Add Encryption Enabled bit to NV_STATUS_FLAG

- 0x10: Contents are encrypted
Set when encryption is enabled
Clear when encryption is disabled
Attribute comments should match HDAT

Change-Id: I52805f6c8c3f303ce29cf8b8534304dfd0a09821
RTC:214625
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/82638
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Matt Derksen <mderkse1@us.ibm.com>
Reviewed-by: Roland Veloz <rveloz@us.ibm.com>
Reviewed-by: Daniel M Crowell <dcrowell@us.ibm.com>

3 files changed, 52 insertions, 13 deletions

diff --git a/src/include/usr/isteps/nvdimm/nvdimm.H b/src/include/usr/isteps/nvdimm/nvdimm.H
index fca4c22c2..4f7804f3e 100644
--- a/src/include/usr/isteps/nvdimm/nvdimm.H
+++ b/src/include/usr/isteps/nvdimm/nvdimm.H
@@ -252,6 +252,8 @@ bool nvDimmCheckHealthStatusOnSystem();
  *        NVDIMM_ENCRYPTION_ERROR - set encryption state
  *          Note: fatal error will stay with target preventing
  *                PROTECTED status until power is cycled again
+ *        ENCRYPTION_ENABLED - contents of nvdimm are encrypted
+ *        ENCRYPTION_DISABLED - contents of nvdimm are not encrypted
  */
 enum nvdimm_protection_t
 {
@@ -262,6 +264,8 @@ enum nvdimm_protection_t
     NVDIMM_FATAL_HW_ERROR     = 4,
     NVDIMM_RISKY_HW_ERROR     = 5,
     NVDIMM_ENCRYPTION_ERROR   = 6,
+    ENCRYPTION_ENABLED        = 7,
+    ENCRYPTION_DISABLED       = 8,
     /* deprecated, still used by PRD */
     UNPROTECTED_BECAUSE_ERROR = 4,
 };
diff --git a/src/usr/isteps/nvdimm/nvdimm.C b/src/usr/isteps/nvdimm/nvdimm.C
index 31feffac1..359f72230 100644
--- a/src/usr/isteps/nvdimm/nvdimm.C
+++ b/src/usr/isteps/nvdimm/nvdimm.C
@@ -120,9 +120,10 @@ static constexpr uint8_t ENCRYPTION_STATUS_ENABLED = 0x1F;
 static constexpr uint8_t NV_STATUS_OR_MASK = 0xFB;
 static constexpr uint8_t NV_STATUS_AND_MASK = 0x04;
 static constexpr uint8_t NV_STATUS_UNPROTECTED_SET   = 0x01;
-static constexpr uint8_t NV_STATUS_UNPROTECTED_CLEAR = 0xFE;
-static constexpr uint8_t NV_STATUS_POSSIBLY_UNPROTECTED_SET   = 0x40;
-static constexpr uint8_t NV_STATUS_POSSIBLY_UNPROTECTED_CLEAR = 0xBF;
+static constexpr uint8_t NV_STATUS_UNPROTECTED_CLR   = 0xFE;
+static constexpr uint8_t NV_STATUS_ENCRYPTION_SET    = 0x10;
+static constexpr uint8_t NV_STATUS_ENCRYPTION_CLR    = 0xEF;
+static constexpr uint8_t NV_STATUS_POSSIBLY_UNPROTECTED_SET = 0x40;
 
 // NVDIMM key consts
 static constexpr size_t NUM_KEYS_IN_ATTR = 3;
@@ -3122,6 +3123,13 @@ bool nvdimm_encrypt_enable(TargetHandleList &i_nvdimmList)
             else
             {
                 TRACFCOMP(g_trac_nvdimm, "nvdimm_encrypt_enable() nvdimm[%X] encryption is enabled 0x%.02x",get_huid(l_nvdimm),l_encStatus.whole);
+
+                l_err = notifyNvdimmProtectionChange(l_nvdimm,
+                                                     ENCRYPTION_ENABLED);
+                if (l_err)
+                {
+                    errlCommit(l_err, NVDIMM_COMP_ID);
+                }
             }
         }
     }while(0);
@@ -3329,6 +3337,13 @@ bool nvdimm_crypto_erase(TargetHandleList &i_nvdimmList)
             else
             {
                 TRACFCOMP(g_trac_nvdimm,"nvdimm_crypto_erase() nvdimm[%X] erase complete 0x%.02x",get_huid(l_nvdimm),l_encStatus.whole);
+
+                l_err = notifyNvdimmProtectionChange(l_nvdimm,
+                                                     ENCRYPTION_DISABLED);
+                if (l_err)
+                {
+                    errlCommit(l_err, NVDIMM_COMP_ID);
+                }
             }
         }
     }while(0);
@@ -3403,6 +3418,8 @@ errlHndl_t notifyNvdimmProtectionChange(Target* i_target,
 
             // If we change the armed state, need to tell FSP
             bool l_armed_change = false;
+            bool l_set_encryption = false;
+            bool l_clr_encryption = false;
 
             switch (i_state)
             {
@@ -3429,6 +3446,11 @@ errlHndl_t notifyNvdimmProtectionChange(Target* i_target,
                 case NVDIMM_ENCRYPTION_ERROR:
                     l_armed_state.encryption_error_detected = 1;
                     break;
+                case ENCRYPTION_ENABLED:
+                    l_set_encryption = true;
+                    break;
+                case ENCRYPTION_DISABLED:
+                    l_clr_encryption = true;
             }
 
             // Set the attribute and send it to the FSP if needed
@@ -3447,7 +3469,7 @@ errlHndl_t notifyNvdimmProtectionChange(Target* i_target,
                 l_armed_state.occ_active &&
                 !l_armed_state.fatal_error_detected)
             {
-                l_nv_status &= NV_STATUS_UNPROTECTED_CLEAR;
+                l_nv_status &= NV_STATUS_UNPROTECTED_CLR;
             }
 
             // Set bit 0 if unprotected nv state
@@ -3456,6 +3478,18 @@ errlHndl_t notifyNvdimmProtectionChange(Target* i_target,
                 l_nv_status |= NV_STATUS_UNPROTECTED_SET;
             }
 
+            // Set bit 4 if encryption enabled
+            if (l_set_encryption)
+            {
+                l_nv_status |= NV_STATUS_ENCRYPTION_SET;
+            }
+
+            // Clear bit 4 if encryption disabled
+            if (l_clr_encryption)
+            {
+                l_nv_status &= NV_STATUS_ENCRYPTION_CLR;
+            }
+
             // Set bit 6 if risky error
             if (l_armed_state.risky_error_detected)
             {
diff --git a/src/usr/targeting/common/xmltohb/attribute_types.xml b/src/usr/targeting/common/xmltohb/attribute_types.xml
index aae8b7e1f..1c3e07760 100644
--- a/src/usr/targeting/common/xmltohb/attribute_types.xml
+++ b/src/usr/targeting/common/xmltohb/attribute_types.xml
@@ -5359,15 +5359,16 @@
         NVDIMM status flag. This is used to record the status and
         later report to OPAL/PHYP. Possible values:
 
-        0x01 - SCM device unable to persist memory contents
-        0x02 - SCM device failed to persist memory contents
-        0x04 - SCM device contents are persisted from previous IPL
-        0x08 - SCM device contents are not persisted from previous IPL
-        0x10 - SCM device memory life remaining is critically low
-        0x20 - SCM device will be garded off next IPL due to failure
-        0x40 - SCM contents cannot persist due to current platform health status
-        0x80 - SCM device unable to persist memory contents, certain conditions
-               NOTE: set for virtual SCM devices, does not persist across reboot
+        0x01: Unable to preserve future contents
+        0x02: Failed to preserve contents
+        0x04: Contents preserved
+        0x08: Contents not preserved
+        0x10: Contents are encrypted
+        0x20: Reserved
+        0x40: Error detected, but save/restore might work
+        0x80: Reserved
+        0xFF: Memory is invalid
+            NOTE: set for virtual SCM devices, does not persist across reboot
     </description>
     <simpleType>
       <uint8_t>