Refactor SecureBoot Workarounds to better control leniency

At this time we are trying to secure OpenPOWER in secure mode,
but allow best effort policies in other scenarios

Change-Id: I9ec2b5be49dbfcff678c4d30bb85f8762e448cb6
RTC: 170136
RTC: 155374
RTC: 168021
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43640
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

1 files changed, 32 insertions, 12 deletions

diff --git a/src/usr/pnor/spnorrp.C b/src/usr/pnor/spnorrp.C
index d6dd6fefb..0b298afeb 100644
--- a/src/usr/pnor/spnorrp.C
+++ b/src/usr/pnor/spnorrp.C
@@ -284,18 +284,38 @@ uint64_t SPnorRP::verifySections(SectionId i_id, LoadRecord* o_rec)
 
         if (!l_info.secure)
         {
-#ifdef CONFIG_SECUREBOOT_BEST_EFFORT
-            TRACFCOMP(g_trac_pnor,"PNOR::verifySections> called on unsecured section - Best effort policy skipping");
-            break;
-#else
-            TRACFCOMP(g_trac_pnor,ERR_MRK"PNOR::verifySections> called on "
-                "unsecured section");
-
-            // TODO securebootp9 revisit this assert code and replace with error log
-            // code if it is deemed that this assert could happen in the field
-            assert(false,"PNOR::loadSection> section %i is not a secure section",
-                                                                    i_id);
-#endif
+            if(SECUREBOOT::bestEffortPolicy())
+            {
+                TRACFCOMP(g_trac_pnor,"PNOR::verifySections> called on unsecured section - Best effort policy skipping");
+                break;
+            }
+            else
+            {
+                TRACFCOMP(g_trac_pnor,ERR_MRK"PNOR::verifySections> called on "
+                    "unsecured section");
+
+                /*@
+                 * @errortype
+                 * @severity     ERRL_SEV_CRITICAL_SYS_TERM
+                 * @moduleid     PNOR::MOD_SPNORRP_VERIFYSECTIONS
+                 * @reasoncode   PNOR::RC_UNSIGNED_PNOR_SECTION
+                 * @userdata1    PNOR section requested to verify
+                 * @userdata2    0
+                 * @devdesc      Cannot verify unsigned PNOR section
+                 * @custdesc     Security failure: unable to securely load
+                 *               requested firmware.
+                 */
+                l_errhdl = new ERRORLOG::ErrlEntry(
+                                       ERRORLOG::ERRL_SEV_CRITICAL_SYS_TERM,
+                                       PNOR::MOD_SPNORRP_VERIFYSECTIONS,
+                                       PNOR::RC_UNSIGNED_PNOR_SECTION,
+                                       TO_UINT64(i_id),
+                                       0,
+                                       true /*Add HB SW Callout*/);
+                l_errhdl->collectTrace(PNOR_COMP_NAME);
+                l_errhdl->collectTrace(SECURE_COMP_NAME);
+                break;
+            }
         }
 
         l_info.vaddr -= PAGESIZE; // back up a page to expose the secure header