diff options
author | Claudio Carvalho <cclaudio@linux.vnet.ibm.com> | 2017-12-09 02:52:19 -0200 |
---|---|---|
committer | Stewart Smith <stewart@linux.vnet.ibm.com> | 2017-12-18 21:30:57 -0600 |
commit | 3ab91fbec937830f184108a244795a2e05cb275c (patch) | |
tree | b98fb42fb1d4d72cc88c669a9bef4a1cf19c4131 /libstb/cvc.h | |
parent | 060ff18d4ddcfb87e9aa31fc5eadaf4318bca9bb (diff) | |
download | skiboot-3ab91fbec937830f184108a244795a2e05cb275c.zip skiboot-3ab91fbec937830f184108a244795a2e05cb275c.tar.gz skiboot-3ab91fbec937830f184108a244795a2e05cb275c.tar.bz2 |
libstb/secureboot.c: import sb_verify() from stb.c
This imports the sb_verify() function from stb.c, but now it calls the
CVC verify wrapper in order to verify signed firmware images. The
hw-key-hash and hw-key-hash-size initialized in secureboot.c are passed
to the CVC verify function wrapper.
In secureboot.c, the sb_verify() is renamed to secureboot_verify(). The
sb_verify() calls are updated in a subsequent patch.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Diffstat (limited to 'libstb/cvc.h')
-rw-r--r-- | libstb/cvc.h | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/libstb/cvc.h b/libstb/cvc.h index 3d7079e..14e8cd2 100644 --- a/libstb/cvc.h +++ b/libstb/cvc.h @@ -24,4 +24,24 @@ enum cvc_service_id { int cvc_init(void); +/************************************************************************ + * Wrappers for the services provided by the Container-Verification-Code + ************************************************************************/ + +/* + * call_cvc_verify - Call the CVC-verify service to verify the container fetched + * from PNOR. + * + * @buf - buffer that has the firmware component to be verified + * @size - number of bytes allocated for @buf + * @hw_key_hash - hash of the three harware public keys trusted by the platform + * owner + * @hw_key_hash_size - number of bytes allocated for @hw_key_hash + * @log - hexadecimal returned by the CVC. In case of verification failure, it + * indicates what checking failed + * + */ +int call_cvc_verify(void *buf, size_t size, const void *hw_key_hash, + size_t hw_key_hash_size, uint64_t *log); + #endif /* __CVC_H */ |