[OpenPower-Firmware] STB verification of Hostboot by SBE
Daniel M Crowell
dcrowell at us.ibm.com
Tue Nov 14 05:36:51 AEDT 2017
The signing is actually verified by the hostboot bootloader, not the SBE.
See code starting here -
https://github.com/open-power/hostboot/blob/master/src/bootloader/bootloader.C#L489
The bootloader exists within the same processor seeprom that houses the
SBE code.
--
Dan Crowell
Senior Software Engineer - Power Systems Enablement Firmware
IBM Rochester: t/l 553-2987
dcrowell at us.ibm.com
From: Hugo Landau <hlandau at devever.net>
To: openpower-firmware at lists.ozlabs.org
Date: 11/12/2017 09:37 PM
Subject: [OpenPower-Firmware] STB verification of Hostboot by SBE
Sent by: "OpenPower-Firmware"
<openpower-firmware-bounces+dcrowell=us.ibm.com at lists.ozlabs.org>
Hi,
What is the situation regarding the cryptographic verification of the
initial Hostboot payload executed on the POWER9 cores?
This POWER8-era document [1] suggests that the SBE cryptographically
verifies Hostboot after loading it and before executing it, but I can't
find any code for it in POWER9's open-power/sbe.
[1]
https://www.ibm.com/developerworks/library/l-trusted-boot-openPOWER-trs/index.html
_______________________________________________
OpenPower-Firmware mailing list
OpenPower-Firmware at lists.ozlabs.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ozlabs.org_listinfo_openpower-2Dfirmware&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=mCj3CQvqek9g0fdziO-GEHyU1m9T3SAh0ZPd5s_AGpo&m=EOZDGBFIFjaZw4QMxk4q6zVy3la9G9hdMFCM8RVSb5o&s=tWotwVdWS991xQTyVXAFfjHBe9AyW9mULiVPcxMAwMs&e=
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openpower-firmware/attachments/20171113/f7ebbdbd/attachment.html>
More information about the OpenPower-Firmware
mailing list