Move HOMER BAR to Secure Memory in SMF Mode

This commits enables HOMER BAR to point to the top of the secure memory on SMF-enabled systems. Consequently, the HOMER image and hostboot reserved memory will be moved to the secure memory if SMF is enabled. Change-Id: I37c7527b06688a41e57f14b4107ff53a507ffae8 RTC: 198825 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/66702 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
author: Ilya Smirnov <ismirno@us.ibm.com> 2018-09-26 10:35:24 -0500
committer: Daniel M. Crowell <dcrowell@us.ibm.com> 2018-11-13 13:23:59 -0600
commit: 1aae1ba2930ceb5d72b9855c8003c1d8371c0791 (patch)
tree: 4da3ed64fb3558db00e68b659c9bfdde79d26258 /src/include/usr/secureboot
parent: de9ec8dc9ca52d350d02c0862409fba939692c1e (diff)
download: talos-hostboot-1aae1ba2930ceb5d72b9855c8003c1d8371c0791.tar.gz
talos-hostboot-1aae1ba2930ceb5d72b9855c8003c1d8371c0791.zip
2 files changed, 64 insertions, 0 deletions
diff --git a/src/include/usr/secureboot/secure_reasoncodes.H b/src/include/usr/secureboot/secure_reasoncodes.H
index 2f2ec75ef..7188b4e4f 100644
--- a/src/include/usr/secureboot/secure_reasoncodes.H
+++ b/src/include/usr/secureboot/secure_reasoncodes.H
@@ -50,6 +50,7 @@ namespace SECUREBOOT
         MOD_SECURE_VALIDATE_ECID_COUNT      = 0x10,
         MOD_LOCK_ABUS_SEC_MAILBOXES         = 0x11,
         MOD_SECURE_LOG_PLAT_SECURITY_CONFIG = 0x12,
+        MOD_CHECK_RISK_LEVEL_FOR_SMF        = 0x13,
 
         // Use 0x20-0x2F range for Node Communications
         MOD_NCDD_CHECK_FOR_ERRORS           = 0x20,
@@ -89,6 +90,7 @@ namespace SECUREBOOT
         RC_INVALID_ECID_COUNT              = SECURE_COMP_ID | 0x13,
         RC_LOCK_MAILBOXES_FAILED           = SECURE_COMP_ID | 0x14,
         RC_SECURE_LOG_PLAT_SECURITY_CONFIG = SECURE_COMP_ID | 0x15,
+        RC_RISK_LEVEL_TOO_LOW              = SECURE_COMP_ID | 0x16,
 
         // Use 0x20-0x2F range for Node Communications
         RC_NCDD_HW_ERROR_FOUND             = SECURE_COMP_ID | 0x20,
diff --git a/src/include/usr/secureboot/smf_utils.H b/src/include/usr/secureboot/smf_utils.H
new file mode 100644
index 000000000..554f8affe
--- /dev/null
+++ b/src/include/usr/secureboot/smf_utils.H
@@ -0,0 +1,62 @@
+/* IBM_PROLOG_BEGIN_TAG                                                   */
+/* This is an automatically generated prolog.                             */
+/*                                                                        */
+/* $Source: src/include/usr/secureboot/smf_utils.H $                      */
+/*                                                                        */
+/* OpenPOWER HostBoot Project                                             */
+/*                                                                        */
+/* Contributors Listed Below - COPYRIGHT 2018                             */
+/* [+] International Business Machines Corp.                              */
+/*                                                                        */
+/*                                                                        */
+/* Licensed under the Apache License, Version 2.0 (the "License");        */
+/* you may not use this file except in compliance with the License.       */
+/* You may obtain a copy of the License at                                */
+/*                                                                        */
+/*     http://www.apache.org/licenses/LICENSE-2.0                         */
+/*                                                                        */
+/* Unless required by applicable law or agreed to in writing, software    */
+/* distributed under the License is distributed on an "AS IS" BASIS,      */
+/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or        */
+/* implied. See the License for the specific language governing           */
+/* permissions and limitations under the License.                         */
+/*                                                                        */
+/* IBM_PROLOG_END_TAG                                                     */
+#ifndef __SMF_UTILS_H
+#define __SMF_UTILS_H
+
+#include <stdint.h>
+#include <errl/errlentry.H>
+
+namespace SECUREBOOT
+{
+
+namespace SMF
+{
+
+// HW limitations dictate that SMF memory needs to be a power-of-two
+// multiple of 256MB starting with 256MB.
+extern const uint64_t MIN_SMF_MEMORY_AMT;
+
+/**
+ * @brief Checks whether SMF mode is enabled on the system
+ *
+ * @return true: SMF is enabled; false: SMF is disabled.
+ */
+bool isSmfEnabled();
+
+/**
+ * @brief Checks whether the system has the correct risk level to
+ *        support SMF: SMF is supported on Axone by default or on
+ *        NIMBUS or CUMULUS with risk level >= 4.
+ *
+ * @return nullptr: the current system supports SMF
+ *         non-nullptr: an internal error occurred or the system
+ *                      does not support SMF
+ */
+errlHndl_t checkRiskLevelForSmf();
+
+} // namespace SMF
+
+} // namespace SECUREBOOT
+#endif
author	Ilya Smirnov <ismirno@us.ibm.com>	2018-09-26 10:35:24 -0500
committer	Daniel M. Crowell <dcrowell@us.ibm.com>	2018-11-13 13:23:59 -0600
commit	1aae1ba2930ceb5d72b9855c8003c1d8371c0791 (patch)
tree	4da3ed64fb3558db00e68b659c9bfdde79d26258 /src/include/usr/secureboot
parent	de9ec8dc9ca52d350d02c0862409fba939692c1e (diff)
download	talos-hostboot-1aae1ba2930ceb5d72b9855c8003c1d8371c0791.tar.gz talos-hostboot-1aae1ba2930ceb5d72b9855c8003c1d8371c0791.zip