Refactor SecureBoot Workarounds to better control leniency

At this time we are trying to secure OpenPOWER in secure mode,
but allow best effort policies in other scenarios

Change-Id: I9ec2b5be49dbfcff678c4d30bb85f8762e448cb6
RTC: 170136
RTC: 155374
RTC: 168021
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43640
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

8 files changed, 25 insertions, 12 deletions

diff --git a/src/include/bootloader/bootloader_trace.H b/src/include/bootloader/bootloader_trace.H
index 269a904f5..129b9a303 100644
--- a/src/include/bootloader/bootloader_trace.H
+++ b/src/include/bootloader/bootloader_trace.H
@@ -181,6 +181,9 @@ enum BootloaderTraces
 
     /** Bootloader main verifyContainer failed */
     BTLDR_TRC_MAIN_VERIFY_FAIL               = 0xFB,
+
+    /** Bootloader main verifyContainer secure rom invalid */
+    BTLDR_TRC_MAIN_VERIFY_INVALID_SECROM     = 0xFC,
 };
 
 #ifndef BOOTLOADER_TRACE
diff --git a/src/include/kernel/bltohbdatamgr.H b/src/include/kernel/bltohbdatamgr.H
index cbbdb40d2..6dd9d55f5 100644
--- a/src/include/kernel/bltohbdatamgr.H
+++ b/src/include/kernel/bltohbdatamgr.H
@@ -34,14 +34,6 @@ class BlToHbDataManager
 {
     private:
 
-        /**
-         * @brief Performs a printk along with a kassert to be more verbose if
-         *        Data is not valid.
-         *
-         * @return N/A
-         */
-        void validAssert() const;
-
         /*
          * @brief Prints, via printkd, important parts of the structure
          *
diff --git a/src/include/usr/pnor/pnor_reasoncodes.H b/src/include/usr/pnor/pnor_reasoncodes.H
index f01291a24..3eee83930 100644
--- a/src/include/usr/pnor/pnor_reasoncodes.H
+++ b/src/include/usr/pnor/pnor_reasoncodes.H
@@ -177,6 +177,7 @@ namespace PNOR
         RC_BAD_SECURE_MAGIC_NUM      = PNOR_COMP_ID | 0x31,
         RC_MBOX_BAD_SEQUENCE         = PNOR_COMP_ID | 0x32,
         RC_MBOX_ERROR_STATUS         = PNOR_COMP_ID | 0x33,
+        RC_UNSIGNED_PNOR_SECTION     = PNOR_COMP_ID | 0x34,
 
         //@fixme-RTC:131607-Temporary value to allow HWSV compile
         //termination_rc
diff --git a/src/include/usr/pnor/pnorif.H b/src/include/usr/pnor/pnorif.H
index 3a2d3e53b..b6f616b92 100644
--- a/src/include/usr/pnor/pnorif.H
+++ b/src/include/usr/pnor/pnorif.H
@@ -180,7 +180,7 @@ errlHndl_t validateAltMaster( void );
  */
 void getPnorInfo( PnorInfo_t& o_pnorInfo );
 
-// @TODO RTC:155374 Remove this in the future
+
 /**
  * @brief  Check if PNOR section appears to be secure and sets the
  *         internal TOC of PnorRp accordingly.
diff --git a/src/include/usr/secureboot/header.H b/src/include/usr/secureboot/header.H
index 34300ba9a..0478fa675 100644
--- a/src/include/usr/secureboot/header.H
+++ b/src/include/usr/secureboot/header.H
@@ -59,7 +59,7 @@ namespace SECUREBOOT
                 iv_data=NULL;
             }
 
-            // @TODO RTC 168021 Converge to single method of reading
+            // @TODO RTC 178520 Converge to single method of reading
             // secure header
 
             /**
@@ -72,7 +72,7 @@ namespace SECUREBOOT
              */
             void loadSecurely();
 
-            // @TODO RTC 168021 Converge to single method of reading
+            // @TODO RTC 178520 Converge to single method of reading
             // secure header
 
             /**
diff --git a/src/include/usr/secureboot/secure_reasoncodes.H b/src/include/usr/secureboot/secure_reasoncodes.H
index 59761275a..98fe38d3c 100644
--- a/src/include/usr/secureboot/secure_reasoncodes.H
+++ b/src/include/usr/secureboot/secure_reasoncodes.H
@@ -54,6 +54,7 @@ namespace SECUREBOOT
         RC_ROM_SHA512                   = SECURE_COMP_ID | 0x08,
         RC_SECURE_BAD_TARGET            = SECURE_COMP_ID | 0x09,
         RC_SECURE_BOOT_DISABLED         = SECURE_COMP_ID | 0x0A,
+        RC_SECROM_INVALID               = SECURE_COMP_ID | 0x0B,
 
         // Reason codes 0xA0 - 0xEF reserved for trustedboot_reasoncodes.H
     };
diff --git a/src/include/usr/secureboot/service.H b/src/include/usr/secureboot/service.H
index 27c35f6d4..0258b5706 100644
--- a/src/include/usr/secureboot/service.H
+++ b/src/include/usr/secureboot/service.H
@@ -299,6 +299,13 @@ namespace SECUREBOOT
      */
     bool allowAttrOverrides();
 
+    /* Definition in settings.H */
+    bool bestEffortPolicy();
+
+    /* Definition in securerommgr.H */
+    bool secureRomValidPolicy();
+
+
 }
 
 #endif
diff --git a/src/include/usr/secureboot/settings.H b/src/include/usr/secureboot/settings.H
index 417e14d96..491c607d3 100644
--- a/src/include/usr/secureboot/settings.H
+++ b/src/include/usr/secureboot/settings.H
@@ -90,7 +90,8 @@ namespace SECUREBOOT
     class Settings
     {
         public:
-            Settings() : iv_enabled(false) { _init(); };
+            Settings() : iv_enabled(false),
+                         iv_bestEffortPolicy(false) { _init(); };
             ~Settings() {};
 
             /** @brief Determine if Secureboot is enabled. */
@@ -135,6 +136,13 @@ namespace SECUREBOOT
                 TARGETING::Target* i_pProc
                     = TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL) const;
 
+            /** @brief Determines if the Secureboot best effort policy is
+             *         enabled. Uses knowledge of compile config options and
+             *         secure mode enabled
+             * @return bool - True if enabled, false otherwise
+             */
+            bool getBestEffortPolicy() const;
+
         private:
             void _init();
 
@@ -184,6 +192,7 @@ namespace SECUREBOOT
 
             /** Cached secure boot enabled value */
             bool iv_enabled;
+            bool iv_bestEffortPolicy;
     };
 }