diff options
author | Ilya Smirnov <ismirno@us.ibm.com> | 2018-09-26 10:35:24 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2018-11-13 13:23:59 -0600 |
commit | 1aae1ba2930ceb5d72b9855c8003c1d8371c0791 (patch) | |
tree | 4da3ed64fb3558db00e68b659c9bfdde79d26258 /src/include/usr/secureboot | |
parent | de9ec8dc9ca52d350d02c0862409fba939692c1e (diff) | |
download | talos-hostboot-1aae1ba2930ceb5d72b9855c8003c1d8371c0791.tar.gz talos-hostboot-1aae1ba2930ceb5d72b9855c8003c1d8371c0791.zip |
Move HOMER BAR to Secure Memory in SMF Mode
This commits enables HOMER BAR to point to the top
of the secure memory on SMF-enabled systems. Consequently,
the HOMER image and hostboot reserved memory will
be moved to the secure memory if SMF is enabled.
Change-Id: I37c7527b06688a41e57f14b4107ff53a507ffae8
RTC: 198825
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/66702
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/include/usr/secureboot')
-rw-r--r-- | src/include/usr/secureboot/secure_reasoncodes.H | 2 | ||||
-rw-r--r-- | src/include/usr/secureboot/smf_utils.H | 62 |
2 files changed, 64 insertions, 0 deletions
diff --git a/src/include/usr/secureboot/secure_reasoncodes.H b/src/include/usr/secureboot/secure_reasoncodes.H index 2f2ec75ef..7188b4e4f 100644 --- a/src/include/usr/secureboot/secure_reasoncodes.H +++ b/src/include/usr/secureboot/secure_reasoncodes.H @@ -50,6 +50,7 @@ namespace SECUREBOOT MOD_SECURE_VALIDATE_ECID_COUNT = 0x10, MOD_LOCK_ABUS_SEC_MAILBOXES = 0x11, MOD_SECURE_LOG_PLAT_SECURITY_CONFIG = 0x12, + MOD_CHECK_RISK_LEVEL_FOR_SMF = 0x13, // Use 0x20-0x2F range for Node Communications MOD_NCDD_CHECK_FOR_ERRORS = 0x20, @@ -89,6 +90,7 @@ namespace SECUREBOOT RC_INVALID_ECID_COUNT = SECURE_COMP_ID | 0x13, RC_LOCK_MAILBOXES_FAILED = SECURE_COMP_ID | 0x14, RC_SECURE_LOG_PLAT_SECURITY_CONFIG = SECURE_COMP_ID | 0x15, + RC_RISK_LEVEL_TOO_LOW = SECURE_COMP_ID | 0x16, // Use 0x20-0x2F range for Node Communications RC_NCDD_HW_ERROR_FOUND = SECURE_COMP_ID | 0x20, diff --git a/src/include/usr/secureboot/smf_utils.H b/src/include/usr/secureboot/smf_utils.H new file mode 100644 index 000000000..554f8affe --- /dev/null +++ b/src/include/usr/secureboot/smf_utils.H @@ -0,0 +1,62 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/include/usr/secureboot/smf_utils.H $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2018 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ +#ifndef __SMF_UTILS_H +#define __SMF_UTILS_H + +#include <stdint.h> +#include <errl/errlentry.H> + +namespace SECUREBOOT +{ + +namespace SMF +{ + +// HW limitations dictate that SMF memory needs to be a power-of-two +// multiple of 256MB starting with 256MB. +extern const uint64_t MIN_SMF_MEMORY_AMT; + +/** + * @brief Checks whether SMF mode is enabled on the system + * + * @return true: SMF is enabled; false: SMF is disabled. + */ +bool isSmfEnabled(); + +/** + * @brief Checks whether the system has the correct risk level to + * support SMF: SMF is supported on Axone by default or on + * NIMBUS or CUMULUS with risk level >= 4. + * + * @return nullptr: the current system supports SMF + * non-nullptr: an internal error occurred or the system + * does not support SMF + */ +errlHndl_t checkRiskLevelForSmf(); + +} // namespace SMF + +} // namespace SECUREBOOT +#endif |