diff options
author | Claudio Carvalho <cclaudio@linux.vnet.ibm.com> | 2017-12-09 02:52:29 -0200 |
---|---|---|
committer | Stewart Smith <stewart@linux.vnet.ibm.com> | 2017-12-18 21:30:57 -0600 |
commit | 48fd73cfc7073911a1ecdf0ff62e1800ef544d2a (patch) | |
tree | b27fbf121782036044b0e31854b840a6bd10ea30 /hdata/spira.h | |
parent | ccdbfdac637c2ddabfcc36371344cd5c6c648e1b (diff) | |
download | skiboot-48fd73cfc7073911a1ecdf0ff62e1800ef544d2a.zip skiboot-48fd73cfc7073911a1ecdf0ff62e1800ef544d2a.tar.gz skiboot-48fd73cfc7073911a1ecdf0ff62e1800ef544d2a.tar.bz2 |
hdata/spira: add ibm, secureboot node in P9
In P9, skiboot builds the device tree from the HDAT. These are the
"ibm,secureboot" node changes compared to P8:
- The Container-Verification-Code (CVC), a.k.a. ROM code, is no longer
stored in a secure ROM with static address. In P9, it is stored in a
hostboot reserved memory and each service provided also has a version,
not only an offset.
- The hash-algo property is not provided via HDAT, instead it provides
the hw-key-hash-size, which is indeed the information required by the
CVC to verify containers.
This parses the iplparams_sysparams HDAT structure and creates the
"ibm,secureboot", which is bumped to "ibm,secureboot-v2".
In "ibm,secureboot-v2":
- hash-algo property is superseded by hw-key-hash-size.
- container verification code is explicitly described by a child node.
Added in a subsequent patch.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Reviewed-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Reviewed-by: Oliver O'Halloran <oohall@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Diffstat (limited to 'hdata/spira.h')
-rw-r--r-- | hdata/spira.h | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/hdata/spira.h b/hdata/spira.h index 190afad..17c6a2a 100644 --- a/hdata/spira.h +++ b/hdata/spira.h @@ -355,6 +355,7 @@ struct iplparams_sysparams { __be32 abc_bus_speed; __be32 wxyz_bus_speed; __be32 sys_eco_mode; +#define SYS_ATTR_MULTIPLE_TPM PPC_BIT32(0) #define SYS_ATTR_RISK_LEVEL PPC_BIT32(3) __be32 sys_attributes; __be32 mem_scrubbing; @@ -369,12 +370,14 @@ struct iplparams_sysparams { uint8_t split_core_mode; /* >= 0x5c */ uint8_t reserved[3]; uint8_t sys_vendor[64]; /* >= 0x5f */ - /* >= 0x60 */ - __be16 sys_sec_setting; - __be16 tpm_config_bit; - __be16 tpm_drawer; - __be16 reserved2; - uint8_t hw_key_hash[64]; +#define SEC_CONTAINER_SIG_CHECKING PPC_BIT16(0) +#define SEC_HASHES_EXTENDED_TO_TPM PPC_BIT16(1) + __be16 sys_sec_setting; /* >= 0x60 */ + __be16 tpm_config_bit; /* >= 0x60 */ + __be16 tpm_drawer; /* >= 0x60 */ + __be16 hw_key_hash_size; /* >= 0x60 */ +#define SYSPARAMS_HW_KEY_HASH_MAX 64 + uint8_t hw_key_hash[SYSPARAMS_HW_KEY_HASH_MAX]; /* >= 0x60 */ uint8_t sys_family_str[64]; /* vendor,name */ uint8_t sys_type_str[64]; /* vendor,type */ } __packed; |