Secure PNOR Resource Provider port from p8

Adds a Secure PNOR Resource Provider (SPNORRP) layer on top of the
original PNORRP to handle verification of secured PNOR sections.

Change-Id: Iff25abf599f3c850197c6e6d23ff03e5edf945bb
RTC:163078
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/31588
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

3 files changed, 66 insertions, 1 deletions

diff --git a/src/include/usr/pnor/pnor_const.H b/src/include/usr/pnor/pnor_const.H
index 9b65876fd..ddc4d19d5 100644
--- a/src/include/usr/pnor/pnor_const.H
+++ b/src/include/usr/pnor/pnor_const.H
@@ -27,6 +27,7 @@
 
 #include <stdint.h>
 #include <builtins.h>
+#include <config.h>
 
 namespace PNOR
 {
@@ -67,7 +68,6 @@ enum SectionId
     RINGOVD,        /**< Ring override data */
     NUM_SECTIONS,   /**< Number of defined sections */
 
-
     FIRST_SECTION = TOC,  /**< First section (for looping) */
     /**< Used for error cases, initialization */
     INVALID_SECTION = NUM_SECTIONS,
@@ -79,6 +79,7 @@ enum SectionId
     // Size and layout of this structure must be maintained for debug framework.
 struct SectionInfo_t
 {
+    SectionInfo_t(): id(INVALID_SECTION) {}
     SectionId id;       /**< Identifier for this section */
     const char* name;   /**< Name of the section */
     uint64_t vaddr;     /**< Virtual address of the start of the section */
@@ -88,6 +89,11 @@ struct SectionInfo_t
     bool sha512Version; /**< Version Checking */
     bool sha512perEC; /**< Version Checking perEC */
     bool readOnly; /**< Section is read only */
+#ifdef CONFIG_SECUREBOOT
+    size_t secureProtectedPayloadSize; /**< Cache the secure payload size so
+                                            that the secure container only
+                                            needs to be parsed once */
+#endif
 };
 
 /**
diff --git a/src/include/usr/pnor/pnor_reasoncodes.H b/src/include/usr/pnor/pnor_reasoncodes.H
index 4235339bd..b7fd96bee 100644
--- a/src/include/usr/pnor/pnor_reasoncodes.H
+++ b/src/include/usr/pnor/pnor_reasoncodes.H
@@ -96,6 +96,18 @@ namespace PNOR
 
         // pnor_common.C
         MOD_PNORCOMMON_PARSETOC         = 0xC0, /**< PNOR::parseTOC */
+
+        // spnorrp.C
+        // Note: 0xD0 is available, so should be the next one used for spnorrp.
+        // Remove this comment after doing so.
+        MOD_SPNORRP_DIDSTARTUPFAIL      = 0xD1, /**< didSecureStartupFail(rc) */
+        MOD_SPNORRP_ALLOCATE_BLOCK      = 0xD2, /**< SPnorRP::initDaemon */
+        MOD_SPNORRP_WAITFORMESSAGE      = 0xD3, /**< SPnorRP::waitForMessage */
+        MOD_SPNORRP_VERIFYSECTIONS      = 0xD4, /**< SPnorRP::verifySections */
+        MOD_SPNORRP_SET_PERMISSION      = 0xD5, /**< SPnorRP::initDaemon */
+        MOD_PNORRP_LOADSECURESECTION    = 0xD6, /**< PnorRP::loadSecureSection */
+        MOD_SPNORRP_BASE_EXT_VER_CHK    = 0xD7, /**< SPnorRP::baseExtVersCheck */
+        MOD_SPNORRP_KEY_TRAN_CHK        = 0xD8, /**< SPnorRP::keyTransitionCheck */
     };
 
     enum PNORReasonCode
@@ -157,6 +169,10 @@ namespace PNOR
         RC_TOC_HDR_CHECKSUM_ERR      = PNOR_COMP_ID | 0x2C,
         RC_PNOR_PARSE_ENTRIES_ERR    = PNOR_COMP_ID | 0x2D,
         RC_PNOR_SET_VADDR_FAILED     = PNOR_COMP_ID | 0x2E,
+        RC_BASE_EXT_MISMATCH         = PNOR_COMP_ID | 0x2F,
+        RC_KEY_TRAN_FLAG_UNSET       = PNOR_COMP_ID | 0x30,
+        RC_BAD_SECURE_MAGIC_NUM      = PNOR_COMP_ID | 0x31,
+
 
         //@fixme-RTC:131607-Temporary value to allow HWSV compile
         //termination_rc
diff --git a/src/include/usr/pnor/pnorif.H b/src/include/usr/pnor/pnorif.H
index f5e4fc385..311c6c4b4 100644
--- a/src/include/usr/pnor/pnorif.H
+++ b/src/include/usr/pnor/pnorif.H
@@ -81,6 +81,7 @@ errlHndl_t getSideInfo (SideId i_side, SideInfo_t& o_info);
 errlHndl_t getSectionInfo( SectionId i_section,
                            SectionInfo_t& o_info );
 
+#ifdef CONFIG_SECUREBOOT
 /**
  *  @brief Loads requested PNOR section to secure virtual address space
  *
@@ -112,6 +113,48 @@ errlHndl_t loadSecureSection(SectionId i_section);
 errlHndl_t unloadSecureSection(SectionId i_section);
 
 /**
+ * @brief  Memcmp a vaddr to the known secureboot magic number
+ *
+ * @param[in]   i_vaddr: vaddr of secureboot header to check for magic number
+ *                       Note: must point to a buffer of size >= 4 bytes
+ *
+ * @return  bool - True if the magic number and starting bytes of the vaddr
+ *                 match. False otherwise.
+ */
+bool cmpSecurebootMagicNumber(const uint8_t* i_vaddr);
+
+/**
+ * @brief  Returns true if a PNOR section has the secureboot container
+ *         header magic number at the beginning. This is mainly used to
+ *         ignore unwanted PNOR sections like secureboot key transition.
+ *         It indicates the section has valid content to be securely
+ *         loaded, otherwise the section content will not be loaded.
+ *         If a section does not have the header but needs to be loaded,
+ *         it will fail ROM verify later on anyhow.
+ *         Note: Does not work with HBB section and will assert if attempted
+ *
+ * @param[in]   i_section: PNOR section to check first bytes of.
+ * @param[out]  o_valid:  true if section has the correct magic number at
+ *                        the beginning
+ *
+ * @return  errlHndl_t - NULL if success, errlHndl_t otherwise.
+ *                               */
+errlHndl_t hasSecurebootMagicNumber(SectionId i_section, bool &o_valid);
+#endif // CONFIG_SECUREBOOT
+
+
+/**
+ * @brief Determines whether the given section is inhibited by secure boot
+ *        for containing attribute overrides.
+ *
+ * @param[in] i_section PNOR section to test.
+ *
+ * @return bool True if inhibited section, false otherwise.
+ */
+bool isInhibitedSection(const uint32_t i_section);
+
+
+/**
  * @brief  Write the data back from hostboot memory to PNOR of a given section
  *         of PNOR
  *