Add Encryption Enabled bit to NV_STATUS_FLAG

- 0x10: Contents are encrypted Set when encryption is enabled Clear when encryption is disabled Attribute comments should match HDAT Change-Id: I52805f6c8c3f303ce29cf8b8534304dfd0a09821 RTC:214625 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/82638 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Matt Derksen <mderkse1@us.ibm.com> Reviewed-by: Roland Veloz <rveloz@us.ibm.com> Reviewed-by: Daniel M Crowell <dcrowell@us.ibm.com>
author: Corey Swenson <cswenson@us.ibm.com> 2019-08-21 23:26:07 -0500
committer: Daniel M Crowell <dcrowell@us.ibm.com> 2019-08-27 08:54:51 -0500
commit: d8db346a16273bbf66e5b9adc1bd4fc90b2f0e54 (patch)
tree: 3144a5e4492090b6ceff34d2aed645d1d1d93991 /src/usr/isteps
parent: 80f6d1dc0597213782c0fcd159329f260761b27c (diff)
download: talos-hostboot-d8db346a16273bbf66e5b9adc1bd4fc90b2f0e54.tar.gz
talos-hostboot-d8db346a16273bbf66e5b9adc1bd4fc90b2f0e54.zip
1 files changed, 38 insertions, 4 deletions
diff --git a/src/usr/isteps/nvdimm/nvdimm.C b/src/usr/isteps/nvdimm/nvdimm.C
index 31feffac1..359f72230 100644
--- a/src/usr/isteps/nvdimm/nvdimm.C
+++ b/src/usr/isteps/nvdimm/nvdimm.C
@@ -120,9 +120,10 @@ static constexpr uint8_t ENCRYPTION_STATUS_ENABLED = 0x1F;
 static constexpr uint8_t NV_STATUS_OR_MASK = 0xFB;
 static constexpr uint8_t NV_STATUS_AND_MASK = 0x04;
 static constexpr uint8_t NV_STATUS_UNPROTECTED_SET   = 0x01;
-static constexpr uint8_t NV_STATUS_UNPROTECTED_CLEAR = 0xFE;
-static constexpr uint8_t NV_STATUS_POSSIBLY_UNPROTECTED_SET   = 0x40;
-static constexpr uint8_t NV_STATUS_POSSIBLY_UNPROTECTED_CLEAR = 0xBF;
+static constexpr uint8_t NV_STATUS_UNPROTECTED_CLR   = 0xFE;
+static constexpr uint8_t NV_STATUS_ENCRYPTION_SET    = 0x10;
+static constexpr uint8_t NV_STATUS_ENCRYPTION_CLR    = 0xEF;
+static constexpr uint8_t NV_STATUS_POSSIBLY_UNPROTECTED_SET = 0x40;
 
 // NVDIMM key consts
 static constexpr size_t NUM_KEYS_IN_ATTR = 3;
@@ -3122,6 +3123,13 @@ bool nvdimm_encrypt_enable(TargetHandleList &i_nvdimmList)
             else
             {
                 TRACFCOMP(g_trac_nvdimm, "nvdimm_encrypt_enable() nvdimm[%X] encryption is enabled 0x%.02x",get_huid(l_nvdimm),l_encStatus.whole);
+
+                l_err = notifyNvdimmProtectionChange(l_nvdimm,
+                                                     ENCRYPTION_ENABLED);
+                if (l_err)
+                {
+                    errlCommit(l_err, NVDIMM_COMP_ID);
+                }
             }
         }
     }while(0);
@@ -3329,6 +3337,13 @@ bool nvdimm_crypto_erase(TargetHandleList &i_nvdimmList)
             else
             {
                 TRACFCOMP(g_trac_nvdimm,"nvdimm_crypto_erase() nvdimm[%X] erase complete 0x%.02x",get_huid(l_nvdimm),l_encStatus.whole);
+
+                l_err = notifyNvdimmProtectionChange(l_nvdimm,
+                                                     ENCRYPTION_DISABLED);
+                if (l_err)
+                {
+                    errlCommit(l_err, NVDIMM_COMP_ID);
+                }
             }
         }
     }while(0);
@@ -3403,6 +3418,8 @@ errlHndl_t notifyNvdimmProtectionChange(Target* i_target,
 
             // If we change the armed state, need to tell FSP
             bool l_armed_change = false;
+            bool l_set_encryption = false;
+            bool l_clr_encryption = false;
 
             switch (i_state)
             {
@@ -3429,6 +3446,11 @@ errlHndl_t notifyNvdimmProtectionChange(Target* i_target,
                 case NVDIMM_ENCRYPTION_ERROR:
                     l_armed_state.encryption_error_detected = 1;
                     break;
+                case ENCRYPTION_ENABLED:
+                    l_set_encryption = true;
+                    break;
+                case ENCRYPTION_DISABLED:
+                    l_clr_encryption = true;
             }
 
             // Set the attribute and send it to the FSP if needed
@@ -3447,7 +3469,7 @@ errlHndl_t notifyNvdimmProtectionChange(Target* i_target,
                 l_armed_state.occ_active &&
                 !l_armed_state.fatal_error_detected)
             {
-                l_nv_status &= NV_STATUS_UNPROTECTED_CLEAR;
+                l_nv_status &= NV_STATUS_UNPROTECTED_CLR;
             }
 
             // Set bit 0 if unprotected nv state
@@ -3456,6 +3478,18 @@ errlHndl_t notifyNvdimmProtectionChange(Target* i_target,
                 l_nv_status |= NV_STATUS_UNPROTECTED_SET;
             }
 
+            // Set bit 4 if encryption enabled
+            if (l_set_encryption)
+            {
+                l_nv_status |= NV_STATUS_ENCRYPTION_SET;
+            }
+
+            // Clear bit 4 if encryption disabled
+            if (l_clr_encryption)
+            {
+                l_nv_status &= NV_STATUS_ENCRYPTION_CLR;
+            }
+
             // Set bit 6 if risky error
             if (l_armed_state.risky_error_detected)
             {
author	Corey Swenson <cswenson@us.ibm.com>	2019-08-21 23:26:07 -0500
committer	Daniel M Crowell <dcrowell@us.ibm.com>	2019-08-27 08:54:51 -0500
commit	d8db346a16273bbf66e5b9adc1bd4fc90b2f0e54 (patch)
tree	3144a5e4492090b6ceff34d2aed645d1d1d93991 /src/usr/isteps
parent	80f6d1dc0597213782c0fcd159329f260761b27c (diff)
download	talos-hostboot-d8db346a16273bbf66e5b9adc1bd4fc90b2f0e54.tar.gz talos-hostboot-d8db346a16273bbf66e5b9adc1bd4fc90b2f0e54.zip