Support setting security mode based on SBE key indicator bit

Change-Id: I9db3857b73116db5761b55eb3aa6ec7e47dd4c3d
RTC: 170650
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/39515
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

4 files changed, 101 insertions, 10 deletions

diff --git a/src/include/securerom/ROM.H b/src/include/securerom/ROM.H
index 9e3d7d4ca..9d928de28 100644
--- a/src/include/securerom/ROM.H
+++ b/src/include/securerom/ROM.H
@@ -248,6 +248,7 @@ enum HW_SB_FLAGS
     HB_FW_FLAG = 0x80000000,
     OPAL_FLAG = 0x40000000,
     PHYP_FLAG = 0x20000000,
+    LAB_OVERRIDE_FLAG = 0x00080000,
     KEY_TRANSITION_FLAG = 0x00000001
 };
 
@@ -260,12 +261,21 @@ enum SW_SB_FLAGS
 // Structure to store all hw and sw flag values in a container header
 struct sb_flags_t
 {
-    sb_flags_t() : hw_hb_fw(false), hw_opal(false), hw_phyp(false),
-                   hw_key_transition(false) {}
-    bool hw_hb_fw;
-    bool hw_opal;
-    bool hw_phyp;
-    bool hw_key_transition;
+    sb_flags_t() :
+        hw_hb_fw(false),
+        hw_opal(false),
+        hw_phyp(false),
+        hw_lab_override(false),
+        hw_key_transition(false)
+    {
+    }
+
+    bool hw_hb_fw;          ///< Signed using HB keys
+    bool hw_opal;           ///< Signed using OPAL keys
+    bool hw_phyp;           ///< Signed using PHyp keys
+    bool hw_lab_override;   ///< Whether to enable lab security override;
+                            ///< Only applicable for SBE partition
+    bool hw_key_transition; ///< Indicates this is a key transition container
 };
 
 
diff --git a/src/usr/pnor/spnorrp.C b/src/usr/pnor/spnorrp.C
index cd59cf26d..496ebabe9 100644
--- a/src/usr/pnor/spnorrp.C
+++ b/src/usr/pnor/spnorrp.C
@@ -386,6 +386,15 @@ uint64_t SPnorRP::verifySections(SectionId i_id, LoadRecord* o_rec)
             }
         }
 
+        l_errhdl = processFwKeyIndicators(l_conHdr,i_id);
+        if(l_errhdl)
+        {
+            TRACFCOMP(g_trac_pnor, ERR_MRK "SPnorrRP::verifySections: Failed "
+                "in call to processFwKeyIndicators().  PNOR section = %s.",
+                PNOR::SectionIdToString(i_id));
+            break;
+        }
+
         // verification succeeded
 
         // parse container header now that it is verified
@@ -766,6 +775,36 @@ errlHndl_t PNOR::unloadSecureSection(const SectionId i_section)
     return pError;
 }
 
+void SPnorRP::processLabOverride(
+    const sb_flags_t& i_flags) const
+{
+    TARGETING::Target* pSys = nullptr;
+    TARGETING::targetService().getTopLevelTarget(pSys);
+    assert(pSys != nullptr,"System target was nullptr.");
+    // ATTR_SECURITY_MODE attribute values are inverted with respect to the lab
+    // override flag for the same logical meaning
+    TARGETING::ATTR_SECURITY_MODE_type securityMode =
+        !(i_flags.hw_lab_override);
+    pSys->setAttr<TARGETING::ATTR_SECURITY_MODE>(securityMode);
+    TRACFCOMP(g_trac_pnor,INFO_MRK "Set lab security override policy to %s.",
+        securityMode ? "*NO* override" : "override if requested");
+}
+
+errlHndl_t SPnorRP::processFwKeyIndicators(
+    const SECUREBOOT::ContainerHeader& i_header,
+    const PNOR::SectionId              i_sectionId) const
+{
+    errlHndl_t pError = nullptr;
+
+    if(i_sectionId == PNOR::SBE_IPL)
+    {
+        auto const * const headerFlags = i_header.sb_flags();
+        processLabOverride(*headerFlags);
+    }
+
+    return pError;
+}
+
 errlHndl_t SPnorRP::miscSectionVerification(const uint8_t *i_vaddr,
                                             SectionId i_secId) const
 {
@@ -908,4 +947,4 @@ errlHndl_t SPnorRP::keyTransitionCheck(const uint8_t *i_vaddr) const
     }while(0);
 
     return l_errl;
-}
\ No newline at end of file
+}
diff --git a/src/usr/pnor/spnorrp.H b/src/usr/pnor/spnorrp.H
index 3ec527f37..34a6a8aab 100644
--- a/src/usr/pnor/spnorrp.H
+++ b/src/usr/pnor/spnorrp.H
@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2011,2016                        */
+/* Contributors Listed Below - COPYRIGHT 2011,2017                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -34,6 +34,12 @@
 #include "pnor_common.H"
 #include "ffs.h"
 #include <config.h>
+#include <securerom/ROM.H>
+
+namespace SECUREBOOT
+{
+    class ContainerHeader;
+}
 
 /**
  * Secure PNOR Resource Provider
@@ -186,5 +192,39 @@ class SPnorRP
      * @return  errlHndl_t - NULL if success, errlHndl_t otherwise.
      */
     errlHndl_t keyTransitionCheck(const uint8_t *i_vaddr) const;
+
+    /**
+     *  @brief Apply lab override policy to the attribute model
+     *
+     *  @par Detailed Description:
+     *      Reads the lab override flag from the input flag set, inverts it, and
+     *      writes it to the ATTR_SECURITY_MODE attribute.  Later, SBE update
+     *      will customize that attribute into the SBEs.  If the policy is set
+     *      (attribute clear), the SBE will watch mailbox scratch register 3 bit
+     *      6 to be set.  In that case, SBE will disable security for the
+     *      processor, otherwise (policy clear/attribute set) it will not change
+     *      the security settings.
+     *
+     *  @param[in] i_flags Various flags read from the secure header
+     */
+    void processLabOverride(
+        const sb_flags_t& i_flags) const;
+
+    /**
+     *  @brief Apply firmware key indicator policies for the given section
+     *
+     *  @par Detailed Description:
+     *      Reads the HW/SW policy flags from the given section's container
+     *      header and applies any applicable policies.
+     *
+     *  @param[in] i_header Reference to requested section's container header
+     *  @param[in] i_sectionId Section's ID
+     *
+     *  @return errlHndl_t Error log handle; nullptr if success, pointer to
+     *      valid error log otherwise.
+     */
+    errlHndl_t processFwKeyIndicators(
+        const SECUREBOOT::ContainerHeader& i_header,
+        const PNOR::SectionId              i_sectionId) const;
 };
 #endif
diff --git a/src/usr/secureboot/base/containerheader.C b/src/usr/secureboot/base/containerheader.C
index 7c518adbf..e01ab381f 100644
--- a/src/usr/secureboot/base/containerheader.C
+++ b/src/usr/secureboot/base/containerheader.C
@@ -233,8 +233,10 @@ void ContainerHeader::parseFlags()
     iv_sbFlags.hw_hb_fw = iv_headerInfo.hw_prefix_hdr.flags & HB_FW_FLAG;
     iv_sbFlags.hw_opal = iv_headerInfo.hw_prefix_hdr.flags & OPAL_FLAG;
     iv_sbFlags.hw_phyp = iv_headerInfo.hw_prefix_hdr.flags & PHYP_FLAG;
-    iv_sbFlags.hw_key_transition = iv_headerInfo.hw_prefix_hdr.flags
-                                   & KEY_TRANSITION_FLAG;
+    iv_sbFlags.hw_lab_override =(  iv_headerInfo.hw_prefix_hdr.flags
+                                 & LAB_OVERRIDE_FLAG);
+    iv_sbFlags.hw_key_transition =(  iv_headerInfo.hw_prefix_hdr.flags
+                                   & KEY_TRANSITION_FLAG);
 }
 
 void ContainerHeader::genHwKeyHash()