<font size=2 face="sans-serif">The signing is actually verified by the
hostboot bootloader, not the SBE. See code starting here - </font><a href="https://github.com/open-power/hostboot/blob/master/src/bootloader/bootloader.C#L489"><font size=2 color=blue face="sans-serif">https://github.com/open-power/hostboot/blob/master/src/bootloader/bootloader.C#L489</font></a><br><br><font size=2 face="sans-serif">The bootloader exists within the same
processor seeprom that houses the SBE code.</font><br><font size=2 face="sans-serif"><br>--<br>Dan Crowell<br>Senior Software Engineer - Power Systems Enablement Firmware<br>IBM Rochester: t/l 553-2987<br>dcrowell@us.ibm.com</font><br><br><br><br><font size=1 color=#5f5f5f face="sans-serif">From:
</font><font size=1 face="sans-serif">Hugo Landau <hlandau@devever.net></font><br><font size=1 color=#5f5f5f face="sans-serif">To:
</font><font size=1 face="sans-serif">openpower-firmware@lists.ozlabs.org</font><br><font size=1 color=#5f5f5f face="sans-serif">Date:
</font><font size=1 face="sans-serif">11/12/2017 09:37 PM</font><br><font size=1 color=#5f5f5f face="sans-serif">Subject:
</font><font size=1 face="sans-serif">[OpenPower-Firmware]
STB verification of Hostboot by SBE</font><br><font size=1 color=#5f5f5f face="sans-serif">Sent by:
</font><font size=1 face="sans-serif">"OpenPower-Firmware"
<openpower-firmware-bounces+dcrowell=us.ibm.com@lists.ozlabs.org></font><br><hr noshade><br><br><br><tt><font size=2>Hi,<br><br>What is the situation regarding the cryptographic verification of the<br>initial Hostboot payload executed on the POWER9 cores?<br><br>This POWER8-era document [1] suggests that the SBE cryptographically<br>verifies Hostboot after loading it and before executing it, but I can't<br>find any code for it in POWER9's open-power/sbe.<br><br>[1]<br></font></tt><a href="https://www.ibm.com/developerworks/library/l-trusted-boot-openPOWER-trs/index.html"><tt><font size=2>https://www.ibm.com/developerworks/library/l-trusted-boot-openPOWER-trs/index.html</font></tt></a><tt><font size=2><br><br>_______________________________________________<br>OpenPower-Firmware mailing list<br>OpenPower-Firmware@lists.ozlabs.org<br></font></tt><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ozlabs.org_listinfo_openpower-2Dfirmware&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=mCj3CQvqek9g0fdziO-GEHyU1m9T3SAh0ZPd5s_AGpo&m=EOZDGBFIFjaZw4QMxk4q6zVy3la9G9hdMFCM8RVSb5o&s=tWotwVdWS991xQTyVXAFfjHBe9AyW9mULiVPcxMAwMs&e="><tt><font size=2>https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ozlabs.org_listinfo_openpower-2Dfirmware&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=mCj3CQvqek9g0fdziO-GEHyU1m9T3SAh0ZPd5s_AGpo&m=EOZDGBFIFjaZw4QMxk4q6zVy3la9G9hdMFCM8RVSb5o&s=tWotwVdWS991xQTyVXAFfjHBe9AyW9mULiVPcxMAwMs&e=</font></tt></a><tt><font size=2><br><br></font></tt><br><br><BR>