[Skiboot] [PATCH v2] Recognise signed VERSION partition
Samuel Mendoza-Jonas
sam at mendozajonas.com
Tue Jul 10 16:25:32 AEST 2018
A few things need to change to support a signed VERSION partition:
- A signed VERSION partition will be 4K + SECURE_BOOT_HEADERS_SIZE (4K).
- The VERSION partition needs to be loaded after secure/trusted boot is
set up, and therefore after nvram_init().
- Added to the trustedboot resources array.
This also moves the ipmi_dt_add_bmc_info() call to after
flash_dt_add_fw_version() since it adds info to ibm,firmware-versions.
Signed-off-by: Samuel Mendoza-Jonas <sam at mendozajonas.com>
---
v2: rebase on master to work alongside the flash_dt_add_fw_version()
changes, move modifying the DT to later in the boot process and let
VERSION load in the background.
core/flash.c | 4 +++-
core/init.c | 13 +++++++++++++
libstb/trustedboot.c | 1 +
platforms/astbmc/common.c | 9 ---------
4 files changed, 17 insertions(+), 10 deletions(-)
diff --git a/core/flash.c b/core/flash.c
index e3be5761..e258fe17 100644
--- a/core/flash.c
+++ b/core/flash.c
@@ -51,7 +51,7 @@ static u32 nvram_offset, nvram_size;
/* ibm,firmware-versions support */
static char *version_buf;
-static size_t version_buf_size = 0x1000;
+static size_t version_buf_size = 0x2000;
bool flash_reserve(void)
{
@@ -235,6 +235,8 @@ void flash_dt_add_fw_version(void)
fw_version = dt_new(dt_root, "ibm,firmware-versions");
assert(fw_version);
+ if (stb_is_container(version_buf, version_buf_size))
+ numbytes += SECURE_BOOT_HEADERS_SIZE;
for ( ; (numbytes < version_buf_size) && version_buf[numbytes]; numbytes++) {
if (version_buf[numbytes] == '\n') {
version_data[i] = '\0';
diff --git a/core/init.c b/core/init.c
index b660af2d..ca6c468c 100644
--- a/core/init.c
+++ b/core/init.c
@@ -1070,6 +1070,13 @@ void __noreturn __nomcount main_cpu_entry(const void *fdt)
secureboot_init();
trustedboot_init();
+ /*
+ * BMC platforms load version information from flash after
+ * secure/trustedboot init.
+ */
+ if (platform.bmc)
+ flash_fw_version_preload();
+
/* preload the IMC catalog dtb */
imc_catalog_preload();
@@ -1128,6 +1135,12 @@ void __noreturn __nomcount main_cpu_entry(const void *fdt)
/* Add OPAL timer related properties */
late_init_timers();
+ /* Setup ibm,firmware-versions if able */
+ if (platform.bmc) {
+ flash_dt_add_fw_version();
+ ipmi_dt_add_bmc_info();
+ }
+
ipmi_set_fw_progress_sensor(IPMI_FW_PCI_INIT);
/*
diff --git a/libstb/trustedboot.c b/libstb/trustedboot.c
index 8fa11790..ae2cc556 100644
--- a/libstb/trustedboot.c
+++ b/libstb/trustedboot.c
@@ -46,6 +46,7 @@ static struct {
{ RESOURCE_ID_IMA_CATALOG, PCR_2 },
{ RESOURCE_ID_KERNEL, PCR_4 },
{ RESOURCE_ID_CAPP, PCR_2 },
+ { RESOURCE_ID_VERSION, PCR_3 },
};
/*
diff --git a/platforms/astbmc/common.c b/platforms/astbmc/common.c
index aa278a03..6c90b7db 100644
--- a/platforms/astbmc/common.c
+++ b/platforms/astbmc/common.c
@@ -134,9 +134,6 @@ void astbmc_init(void)
astbmc_fru_init();
ipmi_sensor_init();
- /* Preload PNOR VERSION section */
- flash_fw_version_preload();
-
/* Request BMC information */
ipmi_get_bmc_info_request();
@@ -150,12 +147,6 @@ void astbmc_init(void)
/* Setup UART console for use by Linux via OPAL API */
set_opal_console(&uart_opal_con);
-
- /* Add ibm,firmware-versions node */
- flash_dt_add_fw_version();
-
- /* Add BMC firmware info to device tree */
- ipmi_dt_add_bmc_info();
}
int64_t astbmc_ipmi_power_down(uint64_t request)
--
2.18.0
More information about the Skiboot
mailing list