From 32a7d96144d9e9e9992ecf856c2b1fbe2828aa95 Mon Sep 17 00:00:00 2001 From: Stewart Smith Date: Thu, 6 Oct 2016 11:57:25 +1100 Subject: Add software STB "ROM" implementation for Mambo Pass SKIBOOT_ENABLE_MAMBO_STB=1 as environment variable to skiboot.tcl and the tcl will enable the /ibm,secureboot node, enabling hash and signature "verification" for that mambo session. Signed-off-by: Stewart Smith --- external/mambo/skiboot.tcl | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'external') diff --git a/external/mambo/skiboot.tcl b/external/mambo/skiboot.tcl index e9aea02..8d221de 100644 --- a/external/mambo/skiboot.tcl +++ b/external/mambo/skiboot.tcl @@ -243,6 +243,34 @@ for { set c 0 } { $c < $mconf(cpus) } { incr c } { mysim of addprop $cpu_node array "ibm,ppc-interrupt-server#s" irqreg } +mconfig enable_stb SKIBOOT_ENABLE_MAMBO_STB 0 + +if { [info exists env(SKIBOOT_ENABLE_MAMBO_STB)] } { + set stb_node [ mysim of addchild $root_node "ibm,secureboot" "" ] + mysim of addprop $stb_node string "compatible" "ibm,secureboot-v1-softrom" + mysim of addprop $stb_node string "secure-enabled" "" + mysim of addprop $stb_node string "trusted-enabled" "" + mysim of addprop $stb_node string "hash-algo" "sha512" + set hw_key_hash {} + lappend hw_key_hash 0x40d487ff + lappend hw_key_hash 0x7380ed6a + lappend hw_key_hash 0xd54775d5 + lappend hw_key_hash 0x795fea0d + lappend hw_key_hash 0xe2f541fe + lappend hw_key_hash 0xa9db06b8 + lappend hw_key_hash 0x466a42a3 + lappend hw_key_hash 0x20e65f75 + lappend hw_key_hash 0xb4866546 + lappend hw_key_hash 0x0017d907 + lappend hw_key_hash 0x515dc2a5 + lappend hw_key_hash 0xf9fc5095 + lappend hw_key_hash 0x4d6ee0c9 + lappend hw_key_hash 0xb67d219d + lappend hw_key_hash 0xfb708535 + lappend hw_key_hash 0x1d01d6d1 + mysim of addprop $stb_node array "hw-key-hash" hw_key_hash +} + # Load images set boot_size [file size $mconf(boot_image)] -- cgit v1.1