[Skiboot] [PATCH] stb: Put correct label (for skiboot) into container

Stewart Smith stewart at linux.vnet.ibm.com
Tue Feb 13 19:25:01 AEDT 2018 

Stewart Smith <stewart at linux.vnet.ibm.com> writes:
> Hostboot will expect the label field of the stb header to contain
> "PAYLOAD" for skiboot or it will fail to load and run skiboot.
>
> The failure looks something like this:
>  53.40896|ISTEP 20. 1 - host_load_payload
>  53.65840|secure|Secureboot Failure plid = 0x90000755, rc = 0x1E07
>
>  53.65881|System shutting down with error status 0x1E07
>  53.67547|================================================
>  53.67954|Error reported by secure (0x1E00) PLID 0x90000755
>  53.67560|  Container's component ID does not match expected component ID
>  53.67561|  ModuleId   0x09 SECUREBOOT::MOD_SECURE_VERIFY_COMPONENT
>  53.67845|  ReasonCode 0x1e07 SECUREBOOT::RC_ROM_VERIFY
>  53.67998|  UserData1   : 0x0000000000000000
>  53.67999|  UserData2   : 0x0000000000000000
>  53.67999|------------------------------------------------
>  53.68000|  Callout type             : Procedure Callout
>  53.68000|  Procedure                : EPUB_PRC_HB_CODE
>  53.68001|  Priority                 : SRCI_PRIORITY_HIGH
>  53.68001|------------------------------------------------
>  53.68002|  Callout type             : Procedure Callout
>  53.68003|  Procedure                : EPUB_PRC_FW_VERIFICATION_ERR
>  53.68003|  Priority                 : SRCI_PRIORITY_HIGH
>  53.68004|------------------------------------------------
>
> Reported-by: Pridhiviraj Paidipeddi <ppaidipe at linux.vnet.ibm.com>
> Tested-by: Pridhiviraj Paidipeddi <ppaidipe at linux.vnet.ibm.com>
> Signed-off-by: Stewart Smith <stewart at linux.vnet.ibm.com>
> ---
>  Makefile.main                  |  4 ++--
>  libstb/sign-with-local-keys.sh | 10 ++++++++--
>  2 files changed, 10 insertions(+), 4 deletions(-)

Merged to master as of b94fbeaf137c3981976699ef5dcc8cf95088413a

NOTE: if you're using modern hostboot, you may need this in order for
Secure Boot not to bite you in the arse :(

(IMNSHO this is a hostboot bug and they should be more tolerant,
especially when secure mode isn't enabled)

-- 
Stewart Smith
OPAL Architect, IBM.

More information about the Skiboot mailing list