Enforce synchronized processor security state

Ensure the secure state is consistent across all processors.

Change-Id: I671253b99d5d87509909681a2cec2380ca6918b0
RTC:167775
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38764
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

3 files changed, 58 insertions, 8 deletions

diff --git a/src/include/usr/secureboot/secure_reasoncodes.H b/src/include/usr/secureboot/secure_reasoncodes.H
index 1e7cb797f..57b668a6e 100644
--- a/src/include/usr/secureboot/secure_reasoncodes.H
+++ b/src/include/usr/secureboot/secure_reasoncodes.H
@@ -39,6 +39,7 @@ namespace SECUREBOOT
         MOD_SECURE_ROM_SHA512           = 0x05,
         MOD_SECURE_READ_REG             = 0x06,
         MOD_SECURE_WRITE_REG            = 0x07,
+        MOD_SECURE_SETTINGS_INIT        = 0x08,
    };
 
     enum SECUREReasonCode
@@ -52,6 +53,7 @@ namespace SECUREBOOT
         RC_ROM_VERIFY                   = SECURE_COMP_ID | 0x07,
         RC_ROM_SHA512                   = SECURE_COMP_ID | 0x08,
         RC_SECURE_BAD_TARGET            = SECURE_COMP_ID | 0x09,
+        RC_SECURE_BOOT_DISABLED         = SECURE_COMP_ID | 0x0A,
 
         // Reason codes 0xA0 - 0xEF reserved for trustedboot_reasoncodes.H
     };
diff --git a/src/include/usr/secureboot/service.H b/src/include/usr/secureboot/service.H
index 88d50283b..c8c094fdf 100644
--- a/src/include/usr/secureboot/service.H
+++ b/src/include/usr/secureboot/service.H
@@ -98,14 +98,31 @@ namespace SECUREBOOT
      *      call was successful. If not successful this value is set to
      *      zero. Check the return value for a non null error log to
      *      determine if the call was unsuccessful.
-     *  @param[in] i_targ The target processor to obtain the jumper
+     *  @param[in] i_pProc The target processor to obtain the jumper
      *      state from. Must not be null. Optional parameter that
      *      defaults to master processor.
      *  @return errlHndl_t indicating whether the query was successful.
      *  @retval null if successful otherwise pointer to error log
      */
     errlHndl_t getSecuritySwitch(uint64_t& o_regValue,
-            TARGETING::Target* i_targ
+            TARGETING::Target* i_pProc
+                = TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL);
+
+    /** @brief Get Processor CBS Control register value
+     *  @par Detailed Description:
+     *      Returns the state of the Processor CBS Control register as
+     *      reported by the given processor (via the supplied target
+     *      pointer).
+     *  @param[out] o_regValue The value read from the register if the
+     *      call was successful. If not successful this value is set to
+     *      zero. Check the return value for a non null error log to
+     *      determine if the call was unsuccessful.
+     *  @param[in] i_pProc The target processor to obtain the jumper
+     *      state from. Must not be null. Optional parameter that
+     *      defaults to the master processor sentinel.
+     */
+    errlHndl_t getProcCbsControlRegister(uint64_t& o_regValue,
+            TARGETING::Target* i_pProc
                 = TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL);
 
     /**
@@ -171,7 +188,7 @@ namespace SECUREBOOT
      *      HW can be overridden by some functions.  Use the getEnabled()
      *      API to determine whether security is actually enabled.
      *      Deasserted means the jumper is configured to disble HW security.
-     *  @param[in] i_targ The target processor to obtain the jumper
+     *  @param[in] i_pProc The target processor to obtain the jumper
      *      state from. Must not be null. Optional parameter that
      *      defaults to master processor.
      *
@@ -179,7 +196,7 @@ namespace SECUREBOOT
      *  @retval null if successful otherwise pointer to error log.
      */
     errlHndl_t getJumperState(SecureJumperState& o_state,
-                TARGETING::Target* i_targ
+                TARGETING::Target* i_pProc
                     = TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL);
 
     /**
@@ -240,6 +257,20 @@ namespace SECUREBOOT
     void handleSecurebootFailure(
         errlHndl_t &io_err, bool i_waitForShutdown = true);
 
+    /**
+     *  @brief Adds the values of the Security Registers of the processors in
+     *         the system to an existing error log
+     *
+     *  @param[in/out] io_err  Error Log that the values of the security
+     *                         registers will be added to. Must not be nullptr.
+     *                         NOTE:  The state of the system/processors
+     *                         (ie, SCOM vs FSI) determines which registers can
+     *                         be included.
+     *
+     *  @return N/A
+     */
+    void addSecurityRegistersToErrlog(errlHndl_t & io_err);
+
 }
 
 #endif
diff --git a/src/include/usr/secureboot/settings.H b/src/include/usr/secureboot/settings.H
index 1de694948..417e14d96 100644
--- a/src/include/usr/secureboot/settings.H
+++ b/src/include/usr/secureboot/settings.H
@@ -73,6 +73,16 @@ namespace SECUREBOOT
         StatusRegisterFsi = 0x00002804ull, // used for FSI operation
     };
 
+    inline bool operator|(const ProcCbsControl i_cbs, const uint64_t i_value)
+    {
+        return (static_cast<uint64_t>(i_cbs) | i_value);
+    }
+
+    inline bool operator&(const ProcCbsControl i_cbs, const uint64_t i_value)
+    {
+        return (static_cast<uint64_t>(i_cbs) & i_value);
+    }
+
     /** @class Settings
      *
      *  @brief Caches and parses the hardware settings for Secureboot.
@@ -90,7 +100,14 @@ namespace SECUREBOOT
              *         in Secureboot's service.H for documentation
              */
             errlHndl_t getSecuritySwitch(uint64_t& o_regValue,
-                TARGETING::Target* i_targ
+                TARGETING::Target* i_pProc
+                    = TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL) const;
+
+            /** @brief Get Processor CBS Control regeister value. See wrapper
+             *         in Secureboot's service.H for documentation
+             */
+            errlHndl_t getProcCbsControlRegister(uint64_t& o_regValue,
+                TARGETING::Target* i_pProc
                     = TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL) const;
 
             /**
@@ -115,7 +132,7 @@ namespace SECUREBOOT
              *      for documenation.
              */
             errlHndl_t getJumperState(SecureJumperState& o_state,
-                TARGETING::Target* i_targ
+                TARGETING::Target* i_pProc
                     = TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL) const;
 
         private:
@@ -127,7 +144,7 @@ namespace SECUREBOOT
              *          Reads a register at a given scom address and
              *          provides its result via the supplied register
              *          value reference. Returns an error if unsuccesful.
-             *  @param  [in] i_targ The target processor to obtain the
+             *  @param  [in] i_pProc The target processor to obtain the
              *          jumper state from. Must not be null.
              *  @param  [in] i_scomAddress A uint64_t corresponding to
              *          desired scomAddress to read.
@@ -139,7 +156,7 @@ namespace SECUREBOOT
              *          successful.
              *  @retval null if successful otherwise pointer to error log
              */
-            errlHndl_t readSecurityRegister(TARGETING::Target* i_targ,
+            errlHndl_t readSecurityRegister(TARGETING::Target* i_pProc,
                                            const uint64_t i_scomAddress,
                                             uint64_t& o_regValue) const;