Secureboot best effort compatibility support

Change-Id: I1671459ca58684b14f65f322ff6dccddcaad40a2
RTC: 170685
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38104
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

2 files changed, 33 insertions, 31 deletions

diff --git a/src/include/usr/pnor/pnor_const.H b/src/include/usr/pnor/pnor_const.H
index 0a96e3180..f9220ed93 100644
--- a/src/include/usr/pnor/pnor_const.H
+++ b/src/include/usr/pnor/pnor_const.H
@@ -81,7 +81,7 @@ enum SectionId
     // Size and layout of this structure must be maintained for debug framework.
 struct SectionInfo_t
 {
-    SectionInfo_t(): id(INVALID_SECTION) {}
+    SectionInfo_t(): id(INVALID_SECTION), secure(false) {}
     SectionId id;       /**< Identifier for this section */
     const char* name;   /**< Name of the section */
     uint64_t vaddr;     /**< Virtual address of the start of the section */
@@ -92,6 +92,7 @@ struct SectionInfo_t
     bool sha512perEC;   /**< Version Checking perEC */
     bool readOnly;      /**< Section is read only */
     bool reprovision;   /**< Erase this section during a reprovision */
+    bool secure;        /**< Indicates if a section is secure */
 #ifdef CONFIG_SECUREBOOT
     size_t secureProtectedPayloadSize; /**< Cache the secure payload size so
                                             that the secure container only
@@ -100,6 +101,22 @@ struct SectionInfo_t
 };
 
 /**
+  * Internal information to deal with the sections of PNOR
+  */
+struct SectionData_t {
+    SectionData_t(): secure(false) {}
+    PNOR::SectionId id;  /**< Identifier for this section */
+    uint64_t virtAddr;  /**< Virtual address for the start of the section */
+    uint32_t flashAddr;  /**< Address in flash */
+    uint32_t size;/**< Actual size of content in bytes (not including ECC)*/
+    uint8_t chip;  /**< Chip Select */
+    uint8_t version; /**< Version Checking */
+    uint16_t integrity; /**< Data Integrity */
+    uint8_t misc; /**< Misc Flags */
+    uint8_t secure; /**< Indicates if a section is secure */
+} PACKED;
+
+/**
  * PNOR Sides
  */
 enum SideId
diff --git a/src/include/usr/pnor/pnorif.H b/src/include/usr/pnor/pnorif.H
index 311c6c4b4..7f55748f8 100644
--- a/src/include/usr/pnor/pnorif.H
+++ b/src/include/usr/pnor/pnorif.H
@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2011,2016                        */
+/* Contributors Listed Below - COPYRIGHT 2011,2017                        */
 /* [+] Google Inc.                                                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
@@ -112,37 +112,8 @@ errlHndl_t loadSecureSection(SectionId i_section);
  */
 errlHndl_t unloadSecureSection(SectionId i_section);
 
-/**
- * @brief  Memcmp a vaddr to the known secureboot magic number
- *
- * @param[in]   i_vaddr: vaddr of secureboot header to check for magic number
- *                       Note: must point to a buffer of size >= 4 bytes
- *
- * @return  bool - True if the magic number and starting bytes of the vaddr
- *                 match. False otherwise.
- */
-bool cmpSecurebootMagicNumber(const uint8_t* i_vaddr);
-
-/**
- * @brief  Returns true if a PNOR section has the secureboot container
- *         header magic number at the beginning. This is mainly used to
- *         ignore unwanted PNOR sections like secureboot key transition.
- *         It indicates the section has valid content to be securely
- *         loaded, otherwise the section content will not be loaded.
- *         If a section does not have the header but needs to be loaded,
- *         it will fail ROM verify later on anyhow.
- *         Note: Does not work with HBB section and will assert if attempted
- *
- * @param[in]   i_section: PNOR section to check first bytes of.
- * @param[out]  o_valid:  true if section has the correct magic number at
- *                        the beginning
- *
- * @return  errlHndl_t - NULL if success, errlHndl_t otherwise.
- *                               */
-errlHndl_t hasSecurebootMagicNumber(SectionId i_section, bool &o_valid);
 #endif // CONFIG_SECUREBOOT
 
-
 /**
  * @brief Determines whether the given section is inhibited by secure boot
  *        for containing attribute overrides.
@@ -206,6 +177,20 @@ errlHndl_t validateAltMaster( void );
  */
 void getPnorInfo( PnorInfo_t& o_pnorInfo );
 
+/**
+ * @brief  Check if PNOR section appears to be secure and sets the
+ *         internal TOC of PnorRp accordingly.
+ *         Note: The setting of the flag is based on the Secureboot policy.
+ *
+ * @param[in] i_secId Section ID or index in the TOC to modify
+ * @param[in] io_TOC  Pointer to internal array of section data that
+ *                    represents the TOC of pnor flash
+ *                    Asserts if nullptr
+ *
+ * @return errlHndl_t  Error log if request was invalid
+ */
+errlHndl_t setSecure(const uint32_t i_secId, SectionData_t* io_TOC);
+
 } // PNOR
 
 #endif