diff options
author | Ilya Smirnov <ismirno@us.ibm.com> | 2018-09-26 10:35:24 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2018-11-13 13:23:59 -0600 |
commit | 1aae1ba2930ceb5d72b9855c8003c1d8371c0791 (patch) | |
tree | 4da3ed64fb3558db00e68b659c9bfdde79d26258 /src/include | |
parent | de9ec8dc9ca52d350d02c0862409fba939692c1e (diff) | |
download | blackbird-hostboot-1aae1ba2930ceb5d72b9855c8003c1d8371c0791.tar.gz blackbird-hostboot-1aae1ba2930ceb5d72b9855c8003c1d8371c0791.zip |
Move HOMER BAR to Secure Memory in SMF Mode
This commits enables HOMER BAR to point to the top
of the secure memory on SMF-enabled systems. Consequently,
the HOMER image and hostboot reserved memory will
be moved to the secure memory if SMF is enabled.
Change-Id: I37c7527b06688a41e57f14b4107ff53a507ffae8
RTC: 198825
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/66702
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/usr/isteps/istep15list.H | 1 | ||||
-rw-r--r-- | src/include/usr/isteps/mem_utils.H | 103 | ||||
-rw-r--r-- | src/include/usr/secureboot/secure_reasoncodes.H | 2 | ||||
-rw-r--r-- | src/include/usr/secureboot/smf_utils.H | 62 | ||||
-rw-r--r-- | src/include/usr/targeting/common/util.H | 26 | ||||
-rw-r--r-- | src/include/usr/targeting/targplatutil.H | 14 |
6 files changed, 183 insertions, 25 deletions
diff --git a/src/include/usr/isteps/istep15list.H b/src/include/usr/isteps/istep15list.H index f7bc1470c..d32145d0c 100644 --- a/src/include/usr/isteps/istep15list.H +++ b/src/include/usr/isteps/istep15list.H @@ -141,6 +141,7 @@ const DepModInfo g_istep15Dependancies = { DEP_LIB(libpm.so), DEP_LIB(libimageprocs.so), DEP_LIB(libisteps_mss.so), + DEP_LIB(libsmf.so), NULL } }; diff --git a/src/include/usr/isteps/mem_utils.H b/src/include/usr/isteps/mem_utils.H new file mode 100644 index 000000000..2ab47d052 --- /dev/null +++ b/src/include/usr/isteps/mem_utils.H @@ -0,0 +1,103 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/include/usr/isteps/mem_utils.H $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2018 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ +#ifndef __MEM_UTILS_H +#define __MEM_UTILS_H + +#include <errl/errlentry.H> + +namespace ISTEP +{ + +/** + * @brief Utility function to obtain the highest known address in the system + * + * @return The highest address in the system in bytes + */ +uint64_t get_top_mem_addr(); + +/** + * @brief Utility function to obtain the highest known address in a given proc + * + * @param[in] i_proc: Proc that we want to calculate the top address for; + * must not be nullptr or the func will assert + * must be of TYPE_PROC or the func will assert + * + * @return The highest address in the given proc (in bytes) + */ +uint64_t get_top_mem_addr(const TARGETING::Target* i_proc); + +/** + * @brief Utility function to obtain the lowest known address in the system + * + * @return the lowest know address in the system + */ +uint64_t get_bottom_mem_addr(); + +/** + * @brief Utility function to obtain the lowest known address in a given proc + * + * @param[in] i_proc: Proc that we want to calculate the bottom address for; + * must not be nullptr or the func will assert + * must be of TYPE_PROC or the func will assert + * + * @return the lowest know address on the specified proc + */ +uint64_t get_bottom_mem_addr(const TARGETING::Target* i_proc); + +/** + * @brief Utility function to obtain the highest known SMF base address on + * the system. + * + * @return: the address (in bytes) of the top SMF memory + * + */ +uint64_t get_top_smf_mem_addr(); + +/** + * @brief Utility function to obtain the SMF base address on the given proc + * + * @param[in] i_proc: Proc to fetch the SMF BAR from; + * must not be nullptr or the func will assert + * must be of TYPE_PROC or the func will assert + * + * + * @return The SMF BAR of the given proc (in bytes) + */ +uint64_t get_top_smf_mem_addr(const TARGETING::Target* i_proc); + +/** + * @brief Utility function to fetch the top of the HOMER memory + * + * @return the address of the HOMER mem + * + * @note When SMF is enabled, the highest available SMF BAR will be returned; + * when SMF is disabled, the function behaves exactly like + * get_top_mem_addr + */ +uint64_t get_top_homer_mem_addr(); + +} //namespace ISTEP + +#endif diff --git a/src/include/usr/secureboot/secure_reasoncodes.H b/src/include/usr/secureboot/secure_reasoncodes.H index 2f2ec75ef..7188b4e4f 100644 --- a/src/include/usr/secureboot/secure_reasoncodes.H +++ b/src/include/usr/secureboot/secure_reasoncodes.H @@ -50,6 +50,7 @@ namespace SECUREBOOT MOD_SECURE_VALIDATE_ECID_COUNT = 0x10, MOD_LOCK_ABUS_SEC_MAILBOXES = 0x11, MOD_SECURE_LOG_PLAT_SECURITY_CONFIG = 0x12, + MOD_CHECK_RISK_LEVEL_FOR_SMF = 0x13, // Use 0x20-0x2F range for Node Communications MOD_NCDD_CHECK_FOR_ERRORS = 0x20, @@ -89,6 +90,7 @@ namespace SECUREBOOT RC_INVALID_ECID_COUNT = SECURE_COMP_ID | 0x13, RC_LOCK_MAILBOXES_FAILED = SECURE_COMP_ID | 0x14, RC_SECURE_LOG_PLAT_SECURITY_CONFIG = SECURE_COMP_ID | 0x15, + RC_RISK_LEVEL_TOO_LOW = SECURE_COMP_ID | 0x16, // Use 0x20-0x2F range for Node Communications RC_NCDD_HW_ERROR_FOUND = SECURE_COMP_ID | 0x20, diff --git a/src/include/usr/secureboot/smf_utils.H b/src/include/usr/secureboot/smf_utils.H new file mode 100644 index 000000000..554f8affe --- /dev/null +++ b/src/include/usr/secureboot/smf_utils.H @@ -0,0 +1,62 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/include/usr/secureboot/smf_utils.H $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2018 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ +#ifndef __SMF_UTILS_H +#define __SMF_UTILS_H + +#include <stdint.h> +#include <errl/errlentry.H> + +namespace SECUREBOOT +{ + +namespace SMF +{ + +// HW limitations dictate that SMF memory needs to be a power-of-two +// multiple of 256MB starting with 256MB. +extern const uint64_t MIN_SMF_MEMORY_AMT; + +/** + * @brief Checks whether SMF mode is enabled on the system + * + * @return true: SMF is enabled; false: SMF is disabled. + */ +bool isSmfEnabled(); + +/** + * @brief Checks whether the system has the correct risk level to + * support SMF: SMF is supported on Axone by default or on + * NIMBUS or CUMULUS with risk level >= 4. + * + * @return nullptr: the current system supports SMF + * non-nullptr: an internal error occurred or the system + * does not support SMF + */ +errlHndl_t checkRiskLevelForSmf(); + +} // namespace SMF + +} // namespace SECUREBOOT +#endif diff --git a/src/include/usr/targeting/common/util.H b/src/include/usr/targeting/common/util.H index 479cdfa75..68b61b1f1 100644 --- a/src/include/usr/targeting/common/util.H +++ b/src/include/usr/targeting/common/util.H @@ -156,30 +156,6 @@ bool is_sapphire_load(void); bool is_avp_load(void); /** - * @brief Utility function to obtain the highest known address in the system - */ -uint64_t get_top_mem_addr(); - -/** - * @brief Utility function to obtain the highest known address in a given proc - * - * @param[in] i_proc: Proc that we want to calculate the top address for - */ -uint64_t get_top_mem_addr(Target* i_proc); - -/** - * @brief Utility function to obtain the lowest known address in the system - */ -uint64_t get_bottom_mem_addr(); - -/** - * @brief Utility function to obtain the lowest known address in a given proc - * - * @param[in] i_proc: Proc that we want to calculate the bottom address for - */ -uint64_t get_bottom_mem_addr(Target* i_proc); - -/** * Order two processor targets by NODE_ID then CHIP_ID. * @param[in] First processor target * @param[in] Second processor target @@ -196,6 +172,6 @@ bool orderByNodeAndPosition( Target* i_firstProc, */ uint8_t is_fused_mode( ); -} +} // TARGETING #endif // __TARGETING_COMMON_UTIL_H diff --git a/src/include/usr/targeting/targplatutil.H b/src/include/usr/targeting/targplatutil.H index c13f1a0a8..34d8bebc0 100644 --- a/src/include/usr/targeting/targplatutil.H +++ b/src/include/usr/targeting/targplatutil.H @@ -58,6 +58,20 @@ namespace UTIL // is reserved for invalid sensor static const uint16_t INVALID_IPMI_SENSOR = 0xFF; + // WARNING: addition of risk levels that don't support SMF will have a + // significant effect on the behavior of SMF code. Please ensure that + // (at least) src/usr/secureboot/smf/smf_utils.C is updated + // accordingly! + typedef enum + { + P9N22_P9C12_RUGBY_FAVOR_SECURITY = 0x00, + P9N22_P9C12_RUGBY_FAVOR_PERFORMANCE = 0x01, + P9N22_NO_RUGBY_MITIGATIONS = 0x02, + P9N22_P9N23_JAVA_PERF = 0x03, + P9N23_P9C13_NATIVE_SMF_RUGBY_FAVOR_SECURITY = 0x04, + P9N23_P9C13_NATIVE_SMF_RUGBY_FAVOR_PERFORMANCE = 0x05, + } Risk_level; + /** * @brief Creates a standard error log of tracing type * |