diff options
author | Claudio Carvalho <cclaudio@linux.vnet.ibm.com> | 2017-12-09 02:52:21 -0200 |
---|---|---|
committer | Stewart Smith <stewart@linux.vnet.ibm.com> | 2017-12-18 21:30:57 -0600 |
commit | 5c2c24ba151121ebb627195322fab3498f834b14 (patch) | |
tree | 151c58fbe6e7bc54afb2690a6208ba13bb0b7101 /libstb/secureboot.c | |
parent | 3281d5a41a825fce5b935e8929971a8847611fc8 (diff) | |
download | skiboot-5c2c24ba151121ebb627195322fab3498f834b14.zip skiboot-5c2c24ba151121ebb627195322fab3498f834b14.tar.gz skiboot-5c2c24ba151121ebb627195322fab3498f834b14.tar.bz2 |
libstb/cvc.c: import softrom behavior from drivers/sw_driver.c
Softrom is used only for testing with mambo. By setting
compatible="ibm,secureboot-v1-softrom" in the "ibm,secureboot" node,
firmware images can be properly measured even if the
Container-Verification-Code (CVC) is not available. In this case, the
mbedtls_sha512() function is used to calculate the sha512 hash of the
firmware images.
This imports the softrom behavior from libstb/drivers/sw_driver.c code
into cvc.c, but now softrom is implemented as a flag. When the flag is
set, the wrappers for the CVC services work the same way as in
sw_driver.c.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Diffstat (limited to 'libstb/secureboot.c')
-rw-r--r-- | libstb/secureboot.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/libstb/secureboot.c b/libstb/secureboot.c index 2787951..953b123 100644 --- a/libstb/secureboot.c +++ b/libstb/secureboot.c @@ -34,6 +34,7 @@ static struct { const char *compat; } secureboot_map[] = { { IBM_SECUREBOOT_V1, "ibm,secureboot-v1" }, + { IBM_SECUREBOOT_SOFTROM, "ibm,secureboot-v1-softrom" }, }; static void secureboot_enforce(void) @@ -112,7 +113,9 @@ void secureboot_init(void) if (!secure_mode) return; - if (version == IBM_SECUREBOOT_V1) { + if (version == IBM_SECUREBOOT_V1 || + version == IBM_SECUREBOOT_SOFTROM) { + hash_algo = dt_prop_get(node, "hash-algo"); if (strcmp(hash_algo, "sha512")) { /** |