From 3281d5a41a825fce5b935e8929971a8847611fc8 Mon Sep 17 00:00:00 2001 From: Claudio Carvalho Date: Sat, 9 Dec 2017 02:52:20 -0200 Subject: libstb/trustedboot.c: import tb_measure() from stb.c This imports tb_measure() from stb.c, but now it calls the CVC sha512 wrapper to calculate the sha512 hash of the firmware image provided. In trustedboot.c, the tb_measure() is renamed to trustedboot_measure(). The new function, trustedboot_measure(), no longer checks if the container payload hash calculated at boot time matches with the hash found in the container header. A few reasons: - If the system admin wants the container header to be checked/validated, the secure boot jumper must be set. Otherwise, the container header information may not be reliable. - The container layout is expected to change over time. Skiboot would need to maintain a parser for each container layout change. - Skiboot could be checking the hash against a container version that is not supported by the Container-Verification-Code (CVC). The tb_measure() calls are updated to trustedboot_measure() in a subsequent patch. Signed-off-by: Claudio Carvalho Signed-off-by: Stewart Smith --- asm/cvc_entry.S | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'asm/cvc_entry.S') diff --git a/asm/cvc_entry.S b/asm/cvc_entry.S index ccca006..069ed09 100644 --- a/asm/cvc_entry.S +++ b/asm/cvc_entry.S @@ -26,10 +26,10 @@ .section .text .global __cvc_verify_v1 -.global call_rom_SHA512 +.global __cvc_sha512_v1 __cvc_verify_v1: -call_rom_SHA512: +__cvc_sha512_v1: call_rom_entry: std %r2, 40(%r1) -- cgit v1.1