Convert asserts to error logs where it makes sense

Change-Id: Idd15e39cc6be44c0865f13503bfa4482d77fcf0d
RTC:181899
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/51042
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Martin Gloff <mgloff@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

3 files changed, 16 insertions, 3 deletions

diff --git a/src/include/usr/secureboot/header.H b/src/include/usr/secureboot/header.H
index eff1f6769..259d98467 100644
--- a/src/include/usr/secureboot/header.H
+++ b/src/include/usr/secureboot/header.H
@@ -28,6 +28,8 @@
 #include <stdint.h>
 #include <pnor/pnorif.H>
 #include <util/singleton.H>
+#include <errl/errlentry.H>
+#include <errl/errlmanager.H>
 
 /** @file header.H
  *
@@ -64,9 +66,9 @@ namespace SECUREBOOT
              *      area preserved across the bootloader to HBB handoff to
              *      support extending HBB measurements to TPM
              *
-             *  @warning Asserts if header is already cached (code bug)
+             * @return Error handle if error; otherwise nullptr
              */
-            void loadHeader();
+            errlHndl_t loadHeader();
 
             /**
              *  @brief Return pointer to base image (HBB) header.
diff --git a/src/include/usr/secureboot/secure_reasoncodes.H b/src/include/usr/secureboot/secure_reasoncodes.H
index 21c195b77..49d42e15f 100644
--- a/src/include/usr/secureboot/secure_reasoncodes.H
+++ b/src/include/usr/secureboot/secure_reasoncodes.H
@@ -44,6 +44,9 @@ namespace SECUREBOOT
         MOD_SECURE_CONT_HDR_PARSE       = 0x0A,
         MOD_SECURE_CONT_HDR_CPY_INC     = 0x0B,
         MOD_SECURE_CONT_VALIDATE        = 0x0C,
+        MOD_SECURE_SET_SBE_SECURE_MODE  = 0x0D,
+        MOD_SECURE_GET_ALL_SEC_REGS     = 0x0E,
+        MOD_SECURE_LOAD_HEADER          = 0x0F,
    };
 
     enum SECUREReasonCode
@@ -61,6 +64,11 @@ namespace SECUREBOOT
         RC_SECROM_INVALID               = SECURE_COMP_ID | 0x0B,
         RC_CONT_HDR_NO_SPACE            = SECURE_COMP_ID | 0x0C,
         RC_CONT_HDR_INVALID             = SECURE_COMP_ID | 0x0D,
+        RC_SBE_INVALID_SEC_MODE         = SECURE_COMP_ID | 0x0E,
+        RC_DEVICE_WRITE_ERR             = SECURE_COMP_ID | 0x0F,
+        RC_PROC_NOT_SCOMABLE            = SECURE_COMP_ID | 0x10,
+        RC_DEVICE_READ_ERR              = SECURE_COMP_ID | 0x11,
+        RC_INVALID_BASE_HEADER          = SECURE_COMP_ID | 0x12,
 
         // Reason codes 0xA0 - 0xEF reserved for trustedboot_reasoncodes.H
     };
diff --git a/src/include/usr/secureboot/service.H b/src/include/usr/secureboot/service.H
index dc1fd5a78..7d8953cde 100644
--- a/src/include/usr/secureboot/service.H
+++ b/src/include/usr/secureboot/service.H
@@ -347,8 +347,11 @@ namespace SECUREBOOT
      *                     a value of 0 if SBE should check for security disable
      *                     requests and 1 if not. All other values are not
      *                     allowed and will be rejected via an assert.
+     *
+     *  @return errlHndl_t Error log handle; nullptr if success, pointer to
+     *      valid error log otherwise.
      */
-    void setSbeSecurityMode(uint8_t i_sbeSecurityMode);
+    errlHndl_t setSbeSecurityMode(uint8_t i_sbeSecurityMode);
 
 }