get_bmc_info_request(); @@ -150,12 +147,6 @@ void astbmc_init(void) /* Setup UART console for use by Linux via OPAL API */ set_opal_console(&uart_opal_con); - - /* Add ibm,firmware-versions node */ - flash_dt_add_fw_version(); - - /* Add BMC firmware info to device tree */ - ipmi_dt_add_bmc_info(); } int64_t astbmc_ipmi_power_down(uint64_t request) |