aboutsummaryrefslogtreecommitdiff
path: root/external
diff options
context:
space:
mode:
authorStewart Smith <stewart@linux.vnet.ibm.com>2016-10-06 11:57:25 +1100
committerStewart Smith <stewart@linux.vnet.ibm.com>2016-10-10 15:29:38 +1100
commit32a7d96144d9e9e9992ecf856c2b1fbe2828aa95 (patch)
tree6d72186c595b5487c9c7c1fcb99d06faf9be66e3 /external
parent712df1f5f80b4684124d57486306ab28da85a52c (diff)
downloadskiboot-32a7d96144d9e9e9992ecf856c2b1fbe2828aa95.zip
skiboot-32a7d96144d9e9e9992ecf856c2b1fbe2828aa95.tar.gz
skiboot-32a7d96144d9e9e9992ecf856c2b1fbe2828aa95.tar.bz2
Add software STB "ROM" implementation for Mambo
Pass SKIBOOT_ENABLE_MAMBO_STB=1 as environment variable to skiboot.tcl and the tcl will enable the /ibm,secureboot node, enabling hash and signature "verification" for that mambo session. Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Diffstat (limited to 'external')
-rw-r--r--external/mambo/skiboot.tcl28
1 files changed, 28 insertions, 0 deletions
diff --git a/external/mambo/skiboot.tcl b/external/mambo/skiboot.tcl
index e9aea02..8d221de 100644
--- a/external/mambo/skiboot.tcl
+++ b/external/mambo/skiboot.tcl
@@ -243,6 +243,34 @@ for { set c 0 } { $c < $mconf(cpus) } { incr c } {
mysim of addprop $cpu_node array "ibm,ppc-interrupt-server#s" irqreg
}
+mconfig enable_stb SKIBOOT_ENABLE_MAMBO_STB 0
+
+if { [info exists env(SKIBOOT_ENABLE_MAMBO_STB)] } {
+ set stb_node [ mysim of addchild $root_node "ibm,secureboot" "" ]
+ mysim of addprop $stb_node string "compatible" "ibm,secureboot-v1-softrom"
+ mysim of addprop $stb_node string "secure-enabled" ""
+ mysim of addprop $stb_node string "trusted-enabled" ""
+ mysim of addprop $stb_node string "hash-algo" "sha512"
+ set hw_key_hash {}
+ lappend hw_key_hash 0x40d487ff
+ lappend hw_key_hash 0x7380ed6a
+ lappend hw_key_hash 0xd54775d5
+ lappend hw_key_hash 0x795fea0d
+ lappend hw_key_hash 0xe2f541fe
+ lappend hw_key_hash 0xa9db06b8
+ lappend hw_key_hash 0x466a42a3
+ lappend hw_key_hash 0x20e65f75
+ lappend hw_key_hash 0xb4866546
+ lappend hw_key_hash 0x0017d907
+ lappend hw_key_hash 0x515dc2a5
+ lappend hw_key_hash 0xf9fc5095
+ lappend hw_key_hash 0x4d6ee0c9
+ lappend hw_key_hash 0xb67d219d
+ lappend hw_key_hash 0xfb708535
+ lappend hw_key_hash 0x1d01d6d1
+ mysim of addprop $stb_node array "hw-key-hash" hw_key_hash
+}
+
# Load images
set boot_size [file size $mconf(boot_image)]