diff options
| author | Mike Baiocchi <mbaiocch@us.ibm.com> | 2017-05-24 15:20:04 -0500 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-06-16 10:26:05 -0400 |
| commit | 44d178b6d050d9491e35360d5f3867e23c8ee895 (patch) | |
| tree | 42c0ef3536fdf919ec66a311099c0805cab4ba3a /src/usr/pnor | |
| parent | a7f35811ff731c443d56cee934b6b53900c99c26 (diff) | |
| download | talos-hostboot-44d178b6d050d9491e35360d5f3867e23c8ee895.tar.gz talos-hostboot-44d178b6d050d9491e35360d5f3867e23c8ee895.zip | |
Use Scratch Reg 3 Bit 7 to allow Attribute Overrides in Secure Mode
Change-Id: Ic9b220dc3480c13e1b1ac1c69a0be148ab5ea977
RTC:163094
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/41114
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Martin Gloff <mgloff@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/pnor')
| -rw-r--r-- | src/usr/pnor/pnor_common.C | 58 |
1 files changed, 54 insertions, 4 deletions
diff --git a/src/usr/pnor/pnor_common.C b/src/usr/pnor/pnor_common.C index 2eb710a16..e69c5312b 100644 --- a/src/usr/pnor/pnor_common.C +++ b/src/usr/pnor/pnor_common.C @@ -38,6 +38,14 @@ #include <secureboot/trustedbootif.H> #include <devicefw/driverif.H> +#ifndef __HOSTBOOT_RUNTIME +#include <kernel/bltohbdatamgr.H> +#else +#include <targeting/common/targetservice.H> +#include <targeting/common/target.H> +#include <util/misc.H> +#endif + // Trace definition trace_desc_t* g_trac_pnor = NULL; TRAC_INIT(&g_trac_pnor, PNOR_COMP_NAME, 4*KILOBYTE, TRACE::BUFFER_SLOW); //4K @@ -386,10 +394,52 @@ errlHndl_t PNOR::extendHash(uint64_t i_addr, bool PNOR::isInhibitedSection(const uint32_t i_section) { #ifdef CONFIG_SECUREBOOT - return (i_section == ATTR_PERM || - i_section == ATTR_TMP || - i_section == RINGOVD ) && - SECUREBOOT::enabled(); + bool retVal = false; + + if ((i_section == ATTR_PERM || + i_section == ATTR_TMP || + i_section == RINGOVD ) + && SECUREBOOT::enabled() ) + { + // Default to these sections not being allowed in secure mode + retVal = true; + + +#ifndef __HOSTBOOT_RUNTIME + // This is the scenario where a section might be inhibited so check + // global struct from bootloader for this setting + retVal = ! ( g_BlToHbDataManager.getAllowAttrOverrides() ); + + TRACFCOMP(g_trac_pnor, INFO_MRK"PNOR::isInhibitedSection: " + "Inside Attr check: retVal=0x%X, i_section=%s", + retVal, + PNOR::SectionIdToString(i_section)); + +#else + // This is the scenario where a section might be inhibited so check + // attribute to determine if these sections are allowed + if ( Util::isTargetingLoaded() ) + { + TARGETING::TargetService& tS = TARGETING::targetService(); + TARGETING::Target* sys = nullptr; + (void) tS.getTopLevelTarget( sys ); + assert(sys, "PNOR::isInhibitedSection() system target is NULL"); + + retVal = ! (sys->getAttr< + TARGETING::ATTR_ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE>()); + + TRACFCOMP(g_trac_pnor, INFO_MRK"PNOR::isInhibitedSection: " + "Inside Attr check: retVal=0x%X, attr=0x%X, i_section=%s", + retVal, + sys->getAttr< + TARGETING::ATTR_ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE>(), + PNOR::SectionIdToString(i_section)); + } +#endif + + } + + return retVal; #else return false; #endif |
