Replace HB_SECURITY_MODE attribute with SECUREBOOT API equivalent

The HB_SECURITY_MODE attribute will now be a variable managed by
secureboot. The FAPI attribue SECURITY_MODE that maps to the HB
version will now call to that variable in the SECUREBOOT API.

Change-Id: I7e42c3f2e355feeb0d49aa6a998960bc5409bfa2
RTC:178643
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/45167
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

1 files changed, 19 insertions, 0 deletions

diff --git a/src/include/usr/secureboot/service.H b/src/include/usr/secureboot/service.H
index 0258b5706..4c4d43d3c 100644
--- a/src/include/usr/secureboot/service.H
+++ b/src/include/usr/secureboot/service.H
@@ -305,6 +305,25 @@ namespace SECUREBOOT
     /* Definition in securerommgr.H */
     bool secureRomValidPolicy();
 
+    /*
+     *  @brief Gets the current SBE security mode value from the secureboot
+     *         subsystem
+     *
+     *  @return uint8_t returns 0 if SBE should check for security disable
+     *                  requests, 1 if not
+     */
+    uint8_t getSbeSecurityMode();
+
+    /*
+     *  @brief Sets the current SBE security mode value in the secureboot
+     *         subsystem
+     *
+     *  @param[in] uint8_t The value to set the security mode to. Will accept a
+     *                     a value of 0 if SBE should check for security disable
+     *                     requests and 1 if not. All other values are not
+     *                     allowed and will be rejected via an assert.
+     */
+    void setSbeSecurityMode(uint8_t i_sbeSecurityMode);
 
 }