summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNick Bofferding <bofferdn@us.ibm.com>2017-11-27 11:58:12 -0600
committerDaniel M. Crowell <dcrowell@us.ibm.com>2017-11-30 11:48:03 -0500
commit98e55542894206f5b1442eaa470a0df7c81b70f5 (patch)
tree3d1be5690b1c8e4ecbd52e8592d8dfbde2528b77
parentc4d83bcbb421d786a0d5ff1e08d5bc53c365ba41 (diff)
downloadtalos-hostboot-98e55542894206f5b1442eaa470a0df7c81b70f5.tar.gz
talos-hostboot-98e55542894206f5b1442eaa470a0df7c81b70f5.zip
Secure Boot: Blacklist: Init PSI bridge BAR and FSP BAR properly for security
Change-Id: I96639c0e61a101170802ba9a96cd785d0388e985 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/50057 Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat
-rw-r--r--src/usr/intr/intrrp.C53
-rw-r--r--src/usr/intr/intrrp.H16
-rw-r--r--src/usr/isteps/istep10/call_proc_build_smp.C74
-rw-r--r--src/usr/isteps/istep14/call_proc_exit_cache_contained.C34
4 files changed, 70 insertions, 107 deletions
diff --git a/src/usr/intr/intrrp.C b/src/usr/intr/intrrp.C
index a898c2cf0..f54577f98 100644
--- a/src/usr/intr/intrrp.C
+++ b/src/usr/intr/intrrp.C
@@ -1615,6 +1615,13 @@ errlHndl_t IntrRp::setCommonInterruptBARs(intr_hdlr_t * i_proc,
do {
+ l_err = setFspBAR(i_proc, i_enable);
+ if(l_err)
+ {
+ TRACFCOMP(g_trac_intr, "Error setting FSP BAR");
+ break;
+ }
+
l_err = setPsiHbBAR(i_proc, i_enable);
if (l_err)
{
@@ -3232,6 +3239,52 @@ errlHndl_t INTR::disableExternalInterrupts()
return err;
}
+errlHndl_t IntrRp::setFspBAR(
+ const intr_hdlr_t* const i_pProcIntrHdlr,
+ const bool i_enable)
+{
+ errlHndl_t pError = nullptr;
+
+ do
+ {
+
+ if (!i_enable)
+ {
+ // Noop on disable
+ break;
+ }
+
+ assert(i_pProcIntrHdlr != nullptr,"BUG! Input interrupt handler pointer "
+ "was nullptr");
+ auto * const pProc = i_pProcIntrHdlr->proc;
+ assert(pProc != nullptr,"BUG! proc target was nullptr");
+
+ uint64_t fspBAR =
+ pProc->getAttr<TARGETING::ATTR_FSP_BASE_ADDR>();
+
+ const size_t expSize = sizeof(fspBAR);
+ auto size = expSize;
+ pError = deviceWrite(
+ pProc,
+ &fspBAR,
+ size,
+ DEVICE_SCOM_ADDRESS(PU_PSI_BRIDGE_FSP_BAR_REG));
+ if(pError)
+ {
+ TRACFCOMP(g_trac_intr,ERR_MRK "Failed writing %d bytes of FSP BAR "
+ "address value (0x%016llX) to FSP BAR register for proc 0x%08X",
+ expSize,fspBAR,get_huid(pProc));
+ break;
+ }
+
+ assert(size == expSize,"Actual SCOM write size (%d) does not match "
+ "expected SCOM write size (%d)",size,expSize);
+
+ } while(0);
+
+ return pError;
+}
+
errlHndl_t IntrRp::setPsiHbBAR(intr_hdlr_t *i_proc, bool i_enable)
{
errlHndl_t l_err = NULL;
diff --git a/src/usr/intr/intrrp.H b/src/usr/intr/intrrp.H
index f211e3347..12fb453f2 100644
--- a/src/usr/intr/intrrp.H
+++ b/src/usr/intr/intrrp.H
@@ -596,6 +596,22 @@ namespace INTR
errlHndl_t handlePsuInterrupt(ext_intr_t i_type,
intr_hdlr_t* i_proc,
PIR_t& i_pir);
+ /**
+ * @brief Set the FSP BAR
+ *
+ * @param[in] i_pProcIntrHdlr Pointer to processor interrupt
+ * handler structure; must not be nullptr or function will
+ * assert. Referenced proc target must also not be nullptr, or
+ * same consequence.
+ * @param[in] i_enable Whether to enable/disable the BAR (disable
+ * request is no-op for this BAR)
+ *
+ * @return errlHndl_t Error log handle on failure, nullptr on
+ * success
+ */
+ errlHndl_t setFspBAR(
+ const intr_hdlr_t* i_pProcIntrHdlr,
+ bool i_enable);
/**
* Set the PSI Host Bridge BAR scom register
diff --git a/src/usr/isteps/istep10/call_proc_build_smp.C b/src/usr/isteps/istep10/call_proc_build_smp.C
index 07bbbed06..b127b332c 100644
--- a/src/usr/isteps/istep10/call_proc_build_smp.C
+++ b/src/usr/isteps/istep10/call_proc_build_smp.C
@@ -71,85 +71,13 @@ void* call_proc_build_smp (void *io_pArgs)
std::vector<fapi2::Target<fapi2::TARGET_TYPE_PROC_CHIP>> l_procList;
- // Loop through all proc chips
+ // Loop through all proc chips and convert them to FAPI targets
for (const auto & curproc: l_cpuTargetList)
{
- if (curproc != l_masterProc)
- {
- //---PHBBAR - PSI Host Bridge Base Address Register
- //Get base BAR Value from attribute
- uint64_t l_baseBarValue = curproc->
- getAttr<TARGETING::ATTR_PSI_BRIDGE_BASE_ADDR>();
-
- uint64_t l_barValue = l_baseBarValue;
- uint64_t size = sizeof(l_barValue);
- l_errl = deviceWrite(curproc,
- &l_barValue,
- size,
- DEVICE_SCOM_ADDRESS(0x0501290A));
-
- if(l_errl)
- {
- TRACFCOMP(ISTEPS_TRACE::g_trac_isteps_trace,ERR_MRK
- "Unable to set PSI BRIDGE BAR Address");
- break;
- }
-
- //Now set the enable bit
- l_barValue += 0x0000000000000001ULL; //PSI BRIDGE BAR ENABLE Bit
- size = sizeof(l_barValue);
-
- TRACFCOMP(ISTEPS_TRACE::g_trac_isteps_trace,
- "Setting PSI BRIDGE Bar enable value for Target with "
- "huid: 0x%x, PSI BRIDGE BAR value: 0x%016lx",
- TARGETING::get_huid(curproc),l_barValue);
-
- l_errl = deviceWrite(curproc,
- &l_barValue,
- size,
- DEVICE_SCOM_ADDRESS(0x0501290A));
-
- if(l_errl)
- {
- TRACFCOMP(ISTEPS_TRACE::g_trac_isteps_trace,
- ERR_MRK"Error enabling FSP BAR");
- break;
- }
-
- //---FSPBAR - FSP Base Address Register
- //Get base BAR Value from attribute
- l_baseBarValue = curproc->
- getAttr<TARGETING::ATTR_FSP_BASE_ADDR>();
-
- TRACFCOMP(ISTEPS_TRACE::g_trac_isteps_trace,
- "Setting FSP Bar enable value for Target with "
- "huid: 0x%x, FSP BAR value: 0x%016lx",
- TARGETING::get_huid(curproc),l_baseBarValue);
-
- l_errl = deviceWrite(curproc,
- &l_baseBarValue,
- size,
- DEVICE_SCOM_ADDRESS(0x0501290B));
-
- if(l_errl)
- {
- TRACFCOMP(ISTEPS_TRACE::g_trac_isteps_trace,
- ERR_MRK"Error enabling FSP BAR");
- break;
- }
-
- }
-
const fapi2::Target<fapi2::TARGET_TYPE_PROC_CHIP>
l_fapi2_proc_target (curproc);
l_procList.push_back(l_fapi2_proc_target);
}
- if(l_errl)
- {
- l_StepError.addErrorDetails( l_errl);
- errlCommit( l_errl, ISTEP_COMP_ID );
- }
-
TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace,
"call_proc_build_smp entry" );
diff --git a/src/usr/isteps/istep14/call_proc_exit_cache_contained.C b/src/usr/isteps/istep14/call_proc_exit_cache_contained.C
index abbc8fcdd..aa20dd2d2 100644
--- a/src/usr/isteps/istep14/call_proc_exit_cache_contained.C
+++ b/src/usr/isteps/istep14/call_proc_exit_cache_contained.C
@@ -326,40 +326,6 @@ void* call_proc_exit_cache_contained (void *io_pArgs)
}
}
- //Set PSI and FSP BARs, activate the PSI link BAR
- //TODO RTC 150260 Re-evaluate if this should be deleted or enabled
-// uint64_t psi = l_masterProc->getAttr<ATTR_PSI_BRIDGE_BASE_ADDR>();
- uint64_t fsp = l_masterProc->getAttr<ATTR_FSP_BASE_ADDR>();
-// psi |= 0x1; //turn on enable bit for PSI, FSP is in PSI Init HWP
-
-// l_errl = deviceWrite( l_masterProc,
-// &psi,
-// scom_size,
-// DEVICE_SCOM_ADDRESS(PU_PSI_BRIDGE_BAR_REG) );
- if ( l_errl )
- {
- // Create IStep error log and cross reference to error that
- // occurred
- l_stepError.addErrorDetails( l_errl );
-
- // Commit Error
- errlCommit( l_errl, HWPF_COMP_ID );
- }
-
- l_errl = deviceWrite( l_masterProc,
- &fsp,
- scom_size,
- DEVICE_SCOM_ADDRESS(PU_PSI_BRIDGE_FSP_BAR_REG) );
- if ( l_errl )
- {
- // Create IStep error log and cross reference to error that
- // occurred
- l_stepError.addErrorDetails( l_errl );
-
- // Commit Error
- errlCommit( l_errl, HWPF_COMP_ID );
- }
-
// Call the function to extend VMM to 48MEG
int rc = mm_extend();
OpenPOWER on IntegriCloud