On 12/02/2026 21.43, Zhuoying Cai wrote:
Add address range tracking and overlap checks to ensure that no
component overlaps with a signed component during secure IPL.
Signed-off-by: Zhuoying Cai <[email protected]>
---
pc-bios/s390-ccw/secure-ipl.c | 54 +++++++++++++++++++++++++++++++++++
pc-bios/s390-ccw/secure-ipl.h | 6 ++++
2 files changed, 60 insertions(+)
diff --git a/pc-bios/s390-ccw/secure-ipl.c b/pc-bios/s390-ccw/secure-ipl.c
index 1d5c2d40ce..27d2833642 100644
--- a/pc-bios/s390-ccw/secure-ipl.c
+++ b/pc-bios/s390-ccw/secure-ipl.c
@@ -210,6 +210,55 @@ static void init_lists(IplDeviceComponentList *comp_list,
cert_list->ipl_info_header.len = sizeof(cert_list->ipl_info_header);
}
+static bool is_comp_overlap(SecureIplCompAddrRange *comp_addr_range,
+ int addr_range_index,
+ uint64_t start_addr, uint64_t end_addr)
+{
+ /* neither a signed nor an unsigned component can overlap with a signed
component */
+ for (int i = 0; i < addr_range_index; i++) {
+ if ((comp_addr_range[i].start_addr < end_addr &&
+ start_addr < comp_addr_range[i].end_addr) &&
+ comp_addr_range[i].is_signed) {
+ return true;
+ }
+ }
+
+ return false;
+}
+
+static void comp_addr_range_add(SecureIplCompAddrRange *comp_addr_range,
+ int addr_range_index, bool is_signed,
+ uint64_t start_addr, uint64_t end_addr)
+{
+ if (addr_range_index >= MAX_CERTIFICATES) {
+ printf("Warning: Ignoring component address range index [%d]"
+ " because the maximum supported index is %d\n",
+ addr_range_index, MAX_CERTIFICATES - 1);
+ return;
Shouldn't this rather panic() instead - otherwise we might continue boot in
secure mode though there is a problem with overlapping components?
+ }
+
+ comp_addr_range[addr_range_index].is_signed = is_signed;
+ comp_addr_range[addr_range_index].start_addr = start_addr;
+ comp_addr_range[addr_range_index].end_addr = end_addr;
+}
Thomas
