diff options
| author | Stewart Smith <stewart@linux.vnet.ibm.com> | 2017-12-13 19:38:33 +1100 |
|---|---|---|
| committer | Stewart Smith <stewart@linux.vnet.ibm.com> | 2017-12-20 08:54:07 +1100 |
| commit | 1ddf7e51936f82a5ba8b6145962fbc278d591cde (patch) | |
| tree | 7d4f1c369f80b72395a7d23f9b647905761bacb6 /core/init.c | |
| parent | 6e05c6f21b34f9c4f6597ace36dfca9624c7923c (diff) | |
| download | skiboot-1ddf7e51936f82a5ba8b6145962fbc278d591cde.zip skiboot-1ddf7e51936f82a5ba8b6145962fbc278d591cde.tar.gz skiboot-1ddf7e51936f82a5ba8b6145962fbc278d591cde.tar.bz2 | |
Mambo: run hello_world and sreset_world tests with Secure and Trusted Boot
We *disable* the secure boot part, but we keep the verified boot
part as we don't currently have container verification code for Mambo.
We can run a small part of the code currently though.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Diffstat (limited to 'core/init.c')
| -rw-r--r-- | core/init.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/core/init.c b/core/init.c index 0405f5c..ec9f329 100644 --- a/core/init.c +++ b/core/init.c @@ -342,6 +342,7 @@ bool start_preload_kernel(void) static bool load_kernel(void) { + void *stb_container = NULL; struct elf_hdr *kh; int loaded; @@ -390,9 +391,10 @@ static bool load_kernel(void) /* Hack for STB in Mambo, assume at least 4kb in mem */ kernel_size = SECURE_BOOT_HEADERS_SIZE; } - if (stb_is_container(KERNEL_LOAD_BASE, kernel_size)) + if (stb_is_container(KERNEL_LOAD_BASE, kernel_size)) { + stb_container = KERNEL_LOAD_BASE; kh = (struct elf_hdr *) (KERNEL_LOAD_BASE + SECURE_BOOT_HEADERS_SIZE); - else + } else kh = (struct elf_hdr *) (KERNEL_LOAD_BASE); } @@ -417,6 +419,15 @@ static bool load_kernel(void) return false; } + if (chip_quirk(QUIRK_MAMBO_CALLOUTS)) { + secureboot_verify(RESOURCE_ID_KERNEL, + stb_container, + SECURE_BOOT_HEADERS_SIZE + kernel_size); + trustedboot_measure(RESOURCE_ID_KERNEL, + stb_container, + SECURE_BOOT_HEADERS_SIZE + kernel_size); + } + trustedboot_exit_boot_services(); return true; |