diff options
author | Jaymes Wilks <mjwilks@us.ibm.com> | 2016-10-17 12:15:40 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2016-11-14 17:17:33 -0500 |
commit | 16263a641c48773091dd60b55e28ad77ca5a8574 (patch) | |
tree | 97120f76deb4132a1a1b7ceba8701318c5663a68 /src/usr/secureboot/base/service.C | |
parent | a904e156364a8f0fd5f6bc2b7094f79cf77da1b2 (diff) | |
download | blackbird-hostboot-16263a641c48773091dd60b55e28ad77ca5a8574.tar.gz blackbird-hostboot-16263a641c48773091dd60b55e28ad77ca5a8574.zip |
Secure PNOR Resource Provider port from p8
Adds a Secure PNOR Resource Provider (SPNORRP) layer on top of the
original PNORRP to handle verification of secured PNOR sections.
Change-Id: Iff25abf599f3c850197c6e6d23ff03e5edf945bb
RTC:163078
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/31588
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot/base/service.C')
-rw-r--r-- | src/usr/secureboot/base/service.C | 110 |
1 files changed, 79 insertions, 31 deletions
diff --git a/src/usr/secureboot/base/service.C b/src/usr/secureboot/base/service.C index 435ababfd..ade0e4a9f 100644 --- a/src/usr/secureboot/base/service.C +++ b/src/usr/secureboot/base/service.C @@ -28,50 +28,98 @@ #include <util/singleton.H> #include <secureboot/secure_reasoncodes.H> #include <config.h> - +#include <devicefw/userif.H> +#include <targeting/common/utilFilter.H> +#include <targeting/common/targetservice.H> +#include <errl/errlentry.H> +#include <errl/errlmanager.H> +#include <errl/errludtarget.H> +#include <initservice/initserviceif.H> #include "settings.H" -#include "header.H" +#include <secureboot/header.H> #include "purge.H" #include <kernel/misc.H> +#include <kernel/console.H> +#include <console/consoleif.H> + +extern trace_desc_t* g_trac_secure; + +// Quick change for unit testing +//#define TRACUCOMP(args...) TRACFCOMP(args) +#define TRACUCOMP(args...) + + +using namespace ERRORLOG; +using namespace TARGETING; namespace SECUREBOOT { - void* initializeBase(void* unused) + +// TODO securebootp9 - Do a diff of this file with the p8 version make sure +// all the missing parts are brought in. + +void* initializeBase(void* unused) +{ + errlHndl_t l_errl = NULL; + + do { - errlHndl_t l_errl = NULL; - do + // Load original secureboot header. + if (enabled()) { + Singleton<Header>::instance().loadBaseHeader(); + } - // Load original secureboot header. - if (enabled()) - { - Singleton<Header>::instance().loadBaseHeader(); - } - - // Extend memory footprint into lower portion of cache. - assert(0 == mm_extend(MM_EXTEND_PARTIAL_CACHE)); + // Extend memory footprint into lower portion of cache. + assert(0 == mm_extend(MM_EXTEND_PARTIAL_CACHE)); - // Don't extend more than 1/2 cache in VPO as fake PNOR is there - // Don't enable SecureROM in VPO + // Don't extend more than 1/2 cache in VPO as fake PNOR is there + // Don't enable SecureROM in VPO #ifndef CONFIG_P9_VPO_COMPILE - // Run dcbz on the entire 10MB cache - assert(0 == mm_extend(MM_EXTEND_FULL_CACHE)); - - // Initialize the Secure ROM - l_errl = initializeSecureROM(); - if (l_errl) - { - break; - } + // Run dcbz on the entire 10MB cache + assert(0 == mm_extend(MM_EXTEND_FULL_CACHE)); + + // Initialize the Secure ROM + l_errl = initializeSecureROM(); + if (l_errl) + { + break; + } +#endif + } while(0); + + return l_errl; +} + +bool enabled() +{ + return Singleton<Settings>::instance().getEnabled(); +} + +void handleSecurebootFailure(errlHndl_t &i_err) +{ + TRACFCOMP( g_trac_secure, ENTER_MRK"handleSecurebootFailure()"); + + assert(i_err != NULL, "Secureboot Failure has a NULL error log") + + // Grab errlog reason code before committing. + uint16_t l_rc = i_err->reasonCode(); + +#ifdef CONFIG_CONSOLE + CONSOLE::displayf(SECURE_COMP_NAME, "Secureboot Failure plid = 0x%08X, rc = 0x%04X\n", + i_err->plid(), l_rc); #endif - } while(0); + printk("Secureboot Failure plid = 0x%08X, rc = 0x%04X\n", + i_err->plid(),l_rc); - return l_errl; - } + // Add Verification callout + i_err->addProcedureCallout(HWAS::EPUB_PRC_FW_VERIFICATION_ERR, + HWAS::SRCI_PRIORITY_HIGH); + errlCommit(i_err, SECURE_COMP_ID); + + // Shutdown with Secureboot error status + INITSERVICE::doShutdown(l_rc); +} - bool enabled() - { - return Singleton<Settings>::instance().getEnabled(); - } } |