Move HOMER BAR to Secure Memory in SMF Mode

This commits enables HOMER BAR to point to the top
of the secure memory on SMF-enabled systems. Consequently,
the HOMER image and hostboot reserved memory will
be moved to the secure memory if SMF is enabled.

Change-Id: I37c7527b06688a41e57f14b4107ff53a507ffae8
RTC: 198825
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/66702
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

6 files changed, 183 insertions, 25 deletions

diff --git a/src/include/usr/isteps/istep15list.H b/src/include/usr/isteps/istep15list.H
index f7bc1470c..d32145d0c 100644
--- a/src/include/usr/isteps/istep15list.H
+++ b/src/include/usr/isteps/istep15list.H
@@ -141,6 +141,7 @@ const DepModInfo g_istep15Dependancies = {
         DEP_LIB(libpm.so),
         DEP_LIB(libimageprocs.so),
         DEP_LIB(libisteps_mss.so),
+        DEP_LIB(libsmf.so),
         NULL
     }
 };
diff --git a/src/include/usr/isteps/mem_utils.H b/src/include/usr/isteps/mem_utils.H
new file mode 100644
index 000000000..2ab47d052
--- /dev/null
+++ b/src/include/usr/isteps/mem_utils.H
@@ -0,0 +1,103 @@
+/* IBM_PROLOG_BEGIN_TAG                                                   */
+/* This is an automatically generated prolog.                             */
+/*                                                                        */
+/* $Source: src/include/usr/isteps/mem_utils.H $                          */
+/*                                                                        */
+/* OpenPOWER HostBoot Project                                             */
+/*                                                                        */
+/* Contributors Listed Below - COPYRIGHT 2018                             */
+/* [+] International Business Machines Corp.                              */
+/*                                                                        */
+/*                                                                        */
+/* Licensed under the Apache License, Version 2.0 (the "License");        */
+/* you may not use this file except in compliance with the License.       */
+/* You may obtain a copy of the License at                                */
+/*                                                                        */
+/*     http://www.apache.org/licenses/LICENSE-2.0                         */
+/*                                                                        */
+/* Unless required by applicable law or agreed to in writing, software    */
+/* distributed under the License is distributed on an "AS IS" BASIS,      */
+/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or        */
+/* implied. See the License for the specific language governing           */
+/* permissions and limitations under the License.                         */
+/*                                                                        */
+/* IBM_PROLOG_END_TAG                                                     */
+#ifndef __MEM_UTILS_H
+#define __MEM_UTILS_H
+
+#include <errl/errlentry.H>
+
+namespace ISTEP
+{
+
+/**
+ * @brief Utility function to obtain the highest known address in the system
+ *
+ * @return The highest address in the system in bytes
+ */
+uint64_t get_top_mem_addr();
+
+/**
+ * @brief Utility function to obtain the highest known address in a given proc
+ *
+ * @param[in] i_proc: Proc that we want to calculate the top address for;
+ *                    must not be nullptr or the func will assert
+ *                    must be of TYPE_PROC or the func will assert
+ *
+ * @return The highest address in the given proc (in bytes)
+ */
+uint64_t get_top_mem_addr(const TARGETING::Target* i_proc);
+
+/**
+ * @brief Utility function to obtain the lowest known address in the system
+ *
+ * @return the lowest know address in the system
+ */
+uint64_t get_bottom_mem_addr();
+
+/**
+ * @brief Utility function to obtain the lowest known address in a given proc
+ *
+ * @param[in] i_proc: Proc that we want to calculate the bottom address for;
+ *                    must not be nullptr or the func will assert
+ *                    must be of TYPE_PROC or the func will assert
+ *
+ * @return the lowest know address on the specified proc
+ */
+uint64_t get_bottom_mem_addr(const TARGETING::Target* i_proc);
+
+/**
+ * @brief Utility function to obtain the highest known SMF base address on
+ *        the system.
+ *
+ * @return: the address (in bytes) of the top SMF memory
+ *
+ */
+uint64_t get_top_smf_mem_addr();
+
+/**
+ * @brief Utility function to obtain the SMF base address on the given proc
+ *
+ * @param[in] i_proc: Proc to fetch the SMF BAR from;
+ *                    must not be nullptr or the func will assert
+ *                    must be of TYPE_PROC or the func will assert
+ *
+ *
+ * @return The SMF BAR of the given proc (in bytes)
+ */
+uint64_t get_top_smf_mem_addr(const TARGETING::Target* i_proc);
+
+/**
+ * @brief Utility function to fetch the top of the HOMER memory
+ *
+ * @return the address of the HOMER mem
+ *
+ * @note When SMF is enabled, the highest available SMF BAR will be returned;
+ *       when SMF is disabled, the function behaves exactly like
+ *       get_top_mem_addr
+ */
+uint64_t get_top_homer_mem_addr();
+
+} //namespace ISTEP
+
+#endif
diff --git a/src/include/usr/secureboot/secure_reasoncodes.H b/src/include/usr/secureboot/secure_reasoncodes.H
index 2f2ec75ef..7188b4e4f 100644
--- a/src/include/usr/secureboot/secure_reasoncodes.H
+++ b/src/include/usr/secureboot/secure_reasoncodes.H
@@ -50,6 +50,7 @@ namespace SECUREBOOT
         MOD_SECURE_VALIDATE_ECID_COUNT      = 0x10,
         MOD_LOCK_ABUS_SEC_MAILBOXES         = 0x11,
         MOD_SECURE_LOG_PLAT_SECURITY_CONFIG = 0x12,
+        MOD_CHECK_RISK_LEVEL_FOR_SMF        = 0x13,
 
         // Use 0x20-0x2F range for Node Communications
         MOD_NCDD_CHECK_FOR_ERRORS           = 0x20,
@@ -89,6 +90,7 @@ namespace SECUREBOOT
         RC_INVALID_ECID_COUNT              = SECURE_COMP_ID | 0x13,
         RC_LOCK_MAILBOXES_FAILED           = SECURE_COMP_ID | 0x14,
         RC_SECURE_LOG_PLAT_SECURITY_CONFIG = SECURE_COMP_ID | 0x15,
+        RC_RISK_LEVEL_TOO_LOW              = SECURE_COMP_ID | 0x16,
 
         // Use 0x20-0x2F range for Node Communications
         RC_NCDD_HW_ERROR_FOUND             = SECURE_COMP_ID | 0x20,
diff --git a/src/include/usr/secureboot/smf_utils.H b/src/include/usr/secureboot/smf_utils.H
new file mode 100644
index 000000000..554f8affe
--- /dev/null
+++ b/src/include/usr/secureboot/smf_utils.H
@@ -0,0 +1,62 @@
+/* IBM_PROLOG_BEGIN_TAG                                                   */
+/* This is an automatically generated prolog.                             */
+/*                                                                        */
+/* $Source: src/include/usr/secureboot/smf_utils.H $                      */
+/*                                                                        */
+/* OpenPOWER HostBoot Project                                             */
+/*                                                                        */
+/* Contributors Listed Below - COPYRIGHT 2018                             */
+/* [+] International Business Machines Corp.                              */
+/*                                                                        */
+/*                                                                        */
+/* Licensed under the Apache License, Version 2.0 (the "License");        */
+/* you may not use this file except in compliance with the License.       */
+/* You may obtain a copy of the License at                                */
+/*                                                                        */
+/*     http://www.apache.org/licenses/LICENSE-2.0                         */
+/*                                                                        */
+/* Unless required by applicable law or agreed to in writing, software    */
+/* distributed under the License is distributed on an "AS IS" BASIS,      */
+/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or        */
+/* implied. See the License for the specific language governing           */
+/* permissions and limitations under the License.                         */
+/*                                                                        */
+/* IBM_PROLOG_END_TAG                                                     */
+#ifndef __SMF_UTILS_H
+#define __SMF_UTILS_H
+
+#include <stdint.h>
+#include <errl/errlentry.H>
+
+namespace SECUREBOOT
+{
+
+namespace SMF
+{
+
+// HW limitations dictate that SMF memory needs to be a power-of-two
+// multiple of 256MB starting with 256MB.
+extern const uint64_t MIN_SMF_MEMORY_AMT;
+
+/**
+ * @brief Checks whether SMF mode is enabled on the system
+ *
+ * @return true: SMF is enabled; false: SMF is disabled.
+ */
+bool isSmfEnabled();
+
+/**
+ * @brief Checks whether the system has the correct risk level to
+ *        support SMF: SMF is supported on Axone by default or on
+ *        NIMBUS or CUMULUS with risk level >= 4.
+ *
+ * @return nullptr: the current system supports SMF
+ *         non-nullptr: an internal error occurred or the system
+ *                      does not support SMF
+ */
+errlHndl_t checkRiskLevelForSmf();
+
+} // namespace SMF
+
+} // namespace SECUREBOOT
+#endif
diff --git a/src/include/usr/targeting/common/util.H b/src/include/usr/targeting/common/util.H
index 479cdfa75..68b61b1f1 100644
--- a/src/include/usr/targeting/common/util.H
+++ b/src/include/usr/targeting/common/util.H
@@ -156,30 +156,6 @@ bool is_sapphire_load(void);
 bool is_avp_load(void);
 
 /**
- * @brief Utility function to obtain the highest known address in the system
- */
-uint64_t get_top_mem_addr();
-
-/**
- * @brief Utility function to obtain the highest known address in a given proc
- *
- * @param[in] i_proc: Proc that we want to calculate the top address for
- */
-uint64_t get_top_mem_addr(Target* i_proc);
-
-/**
- * @brief Utility function to obtain the lowest known address in the system
- */
-uint64_t get_bottom_mem_addr();
-
-/**
- * @brief Utility function to obtain the lowest known address in a given proc
- *
- * @param[in] i_proc: Proc that we want to calculate the bottom address for
- */
-uint64_t get_bottom_mem_addr(Target* i_proc);
-
-/**
  * Order two processor targets by NODE_ID then CHIP_ID.
  * @param[in] First processor target
  * @param[in] Second processor target
@@ -196,6 +172,6 @@ bool orderByNodeAndPosition(  Target* i_firstProc,
  */
 uint8_t  is_fused_mode( );
 
-}
+} // TARGETING
 
 #endif // __TARGETING_COMMON_UTIL_H
diff --git a/src/include/usr/targeting/targplatutil.H b/src/include/usr/targeting/targplatutil.H
index c13f1a0a8..34d8bebc0 100644
--- a/src/include/usr/targeting/targplatutil.H
+++ b/src/include/usr/targeting/targplatutil.H
@@ -58,6 +58,20 @@ namespace UTIL
     // is reserved for invalid sensor
     static const uint16_t INVALID_IPMI_SENSOR = 0xFF;
 
+    // WARNING: addition of risk levels that don't support SMF will have a
+    // significant effect on the behavior of SMF code. Please ensure that
+    // (at least) src/usr/secureboot/smf/smf_utils.C is updated
+    // accordingly!
+    typedef enum
+    {
+        P9N22_P9C12_RUGBY_FAVOR_SECURITY               = 0x00,
+        P9N22_P9C12_RUGBY_FAVOR_PERFORMANCE            = 0x01,
+        P9N22_NO_RUGBY_MITIGATIONS                     = 0x02,
+        P9N22_P9N23_JAVA_PERF                          = 0x03,
+        P9N23_P9C13_NATIVE_SMF_RUGBY_FAVOR_SECURITY    = 0x04,
+        P9N23_P9C13_NATIVE_SMF_RUGBY_FAVOR_PERFORMANCE = 0x05,
+    } Risk_level;
+
 /**
  *  @brief Creates a standard error log of tracing type
  *