Add SecureROM version info and Change SBE update to use max HBBL size

The HBBL also contains the securerom code and hw keys' hash
for verification purposes. So looking for the end of the HBBL
code leaves out those sections

Change-Id: I73a1b5c50e3a5b3f642ca569b90e79dbe4c4ba1e
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35979
Tested-by: Jenkins Server <[email protected]>
Tested-by: FSP CI Jenkins <[email protected]>
Tested-by: Jenkins OP Build CI <[email protected]>
Reviewed-by: Martin Gloff <[email protected]>
Reviewed-by: Nicholas E. Bofferding <[email protected]>
Reviewed-by: Daniel M. Crowell <[email protected]>

Author: Stephen Cprek

src/bootloader/bl_start.S

@@ -31,7 +31,6 @@
 .set SBE_HB_PNORSIZEMB,   sbe_hb_structures+6  ;// uint16_t
 .set SBE_HB_BLLOADSIZE,   sbe_hb_structures+8  ;// uint64_t
 .set HBBL_BASE_ADDRESS,   base_load_address
-.set HBBL_END_EYECATCHER, 0x4842424C656E6400   ;// 'HBBLend.'
 .set HBBL_END_ADDRESS,    end_load_address
 .set HBBL_system_reset,          0x100
 .set HBBL_machine_check,         0x200
@@ -423,11 +422,6 @@ bootloader_hbbSection:
 hbi_ImageId:
     .space 128
 
-    .balign 16
-.global bootloader_end_eyecatcher
-bootloader_end_eyecatcher:
-    .quad HBBL_END_EYECATCHER
-
 .global bootloader_end_address
 bootloader_end_address:
     .quad HBBL_END_ADDRESS

src/bootloader/bootloader.C

@@ -69,7 +69,6 @@ namespace Bootloader{
                sizeof(sha2_hash_t));
     }
 
-    // @TODO RTC:167740 remove magic number check once fsp/op signs HBB
     /**
      * @brief  Memcmp a vaddr to the known secureboot magic number
      *
@@ -97,24 +96,48 @@ namespace Bootloader{
                          const sha2_hash_t* i_hwKeyHash)
     {
 #ifdef CONFIG_SECUREBOOT
-        // @TODO RTC:167740 remove magic number check once fsp/op signs HBB
-        if (cmpSecurebootMagicNumber(reinterpret_cast<const uint8_t*>
-                                     (i_pContainer)))
+        BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_START);
+
+        uint64_t l_rc = 0;
+
+        // @TODO RTC:166848 Move find/get secure rom logic out of ROM verify
+        // Find secure ROM addr
+        // Get starting address of ROM size and code which is the next 8 byte
+        // aligned address after the bootloader end.
+        // [hbbl][pad:8:if-applicable][securerom-size:8][securerom]
+        const void* l_pBootloaderEnd = &bootloader_end_address;
+        uint64_t l_bootloaderSize = 0;
+        memcpy (&l_bootloaderSize, l_pBootloaderEnd, sizeof(l_bootloaderSize));
+        uint64_t l_rom_startAddr = getHRMOR() + ALIGN_8(l_bootloaderSize);
+        // Get Rom Size
+        // @TODO RTC:166848 Store size so hb can use
+        uint64_t l_secureRomSize = 0;
+        memcpy (&l_secureRomSize, reinterpret_cast<void*>(l_rom_startAddr),
+                sizeof(l_secureRomSize));
+        l_rom_startAddr += sizeof(l_secureRomSize);
+
+        // Beginning of SecureROM has a info structure
+        // Get Secure ROM info
+        const auto l_pSecRomInfo = reinterpret_cast<SecureRomInfo*>(
+                                                               l_rom_startAddr);
+
+        // # @TODO RTC:170136 terminate in this case
+        // Ensure SecureRom is actually present
+        if ( !secureRomInfoValid(l_pSecRomInfo) )
+        {
+            BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_NO_EYECATCH);
+        }
+        // # @TODO RTC:170136 terminate in this case
+        else if ( !cmpSecurebootMagicNumber(reinterpret_cast<const uint8_t*>
+                                            (i_pContainer)))
+        {
+            BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_NO_MAGIC_NUM);
+        }
+        else
         {
-            BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_HBB_START);
-
-            uint64_t l_rc = 0;
-
-            const void * l_pBootloaderEnd = &bootloader_end_address;
-
-            // Get starting address of ROM code which is the next 8 byte aligned
-            // address after the bootloader end.
-            uint64_t l_size = 0;
-            memcpy (&l_size, l_pBootloaderEnd, sizeof(l_size));
-            uint64_t l_rom_startAddr = getHRMOR() + ALIGN_8(l_size);
-
             // Set startAddr to ROM_verify() function at an offset of Secure ROM
             uint64_t l_rom_verify_startAddr = l_rom_startAddr
+                                              + l_pSecRomInfo->branchtableOffset
                                               + ROM_VERIFY_FUNCTION_OFFSET;
 
             // Declare local input struct
@@ -128,18 +151,17 @@ namespace Bootloader{
             // Use current hw hash key
             memcpy (&l_hw_parms.hw_key_hash, i_hwKeyHash, sizeof(sha2_hash_t));
 
-            const ROM_container_raw* l_container =
-                           reinterpret_cast<const ROM_container_raw*>(i_pContainer);
+            const auto l_container = reinterpret_cast<const ROM_container_raw*>
+                                                                 (i_pContainer);
 
             l_rc = call_rom_verify(reinterpret_cast<void*>
                                    (l_rom_verify_startAddr),
                                    l_container,
                                    &l_hw_parms);
-
             if (l_rc != 0)
             {
                 // Verification of Container failed.
-                BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_HBB_FAIL);
+                BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_FAIL);
                 /*@
                  * @errortype
                  * @moduleid     MOD_BOOTLOADER_VERIFY
@@ -156,11 +178,7 @@ namespace Bootloader{
 
             }
 
-            BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_HBB_SUCCESS);
-        }
-        else
-        {
-            BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_HBB_SKIP);
+            BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_SUCCESS);
         }
 #endif
     }
@@ -260,10 +278,11 @@ namespace Bootloader{
                 verifyContainer(l_src_addr, &l_hwKeyHash);
 
                 // Increment past secure header
-#ifdef CONFIG_SECUREBOOT
-                l_src_addr += PAGE_SIZE/sizeof(uint64_t);
-                l_hbbLength -= PAGE_SIZE;
-#endif
+                if (isSecureSection(PNOR::HB_BASE_CODE))
+                {
+                    l_src_addr += PAGE_SIZE/sizeof(uint64_t);
+                    l_hbbLength -= PAGE_SIZE;
+                }
 
                 // Copy HBB image into address where it executes
                 for(uint32_t i = 0;

src/bootloader/makefile

@@ -5,7 +5,7 @@
 #
 # OpenPOWER HostBoot Project
 #
-# Contributors Listed Below - COPYRIGHT 2015,2016
+# Contributors Listed Below - COPYRIGHT 2015,2017
 # [+] International Business Machines Corp.
 #
 #
@@ -30,6 +30,8 @@ EXTRAINCDIR += ${ROOTPATH}/src/include/usr/
 EXTRAINCDIR += ${ROOTPATH}/src/include/usr/pnor/
 EXTRAINCDIR += ${ROOTPATH}/src/include/usr/lpc/
 
+COMMONFLAGS += -DBOOTLOADER
+
 OBJS += bl_start.o
 OBJS += bootloader.o
 OBJS += bl_pnorAccess.o

src/build/debug/Hostboot/BlTrace.pm

@@ -34,11 +34,12 @@ my %traceText = (
     "11" => "Main getHBBSection returned",
     "12" => "Main handleMMIO to working location returned",
     "13" => "Main removeECC returned",
+    "14" => "Main verify started",
+    "15" => "Main verify succeeded",
+    "16" => "Main copy HBB to running location done",
+    "17" => "Main verify skip verification - no eyecatch ",
     # @TODO RTC:167740 remove magic number check once fsp/op signs HBB
-    "14" => "main verifyBaseImage skip verification - no magic number ",
-    "15" => "main verifyBaseImage started",
-    "16" => "main verifyBaseImage succeeded",
-    "17" => "Main copy HBB to running location done",
+    "18" => "Main verify skip verification - no magic number ",
     "20" => "HandleMMIO started",
     "21" => "HandleMMIO started using BYTESIZE",
     "24" => "HandleMMIO started using WORDSIZE",

src/build/mkrules/hbfw/img/makefile

@@ -95,9 +95,6 @@ FINAL_OUTPUT_IMAGES = ${HBBL_FINAL_IMG} ${HBB_FINAL_IMG} ${HBI_FINAL_IMG} \
 			  ${PAYLOAD_FINAL_IMG} ${RINGOVD_FINAL_IMG} ${SBKT_FINAL_IMG} \
 			  ${WOFDATA_FINAL_IMG}
 
-# Temp images
-HB_TEMP_IMG = hb_temp.bin
-
 # Aggregate
 ALL_DEFAULT_IMAGES = ${DEFAULT_INPUT_IMAGES} ${FINAL_OUTPUT_IMAGES}
 
@@ -138,10 +135,15 @@ gen_default_images: cp_hbfiles
     # Remove offset from start of Bootloader image for HBBL partition
     # Actual code is offset from HRMOR by 12k = 12 1k-blocks (space
     # reserved for exception vectors)
+    # Note: ibs=8 conv=sync to ensure this ends at an 8byte boundary for the
+    #       securerom code to start at.
 	dd if=${BOOTLDR_IMG} of=${HBBL_IMG} ibs=8 skip=1536 conv=sync
 
-	# Append Hostboot securerom code to the HBBL section
+    # Append Hostboot securerom code size to HBBL
+	du -b ${HB_SECROM_IMG} | cut -f1 | xargs printf "%016x" | sed 's/.\{2\}/\\\\x&/g' | xargs echo -n -e >> ${HBBL_IMG}
+    # Append Hostboot securerom code after its size
 	cat ${HB_SECROM_IMG} >> ${HBBL_IMG}
+    # result [hbbl][pad:8:if-applicable][securerom-size:8][securerom]
 
 	# Call script to generate final bin files for default images
 	${GEN_PNOR_IMAGE_SCRIPT} ${DEFAULT_PARAMS}

src/include/array

@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2016                             */
+/* Contributors Listed Below - COPYRIGHT 2016,2017                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -36,6 +36,7 @@
 #define __STDC_LIMIT_MACROS
 #endif
 #include <stdint.h>
+#include <algorithm>
 
 namespace std
 {

src/include/bootloader/bootloader.H

@@ -38,6 +38,7 @@
 #include <common/ffs_hb.H>
 #include <kernel/terminate.H>
 #include <kernel/hbterminatetypes.H>
+#include <bootloader/bootloaderif.H>
 
 extern "C" void task_end_stub();
 extern "C" void enterHBB(uint64_t i_hbb_hrmor, uint64_t i_hbb_offset);
@@ -166,15 +167,11 @@ namespace Bootloader{
      *  HBB is copied to its running location and its execution is started.
      */
 
-    /** Max size of HBBL without ECC. Must match PNOR layout for eyeCatch HBBL*/
-#define MAX_HBBL_SIZE (20 * KILOBYTE)
-    /** Size of exception vector reserved space at start of the HBBL section*/
-#define HBBL_EXCEPTION_VECTOR_SIZE (12 * KILOBYTE)
     /** HW Keys hash is placed in the last 64 bytes of the HBBL */
 #define HW_KEYS_HASH_ADDR (getHRMOR() + HBBL_EXCEPTION_VECTOR_SIZE \
                            + MAX_HBBL_SIZE - 64)
     /** Location of working copy of HBB with ECC */
-#define HBB_ECC_WORKING_ADDR    (getHRMOR() - ( 1*MEGABYTE))
+#define HBB_ECC_WORKING_ADDR    (getHRMOR() + ( 1*MEGABYTE))
 
     /** Location of working copy of HBB without ECC */
 #define HBB_WORKING_ADDR        (getHRMOR() - ( 1*MEGABYTE))

src/include/bootloader/bootloader_trace.H

@@ -60,18 +60,21 @@ enum BootloaderTraces
     /** Bootloader main removeECC returned */
     BTLDR_TRC_MAIN_REMOVEECC_RTN             = 0x13,
 
-    // @TODO RTC:167740 remove magic number check once fsp/op signs HBB
-    /** Bootloader main verifyBaseImage skip verification - no magic number */
-    BTLDR_TRC_MAIN_VERIFY_HBB_SKIP           = 0x14,
-
-    /** Bootloader main verifyBaseImage started */
-    BTLDR_TRC_MAIN_VERIFY_HBB_START          = 0x15,
+    /** Bootloader main verifyContainer started */
+    BTLDR_TRC_MAIN_VERIFY_START          = 0x14,
 
-    /** Bootloader main verifyBaseImage succeeded */
-    BTLDR_TRC_MAIN_VERIFY_HBB_SUCCESS        = 0x16,
+    /** Bootloader main verifyContainer succeeded */
+    BTLDR_TRC_MAIN_VERIFY_SUCCESS        = 0x15,
 
     /** Bootloader main copy HBB to running location done */
-    BTLDR_TRC_MAIN_COPY_HBB_DONE             = 0x17,
+    BTLDR_TRC_MAIN_COPY_HBB_DONE             = 0x16,
+
+    /** Bootloader main verifyContainer skip verification - no eyecatch */
+    BTLDR_TRC_MAIN_VERIFY_NO_EYECATCH           = 0x17,
+
+    // @TODO RTC:167740 remove magic number check once fsp/op signs HBB
+    /** Bootloader main verifyContainer skip verification - no magic number */
+    BTLDR_TRC_MAIN_VERIFY_NO_MAGIC_NUM          = 0x18,
 
     /** Bootloader handleMMIO started */
     BTLDR_TRC_HANDLEMMIO_START               = 0x20,
@@ -169,8 +172,8 @@ enum BootloaderTraces
     /** Bootloader PNOR Access getHBBSection findTOC no HBB section */
     BTLDR_TRC_PA_GETHBBSECTION_FINDTOC_NOHBB = 0xFA,
 
-    /** Bootloader main verifyBaseImage failed */
-    BTLDR_TRC_MAIN_VERIFY_HBB_FAIL           = 0xFB,
+    /** Bootloader main verifyContainer failed */
+    BTLDR_TRC_MAIN_VERIFY_FAIL               = 0xFB,
 };
 
 #ifndef BOOTLOADER_TRACE

src/include/bootloader/bootloaderif.H

@@ -0,0 +1,35 @@
+/* IBM_PROLOG_BEGIN_TAG                                                   */
+/* This is an automatically generated prolog.                             */
+/*                                                                        */
+/* $Source: src/include/bootloader/bootloaderif.H $                       */
+/*                                                                        */
+/* OpenPOWER HostBoot Project                                             */
+/*                                                                        */
+/* Contributors Listed Below - COPYRIGHT 2017                             */
+/* [+] International Business Machines Corp.                              */
+/*                                                                        */
+/*                                                                        */
+/* Licensed under the Apache License, Version 2.0 (the "License");        */
+/* you may not use this file except in compliance with the License.       */
+/* You may obtain a copy of the License at                                */
+/*                                                                        */
+/*     http://www.apache.org/licenses/LICENSE-2.0                         */
+/*                                                                        */
+/* Unless required by applicable law or agreed to in writing, software    */
+/* distributed under the License is distributed on an "AS IS" BASIS,      */
+/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or        */
+/* implied. See the License for the specific language governing           */
+/* permissions and limitations under the License.                         */
+/*                                                                        */
+/* IBM_PROLOG_END_TAG                                                     */
+#ifndef __BOOT_LOADERIF_H
+#define __BOOT_LOADERIF_H
+
+// Max size of HBBL without ECC. Must match PNOR layout for eyeCatch HBBL
+// Must be aligned CACHELINE_SIZE of 128 bytes
+#define MAX_HBBL_SIZE (20 * KILOBYTE)
+
+// Size of exception vector reserved space at start of the HBBL section
+#define HBBL_EXCEPTION_VECTOR_SIZE (12 * KILOBYTE)
+
+#endif