diff options
author | Nick Bofferding <bofferdn@us.ibm.com> | 2018-03-15 21:47:37 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2018-05-07 16:23:23 -0400 |
commit | b783b0264c7f8c975f2a84218ba79a3ce3b458b1 (patch) | |
tree | 324971bd66937cf02050adade647137cb370602b | |
parent | ad4b745046741aba48b11a92dde21e396f517f60 (diff) | |
download | talos-hostboot-b783b0264c7f8c975f2a84218ba79a3ce3b458b1.tar.gz talos-hostboot-b783b0264c7f8c975f2a84218ba79a3ce3b458b1.zip |
Secure Boot: Secure Centaurs in istep 14.5
If secureboot is enabled, call HWP in istep 14.5 to secure the Centaurs.
The HWP will set protection bits in the Centaur that cannot be reversed
without a full re-init of the chip.
Change-Id: I8f72a11b3b79df4bd9dbd6869f525d8271d36887
RTC: 187288
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/55951
Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
-rw-r--r-- | src/usr/isteps/istep14/call_proc_setup_bars.C | 65 | ||||
-rw-r--r-- | src/usr/isteps/istep14/makefile | 1 |
2 files changed, 65 insertions, 1 deletions
diff --git a/src/usr/isteps/istep14/call_proc_setup_bars.C b/src/usr/isteps/istep14/call_proc_setup_bars.C index 7b6843346..e42ba9a07 100644 --- a/src/usr/isteps/istep14/call_proc_setup_bars.C +++ b/src/usr/isteps/istep14/call_proc_setup_bars.C @@ -27,6 +27,7 @@ #include <initservice/isteps_trace.H> #include <errl/errlmanager.H> #include <errl/errludtarget.H> +#include <secureboot/service.H> // targeting support #include <targeting/common/commontargeting.H> @@ -36,6 +37,7 @@ #include <p9_setup_bars.H> #include <p9_mss_setup_bars.H> +#include <p9c_mss_secure_boot.H> // TODO: RTC 184860 Remove MCS acker workaround #include <initservice/initserviceif.H> @@ -100,7 +102,7 @@ void* call_proc_setup_bars (void *io_pArgs) // ******************************* - // Get all Centaur targets + // Get all processor targets TARGETING::TargetHandleList l_cpuTargetList; getAllChips(l_cpuTargetList, TARGETING::TYPE_PROC ); @@ -186,6 +188,67 @@ void* call_proc_setup_bars (void *io_pArgs) } // end if !l_errl + // Assuming no errors, secure any Centaurs + if ( l_stepError.isNull() ) + { + bool secureCentaurs = false; + + if(SECUREBOOT::enabled()) + { + secureCentaurs = true; + } + + // Any feature that would add [force disable|force enable|no force] + // behavior would naturally go here + + if(secureCentaurs) + { + TRACFCOMP(ISTEPS_TRACE::g_trac_isteps_trace, + "call_proc_setup_bars: Securing node's functional Centaurs"); + + TARGETING::TargetHandleList functionalCentaurs; + getAllChips(functionalCentaurs, TARGETING::TYPE_MEMBUF); + for (const auto & pCentaur: functionalCentaurs) + { + if( pCentaur->getAttr<TARGETING::ATTR_MODEL>() + != TARGETING::MODEL_CENTAUR) + { + continue; + } + + const fapi2::Target<fapi2::TARGET_TYPE_MEMBUF_CHIP> + fapiCentaurTarget(pCentaur); + + TRACFCOMP(ISTEPS_TRACE::g_trac_isteps_trace, + "call_proc_setup_bars: Invoking p9c_mss_secure_boot on " + "Centaur with HUID of 0x%08X", + TARGETING::get_huid(pCentaur)); + + FAPI_INVOKE_HWP(l_errl, + p9c_mss_secure_boot, + fapiCentaurTarget); + if (l_errl) + { + TRACFCOMP(ISTEPS_TRACE::g_trac_isteps_trace, + "ERROR : p9c_mss_secure_boot failure for " + "Centaur with HUID of 0x%08X", + TARGETING::get_huid(pCentaur)); + + ErrlUserDetailsTarget(pCentaur).addToLog(l_errl); + l_stepError.addErrorDetails(l_errl); + errlCommit(l_errl, HWPF_COMP_ID); + } + else + { + TRACFCOMP(ISTEPS_TRACE::g_trac_isteps_trace, + "SUCCESS : p9c_mss_secure_boot succeeded for " + "Centaur with HUID of 0x%08X", + TARGETING::get_huid(pCentaur)); + } + } + } + } + if ( l_errl ) { diff --git a/src/usr/isteps/istep14/makefile b/src/usr/isteps/istep14/makefile index ab9faff82..02dc3a39c 100644 --- a/src/usr/isteps/istep14/makefile +++ b/src/usr/isteps/istep14/makefile @@ -59,6 +59,7 @@ OBJS += call_host_mpipl_service.o include ${ROOTPATH}/procedure.rules.mk include ${PROCEDURE_PATH}/hwp/nest/p9_exit_cache_contained.mk include ${PROCEDURE_PATH}/hwp/nest/p9_mss_setup_bars.mk +include ${CEN_PROC_PATH}/hwp/memory/p9c_mss_secure_boot.mk # TODO: RTC 159164: Multiple definition linker errors on HWPs that include the # same *.o file in their *.mk files |