[Skiboot] [PATCH 29/40] hw/phb3.c: adjust offset to run CAPP containers

Frederic Barrat fbarrat at linux.vnet.ibm.com
Mon Oct 10 22:54:42 AEDT 2016 


Le 10/10/2016 à 12:03, Michael Neuling a écrit :
> On Mon, 2016-10-10 at 19:44 +1100, Stewart Smith wrote:
>> From: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
>>
>> This adjusts the CAPP header offset if CAPP is a secure boot container.
>>
>> Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
>> Signed-off-by: Stewart Smith <stewart at linux.vnet.ibm.com>
>
> I just noticed these went in... Did the CAPI team test them at all?


Not that I know of. So, aside from the obvious non-regression testing on 
hardware with no trusted/secure boot, what would it take to test? From 
what I'm reading, it looks like secure or trusted boot is only available 
on some open power systems?

Mikey: thanks for bringing it up.

   Fred


>
> The CAPI team should probably have been CCed and we got their ACK.
>
> Mikey
>
>> ---
>>  hw/phb3.c | 24 ++++++++++++++++++++++--
>>  1 file changed, 22 insertions(+), 2 deletions(-)
>>
>> diff --git a/hw/phb3.c b/hw/phb3.c
>> index eb30c36..e327225 100644
>> --- a/hw/phb3.c
>> +++ b/hw/phb3.c
>> @@ -34,6 +34,7 @@
>>  #include <fsp.h>
>>  #include <chip.h>
>>  #include <chiptod.h>
>> +#include <libstb/container.h>
>>
>>  /* Enable this to disable error interrupts for debug purposes */
>>  #undef DISABLE_ERR_INTS
>> @@ -2309,9 +2310,27 @@ static int64_t capp_load_ucode(struct phb3 *p)
>>  	if (rc)
>>  		return rc;
>>
>> -	prlog(PR_INFO, "CHIP%i: CAPP ucode lid loaded at %p\n",
>> -	      p->chip_id, capp_ucode_info.lid);
>>  	lid = capp_ucode_info.lid;
>> +
>> +	/* skip secure boot headers */
>> +	if (stb_is_container(lid, capp_ucode_info.size))
>> +		lid = (struct capp_lid_hdr*) ((uint8_t*)lid +
>> SECURE_BOOT_HEADERS_SIZE);
>> +
>> +	/*
>> +	 * CAPP partition header may be present on BMC machines. It will tell
>> +	 * us what sub-partition should be used
>> +	 */
>> +	if (be64_to_cpu(lid->eyecatcher) == 0x4341505000000001) {
>> +		uint32_t subpart_offset=0, subpart_size=0;
>> +		flash_subpart_info(lid, CAPP_UCODE_MAX_SIZE,
>> +				   capp_ucode_info.ec_level,
>> +				   &subpart_offset, &subpart_size);
>> +		if (rc)
>> +			return rc;
>> +
>> +		lid = (struct capp_lid_hdr*) ((uint8_t*)lid +
>> subpart_offset);
>> +	}
>> +
>>  	/*
>>  	 * If lid header is present (on FSP machines), it'll tell us where to
>>  	 * find the ucode.  Otherwise this is the ucode.
>> @@ -2382,6 +2401,7 @@ static int64_t capp_load_ucode(struct phb3 *p)
>>  	}
>>
>>  	chip->capp_ucode_loaded |= (1 << p->index);
>> +	prlog(PR_INFO, "CHIP%i: CAPP ucode loaded\n", p->chip_id);
>>  	return OPAL_SUCCESS;
>>  }
>>

More information about the Skiboot mailing list