[Skiboot] [PATCH 31/40] core/flash.c: verify and measure resources
Stewart Smith
stewart at linux.vnet.ibm.com
Mon Oct 10 19:44:12 AEDT 2016
From: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
This changes core/flash.c to verify and measure the downloaded PNOR
resource before it is returned to the caller.
sb_verify() and tb_measure() do nothing if libstb is not initialized
in the platform.
Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart at linux.vnet.ibm.com>
---
core/flash.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/core/flash.c b/core/flash.c
index 24c34cf..9b07aa3 100644
--- a/core/flash.c
+++ b/core/flash.c
@@ -24,6 +24,7 @@
#include <libflash/libffs.h>
#include <libflash/blocklevel.h>
#include <libflash/ecc.h>
+#include <libstb/stb.h>
struct flash {
struct list_node list;
@@ -610,6 +611,13 @@ static int flash_load_resource(enum resource_id id, uint32_t subid,
*len = size;
status = true;
+ /*
+ * Verify and measure the retrieved PNOR partition as part of the
+ * secure boot and trusted boot requirements
+ */
+ sb_verify(id, subid, buf, *len);
+ tb_measure(id, subid, buf, *len);
+
out_free_ffs:
ffs_close(ffs);
out_unlock:
--
2.7.4
More information about the Skiboot
mailing list