diff options
author | Jaymes Wilks <mjwilks@us.ibm.com> | 2017-08-25 14:18:38 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-08-31 12:49:40 -0400 |
commit | e1678bffbd5cba43911f7e6f670ac3c3bb68af39 (patch) | |
tree | 2f9086aa3a1e29bbc353591c4a3d771c92472d0d | |
parent | 45d359f3df82a3e9edf31b89193c7a61c5229977 (diff) | |
download | talos-hostboot-e1678bffbd5cba43911f7e6f670ac3c3bb68af39.tar.gz talos-hostboot-e1678bffbd5cba43911f7e6f670ac3c3bb68af39.zip |
Replace HB_SECURITY_MODE attribute with SECUREBOOT API equivalent
The HB_SECURITY_MODE attribute will now be a variable managed by
secureboot. The FAPI attribue SECURITY_MODE that maps to the HB
version will now call to that variable in the SECUREBOOT API.
Change-Id: I7e42c3f2e355feeb0d49aa6a998960bc5409bfa2
RTC:178643
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/45167
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
-rw-r--r-- | src/include/usr/fapi2/attribute_service.H | 31 | ||||
-rw-r--r-- | src/include/usr/secureboot/service.H | 19 | ||||
-rw-r--r-- | src/usr/fapi2/attribute_service.C | 25 | ||||
-rw-r--r-- | src/usr/pnor/spnorrp.C | 9 | ||||
-rw-r--r-- | src/usr/secureboot/base/service.C | 23 | ||||
-rwxr-xr-x | src/usr/targeting/common/xmltohb/attribute_types_hb.xml | 26 | ||||
-rw-r--r-- | src/usr/targeting/common/xmltohb/target_types_hb.xml | 1 |
7 files changed, 101 insertions, 33 deletions
diff --git a/src/include/usr/fapi2/attribute_service.H b/src/include/usr/fapi2/attribute_service.H index a6e793914..f21020610 100644 --- a/src/include/usr/fapi2/attribute_service.H +++ b/src/include/usr/fapi2/attribute_service.H @@ -276,6 +276,25 @@ ReturnCode fapiAttrGetBadDqBitmap( const Target<TARGET_TYPE_ALL>& i_fapiTarget, ReturnCode fapiAttrSetBadDqBitmap( const Target<TARGET_TYPE_ALL>& i_fapiTarget, ATTR_BAD_DQ_BITMAP_Type (&i_data) ); +/// @brief This function is called by the FAPI_ATTR_GET macro when getting +/// the SECURITY_MODE attribute. It should not be called directly. +/// +/// @param[out] o_securityMode Provides the attribute contents to the caller +/// @return ReturnCode Always FAPI2_RC_SUCCESS, this cannot fail. +/// If a toplevel target cannot be found then +/// an assert triggers in the platform call +/// +ReturnCode platGetSecurityMode(uint8_t & o_securityMode); + +/// @brief This function is called by the FAPI_ATTR_SET macro when setting +/// the SECURITY_MODE attribute. It should not be called directly. There are no +/// parameters. This is intentional as setting this attribute is not supported +/// from FAPI or FAPI runtime code. A FAPI INFO trace will be printed explaining +/// this. +/// +/// @return ReturnCode Always FAPI2_RC_SUCCESS, this cannot fail. +ReturnCode platSetSecurityMode(); + // ----------------------------------------------------------------------------- // End TODO: End to be supported functions // ----------------------------------------------------------------------------- @@ -381,4 +400,16 @@ fapiToTargeting::ID, sizeof(VAL), &(VAL)) ? fapi2::ReturnCode() : \ fapi2::platAttrSvc::fapiAttrSetBadDqBitmap(TARGET, VAL) +//------------------------------------------------------------------------------ +// MACRO to route ATTR_SECURITY_MODE access to the correct HB function +//------------------------------------------------------------------------------ +#define ATTR_SECURITY_MODE_GETMACRO(ID, TARGET, VAL) \ + AttrOverrideSync::getAttrOverrideFunc(ID, TARGET, &VAL)\ + ? fapi2::ReturnCode() : \ + fapi2::platAttrSvc::platGetSecurityMode(VAL) +#define ATTR_SECURITY_MODE_SETMACRO(ID, TARGET, VAL) \ + AttrOverrideSync::getAttrOverrideFunc(ID, TARGET, &VAL)\ + ? fapi2::ReturnCode() : \ + fapi2::platAttrSvc::platSetSecurityMode() + #endif // ATTRIBUTESERVICE_H_ diff --git a/src/include/usr/secureboot/service.H b/src/include/usr/secureboot/service.H index 0258b5706..4c4d43d3c 100644 --- a/src/include/usr/secureboot/service.H +++ b/src/include/usr/secureboot/service.H @@ -305,6 +305,25 @@ namespace SECUREBOOT /* Definition in securerommgr.H */ bool secureRomValidPolicy(); + /* + * @brief Gets the current SBE security mode value from the secureboot + * subsystem + * + * @return uint8_t returns 0 if SBE should check for security disable + * requests, 1 if not + */ + uint8_t getSbeSecurityMode(); + + /* + * @brief Sets the current SBE security mode value in the secureboot + * subsystem + * + * @param[in] uint8_t The value to set the security mode to. Will accept a + * a value of 0 if SBE should check for security disable + * requests and 1 if not. All other values are not + * allowed and will be rejected via an assert. + */ + void setSbeSecurityMode(uint8_t i_sbeSecurityMode); } diff --git a/src/usr/fapi2/attribute_service.C b/src/usr/fapi2/attribute_service.C index 58d5e4b1e..fea495705 100644 --- a/src/usr/fapi2/attribute_service.C +++ b/src/usr/fapi2/attribute_service.C @@ -62,6 +62,8 @@ #include <targeting/common/util.H> #include <../memory/lib/shared/mss_const.H> +#include <secureboot/service.H> + //****************************************************************************** // Implementation //****************************************************************************** @@ -1281,6 +1283,29 @@ ReturnCode fapiAttrSetBadDqBitmap( return l_rc; } +//****************************************************************************** +// fapi::platAttrSvc::platGetSecurityMode function +//****************************************************************************** +ReturnCode platGetSecurityMode(uint8_t & o_securityMode) +{ + #ifndef __HOSTBOOT_RUNTIME + o_securityMode = SECUREBOOT::getSbeSecurityMode(); + #else + o_securityMode = 0xFF; + FAPI_INF("Get SECURITY_MODE not supported from hostboot runtime"); + #endif + return fapi2::ReturnCode(); +} + +//****************************************************************************** +// fapi::platAttrSvc::platSetSecurityMode function +//****************************************************************************** +ReturnCode platSetSecurityMode() +{ + FAPI_INF("Set SECURITY_MODE ignored when called from FAPI code"); + return fapi2::ReturnCode(); +} + } // End platAttrSvc namespace } // End fapi2 namespace diff --git a/src/usr/pnor/spnorrp.C b/src/usr/pnor/spnorrp.C index 0b298afeb..c4fae6937 100644 --- a/src/usr/pnor/spnorrp.C +++ b/src/usr/pnor/spnorrp.C @@ -803,14 +803,11 @@ errlHndl_t PNOR::unloadSecureSection(const SectionId i_section) void SPnorRP::processLabOverride( const sb_flags_t& i_flags) const { - TARGETING::Target* pSys = nullptr; - TARGETING::targetService().getTopLevelTarget(pSys); - assert(pSys != nullptr,"System target was nullptr."); - // ATTR_HB_SECURITY_MODE attribute values are inverted with respect to the + // Secure boot sbe security mode values are inverted with respect to the // lab override flag for the same logical meaning - TARGETING::ATTR_HB_SECURITY_MODE_type securityMode = + uint8_t securityMode = !(i_flags.hw_lab_override); - pSys->setAttr<TARGETING::ATTR_HB_SECURITY_MODE>(securityMode); + SECUREBOOT::setSbeSecurityMode(securityMode); TRACFCOMP(g_trac_pnor,INFO_MRK "Set lab security override policy to %s.", securityMode ? "*NO* override" : "override if requested"); } diff --git a/src/usr/secureboot/base/service.C b/src/usr/secureboot/base/service.C index 98a750c98..d0e3b8f89 100644 --- a/src/usr/secureboot/base/service.C +++ b/src/usr/secureboot/base/service.C @@ -74,6 +74,17 @@ struct SecureRegisterValues uint64_t data; }; +/* + * HB specific secureboot setting which is aliased to the FAPI attribute + * ATTR_SECURITY_MODE and customized into the SBE image. If 0b0, SBE + * will disable proc security (via SAB bit) if mailbox scratch register 3 + * bit 6 is set. Otherwise, if 0b1, SBE will not override proc security. + * TODO RTC 170650: When SBE image is signed in all environments, set + * default to 0b1 and rely on SBE signing header to configure the final + * value. + */ +uint8_t g_sbeSecurityMode = 0; + /** * @brief Retrieve values of Security Registers of the processors in the system * @@ -600,4 +611,16 @@ bool allowAttrOverrides() }; #endif +uint8_t getSbeSecurityMode() +{ + return g_sbeSecurityMode; +} + +void setSbeSecurityMode(uint8_t i_sbeSecurityMode) +{ + assert(i_sbeSecurityMode == 0 || i_sbeSecurityMode == 1, + "SBE Security Mode can only be set to 0 or 1"); + g_sbeSecurityMode = i_sbeSecurityMode; +} + } //namespace SECUREBOOT diff --git a/src/usr/targeting/common/xmltohb/attribute_types_hb.xml b/src/usr/targeting/common/xmltohb/attribute_types_hb.xml index 5d63a077a..e660dcf77 100755 --- a/src/usr/targeting/common/xmltohb/attribute_types_hb.xml +++ b/src/usr/targeting/common/xmltohb/attribute_types_hb.xml @@ -1018,32 +1018,6 @@ </attribute> <attribute> - <id>HB_SECURITY_MODE</id> - <description> - HB specific attribute which is aliased to the FAPI attribute - ATTR_SECURITY_MODE and customized into the SBE image. If 0b0, SBE - will disable proc security (via SAB bit) if mailbox scratch register 3 - bit 6 is set. Otherwise, if 0b1, SBE will not override proc security. - TODO RTC 170650: When SBE image is signed in all environments, set - default to 0b1 and rely on SBE signing header to configure the final - value, This may require hbOnly support for volatile attributes. - </description> - <simpleType> - <uint8_t> - <default>0x00</default> - </uint8_t> - </simpleType> - <persistency>volatile-zeroed</persistency> - <writeable/> - <readable/> - <hwpfToHbAttrMap> - <id>ATTR_SECURITY_MODE</id> - <macro>DIRECT</macro> - </hwpfToHbAttrMap> - <hbOnly/> -</attribute> - -<attribute> <id>ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE</id> <description> Indicates if Attribute Overrides are allowed when the system is booted diff --git a/src/usr/targeting/common/xmltohb/target_types_hb.xml b/src/usr/targeting/common/xmltohb/target_types_hb.xml index a5fd2bd69..3c60a832c 100644 --- a/src/usr/targeting/common/xmltohb/target_types_hb.xml +++ b/src/usr/targeting/common/xmltohb/target_types_hb.xml @@ -45,7 +45,6 @@ <attribute><id>DRTM_PAYLOAD_ADDR_MB_HB</id></attribute> <attribute><id>FORCE_PRE_PAYLOAD_DRTM</id></attribute> <attribute><id>HB_RSV_MEM_NEXT_SECTION</id></attribute> - <attribute><id>HB_SECURITY_MODE</id></attribute> <attribute><id>ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE</id></attribute> <attribute><id>HIDDEN_ERRLOGS_ENABLE</id></attribute> </targetTypeExtension> |