diff options
author | Jaymes Wilks <mjwilks@us.ibm.com> | 2016-11-11 14:58:58 -0600 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-01-30 12:17:06 -0500 |
commit | 8363cdd8fff56e20f25a6ffee5b43c887c6049c4 (patch) | |
tree | 64cc9d93e04066d51ee6decdcbbe6d2d0708a575 /src/include | |
parent | 89c55d65e62b74221262652c02c4afef0590e127 (diff) | |
download | talos-hostboot-8363cdd8fff56e20f25a6ffee5b43c887c6049c4.tar.gz talos-hostboot-8363cdd8fff56e20f25a6ffee5b43c887c6049c4.zip |
Generalize secure boot settings for all processors
Adds the ability to specify which processor target user code is
interested in when querying secure boot settings.
Change-Id: I0375af03ce8f4e33029736ff2e2d60416629a295
RTC:161916
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/32556
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/usr/secureboot/secure_reasoncodes.H | 4 | ||||
-rw-r--r-- | src/include/usr/secureboot/service.H | 65 | ||||
-rw-r--r-- | src/include/usr/secureboot/settings.H | 99 |
3 files changed, 150 insertions, 18 deletions
diff --git a/src/include/usr/secureboot/secure_reasoncodes.H b/src/include/usr/secureboot/secure_reasoncodes.H index 404575fcd..2bbed2b23 100644 --- a/src/include/usr/secureboot/secure_reasoncodes.H +++ b/src/include/usr/secureboot/secure_reasoncodes.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2013,2016 */ +/* Contributors Listed Below - COPYRIGHT 2013,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -37,6 +37,7 @@ namespace SECUREBOOT MOD_SECURE_ROM_VERIFY = 0x03, MOD_SECURE_ROM_CLEANUP = 0x04, MOD_SECURE_ROM_SHA512 = 0x05, + MOD_SECURE_READ_REG = 0x06, }; enum SECUREReasonCode @@ -49,6 +50,7 @@ namespace SECUREBOOT RC_SET_PERMISSION_FAIL_WRITE = SECURE_COMP_ID | 0x06, RC_ROM_VERIFY = SECURE_COMP_ID | 0x07, RC_ROM_SHA512 = SECURE_COMP_ID | 0x08, + RC_SECURE_BAD_TARGET = SECURE_COMP_ID | 0x09, // Reason codes 0xA0 - 0xEF reserved for trustedboot_reasoncodes.H }; diff --git a/src/include/usr/secureboot/service.H b/src/include/usr/secureboot/service.H index 1c83d73c1..99772b429 100644 --- a/src/include/usr/secureboot/service.H +++ b/src/include/usr/secureboot/service.H @@ -27,6 +27,8 @@ #include <errl/errlentry.H> #include <config.h> +#include <secureboot/settings.H> +#include <cstdint> typedef uint8_t SHA512_t[64]; /* From sha512.h: */ @@ -82,28 +84,57 @@ namespace SECUREBOOT #endif //@fixme-RTC:163094-Remove RUNTIME check once the code is there - /** @brief Returns the state of the secure jumper as reported by the master - * processor. + /** @brief Get security switch register value + * @par Detailed Description: + * Returns the state of the security switch register as + * reported by the given processor (via the supplied target + * pointer). + * @param[out] o_regValue The value read from the register if the + * call was successful. If not successful this value is set to + * zero. Check the return value for a non null error log to + * determine if the call was unsuccessful. + * @param[in] i_targ The target processor to obtain the jumper + * state from. Must not be null. Optional parameter that + * defaults to master processor. + * @return errlHndl_t indicating whether the query was successful. + * @retval null if successful otherwise pointer to error log + */ + errlHndl_t getSecuritySwitch(uint64_t& o_regValue, + TARGETING::Target* i_targ + = TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL); + + + /** @brief Returns the state of the secure jumper as reported by the + * given processor. * * @par Detailed Description: - * Returns the state of the secure jumper as reported by the master - * processor. This should NOT be used to determine whether security is - * enabled, because several conditions are aggregated together to - * determine that. To query whether security is actually enabled or - * not, call the enabled() API. This is a limited-use API intended to - * be called by trusted boot code to determine whether a system shipped - * with a secure jumper applied or removed, in order to decide + * Returns the state of the secure jumper as reported by the + * the given processor. This should NOT be used to determine + * whether security is enabled, because several conditions are + * aggregated together to determine that. To query whether + * security is actually enabled or not, call the enabled() API. + * This is a limited-use API intended to be called by trusted + * boot code to determine whether a system shipped with a + * secure jumper applied or removed, in order to decide * whether to enforce the "TPM Required" policy or not. + * @param[out] o_state Provides an enum value of type SecureJumperState + * that can be either SECURITY_DEASSERTED or SECURITY_ASSERTED + * indicating the given processor's secure jumper state. + * Asserted means it is configured to request HW security. This + * does not necessarily imply security is enabled, because the + * HW can be overridden by some functions. Use the getEnabled() + * API to determine whether security is actually enabled. + * Deasserted means the jumper is configured to disble HW security. + * @param[in] i_targ The target processor to obtain the jumper + * state from. Must not be null. Optional parameter that + * defaults to master processor. * - * @return Boolean indicating acting master processor's secure jumper state - * @retval true Jumper is configured to request HW security. This does not - * necessarily imply security is enabled, because an open SBE can - * override the HW policy. Use the enabled() API to determine whether - * security is actually enabled. - * @retval false Jumper is configured to disble HW security. + * @return errlHndl_t indicating whether the query was successful. + * @retval null if successful otherwise pointer to error log. */ - bool getJumperState(); - + errlHndl_t getJumperState(SecureJumperState& o_state, + TARGETING::Target* i_targ + = TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL); /** * @brief Verify Signed Container diff --git a/src/include/usr/secureboot/settings.H b/src/include/usr/secureboot/settings.H new file mode 100644 index 000000000..d6f83126d --- /dev/null +++ b/src/include/usr/secureboot/settings.H @@ -0,0 +1,99 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/include/usr/secureboot/settings.H $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2013,2017 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ +#ifndef __SECUREBOOT_SETTINGS_H +#define __SECUREBOOT_SETTINGS_H + +#include <stdint.h> +#include <targeting/common/target.H> +#include <targeting/common/targetservice.H> +#include <cstdint> + +namespace SECUREBOOT +{ + enum class SecureJumperState : uint8_t + { + SECURITY_DEASSERTED = 0b0, + SECURITY_ASSERTED = 0b1, + }; + + /** @class Settings + * + * @brief Caches and parses the hardware settings for Secureboot. + */ + class Settings + { + public: + Settings() : iv_enabled(false) { _init(); }; + ~Settings() {}; + + /** @brief Determine if Secureboot is enabled. */ + bool getEnabled() const; + + /** @brief Get security switch register value. See wrapper + * in Secureboot's service.H for documentation + */ + errlHndl_t getSecuritySwitch(uint64_t& o_regValue, + TARGETING::Target* i_targ + = TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL) const; + + /** @brief Returns the state of the secure jumper as reported by the + * given processor. See wrapper in Secureboot's service.H + * for documenation. + */ + errlHndl_t getJumperState(SecureJumperState& o_state, + TARGETING::Target* i_targ + = TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL) const; + + private: + void _init(); + + /** @brief This helper method encapsulates the details of + * register reads. + * @par Detailed Description: + * Reads a register at a given scom address and + * provides its result via the supplied register + * value reference. Returns an error if unsuccesful. + * @param [in] i_targ The target processor to obtain the + * jumper state from. Must not be null. + * @param [in] i_scomAddress A uint64_t corresponding to + * desired scomAddress to read. + * @param [out] o_regValue A uint64_t reference to be + * populated with the contents of the requested + * register upon successful read. + * + * @return errHndl_t Indicates whether the query was + * successful. + * @retval null if successful otherwise pointer to error log + */ + errlHndl_t readSecurityRegister(TARGETING::Target* i_targ, + const uint64_t i_scomAddress, + uint64_t& o_regValue) const; + + /** Cached secure boot enabled value */ + bool iv_enabled; + }; +} + +#endif |