Add SecureROM version info and Change SBE update to use max HBBL size

The HBBL also contains the securerom code and hw keys' hash
for verification purposes. So looking for the end of the HBBL
code leaves out those sections

Change-Id: I73a1b5c50e3a5b3f642ca569b90e79dbe4c4ba1e
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35979
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Martin Gloff <mgloff@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

7 files changed, 107 insertions, 36 deletions

diff --git a/src/include/array b/src/include/array
index 59c313046..76b1371c8 100644
--- a/src/include/array
+++ b/src/include/array
@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2016                             */
+/* Contributors Listed Below - COPYRIGHT 2016,2017                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -36,6 +36,7 @@
 #define __STDC_LIMIT_MACROS
 #endif
 #include <stdint.h>
+#include <algorithm>
 
 namespace std
 {
diff --git a/src/include/bootloader/bootloader.H b/src/include/bootloader/bootloader.H
index ac10628fb..102d23a77 100644
--- a/src/include/bootloader/bootloader.H
+++ b/src/include/bootloader/bootloader.H
@@ -38,6 +38,7 @@
 #include <common/ffs_hb.H>
 #include <kernel/terminate.H>
 #include <kernel/hbterminatetypes.H>
+#include <bootloader/bootloaderif.H>
 
 extern "C" void task_end_stub();
 extern "C" void enterHBB(uint64_t i_hbb_hrmor, uint64_t i_hbb_offset);
@@ -166,15 +167,11 @@ namespace Bootloader{
      *  HBB is copied to its running location and its execution is started.
      */
 
-    /** Max size of HBBL without ECC. Must match PNOR layout for eyeCatch HBBL*/
-#define MAX_HBBL_SIZE (20 * KILOBYTE)
-    /** Size of exception vector reserved space at start of the HBBL section*/
-#define HBBL_EXCEPTION_VECTOR_SIZE (12 * KILOBYTE)
     /** HW Keys hash is placed in the last 64 bytes of the HBBL */
 #define HW_KEYS_HASH_ADDR (getHRMOR() + HBBL_EXCEPTION_VECTOR_SIZE \
                            + MAX_HBBL_SIZE - 64)
     /** Location of working copy of HBB with ECC */
-#define HBB_ECC_WORKING_ADDR    (getHRMOR() - ( 1*MEGABYTE))
+#define HBB_ECC_WORKING_ADDR    (getHRMOR() + ( 1*MEGABYTE))
 
     /** Location of working copy of HBB without ECC */
 #define HBB_WORKING_ADDR        (getHRMOR() - ( 1*MEGABYTE))
diff --git a/src/include/bootloader/bootloader_trace.H b/src/include/bootloader/bootloader_trace.H
index 93b937308..980f90881 100644
--- a/src/include/bootloader/bootloader_trace.H
+++ b/src/include/bootloader/bootloader_trace.H
@@ -60,18 +60,21 @@ enum BootloaderTraces
     /** Bootloader main removeECC returned */
     BTLDR_TRC_MAIN_REMOVEECC_RTN             = 0x13,
 
-    // @TODO RTC:167740 remove magic number check once fsp/op signs HBB
-    /** Bootloader main verifyBaseImage skip verification - no magic number */
-    BTLDR_TRC_MAIN_VERIFY_HBB_SKIP           = 0x14,
-
-    /** Bootloader main verifyBaseImage started */
-    BTLDR_TRC_MAIN_VERIFY_HBB_START          = 0x15,
+    /** Bootloader main verifyContainer started */
+    BTLDR_TRC_MAIN_VERIFY_START          = 0x14,
 
-    /** Bootloader main verifyBaseImage succeeded */
-    BTLDR_TRC_MAIN_VERIFY_HBB_SUCCESS        = 0x16,
+    /** Bootloader main verifyContainer succeeded */
+    BTLDR_TRC_MAIN_VERIFY_SUCCESS        = 0x15,
 
     /** Bootloader main copy HBB to running location done */
-    BTLDR_TRC_MAIN_COPY_HBB_DONE             = 0x17,
+    BTLDR_TRC_MAIN_COPY_HBB_DONE             = 0x16,
+
+    /** Bootloader main verifyContainer skip verification - no eyecatch */
+    BTLDR_TRC_MAIN_VERIFY_NO_EYECATCH           = 0x17,
+
+    // @TODO RTC:167740 remove magic number check once fsp/op signs HBB
+    /** Bootloader main verifyContainer skip verification - no magic number */
+    BTLDR_TRC_MAIN_VERIFY_NO_MAGIC_NUM          = 0x18,
 
     /** Bootloader handleMMIO started */
     BTLDR_TRC_HANDLEMMIO_START               = 0x20,
@@ -169,8 +172,8 @@ enum BootloaderTraces
     /** Bootloader PNOR Access getHBBSection findTOC no HBB section */
     BTLDR_TRC_PA_GETHBBSECTION_FINDTOC_NOHBB = 0xFA,
 
-    /** Bootloader main verifyBaseImage failed */
-    BTLDR_TRC_MAIN_VERIFY_HBB_FAIL           = 0xFB,
+    /** Bootloader main verifyContainer failed */
+    BTLDR_TRC_MAIN_VERIFY_FAIL               = 0xFB,
 };
 
 #ifndef BOOTLOADER_TRACE
diff --git a/src/include/bootloader/bootloaderif.H b/src/include/bootloader/bootloaderif.H
new file mode 100644
index 000000000..beffe7c0f
--- /dev/null
+++ b/src/include/bootloader/bootloaderif.H
@@ -0,0 +1,35 @@
+/* IBM_PROLOG_BEGIN_TAG                                                   */
+/* This is an automatically generated prolog.                             */
+/*                                                                        */
+/* $Source: src/include/bootloader/bootloaderif.H $                       */
+/*                                                                        */
+/* OpenPOWER HostBoot Project                                             */
+/*                                                                        */
+/* Contributors Listed Below - COPYRIGHT 2017                             */
+/* [+] International Business Machines Corp.                              */
+/*                                                                        */
+/*                                                                        */
+/* Licensed under the Apache License, Version 2.0 (the "License");        */
+/* you may not use this file except in compliance with the License.       */
+/* You may obtain a copy of the License at                                */
+/*                                                                        */
+/*     http://www.apache.org/licenses/LICENSE-2.0                         */
+/*                                                                        */
+/* Unless required by applicable law or agreed to in writing, software    */
+/* distributed under the License is distributed on an "AS IS" BASIS,      */
+/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or        */
+/* implied. See the License for the specific language governing           */
+/* permissions and limitations under the License.                         */
+/*                                                                        */
+/* IBM_PROLOG_END_TAG                                                     */
+#ifndef __BOOT_LOADERIF_H
+#define __BOOT_LOADERIF_H
+
+// Max size of HBBL without ECC. Must match PNOR layout for eyeCatch HBBL
+// Must be aligned CACHELINE_SIZE of 128 bytes
+#define MAX_HBBL_SIZE (20 * KILOBYTE)
+
+// Size of exception vector reserved space at start of the HBBL section
+#define HBBL_EXCEPTION_VECTOR_SIZE (12 * KILOBYTE)
+
+#endif
\ No newline at end of file
diff --git a/src/include/securerom/ROM.H b/src/include/securerom/ROM.H
index 4a47b2502..9e3d7d4ca 100644
--- a/src/include/securerom/ROM.H
+++ b/src/include/securerom/ROM.H
@@ -29,6 +29,8 @@
 #include <securerom/hw_utils.H>
 #include <securerom/sha512.H>
 #include <securerom/ecverify.H>
+#include <string.h>
+#include <array>
 
 #define CONTAINER_VERSION   1
 #define HEADER_VERSION      1
@@ -130,15 +132,65 @@ extern "C" ROM_response ROM_verify (ROM_container_raw* container,
 
 /************************* END OF ORIGINAL ROM CODE ***************************/
 
-/* Offsets needed to call functions in jump table at start of ROM code.
-   See img/securerom.list.bz2 and search for SHA512_Hash and ROM_verify
+/* Offsets relative to branchtable start to call functions in SecureROM code.
+   See img/securerom.list.bz2 and search for SHA512_Hash and ROM_verify, then
+        subtract the branch table offset
    E.g.
+    0000000000000040 <_SHA512_Hash>:
+    0000000000000050 <_ROM_verify>:
+
+    Search for branchtableoffset
+    0000000000000010 <branchtableoffset>:
+      10    00000010:   00 00 00 00     .long 0x0
+      14    00000014:   00 00 00 28     .long 0x28
+
+    Subtraction (0x28) results in relative offset from branch table start
     0000000000000018 <_SHA512_Hash>:
     0000000000000028 <_ROM_verify>:
+
+   Note: If the SecureRomInfo change size, these will be affected.
+         See src/securerom/secureromasm.S for more info.
 */
 #define SHA512_HASH_FUNCTION_OFFSET 0x18
 #define ROM_VERIFY_FUNCTION_OFFSET 0x28
 
+// Version info at SECUREROM_VERSION_STRUCTURE_OFFSET
+// - [8 bytes] - eyeCatch
+// - [8 bytes] - version
+// - [8 bytes] - branchtable offset
+// - [16 bytes] - reserved
+struct SecureRomInfo
+{
+    uint64_t eyeCatch;
+    uint64_t version;
+    uint64_t branchtableOffset;
+    std::array<uint64_t,2> reserved;
+}__attribute__((packed));
+
+// Expected securerom eye catch
+const uint64_t SECROM_EYECATCHER = 0x23534543524F4D00; // #SECROM\0
+
+// Used for version checking as the SecureRomInfo structure changes
+enum SecureRomInfoVersion
+{
+    // [release:4][version:4]
+    SECUREROM_INFO_ADDED = 0x0000000900000001
+};
+
+/**
+ * @brief Checks if secureROM is valid by checking the eyeCatch and version
+ *
+ * @param[in] SecureRomInfo*    Pointer to SecureRomInfo - Must not be NULL
+ *
+ * @return bool true if valid; false otherwise
+ */
+inline bool secureRomInfoValid (const SecureRomInfo * i_secureRomInfo)
+{
+    // Ensure EyeCatch and Version are valid
+    return (i_secureRomInfo->eyeCatch == SECROM_EYECATCHER) &&
+           (i_secureRomInfo->version >= SECUREROM_INFO_ADDED);
+}
+
 // Need this for the following definition
 #ifdef __cplusplus
 extern "C"
diff --git a/src/include/usr/sbe/sbeif.H b/src/include/usr/sbe/sbeif.H
index 67937b9b4..be7924869 100644
--- a/src/include/usr/sbe/sbeif.H
+++ b/src/include/usr/sbe/sbeif.H
@@ -60,21 +60,6 @@ namespace SBE
                              sbe_image_version_t* o_version = NULL);
 
     /**
-     * @brief Gets a pointer to the HBBL image in PNOR
-     *
-     * @param[out] o_imgPtr    Pointer to HBBL Image mapped in PNOR
-     *                         Note: Pointer moved past any header(s)
-     *
-     * @param[out] o_imgSize   Size of the HBBL Image in PNOR
-     *                         Note: Size does not include any header(s)
-     *
-     * @return errlHndl_t      Error log handle on failure.
-     */
-    errlHndl_t findHBBLInPnor(void*& o_imgPtr,
-                              size_t& o_imgSize);
-
-
-    /**
      * @brief Iterates through all the functional processors and updates
      *        the SBE Image in a SEEPROM, if necessary.
      *
diff --git a/src/include/usr/sbe/sbereasoncodes.H b/src/include/usr/sbe/sbereasoncodes.H
index 8126060e4..611c0153e 100644
--- a/src/include/usr/sbe/sbereasoncodes.H
+++ b/src/include/usr/sbe/sbereasoncodes.H
@@ -60,7 +60,6 @@ enum sbeModuleId
     SBE_READ_SBE_IMAGE                  = 0x0F,
     SBE_WRITE_SBE_IMAGE                 = 0x10,
     SBE_GET_SBE_IMAGE_SIZE              = 0x11,
-    HBBL_FIND_IN_PNOR                   = 0x12,
     SBE_APPEND_HBBL                     = 0x13,
 };
 
@@ -101,7 +100,6 @@ enum sbeReasonCode
     SBE_MASTER_VERSION_DOWNLEVEL        = SBE_COMP_ID | 0x15,
     SBE_IMAGE_GET_SET_SCALAR_FAIL       = SBE_COMP_ID | 0x16,
 
-    HBBL_END_DATA_NOT_FOUND             = SBE_COMP_ID | 0x17,
     ERROR_FROM_XIP_DELETE               = SBE_COMP_ID | 0x18,
     ERROR_FROM_XIP_FIND                 = SBE_COMP_ID | 0x19,