1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
|
/* IBM_PROLOG_BEGIN_TAG */
/* This is an automatically generated prolog. */
/* */
/* $Source: src/include/usr/pnor/pnorif.H $ */
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2011,2017 */
/* [+] Google Inc. */
/* [+] International Business Machines Corp. */
/* */
/* */
/* Licensed under the Apache License, Version 2.0 (the "License"); */
/* you may not use this file except in compliance with the License. */
/* You may obtain a copy of the License at */
/* */
/* http://www.apache.org/licenses/LICENSE-2.0 */
/* */
/* Unless required by applicable law or agreed to in writing, software */
/* distributed under the License is distributed on an "AS IS" BASIS, */
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */
/* implied. See the License for the specific language governing */
/* permissions and limitations under the License. */
/* */
/* IBM_PROLOG_END_TAG */
#ifndef __PNOR_PNORIF_H
#define __PNOR_PNORIF_H
#include <stdint.h>
#include <builtins.h>
#include <pnor/pnor_const.H>
#include <errl/errlentry.H>
#include <utility>
#include <config.h>
namespace PNOR
{
/**
* Information about a side of PNOR
*/
struct SideInfo_t
{
SideId id; /**< Side ID */
char side; /**< name of the side either A or B */
bool isGolden; /**< True if side is golden */
bool isGuardPresent; /**< True if guard section is present */
bool hasOtherSide; /**< True if a valid alternate side exists*/
uint64_t primaryTOC; /**< Address of the primary TOC */
uint64_t backupTOC; /**< Address of the backup TOC */
uint64_t hbbAddress; /**< HBB Address associated with this side */
uint64_t hbbMmioOffset; /**< HBB MMIO Offset associated with hbbAddress*/
};
/** Information about PNOR Layout */
struct PnorInfo_t
{
uint32_t mmioOffset; //< Address of MMIO access
uint32_t norWorkarounds; //< NOR flash workarounds
uint32_t flashSize; //< Size of PNOR in bytes
};
/**
* @brief Returns information about a given side of pnor
*
* @param[in] i_side PNOR side
* @param[out] o_info side information
*
* @return errlHndl_t Error log if request was invalid
*/
errlHndl_t getSideInfo (SideId i_side, SideInfo_t& o_info);
/**
* @brief Return the size and address of a given section of PNOR data
*
* @param[in] i_section PNOR section
* @param[out] o_info Location and size information
*
* @return errlHndl_t Error log if request was invalid
*/
errlHndl_t getSectionInfo( SectionId i_section,
SectionInfo_t& o_info );
#ifdef CONFIG_SECUREBOOT
/**
* @brief Loads requested PNOR section to secure virtual address space
*
* @par Detailed Description:
* Loads requested PNOR section to secure virtual address space. If secure
* mode is enabled, the load will fully validate the section before
* placing it in the address space. Returns error if the requested
* section does not have secure space support.
*
* @param[in] i_section PNOR section to load. If the section is already loaded,
* the bulk of the load operation will not be repeated as
* a reference count is maintained for each section.
*
* @return errlHndl_t Error log handle
* @retval NULL Successfully loaded PNOR section
* @retval !NULL Failed to load PNOR section
*/
errlHndl_t loadSecureSection(SectionId i_section);
/**
* @brief Unloads requested PNOR section from secure virtual address space.
* There are some restrictions about which sections can be unloaded.
* 1. You cannot unload HBB, HBI, or targeting sections. These are core
* sections that need to be available as much as possible.
* 2. You can only unload sections for which the secure payload is
* the entire payload. Sections with unsecured pages are not
* supported.
*
* @param[in] i_section PNOR section to unload.
*
* @return errlHndl_t Error log handle
* @retval NULL Successfully unloaded PNOR section
* @retval !NULL Failed to unload PNOR section for the reasons listed above
* or if the section is not currently loaded.
*/
errlHndl_t unloadSecureSection(SectionId i_section);
#endif // CONFIG_SECUREBOOT
/**
* @brief Determines whether the given section is inhibited by secure boot
* for containing attribute overrides.
*
* @param[in] i_section PNOR section to test.
*
* @return bool True if inhibited section, false otherwise.
*/
bool isInhibitedSection(const uint32_t i_section);
/**
* @brief Write the data back from hostboot memory to PNOR of a given section
* of PNOR
*
* @param[in] i_section PNOR section
*
* @return errlHndl_t Error log if request was invalid
*/
errlHndl_t flush (SectionId i_section);
/**
* @brief checks and fixes correctable ECC errors in the PNOR
*
* @param[in] i_secion: PNOR section
* @return errlHndl_t: Error Log
*/
errlHndl_t fixECC (SectionId i_section);
/**
* @brief Informs caller if PNORDD is using
* L3 Cache for fake PNOR or not.
*
* @return Indicate state of fake PNOR
* true = PNOR DD is using L3 Cache for fake PNOR
* false = PNOR DD not using L3 Cache for fake PNOR
*/
bool usingL3Cache();
/**
* @brief Clears the specified PNOR section with all FF's (w/ good ECC)
*
* @param[in] i_section PNOR section to clear
*
* @return Error if fails
*/
errlHndl_t clearSection(PNOR::SectionId i_section);
/**
* @brief Validate the Alternative Master Processor's LPC
* Connection to PNOR
*
* @return errlHndl_t Error log if validation failed
*/
errlHndl_t validateAltMaster( void );
/**
* @brief Retrieve some information about the PNOR/SFC hardware
*
* @param[out] o_pnorInfo Information about PNOR
*/
void getPnorInfo( PnorInfo_t& o_pnorInfo );
/**
* @brief Check if PNOR section appears to be secure and sets the
* internal TOC of PnorRp accordingly.
* Note: The setting of the flag is based on the Secureboot policy.
*
* @param[in] i_secId Section ID or index in the TOC to modify
* @param[in] io_TOC Pointer to internal array of section data that
* represents the TOC of pnor flash
* Asserts if nullptr
*
* @return errlHndl_t Error log if request was invalid
*/
errlHndl_t setSecure(const uint32_t i_secId, SectionData_t* io_TOC);
/**
* @brief Returns string representation of a PNOR SectionId.
* If id requested is out of range of known string array
* - Hostboot asserts
* - Bootloader terminates
*
* @param[in] i_secIdIndex PNOR section id which also represents the index
* into the string array.
*
* @return const char* - String associated with Section ID
*
*/
const char * SectionIdToString( uint32_t i_secIdIndex );
/**
* @brief Memcmp a vaddr to the known secureboot magic number
*
* @param[in] i_vaddr: vaddr of secureboot header to check for magic number
* Note: must point to a buffer of size >= 4 bytes
* Nullptr asserts or terminates bootloader
*
* @return bool - True if the magic number and starting bytes of the vaddr
* match. False otherwise.
*/
bool cmpSecurebootMagicNumber(const uint8_t* i_vaddr);
/**
* @brief Determine if a PNOR section is empty by checking if first PAGE
* is all 0xFF's or 0x00's depending on ECC or not.
*
* @param[in] i_secId ID of requested section
*
* @return bool - True if the section is empty (all 0xFF's or 0x00's)
* False otherwise.
*/
bool isSectionEmpty(const PNOR::SectionId i_section);
} // PNOR
#endif
|