Secure Boot: Inform FSP of key transition progress

The existing key transition flow updates all SBE SEEPROMs within the system in
the same boot, thereby quiescing all SBEs.  This compromises the ability of FSP
to detect a key transition TI at the end of the update process because the SBE
is not alive to service FSP's incoming SBE FIFO request to read the memory
holding the attention information.  This change adds new support to log
the key transition progress in a node target attribute introduced in an
earlier commit and send that status to FSP via a new mailbox message.

Change-Id: I828184ae8be89ac87137d7510a3c375cef2e05d7
CQ: SW418697
CMVC-Prereq: 1053806
CMVC-Prereq: 1053552
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/56677
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

2 files changed, 143 insertions, 9 deletions

diff --git a/src/include/usr/sbe/sbe_update.H b/src/include/usr/sbe/sbe_update.H
index 19370fbab..70ecf6f15 100644
--- a/src/include/usr/sbe/sbe_update.H
+++ b/src/include/usr/sbe/sbe_update.H
@@ -76,8 +76,9 @@ namespace SBE
     const uint8_t SITUATION_BOOT_SIDE_1   = 0x02;
 
     // For mbox messages to FSP
-    const uint32_t MSG_IPL_DUE_TO_SBE_UPDATE = 0x40000012;
-    const uint32_t MSG_IPL_MASTER_CORE       = 0x40000005;
+    const uint32_t MSG_IPL_DUE_TO_SBE_UPDATE         = 0x40000012;
+    const uint32_t MSG_IPL_MASTER_CORE               = 0x40000005;
+    const uint32_t MSG_KEY_TRANSITION_EVENT_OCCURRED = 0x40000017;
 
     /******************************************/
     /*  Enums                                 */
@@ -608,5 +609,23 @@ namespace SBE
                                       uint32_t i_SourceBfrLen,
                                       void * & o_pHbblIdStringBfr );
 
+    /**
+     *  @brief Updates the key transition state for the node
+     *
+     *  @par Detailed Description:
+     *      Updates the specified key transition state for the node and sends a
+     *      synchronous key transition state change alert to FSP (if
+     *      applicable).
+     *
+     *  @param[in] i_keyTransitionState Key transition state to update
+     *
+     *  @return errlHndl_t Error log handle
+     *  @retval nullptr Successfully updated node key transition state and
+     *      sent the new key transition state to FSP
+     *  @retval !nullptr Failed to send new key transition state to FSP
+     */
+    errlHndl_t updateKeyTransitionState(
+        TARGETING::KEY_TRANSITION_STATE i_keyTransitionState);
+
 } //end namespace SBE
 #endif
diff --git a/src/usr/sbe/sbe_update.C b/src/usr/sbe/sbe_update.C
index 4cdb67d1c..9ac74fdbb 100644
--- a/src/usr/sbe/sbe_update.C
+++ b/src/usr/sbe/sbe_update.C
@@ -35,6 +35,7 @@
 #include <targeting/common/utilFilter.H>
 #include <targeting/common/targetservice.H>
 #include <targeting/common/target.H>
+#include <targeting/targplatutil.H>
 #include <util/align.H>
 #include <util/crc32.H>
 #include <util/misc.H>
@@ -271,6 +272,25 @@ namespace SBE
                 TRACFBIN(g_trac_sbe, "updateProcessorSbeSeeproms(): Key transition new hw key hash",
                          g_hw_keys_hash_transition_data,
                          sizeof(g_hw_keys_hash_transition_data));
+
+                if(INITSERVICE::spBaseServicesEnabled())
+                {
+                    // Sync all attributes to FSP before we quiesce all the
+                    // SBEs.
+                    err = syncAllAttributesToFsp();
+                    if( err )
+                    {
+                        // Failed to sync all attributes to FSP; this is not
+                        // necessarily fatal.  The key transition will continue,
+                        // but this issue will be logged.
+                        TRACFCOMP(g_trac_sbe, ERR_MRK
+                            "updateProcessorSbeSeeproms: Error syncing "
+                            "attributes to FSP, RC=0x%04X, PLID=0x%08X",
+                            ERRL_GETRC_SAFE(err),
+                            ERRL_GETPLID_SAFE(err));
+                        errlCommit(err,SBE_COMP_ID );
+                    }
+                }
             }
 
             for(uint32_t i=0; i<procList.size(); i++)
@@ -544,6 +564,32 @@ namespace SBE
             }
         }
 
+        if(err && g_do_hw_keys_hash_transition)
+        {
+            // In theory it's possible to end up here if Hostboot fails to send
+            // the key transition started/succeeded message.  Hostboot will
+            // treat that as a failure of the key transition process to call
+            // attention to the unexpected sequence.
+            errlHndl_t pError = updateKeyTransitionState(
+                TARGETING::KEY_TRANSITION_STATE_KEY_TRANSITION_FAILED);
+            if(pError)
+            {
+                TRACFCOMP(g_trac_sbe,
+                    ERR_MRK"updateProcessorSbeSeeproms(): Failed in call to "
+                    "updateKeyTransitionState with state of "
+                    "KEY_TRANSITION_STATE_KEY_TRANSITION_FAILED. "
+                    "Error log's EID=0x%08X, PLID=0x%08X, RC=0x%04X. ",
+                    "Changing error log's PLID to 0x%08X.",
+                    pError->eid(),pError->plid(),pError->reasonCode(),
+                    err->plid());
+
+                pError->plid(err->plid());
+                err->collectTrace(SBE_COMP_NAME);
+                err->collectTrace(SBEIO_COMP_NAME);
+                errlCommit(pError,SBE_COMP_ID);
+            }
+        }
+
         TRACUCOMP( g_trac_sbe,
                    EXIT_MRK"updateProcessorSbeSeeproms()" );
 
@@ -5383,6 +5429,21 @@ errlHndl_t sbeDoReboot( void )
     TRACFCOMP( g_trac_sbe, ENTER_MRK"sbeDoReboot");
 
     do{
+
+        if(g_do_hw_keys_hash_transition)
+        {
+            err = updateKeyTransitionState(
+                      TARGETING::KEY_TRANSITION_STATE_KEY_TRANSITION_SUCCEEDED);
+            if(err)
+            {
+                TRACFCOMP(g_trac_sbe,
+                    ERR_MRK"sbeDoReboot(): Failed in call to "
+                    "updateKeyTransitionState with state of "
+                    "KEY_TRANSITION_STATE_KEY_TRANSITION_SUCCEEDED");
+                break;
+            }
+        }
+
 #ifdef CONFIG_BMC_IPMI
         uint16_t count = SENSOR::DEFAULT_REBOOT_COUNT;
         SENSOR::RebootCountSensor l_sensor;
@@ -5412,7 +5473,8 @@ errlHndl_t sbeDoReboot( void )
 
 #else //non-IPMI
 
-        if( INITSERVICE::spBaseServicesEnabled() )
+        if(   INITSERVICE::spBaseServicesEnabled()
+           && !g_do_hw_keys_hash_transition)
         {
             // Sync all attributes to the FSP before doing the Shutdown
             err = syncAllAttributesToFsp();
@@ -5420,11 +5482,11 @@ errlHndl_t sbeDoReboot( void )
             {
                 // Something failed on the sync.  Commit the error here
                 // and continue with the Re-IPL Request
-                TRACFCOMP( g_trac_sbe,
-                           ERR_MRK"sbeDoReboot() - Error "
-                           "syncing attributes to FSP, RC=0x%X, PLID=0x%lX",
-                           ERRL_GETRC_SAFE(err),
-                           ERRL_GETPLID_SAFE(err));
+                TRACFCOMP(g_trac_sbe, ERR_MRK
+                    "sbeDoReboot: Error syncing attributes to FSP.  "
+                    "RC=0x%04X, PLID=0x%08X",
+                    ERRL_GETRC_SAFE(err),
+                    ERRL_GETPLID_SAFE(err));
                 errlCommit( err, SBE_COMP_ID );
             }
             else
@@ -5452,7 +5514,6 @@ errlHndl_t sbeDoReboot( void )
         }
 #endif
 
-
 #ifdef CONFIG_BMC_IPMI
         if(g_do_hw_keys_hash_transition)
         {
@@ -5862,6 +5923,16 @@ errlHndl_t secureKeyTransition()
         // Indicate a key transition is required
         g_do_hw_keys_hash_transition = true;
 
+        l_errl = updateKeyTransitionState(
+                     TARGETING::KEY_TRANSITION_STATE_KEY_TRANSITION_STARTED);
+        if(l_errl)
+        {
+            TRACFCOMP(g_trac_sbe,ERR_MRK "secureKeyTransition(): Failed in "
+                "call to updateKeyTransitionState() with state of "
+                "KEY_TRANSITION_STATE_KEY_TRANSITION_STARTED");
+            break;
+        }
+
         bool l_hw_lab_override_flag = l_nestedConHdr.sb_flags()->hw_lab_override;
         TRACFCOMP(g_trac_sbe, "Overriding the Lab Security Backdoor Bit due to"
                   " key transition; new Security Backdoor Enabled bit is %d",
@@ -5959,5 +6030,49 @@ errlHndl_t locateHbblIdStringBfr( void * i_pSourceBfr,
     return l_errl;
 }
 
+errlHndl_t updateKeyTransitionState(
+    const TARGETING::KEY_TRANSITION_STATE i_keyTransitionState)
+{
+    errlHndl_t pError = nullptr;
+
+    do {
+
+    TRACFCOMP(g_trac_sbe,
+        INFO_MRK "updateKeyTransitionState: new key transition state of "
+        "0x%08X",
+        i_keyTransitionState);
+
+    TARGETING::UTIL::getCurrentNodeTarget()->setAttr<
+        TARGETING::ATTR_KEY_TRANSITION_STATE>(i_keyTransitionState);
+
+    if(INITSERVICE::spBaseServicesEnabled())
+    {
+        auto * pMsg = msg_allocate();
+        pMsg->type = SBE::MSG_KEY_TRANSITION_EVENT_OCCURRED;
+        pMsg->data[0] = i_keyTransitionState;
+        pMsg->data[1] = 0;
+        pMsg->extra_data = nullptr;
+
+        pError = MBOX::sendrecv(MBOX::IPL_SERVICE_QUEUE,pMsg);
+        if (pError)
+        {
+            TRACFCOMP(g_trac_sbe,
+                ERR_MRK "updateKeyTransitionState: "
+                "Failed in call to MBOX::sendrecv attempting to send a "
+                "MSG_KEY_TRANSITION_EVENT_OCCURRED event with key transition "
+                "state of 0x%08X",
+                i_keyTransitionState);
+        }
+
+        // Error or not, always have to free the memory
+        msg_free(pMsg);
+        pMsg=nullptr;
+    }
+
+    } while(0);
+
+    return pError;
+}
+
 } //end SBE Namespace