Disable Attribute Overrides in Secure Mode

This commit disables attribute overrides during the IPL and at Runtime
when the system has security enabled.

Change-Id: Ia56b11fc1450c8e11be27c90c0de179038273873
RTC: 163094
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/40735
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

1 files changed, 67 insertions, 32 deletions

diff --git a/src/usr/targeting/runtime/attrPlatOverride_rt.C b/src/usr/targeting/runtime/attrPlatOverride_rt.C
index 0ceb99e26..c348b52e8 100644
--- a/src/usr/targeting/runtime/attrPlatOverride_rt.C
+++ b/src/usr/targeting/runtime/attrPlatOverride_rt.C
@@ -31,6 +31,10 @@
 #include <targeting/common/trace.H>
 #include <errl/errlmanager.H>
 #include <initservice/initserviceif.H>
+#include <config.h>
+#include <secureboot/service.H>
+#include <targeting/common/targreasoncodes.H>
+#include <devicefw/userif.H>
 
 using namespace TARGETING;
 
@@ -45,45 +49,76 @@ int apply_attr_override(uint8_t* i_data,
 
     TRACFCOMP(g_trac_targeting, "enter apply_attr_override");
 
-    // Clear fapi and targeting attribute override tanks. The tanks are
-    // expected to be empty. The passed overrides are added, not updated
-    // in place.
-    AttributeTank * l_pAttributeTank =
-                    &fapi2::theAttrOverrideSync().iv_overrideTank;
-    if ((*l_pAttributeTank).attributesExist())
-    {
-        TRACFCOMP(g_trac_targeting, "apply_attr_override:"
-                                    " clear FAPI attribute overrides");
-        (*l_pAttributeTank).clearAllAttributes();
-    }
-    l_pAttributeTank = &Target::theTargOverrideAttrTank();
-    if ((*l_pAttributeTank).attributesExist())
-    {
-        TRACFCOMP(g_trac_targeting, "apply_attr_override:"
-                                    " clear targeting attribute overrides");
-        (*l_pAttributeTank).clearAllAttributes();
-    }
+    bool l_allowOverrides = true;
 
-    // Pass attribute override blob as a pnor section
-    PNOR::SectionInfo_t l_sectionInfo;
-    l_sectionInfo.vaddr = (uint64_t)i_data;
-    l_sectionInfo.size = i_size;
-    l_sectionInfo.id = PNOR::ATTR_TMP;
-    l_sectionInfo.name = "Runtime TMP";
+    #ifdef CONFIG_SECUREBOOT
+    l_allowOverrides = !SECUREBOOT::enabled();
+    #endif
 
-    // Process attribute overrides
-    l_errl = TARGETING::getAttrOverrides(l_sectionInfo);
-    if (l_errl)
+    if (l_allowOverrides)
     {
-        TRACFCOMP(g_trac_targeting, "apply_attr_override:"
-                                    " getAttrOverrides failed");
-        errlCommit(l_errl, TARG_COMP_ID);
-        rc = -1;
+        // Clear fapi and targeting attribute override tanks. The tanks are
+        // expected to be empty. The passed overrides are added, not updated
+        // in place.
+        AttributeTank * l_pAttributeTank =
+                        &fapi2::theAttrOverrideSync().iv_overrideTank;
+        if ((*l_pAttributeTank).attributesExist())
+        {
+            TRACFCOMP(g_trac_targeting, "apply_attr_override:"
+                                        " clear FAPI attribute overrides");
+            (*l_pAttributeTank).clearAllAttributes();
+        }
+        l_pAttributeTank = &Target::theTargOverrideAttrTank();
+        if ((*l_pAttributeTank).attributesExist())
+        {
+            TRACFCOMP(g_trac_targeting, "apply_attr_override:"
+                                        " clear targeting attribute overrides");
+            (*l_pAttributeTank).clearAllAttributes();
+        }
+
+        // Pass attribute override blob as a pnor section
+        PNOR::SectionInfo_t l_sectionInfo;
+        l_sectionInfo.vaddr = (uint64_t)i_data;
+        l_sectionInfo.size = i_size;
+        l_sectionInfo.id = PNOR::ATTR_TMP;
+        l_sectionInfo.name = "Runtime TMP";
+
+        // Process attribute overrides
+        l_errl = TARGETING::getAttrOverrides(l_sectionInfo);
+        if (l_errl)
+        {
+            TRACFCOMP(g_trac_targeting, "apply_attr_override:"
+                                        " getAttrOverrides failed");
+            errlCommit(l_errl, TARG_COMP_ID);
+            rc = -1;
+        }
     }
     else
     {
-        TRACFCOMP(g_trac_targeting, "apply_attr_override succeed");
+#ifdef CONFIG_SECUREBOOT
+        TRACFCOMP(g_trac_targeting, "apply_attr_override: skipping override"
+            " due to SECUREBOOT enablement");
+
+        /* @
+         * @errortype
+         * @moduleid     TARG_APPLY_ATTR_OVER
+         * @reasoncode   TARG_RC_APPLY_ATTR_OVER_NOT_ALLOWED
+         * @devdesc      PnorRP::getSectionInfo> Skipping attribute override
+         *               because of secureboot enablement
+         * @custdesc     Attributes overrides are not allowed in secure mode.
+         */
+        l_errl = new ERRORLOG::ErrlEntry(ERRORLOG::ERRL_SEV_INFORMATIONAL,
+                                        TARG_APPLY_ATTR_OVER,
+                                        TARG_RC_APPLY_ATTR_OVER_NOT_ALLOWED,
+                                        0,
+                                        0,
+                                        true /* Add HB SW Callout */);
+        l_errl->collectTrace(TARG_COMP_NAME);
+        errlCommit(l_errl, TARG_COMP_ID);
+        rc = -1;
+#endif
     }
+
     return rc;
 }