Enable HBB measurement based on secure mode enablement

Change-Id: Ia731f7ee2fff280d078da9878322f69beb3aa7cc
RTC: 167581
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/36221
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

3 files changed, 43 insertions, 52 deletions

diff --git a/src/usr/pnor/pnor_common.C b/src/usr/pnor/pnor_common.C
index 2414a15c2..93978c277 100644
--- a/src/usr/pnor/pnor_common.C
+++ b/src/usr/pnor/pnor_common.C
@@ -304,21 +304,26 @@ errlHndl_t PNOR::parseTOC( uint8_t* i_tocBuffer,SectionData_t * o_TOC)
             if (   o_TOC[l_secId].version == FFS_VERS_SHA512
                 && !isSecure)
             {
-                // For non-secure sections with a SHA512 header, the
-                // flash address has incremented past the header, so
-                // back up by the header size (accounting for ECC) in order
-                // to extend the header
-                auto addr = o_TOC[l_secId].flashAddr;
-                size_t headerSize =
-                    (o_TOC[l_secId].integrity == FFS_INTEG_ECC_PROTECT) ?
-                    PAGESIZE_PLUS_ECC : PAGESIZE;
-                addr -= headerSize;
-
-                l_errhdl = PNOR::extendHash(addr, headerSize,
-                                            cv_EYECATCHER[l_secId]);
-                if (l_errhdl)
+                // Never extend the base image through this path, it will be
+                // handled elsewhere
+                if(l_secId != PNOR::HB_BASE_CODE)
                 {
-                    break;
+                   // For non-secure sections with a SHA512 header, the
+                   // flash address has incremented past the header, so
+                   // back up by the header size (accounting for ECC) in order
+                   // to extend the header
+                   auto addr = o_TOC[l_secId].flashAddr;
+                   size_t headerSize =
+                       (o_TOC[l_secId].integrity == FFS_INTEG_ECC_PROTECT) ?
+                       PAGESIZE_PLUS_ECC : PAGESIZE;
+                   addr -= headerSize;
+
+                   l_errhdl = PNOR::extendHash(addr, headerSize,
+                                               cv_EYECATCHER[l_secId]);
+                   if (l_errhdl)
+                   {
+                       break;
+                   }
                 }
             }
         }
diff --git a/src/usr/pnor/pnorrp.C b/src/usr/pnor/pnorrp.C
index 6bca58f25..b3f394e51 100644
--- a/src/usr/pnor/pnorrp.C
+++ b/src/usr/pnor/pnorrp.C
@@ -337,10 +337,7 @@ void PnorRP::initDaemon()
         // runtime code.
         #ifndef __HOSTBOOT_RUNTIME
         #ifdef CONFIG_SECUREBOOT
-        //TODO: RTC 167581
-        // When RTC 166848 is available, add restrictions back in when
-        // base image header copy availability is detected
-        // if(!SECUREBOOT::enabled())
+        if(!SECUREBOOT::enabled())
         {
             // If compliant bootloader was present, it saved the HBB header
             // to a known location accessible to HBB.  Until that bootloader
diff --git a/src/usr/secureboot/base/header.C b/src/usr/secureboot/base/header.C
index 4aba9481f..2f62f804c 100644
--- a/src/usr/secureboot/base/header.C
+++ b/src/usr/secureboot/base/header.C
@@ -27,6 +27,7 @@
 #include <sys/mmio.h>
 #include <kernel/console.H>
 #include <errno.h>
+#include <kernel/bltohbdatamgr.H>
 
 namespace SECUREBOOT
 {
@@ -39,10 +40,13 @@ namespace SECUREBOOT
     // header
     void Header::loadSecurely()
     {
-        //@TODO  RTC 167581
-        // When RTC 166848 is available, pull in real header
+        const void* const pSecureHeader = g_BlToHbDataManager.getHbbHeader();
 
-        return;
+        // Fatal code bug if called with nullptr pointer
+        assert(pSecureHeader != nullptr,
+            "BUG! In Header::loadSecurely(), expected valid address for base "
+            "image header in secure mode, but got nullptr.");
+        _set(pSecureHeader);
     }
 
     // @TODO RTC 168021 Converge on a single method of reading the secure
@@ -50,16 +54,27 @@ namespace SECUREBOOT
     void Header::setNonSecurely(
         const void* const i_pHeader)
     {
+        // Fatal code bug if called with nullptr pointer
+        assert(i_pHeader != nullptr,"BUG! In Header::setNonSecurely(), "
+            "caller passed a nullptr header address.");
+        _set(i_pHeader);
+    }
+
+    void Header::_set(
+        const void* const i_pHeader)
+    {
         // Fatal code bug if already loaded
-        assert(iv_data == nullptr,"BUG! In setNonSecurely(), "
+        assert(iv_data == nullptr,"BUG! In Header::_set(), "
             "a cached header is already present.");
 
         // Fatal code bug if called with nullptr pointer
-        assert(i_pHeader != nullptr,"BUG! In setNonSecurely(), "
-            "caller passed a nullptr header.");
+        assert(i_pHeader != nullptr,"BUG! In Header::_set(), "
+            "caller passed a nullptr header address.");
 
-        iv_data = calloc(1,PAGESIZE);
-        memcpy(iv_data,i_pHeader,PAGE_SIZE);
+        void* pData = malloc(PAGESIZE);
+        memcpy(pData,i_pHeader,PAGE_SIZE);
+        iv_data = pData;
+        pData = nullptr;
     }
 
     void Header::getHeader(
@@ -70,30 +85,4 @@ namespace SECUREBOOT
             "header is not present.");
         o_pHeader = iv_data;
     }
-
-    void Header::_calcSecureLoadAddr(
-        const void*& o_pCode) const
-    {
-        //@TODO  RTC 167581
-        // When RTC 166848 is available, pull in real header
-
-        // Determine the secure address where the HBB image was loaded by SBE.
-        // Regardless of whether security is enabled or not, HBB always ends up
-        // at the secure load address (which corresponds to the HRMOR).
-        //
-        // Zero is purposefully not mapped into the VMM tables, so we
-        // can't use that for the virtual-to-real translation.  Since
-        // this object is in the base (HBB) image, PA = HRMOR | EA, so we can
-        // use PA - EA to find the HRMOR.
-        const void* hrmor = reinterpret_cast<const void*>(
-            mm_virt_to_phys(
-                const_cast<SECUREBOOT::Header*>(this)) -
-                    reinterpret_cast<uint64_t>(this));
-
-        // HRMOR lookup should never fail
-        assert(   reinterpret_cast<uint64_t>(hrmor)
-               != static_cast<uint64_t>(-EFAULT));
-
-        o_pCode = hrmor;
-    }
 }