Enforce synchronized processor security state

Ensure the secure state is consistent across all processors. Change-Id: I671253b99d5d87509909681a2cec2380ca6918b0 RTC:167775 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38764 Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
author: Jaymes Wilks <mjwilks@us.ibm.com> 2017-03-28 11:52:52 -0500
committer: Daniel M. Crowell <dcrowell@us.ibm.com> 2017-05-10 15:25:50 -0400
commit: b947a1a4119b06ee50287854e5ea974c0926226e (patch)
tree: 3087d2fa1f5a40354ba9030a176eb969652abd1d /src/usr/secureboot
parent: 17969937b73f10ffe25ba6b4ac22e5d64a2e1f4c (diff)
download: blackbird-hostboot-b947a1a4119b06ee50287854e5ea974c0926226e.tar.gz
blackbird-hostboot-b947a1a4119b06ee50287854e5ea974c0926226e.zip
2 files changed, 117 insertions, 35 deletions
diff --git a/src/usr/secureboot/base/service.C b/src/usr/secureboot/base/service.C
index 673ec709e..7513f7dc6 100644
--- a/src/usr/secureboot/base/service.C
+++ b/src/usr/secureboot/base/service.C
@@ -85,20 +85,6 @@ struct SecureRegisterValues
  */
 errlHndl_t getAllSecurityRegisters(std::vector<SecureRegisterValues> & o_regs);
 
-/**
- *  @brief Adds the values of the Security Registers of the processors in the
- *         system to an existing error log
- *
- *  @param[in/out] io_err  Error Log that the values of the security registers
- *                         will be added to
- *                         NOTE:  The state of the system/processors (ie, SCOM
- *                         vs FSI) determines which registers can be included
- *
- *  @return N/A
- */
-void addSecurityRegistersToErrlog(errlHndl_t & io_err);
-
-
 void* initializeBase(void* unused)
 {
     errlHndl_t l_errl = NULL;
@@ -140,14 +126,23 @@ bool enabled()
 }
 #endif
 
-errlHndl_t getSecuritySwitch(uint64_t& o_regValue, TARGETING::Target* i_targ)
+errlHndl_t getSecuritySwitch(uint64_t& o_regValue, TARGETING::Target* i_pProc)
+{
+    return Singleton<Settings>::instance().getSecuritySwitch(o_regValue,
+                                                                       i_pProc);
+}
+
+errlHndl_t getProcCbsControlRegister(uint64_t& o_regValue,
+    TARGETING::Target* i_pProc)
 {
-    return Singleton<Settings>::instance().getSecuritySwitch(o_regValue,i_targ);
+    return Singleton<Settings>::instance().getProcCbsControlRegister(o_regValue,
+        i_pProc);
 }
 
-errlHndl_t getJumperState(SecureJumperState& o_state, TARGETING::Target* i_targ)
+errlHndl_t getJumperState(SecureJumperState& o_state,
+                                                    TARGETING::Target* i_pProc)
 {
-    return Singleton<Settings>::instance().getJumperState(o_state, i_targ);
+    return Singleton<Settings>::instance().getJumperState(o_state, i_pProc);
 }
 
 errlHndl_t clearSecuritySwitchBits(
diff --git a/src/usr/secureboot/base/settings.C b/src/usr/secureboot/base/settings.C
index 9e1cb2ee0..0c4046d59 100644
--- a/src/usr/secureboot/base/settings.C
+++ b/src/usr/secureboot/base/settings.C
@@ -31,6 +31,9 @@
 #include <targeting/common/target.H>
 #include <initservice/initserviceif.H>
 #include <secureboot/settings.H>
+#include <config.h>
+#include <errl/errludlogregister.H>
+#include <console/consoleif.H>
 
 // SECUREBOOT : General driver traces
 #include "../common/securetrace.H"
@@ -65,6 +68,77 @@ namespace SECUREBOOT
                             static_cast<uint64_t>(ProcSecurity::SabBit)));
 
         SB_INF("getEnabled() state:%i",iv_enabled);
+
+        // send informational log if secure boot is disabled
+        #ifdef CONFIG_SECUREBOOT
+        if (!iv_enabled)
+        {
+            #ifdef CONFIG_CONSOLE
+            CONSOLE::displayf(SECURE_COMP_NAME, "Booting in non-secure mode.");
+            #endif
+            /*@
+             * @errortype
+             * @reasoncode       SECUREBOOT::RC_SECURE_BOOT_DISABLED
+             * @moduleid         SECUREBOOT::MOD_SECURE_SETTINGS_INIT
+             * @severity         ERRL_SEV_INFORMATIONAL
+             * @userdata1        Security switch register value
+             * @devdesc          Secureboot has been disabled.
+             * @custdesc         Platform security informational message
+             */
+            auto err = new ERRORLOG::ErrlEntry(
+                ERRORLOG::ERRL_SEV_INFORMATIONAL,
+                SECUREBOOT::MOD_SECURE_SETTINGS_INIT,
+                SECUREBOOT::RC_SECURE_BOOT_DISABLED,
+                l_regValue,
+                0,
+                false);
+
+            err->collectTrace(SECURE_COMP_NAME);
+
+            // we can't call getAllSecurityRegisters from here because it
+            // will deadlock when it circles back to getSecuritySwitch - the
+            // call to retreive the singleton for Settings class will hang.
+            // So, we just log the security switch and cbs control registers
+            ERRORLOG::ErrlUserDetailsLogRegister l_logReg(
+                MASTER_PROCESSOR_CHIP_TARGET_SENTINEL,
+                &l_regValue,
+                sizeof(l_regValue),
+                DEVICE_SCOM_ADDRESS(
+                    static_cast<uint64_t>(ProcSecurity::SwitchRegister)
+                ));
+            l_logReg.addToLog(err);
+
+            uint64_t l_cbsReg = 0;
+            auto l_cbsErrl = getProcCbsControlRegister(
+                l_cbsReg,
+                MASTER_PROCESSOR_CHIP_TARGET_SENTINEL);
+
+            if (l_cbsErrl)
+            {
+                // link the CBS control register erorr plid to the original err
+                err->plid(l_cbsErrl->plid());
+
+                // commit the CBS control register error
+                ERRORLOG::errlCommit(l_cbsErrl, SECURE_COMP_ID);
+
+                // we're already in the error path so we just keep going
+                // without the register
+            }
+            else
+            {
+                ERRORLOG::ErrlUserDetailsLogRegister l_logCbsReg(
+                    MASTER_PROCESSOR_CHIP_TARGET_SENTINEL,
+                    &l_cbsReg,
+                    sizeof(l_cbsReg),
+                    DEVICE_SCOM_ADDRESS(
+                        static_cast<uint64_t>(ProcCbsControl::StatusRegister)
+                    ));
+                l_logCbsReg.addToLog(err);
+            }
+
+            ERRORLOG::errlCommit(err, SECURE_COMP_ID);
+        }
+        #endif
     }
 
     bool Settings::getEnabled() const
@@ -73,7 +147,7 @@ namespace SECUREBOOT
     }
 
     errlHndl_t Settings::getJumperState(SecureJumperState& o_state,
-                                        Target* i_targ) const
+                                        Target* i_pProc) const
     {
         uint64_t l_regValue = 0;
         o_state = SecureJumperState::SECURITY_DEASSERTED;
@@ -82,14 +156,10 @@ namespace SECUREBOOT
 
         do
         {
-            // the supplied target input parameter is validated in one place
-            // inside the readSecurityRegister function
-            l_errl = readSecurityRegister(i_targ,
-                    static_cast<uint64_t>(ProcCbsControl::StatusRegister),
-                    l_regValue);
+            l_errl = getProcCbsControlRegister(l_regValue, i_pProc);
 
             SB_DBG("getJumperState() err:%i reg:%.16llX huid:%.8X",
-                !!l_errl, l_regValue, get_huid(i_targ));
+                !!l_errl, l_regValue, get_huid(i_pProc));
 
             if (l_errl)
             {
@@ -105,21 +175,31 @@ namespace SECUREBOOT
                      SecureJumperState::SECURITY_ASSERTED;
 
             SB_INF("getJumperState() state:%i huid:%.8X", o_state,
-                                                            get_huid(i_targ));
+                                                            get_huid(i_pProc));
 
         } while(0);
 
         return l_errl;
     }
 
+    errlHndl_t Settings::getProcCbsControlRegister(uint64_t& o_regValue,
+                                                   Target* i_pProc) const
+    {
+        // the supplied target input parameter is validated in one place
+        // inside the readSecurityRegister function
+        return readSecurityRegister(i_pProc,
+                    static_cast<uint64_t>(ProcCbsControl::StatusRegister),
+                    o_regValue);
+    }
+
     errlHndl_t Settings::getSecuritySwitch(uint64_t& o_regValue,
-                                           Target* i_targ) const
+                                           Target* i_pProc) const
     {
-        auto l_errl = readSecurityRegister(i_targ,
+        auto l_errl = readSecurityRegister(i_pProc,
                     static_cast<uint64_t>(ProcSecurity::SwitchRegister),
                     o_regValue);
         SB_INF("getSecuritySwitch() err:%i reg:%.16llX huid:%.8X",
-            !!l_errl, o_regValue, get_huid(i_targ));
+            !!l_errl, o_regValue, get_huid(i_pProc));
 
         return l_errl;
     }
@@ -259,7 +339,7 @@ namespace SECUREBOOT
         return pError;
     }
 
-    errlHndl_t Settings::readSecurityRegister(Target* i_targ,
+    errlHndl_t Settings::readSecurityRegister(Target* i_pProc,
                                             const uint64_t i_scomAddress,
                                             uint64_t& o_regValue) const
     {
@@ -271,8 +351,8 @@ namespace SECUREBOOT
 
         // make sure we are not passed a null target pointer or the wrong
         // target type (must be a processor target) or the sentinel
-        if ( i_targ != MASTER_PROCESSOR_CHIP_TARGET_SENTINEL &&
-            (i_targ == nullptr || i_targ->getAttr<ATTR_TYPE>() != TYPE_PROC)
+        if ( i_pProc != MASTER_PROCESSOR_CHIP_TARGET_SENTINEL &&
+            (i_pProc == nullptr || i_pProc->getAttr<ATTR_TYPE>() != TYPE_PROC)
            )
         {
             /*@
@@ -289,15 +369,22 @@ namespace SECUREBOOT
             l_errl = new ERRORLOG::ErrlEntry(ERRORLOG::ERRL_SEV_UNRECOVERABLE,
                                          SECUREBOOT::MOD_SECURE_READ_REG,
                                          SECUREBOOT::RC_SECURE_BAD_TARGET,
-                                         reinterpret_cast<uint64_t>(i_targ),
-                                         TO_UINT64(get_huid(i_targ)),
+                                         reinterpret_cast<uint64_t>(i_pProc),
+                                         TO_UINT64(get_huid(i_pProc)),
                                          true /* Add HB Software Callout */ );
             l_errl->collectTrace(SECURE_COMP_NAME, ERROR_TRACE_SIZE);
             break;
         }
 
+        // Make sure the processor is SCOMable
+        if (i_pProc != MASTER_PROCESSOR_CHIP_TARGET_SENTINEL)
+        {
+            assert(i_pProc->getAttr<ATTR_SCOM_SWITCHES>().useXscom,
+                "Bug! Processor security register read too early.");
+        }
+
         // Read security switch setting from processor.
-        l_errl = deviceRead(i_targ,
+        l_errl = deviceRead(i_pProc,
                             &o_regValue, size,
                             DEVICE_SCOM_ADDRESS(i_scomAddress));
author	Jaymes Wilks <mjwilks@us.ibm.com>	2017-03-28 11:52:52 -0500
committer	Daniel M. Crowell <dcrowell@us.ibm.com>	2017-05-10 15:25:50 -0400
commit	b947a1a4119b06ee50287854e5ea974c0926226e (patch)
tree	3087d2fa1f5a40354ba9030a176eb969652abd1d /src/usr/secureboot
parent	17969937b73f10ffe25ba6b4ac22e5d64a2e1f4c (diff)
download	blackbird-hostboot-b947a1a4119b06ee50287854e5ea974c0926226e.tar.gz blackbird-hostboot-b947a1a4119b06ee50287854e5ea974c0926226e.zip