diff options
| author | Samuel Mendoza-Jonas <sam@mendozajonas.com> | 2018-07-10 16:25:32 +1000 |
|---|---|---|
| committer | Stewart Smith <stewart@linux.ibm.com> | 2018-07-17 00:01:23 -0500 |
| commit | 3cd749c99791d43ee929b9401fb14fc6739ce360 (patch) | |
| tree | dac79c5a11e20050cd9ffe3330dc38d04a94fac8 /libstb/trustedboot.c | |
| parent | 2c30ddb93baf34c0191e5c23579c03a8f76f27c4 (diff) | |
| download | skiboot-3cd749c99791d43ee929b9401fb14fc6739ce360.zip skiboot-3cd749c99791d43ee929b9401fb14fc6739ce360.tar.gz skiboot-3cd749c99791d43ee929b9401fb14fc6739ce360.tar.bz2 | |
Recognise signed VERSION partition
A few things need to change to support a signed VERSION partition:
- A signed VERSION partition will be 4K + SECURE_BOOT_HEADERS_SIZE (4K).
- The VERSION partition needs to be loaded after secure/trusted boot is
set up, and therefore after nvram_init().
- Added to the trustedboot resources array.
This also moves the ipmi_dt_add_bmc_info() call to after
flash_dt_add_fw_version() since it adds info to ibm,firmware-versions.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
Diffstat (limited to 'libstb/trustedboot.c')
| -rw-r--r-- | libstb/trustedboot.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/libstb/trustedboot.c b/libstb/trustedboot.c index 8fa1179..ae2cc55 100644 --- a/libstb/trustedboot.c +++ b/libstb/trustedboot.c @@ -46,6 +46,7 @@ static struct { { RESOURCE_ID_IMA_CATALOG, PCR_2 }, { RESOURCE_ID_KERNEL, PCR_4 }, { RESOURCE_ID_CAPP, PCR_2 }, + { RESOURCE_ID_VERSION, PCR_3 }, }; /* |