diff options
Diffstat (limited to 'meta-openbmc-mods/meta-wht')
8 files changed, 338 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native.bbappend b/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native.bbappend new file mode 100644 index 000000000..55cc619ce --- /dev/null +++ b/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native.bbappend @@ -0,0 +1,22 @@ +FILESEXTRAPATHS_append := ":${THISDIR}/${PN}" + +SRC_URI_append = " \ + file://pfr_manifest.json \ + file://pfm_config.xml \ + file://bmc_config.xml \ + file://csk_prv.pem \ + file://csk_pub.pem \ + file://rk_pub.pem \ + file://rk_prv.pem \ + " + +do_install_append () { + install -m 400 ${WORKDIR}/pfr_manifest.json ${D}/${datadir}/pfrconfig + install -m 400 ${WORKDIR}/pfm_config.xml ${D}/${datadir}/pfrconfig/pfm_config.xml + install -m 400 ${WORKDIR}/bmc_config.xml ${D}/${datadir}/pfrconfig/bmc_config.xml + install -m 400 ${WORKDIR}/csk_prv.pem ${D}/${datadir}/pfrconfig/csk_prv.pem + install -m 400 ${WORKDIR}/csk_pub.pem ${D}/${datadir}/pfrconfig/csk_pub.pem + install -m 400 ${WORKDIR}/rk_pub.pem ${D}/${datadir}/pfrconfig/rk_pub.pem + install -m 400 ${WORKDIR}/rk_prv.pem ${D}/${datadir}/pfrconfig/rk_prv.pem +} + diff --git a/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native/bmc_config.xml b/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native/bmc_config.xml new file mode 100644 index 000000000..9e7d3f82d --- /dev/null +++ b/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native/bmc_config.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<!-- XML file for Block Sign Tool -->
+<blocksign>
+ <version>1</version>
+ <!-- Block 0 -->
+ <block0>
+ <magic>0xB6EAFD19</magic>
+ <pctype>4</pctype>
+ </block0>
+ <!-- Block 1 -->
+ <block1>
+ <magic>0xF27F28D7</magic>
+ <!-- Root key -->
+ <rkey>
+ <magic>0xA757A046</magic>
+ <curvemagic>0xC7B88C74</curvemagic>
+ <permissions>-1</permissions>
+ <keyid>-1</keyid>
+ <pubkey>rk_pub.pem</pubkey>
+ </rkey>
+ <!-- Code signing key -->
+ <cskey>
+ <magic>0x14711C2F</magic>
+ <curvemagic>0xC7B88C74</curvemagic>
+ <permissions>8</permissions>
+ <keyid>1</keyid>
+ <pubkey>csk_pub.pem</pubkey>
+ <sigmagic>0xDE64437D</sigmagic>
+ <hashalg>sha256</hashalg>
+ <signkey>rk_prv.pem</signkey>
+ <!--<script>./sign_external.sh</script>-->
+ </cskey>
+ <!-- Signature over Block 0 -->
+ <b0_sig>
+ <magic>0x15364367</magic>
+ <sigmagic>0xDE64437D</sigmagic>
+ <hashalg>sha256</hashalg>
+ <signkey>csk_prv.pem</signkey>
+ </b0_sig>
+ </block1>
+ <!-- CPLD Bitstream Specific -->
+ <padding>
+ <!-- Pad block1 such that combined block length is 1024b -->
+ <blockpad>1024</blockpad>
+ <!-- Align total package to 128 bytes -->
+ <align>128</align>
+ </padding>
+</blocksign>
diff --git a/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native/csk_prv.pem b/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native/csk_prv.pem new file mode 100644 index 000000000..a46fa2a2b --- /dev/null +++ b/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native/csk_prv.pem @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIFjPqxcb6tfFWyFVaQCVjeN9MtcISpYIbNlkQoODrHTUoAoGCCqGSM49 +AwEHoUQDQgAERGJveRnhIp7I5cvmjO74MJLbUJjTfvTDKlzK0hJB0WRBEFScpb9d +xWLrwj9TNcO+EexnNcjEkF1RYNs6lHavRQ== +-----END EC PRIVATE KEY----- diff --git a/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native/csk_pub.pem b/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native/csk_pub.pem new file mode 100644 index 000000000..cc70d6e28 --- /dev/null +++ b/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native/csk_pub.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAERGJveRnhIp7I5cvmjO74MJLbUJjT +fvTDKlzK0hJB0WRBEFScpb9dxWLrwj9TNcO+EexnNcjEkF1RYNs6lHavRQ== +-----END PUBLIC KEY----- diff --git a/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native/pfm_config.xml b/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native/pfm_config.xml new file mode 100644 index 000000000..19378d1b9 --- /dev/null +++ b/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native/pfm_config.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- XML file for Block Sign Tool --> +<blocksign> + <version>1</version> + <!-- Block 0 --> + <block0> + <magic>0xB6EAFD19</magic> + <pctype>3</pctype> + </block0> + <!-- Block 1 --> + <block1> + <magic>0xF27F28D7</magic> + <!-- Root key --> + <rkey> + <magic>0xA757A046</magic> + <curvemagic>0xC7B88C74</curvemagic> + <permissions>-1</permissions> + <keyid>-1</keyid> + <pubkey>rk_pub.pem</pubkey> + </rkey> + <!-- Code signing key --> + <cskey> + <magic>0x14711C2F</magic> + <curvemagic>0xC7B88C74</curvemagic> + <permissions>4</permissions> + <keyid>1</keyid> + <pubkey>csk_pub.pem</pubkey> + <sigmagic>0xDE64437D</sigmagic> + <hashalg>sha256</hashalg> + <signkey>rk_prv.pem</signkey> + <!--<script>./sign_external.sh</script>--> + </cskey> + <!-- Signature over Block 0 --> + <b0_sig> + <magic>0x15364367</magic> + <sigmagic>0xDE64437D</sigmagic> + <hashalg>sha256</hashalg> + <signkey>csk_prv.pem</signkey> + </b0_sig> + </block1> + <!-- CPLD Bitstream Specific --> + <padding> + <!-- Pad block1 such that combined block length is 1024b --> + <blockpad>1024</blockpad> + <!-- Align total package to 128 bytes --> + <align>128</align> + </padding> +</blocksign> diff --git a/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native/pfr_manifest.json b/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native/pfr_manifest.json new file mode 100644 index 000000000..c79b7f343 --- /dev/null +++ b/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native/pfr_manifest.json @@ -0,0 +1,196 @@ +{ + "image-parts": [{ + "name": "u-boot", + "index": 0, + "offset": "0", + "size": "0x80000", + "prot_mask": 29, + "pfm": 1, + "hash": 1, + "compress": 1 + }, + { + "name": "pfm", + "index": 1, + "offset": "0x80000", + "size": "0x20000", + "prot_mask": 0, + "pfm": 1, + "hash": 0, + "compress": 0 + }, + { + "name": "u-boot-env", + "index": 2, + "offset": "0xa0000", + "size": "0x20000", + "prot_mask": 31, + "pfm": 1, + "hash": 0, + "compress": 1 + }, + { + "name": "sofs", + "index": 3, + "offset": "0xc0000", + "size": "0x200000", + "prot_mask": 31, + "pfm": 1, + "hash": 0, + "compress": 1 + }, + { + "name": "rwfs", + "index": 4, + "offset": "0x2c0000", + "size": "0x840000", + "prot_mask": 31, + "pfm": 1, + "hash": 0, + "compress": 1 + }, + { + "name": "fit-image-a", + "index": 5, + "offset": "0xb00000", + "size": "0x1f00000", + "prot_mask": 29, + "pfm": 1, + "hash": 1, + "compress": 1 + }, + { + "name": "rc-image", + "index": 6, + "offset": "0x2a00000", + "size": "0x2000000", + "prot_mask": 0, + "pfm": 1, + "hash": 0, + "compress": 0 + }, + { + "name": "image-stg", + "index": 7, + "offset": "0x4a00000", + "size": "0x3500000", + "prot_mask": 3, + "pfm": 1, + "hash": 0, + "compress": 0 + }, + { + "name": "cpld-rc", + "index": 8, + "offset": "0x7f00000", + "size": "0x100000", + "prot_mask": 0, + "pfm": 1, + "hash": 0, + "compress": 0 + } + ], + "i2c-rules": [{ + "bus-id": 3, + "rule-id": 3, + "address": "0xD0", + "cmd-whitelist": ["0x00", "0x01", "0x02", "0x03", "0x04", "0x09", "0x0A", "0x0B", "0x0C", "0x0D", "0x0E", "0x0F", + "0x10", "0x13", "0x17", "0x1B", "0x1C", "0x1D", "0x02", "0x021", "0x22", "0x23", "0x25", "0x30", + "0x31", "0x32", "0x33", "0x035", "0x36", "0x37", "0x38", "0x39", "0x3A", "0x3B", "0x3C", "0x3D"] + }, + { + "bus-id": 3, + "rule-id": 4, + "address": "0xD8", + "cmd-whitelist": ["0x00", "0x01", "0x02", "0x03", "0x04", "0x09", "0x0A", "0x0B", "0x0C", "0x0D", "0x0E", "0x0F", + "0x10", "0x13", "0x17", "0x1B", "0x1C", "0x1D", "0x02", "0x021", "0x22", "0x23", "0x25", "0x30", + "0x31", "0x32", "0x33", "0x035", "0x36", "0x37", "0x38", "0x39", "0x3A", "0x3B", "0x3C", "0x3D"] + }, + { + "bus-id": 1, + "rule-id": 6, + "address": "0xB0", + "cmd-whitelist": ["0x00", "0x03", "0x05", "0x06", "0x19", "0x1A", "0x30", "0x3A", "0x3B", "0x3C", "0x3D", "0x3E", "0x3F", + "0x79", "0x7A", "0x7B", "0x7C", "0x7D", "0x7E", "0x7F", "0x81", "0x82", "0x86", "0x87", "0x88", + "0x89", "0x8C", "0x8D", "0x8E", "0x8F", "0x90", "0x91", "0x92", "0x93", "0x94", "0x95", "0x96", + "0x97", "0x98", "0x9A", "0xA6", "0xA7", "0xD0", "0xD3", "0xD4", "0xD5", "0xD6", "0xD7", "0xD8", + "0xD9", "0xDC", "0xDD", "0xDE", "0xDE"] + }, + { + "bus-id": 1, + "rule-id": 4, + "address": "0xB2", + "cmd-whitelist": ["0x00", "0x03", "0x05", "0x06", "0x19", "0x1A", "0x30", "0x3A", "0x3B", "0x3C", "0x3D", "0x3E", "0x3F", + "0x79", "0x7A", "0x7B", "0x7C", "0x7D", "0x7E", "0x7F", "0x81", "0x82", "0x86", "0x87", "0x88", + "0x89", "0x8C", "0x8D", "0x8E", "0x8F", "0x90", "0x91", "0x92", "0x93", "0x94", "0x95", "0x96", + "0x97", "0x98", "0x9A", "0xA6", "0xA7", "0xD0", "0xD3", "0xD4", "0xD5", "0xD6", "0xD7", "0xD8", + "0xD9", "0xDC", "0xDD", "0xDE", "0xDE"] + }, + { + "bus-id": 2, + "rule-id": 1, + "address": "0xB4", + "cmd-whitelist": ["0x00"] + }, + { + "bus-id": 2, + "rule-id": 2, + "address": "0xD4", + "cmd-whitelist": ["0x00"] + }, + { + "bus-id": 2, + "rule-id": 3, + "address": "0x4A", + "cmd-whitelist": ["0x00"] + }, + { + "bus-id": 2, + "rule-id": 4, + "address": "0x4C", + "cmd-whitelist": ["0x00"] + }, + { + "bus-id": 2, + "rule-id": 5, + "address": "0xDC", + "cmd-whitelist": ["0x00"] + }, + { + "bus-id": 2, + "rule-id": 6, + "address": "0xEC", + "cmd-whitelist": ["0x00"] + }, + { + "bus-id": 2, + "rule-id": 7, + "address": "0xE0", + "cmd-whitelist": ["0x00"] + }, + { + "bus-id": 2, + "rule-id": 8, + "address": "0xB0", + "cmd-whitelist": ["0x00"] + }, + { + "bus-id": 2, + "rule-id": 9, + "address": "0xC4", + "cmd-whitelist": ["0x00"] + }, + { + "bus-id": 2, + "rule-id": 10, + "address": "0xCC", + "cmd-whitelist": ["0x00"] + }, + { + "bus-id": 2, + "rule-id": 11, + "address": "0xE4", + "cmd-whitelist": ["0x00"] + } + ] +} diff --git a/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native/rk_prv.pem b/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native/rk_prv.pem new file mode 100644 index 000000000..9e8616795 --- /dev/null +++ b/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native/rk_prv.pem @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIHVbq5CmT4Vr4Jb0eJK0+KhUxDOWy1kh9QYAClV5MH1GoAoGCCqGSM49 +AwEHoUQDQgAEZUL6ZcF0YN590Pq/bKPYjfa3F4E44XiKcqvS6+l2GfSdCLRhXWHw +iV803vFkTsZ1CfpzFdZGwfbwg7nvG5UpSQ== +-----END EC PRIVATE KEY----- diff --git a/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native/rk_pub.pem b/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native/rk_pub.pem new file mode 100644 index 000000000..117e08bae --- /dev/null +++ b/meta-openbmc-mods/meta-wht/recipes-intel/intel-pfr/obmc-intel-pfr-image-native/rk_pub.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZUL6ZcF0YN590Pq/bKPYjfa3F4E4 +4XiKcqvS6+l2GfSdCLRhXWHwiV803vFkTsZ1CfpzFdZGwfbwg7nvG5UpSQ== +-----END PUBLIC KEY----- |