Hostboot not able to send a valid TI after corrupting HB base

Bootloader TI design is incomplete and does not set up the TI info
at HBB offset 0x2000 with the magic signature or pointer to the
Bootloader TI data.

Change-Id: I16229fed67a2cf67322dce02f0a1b8f0b68d275f
CQ: SW397043
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43941
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Christian R. Geddes <crgeddes@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Corey V. Swenson <cswenson@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

4 files changed, 120 insertions, 70 deletions

diff --git a/src/bootloader/bl_pnorAccess.C b/src/bootloader/bl_pnorAccess.C
index 2d924e1a6..5a7076afd 100644
--- a/src/bootloader/bl_pnorAccess.C
+++ b/src/bootloader/bl_pnorAccess.C
@@ -193,7 +193,7 @@ void bl_pnorAccess::readTOC(uint8_t i_tocBuffer[PNOR::TOC_SIZE],
 void bl_pnorAccess::findTOC(uint64_t i_pnorEnd, PNOR::SectionData_t * o_TOC,
                             uint32_t& o_errCode, uint64_t& o_pnorStart)
 {
-    uint8_t *l_tocBuffer = Bootloader::g_blScratchSpace;
+    uint8_t *l_tocBuffer = g_blScratchSpace;
 
     //The first TOC is 1 TOC size + 1 page back from the end of the flash (+ 1)
     uint64_t l_mmioAddr = i_pnorEnd - PNOR::TOC_OFFSET_FROM_TOP_OF_FLASH;
@@ -228,27 +228,23 @@ void bl_pnorAccess::findTOC(uint64_t i_pnorEnd, PNOR::SectionData_t * o_TOC,
                 l_mmioAddr = o_pnorStart;
 
                 // Reset saved trace index
-                Bootloader::g_blData->bl_trace_index_saved =
-                    BOOTLOADER_TRACE_SIZE;
+                g_blData->bl_trace_index_saved = BOOTLOADER_TRACE_SIZE;
             }
             else
             {
                 // Check if a trace index is not saved
-                if(Bootloader::g_blData->bl_trace_index_saved >=
-                   BOOTLOADER_TRACE_SIZE)
+                if(g_blData->bl_trace_index_saved >= BOOTLOADER_TRACE_SIZE)
                 {
                     // Save trace index for future passes through loop
-                    Bootloader::g_blData->bl_trace_index_saved =
-                        Bootloader::g_blData->bl_trace_index;
+                    g_blData->bl_trace_index_saved = g_blData->bl_trace_index;
 
                     // Save this PNOR MMIO address
-                    Bootloader::g_blData->bl_first_pnor_mmio = l_mmioAddr;
+                    g_blData->bl_first_pnor_mmio = l_mmioAddr;
                 }
                 else // A trace index was saved
                 {
                     // Replace trace index, reuse trace entries for this loop
-                    Bootloader::g_blData->bl_trace_index =
-                        Bootloader::g_blData->bl_trace_index_saved;
+                    g_blData->bl_trace_index = g_blData->bl_trace_index_saved;
                 }
 
                 // Adjust to new location in PNOR flash for next MMIO
@@ -256,12 +252,12 @@ void bl_pnorAccess::findTOC(uint64_t i_pnorEnd, PNOR::SectionData_t * o_TOC,
                 l_mmioAddr -= PAGESIZE;
 
                 // Increment loop counter
-                Bootloader::g_blData->bl_pnor_loop_count++;
+                g_blData->bl_pnor_loop_count++;
             }
 
             // Check that address is still in FW space
             if(l_mmioAddr <
-                (Bootloader::g_blData->blToHbData.lpcBAR + LPC::LPCHC_FW_SPACE))
+                (g_blData->blToHbData.lpcBAR + LPC::LPCHC_FW_SPACE))
             {
                 BOOTLOADER_TRACE_W_BRK(BTLDR_TRC_PA_FINDTOC_READTOC_ERR);
 
diff --git a/src/bootloader/bl_start.S b/src/bootloader/bl_start.S
index b8da64ae1..343d84263 100644
--- a/src/bootloader/bl_start.S
+++ b/src/bootloader/bl_start.S
@@ -26,16 +26,19 @@
 
 .include "kernel/ppcconsts.S"
 
-.set SBE_HB_VERSION,      sbe_hb_structures    ;// uint32_t
-.set SBE_HB_SBEBOOTSIDE,  sbe_hb_structures+4  ;// uint8_t
-.set SBE_HB_PNORBOOTSIDE, sbe_hb_structures+5  ;// uint8_t
-.set SBE_HB_PNORSIZEMB,   sbe_hb_structures+6  ;// uint16_t
+# .set SBE_HB_VERSION,      sbe_hb_structures    ;// uint32_t
+# .set SBE_HB_SBEBOOTSIDE,  sbe_hb_structures+4  ;// uint8_t
+# .set SBE_HB_PNORBOOTSIDE, sbe_hb_structures+5  ;// uint8_t
+# .set SBE_HB_PNORSIZEMB,   sbe_hb_structures+6  ;// uint16_t
 .set SBE_HB_BLLOADSIZE,   sbe_hb_structures+8  ;// uint64_t
-.set SBE_HB_SECUREACCESSBIT, sbe_hb_structures+16  ;// uint8_t
-.set SBE_HB_XSCOMMMIOBAR, sbe_hb_structures+17 ;// uint64_t
-.set SBE_HB_LPCMMIOBAR,   sbe_hb_structures+25 ;// uint64_t
+# .set SBE_HB_SECUREACCESSBIT, sbe_hb_structures+16  ;// uint8_t
+# .set SBE_HB_XSCOMMMIOBAR, sbe_hb_structures+24 ;// uint64_t
+# .set SBE_HB_LPCMMIOBAR,   sbe_hb_structures+32 ;// uint64_t
 .set HBBL_BASE_ADDRESS,   base_load_address
 .set HBBL_END_ADDRESS,    end_load_address
+.set HBBL_DATA_ADDR_OFFSET,      0x00008000 ;// offset of external data
+.set HBBL_TI_OFFSET,             0x50       ;// offset within external data
+.set HBBL_SCRATCH_ADDR_OFFSET,   0x00010000 ;// offset of scratch space
 .set HBBL_system_reset,          0x100
 .set HBBL_machine_check,         0x200
 .set HBBL_data_storage,          0x300
@@ -98,7 +101,69 @@ _main:
     lis r1, _start@h
     addis r1, r1, 1 ;// 64k (1 * 0x10000)
 
+    ;// Save HRMOR in r11 for use in multiple places
+    mfspr r11, HRMOR    ;// save HRMOR
+
+    ;// Do dcbz from end of Bootloader load to end of HBB ECC working space
+_dcbz_after_bl:
+    lis r5, SBE_HB_BLLOADSIZE@h
+    ori r5, r5, SBE_HB_BLLOADSIZE@l
+    ld r5, 0(r5)       ;// get ending EA from SBE HB structure
+    lis r6, 0
+    addis r6, r6, 32   ;// 2M (32 * 0x10000)
+    addi r6, r6, -1    ;// end before 2M
+_dcbz_after_bl_loop:
+    dcbz 0,r5
+    addi r5, r5, 128
+    cmpld cr7, r5, r6
+    blt cr7, _dcbz_after_bl_loop
+
+    ;// Do dcbz from start of HBB running space to start of Bootloader load
+_dcbz_before_bl:
+    li r7, 1
+    rotldi r7, r7, 63  ;// set bit mask for ignoring HRMOR
+
+    subis r5, r11, 32  ;// start of HBB is HRMOR - 2MB (32 * 0x10000)
+    or r5, r5, r7      ;// ignore HRMOR
+    addi r8, r5, 0x2000 ;// add offset of TI info, save in r8 for later
+
+    addi r6, r11, -1   ;// use HRMOR as Bootloader start, end before Bootloader
+    or r6, r6, r7      ;// ignore HRMOR
+_dcbz_before_bl_loop:
+    dcbz 0,r5
+    addi r5, r5, 128
+    cmpld cr7, r5, r6
+    blt cr7, _dcbz_before_bl_loop
+
+
+_updates_and_setup:
+    ;// Update external data address with HRMOR
+    lis r5, g_blData@h
+    ori r5, r5, g_blData@l
+    ld r7, 0(r5)       ;// get data address offset
+    or r7, r7, r11     ;// or HRMOR with offset to calculate address
+    addi r9, r7, HBBL_TI_OFFSET ;// add offset of HBBL's TI data, save in r9
+    std r7, 0(r5)      ;// set external data address
+
+
+    ;// Update scratch address with HRMOR
+    lis r5, g_blScratchSpace@h
+    ori r5, r5, g_blScratchSpace@l
+    ld r7, 0(r5)       ;// get scratch address offset
+    or r7, r7, r11     ;// or HRMOR with offset to calculate address
+    std r7, 0(r5)      ;// set scratch address
+
+
+    ;// Set up TI info
+    lis r5, hbb_ti_descriptor@h
+    ori r5, r5, hbb_ti_descriptor@l
+    ld r7, 0(r5)       ;// get TI magic signature
+    std r7, 0(r8)      ;// save using pointer for TI info put in r8 earlier
+    std r9, 8(r8)      ;// store pointer to HBBL's TI data in next location
+
+
     ;// Set r5 to base load address where exception vectors are loaded
+_load_exception_vectors:
     lis r5, HBBL_BASE_ADDRESS@h
     ori r5, r5, HBBL_BASE_ADDRESS@l
 
@@ -215,38 +280,6 @@ _main:
     st r7, HBBL_debug(r5)
 
 
-    ;// Do dcbz from end of Bootloader load to end of HBB ECC working space
-_dcbz_after_bl:
-    lis r5, SBE_HB_BLLOADSIZE@h
-    ori r5, r5, SBE_HB_BLLOADSIZE@l
-    ld r5, 0(r5)       ;// get ending EA from SBE HB structure
-    lis r6, 0
-    addis r6, r6, 32   ;// 2M (32 * 0x10000)
-    addi r6, r6, -1    ;// end before 2M
-_dcbz_after_bl_loop:
-    dcbz 0,r5
-    addi r5, r5, 128
-    cmpld cr7, r5, r6
-    blt cr7, _dcbz_after_bl_loop
-
-    ;// Do dcbz from start of HBB running space to start of Bootloader load
-_dcbz_before_bl:
-    li r7, 1
-    rotldi r7, r7, 63  ;// set bit mask for ignoring HRMOR
-
-    mfspr r5, HRMOR    ;// start of HBB is HRMOR - 2MB
-    subis r5, r5, 32   ;// 2M (32 * 0x10000) is start of HBB
-    or r5, r5, r7      ;// ignore HRMOR
-
-    mfspr r6, HRMOR    ;// use HRMOR as start of Bootloader
-    addi r6, r6, -1    ;// end before Bootloader
-    or r6, r6, r7      ;// ignore HRMOR
-_dcbz_before_bl_loop:
-    dcbz 0,r5
-    addi r5, r5, 128
-    cmpld cr7, r5, r6
-    blt cr7, _dcbz_before_bl_loop
-
     ;// Call main.
     bl main
 _main_loop:
@@ -356,3 +389,14 @@ switchToHBB:
 .global bootloader_end_address
 bootloader_end_address:
     .quad HBBL_END_ADDRESS
+
+.global g_blData
+g_blData:
+    .quad HBBL_DATA_ADDR_OFFSET
+
+.global g_blScratchSpace
+g_blScratchSpace:
+    .quad HBBL_SCRATCH_ADDR_OFFSET
+
+hbb_ti_descriptor:
+    .byte 'H', 'O', 'S', 'T', 'B', 'O', 'O', 'T'
diff --git a/src/bootloader/bl_terminate.C b/src/bootloader/bl_terminate.C
index 9f639d7bb..cce210bc2 100644
--- a/src/bootloader/bl_terminate.C
+++ b/src/bootloader/bl_terminate.C
@@ -29,7 +29,7 @@
 #define bl_terminate_C
 
 // Redefine kernel_TIDataArea to use space in Bootloader data
-#define kernel_TIDataArea Bootloader::g_blData->bl_TIDataArea
+#define kernel_TIDataArea g_blData->bl_TIDataArea
 
 #include <../kernel/terminate.C>
 
@@ -37,6 +37,34 @@
 #define UINT64_LOW(data) (data & 0x00000000FFFFFFFF)
 #define WORD7_WORD8(data) UINT64_HIGH(data), UINT64_LOW(data)
 
+void bl_terminate(uint8_t  i_moduleID,
+                  uint16_t i_reasoncode,
+                  uint32_t i_word7,
+                  uint32_t i_word8,
+                  bool     i_executeTI,
+                  uint64_t i_failAddr,
+                  uint32_t i_error_info)
+{
+    termWriteSRC(TI_BOOTLOADER,
+                 i_reasoncode,
+                 i_failAddr,
+                 i_error_info);
+
+    termModifySRC(i_moduleID,
+                  i_word7,
+                  i_word8);
+
+    // ptr to the TI data area structure
+    HB_TI_DataArea *TI_DataAreaPtr = reinterpret_cast<HB_TI_DataArea*>(
+        (HBB_WORKING_ADDR | Bootloader::IGNORE_HRMOR_MASK) + 0x2008);
+    *TI_DataAreaPtr = g_blData->bl_TIDataArea;
+
+    if(i_executeTI)
+    {
+        terminateExecuteTI();
+    }
+}
+
 
 extern "C"
 void kernel_std_exception()
diff --git a/src/bootloader/bootloader.C b/src/bootloader/bootloader.C
index 295577e6e..5b0048af5 100644
--- a/src/bootloader/bootloader.C
+++ b/src/bootloader/bootloader.C
@@ -59,22 +59,6 @@ const uint64_t LPC_BAR_MASK = 0xFF000000FFFFFFFFULL;
 
 namespace Bootloader{
     /**
-     * @brief Pointer to bootloader scratch space
-     *
-     * Pointer to location in main storage which bootloader uses as
-     * scratch space
-     */
-    uint8_t *g_blScratchSpace = nullptr;
-
-    /**
-     * @brief Pointer to bootloader external data
-     *
-     * Pointer to location in main storage which bootloader uses for
-     * storing data
-     */
-    blData_t *g_blData = nullptr;
-
-    /**
      * @brief Set Secureboot Config Data structure so it is accessible via
      *        Hostboot code
      *
@@ -291,7 +275,6 @@ namespace Bootloader{
     int main()
     {
         // Initialization
-        g_blData = reinterpret_cast<blData_t *>(HBBL_DATA_ADDR);
         g_blData->bl_trace_index = 0;
         g_blData->bl_trace_index_saved = BOOTLOADER_TRACE_SIZE;
         BOOTLOADER_TRACE(BTLDR_TRC_MAIN_START);
@@ -321,7 +304,6 @@ namespace Bootloader{
         uint64_t l_pnorStart = 0;
 
         uint32_t l_errCode = PNOR::NO_ERROR;
-        g_blScratchSpace = reinterpret_cast<uint8_t*>(HBBL_SCRATCH_SPACE_ADDR);
         g_blData->secureRomValid = false;
 
         // Get location of HB base code in PNOR from TOC