Support setting security mode based on SBE key indicator bit

Change-Id: I9db3857b73116db5761b55eb3aa6ec7e47dd4c3d
RTC: 170650
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/39515
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

2 files changed, 81 insertions, 2 deletions

diff --git a/src/usr/pnor/spnorrp.C b/src/usr/pnor/spnorrp.C
index cd59cf26d..496ebabe9 100644
--- a/src/usr/pnor/spnorrp.C
+++ b/src/usr/pnor/spnorrp.C
@@ -386,6 +386,15 @@ uint64_t SPnorRP::verifySections(SectionId i_id, LoadRecord* o_rec)
             }
         }
 
+        l_errhdl = processFwKeyIndicators(l_conHdr,i_id);
+        if(l_errhdl)
+        {
+            TRACFCOMP(g_trac_pnor, ERR_MRK "SPnorrRP::verifySections: Failed "
+                "in call to processFwKeyIndicators().  PNOR section = %s.",
+                PNOR::SectionIdToString(i_id));
+            break;
+        }
+
         // verification succeeded
 
         // parse container header now that it is verified
@@ -766,6 +775,36 @@ errlHndl_t PNOR::unloadSecureSection(const SectionId i_section)
     return pError;
 }
 
+void SPnorRP::processLabOverride(
+    const sb_flags_t& i_flags) const
+{
+    TARGETING::Target* pSys = nullptr;
+    TARGETING::targetService().getTopLevelTarget(pSys);
+    assert(pSys != nullptr,"System target was nullptr.");
+    // ATTR_SECURITY_MODE attribute values are inverted with respect to the lab
+    // override flag for the same logical meaning
+    TARGETING::ATTR_SECURITY_MODE_type securityMode =
+        !(i_flags.hw_lab_override);
+    pSys->setAttr<TARGETING::ATTR_SECURITY_MODE>(securityMode);
+    TRACFCOMP(g_trac_pnor,INFO_MRK "Set lab security override policy to %s.",
+        securityMode ? "*NO* override" : "override if requested");
+}
+
+errlHndl_t SPnorRP::processFwKeyIndicators(
+    const SECUREBOOT::ContainerHeader& i_header,
+    const PNOR::SectionId              i_sectionId) const
+{
+    errlHndl_t pError = nullptr;
+
+    if(i_sectionId == PNOR::SBE_IPL)
+    {
+        auto const * const headerFlags = i_header.sb_flags();
+        processLabOverride(*headerFlags);
+    }
+
+    return pError;
+}
+
 errlHndl_t SPnorRP::miscSectionVerification(const uint8_t *i_vaddr,
                                             SectionId i_secId) const
 {
@@ -908,4 +947,4 @@ errlHndl_t SPnorRP::keyTransitionCheck(const uint8_t *i_vaddr) const
     }while(0);
 
     return l_errl;
-}
\ No newline at end of file
+}
diff --git a/src/usr/pnor/spnorrp.H b/src/usr/pnor/spnorrp.H
index 3ec527f37..34a6a8aab 100644
--- a/src/usr/pnor/spnorrp.H
+++ b/src/usr/pnor/spnorrp.H
@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2011,2016                        */
+/* Contributors Listed Below - COPYRIGHT 2011,2017                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -34,6 +34,12 @@
 #include "pnor_common.H"
 #include "ffs.h"
 #include <config.h>
+#include <securerom/ROM.H>
+
+namespace SECUREBOOT
+{
+    class ContainerHeader;
+}
 
 /**
  * Secure PNOR Resource Provider
@@ -186,5 +192,39 @@ class SPnorRP
      * @return  errlHndl_t - NULL if success, errlHndl_t otherwise.
      */
     errlHndl_t keyTransitionCheck(const uint8_t *i_vaddr) const;
+
+    /**
+     *  @brief Apply lab override policy to the attribute model
+     *
+     *  @par Detailed Description:
+     *      Reads the lab override flag from the input flag set, inverts it, and
+     *      writes it to the ATTR_SECURITY_MODE attribute.  Later, SBE update
+     *      will customize that attribute into the SBEs.  If the policy is set
+     *      (attribute clear), the SBE will watch mailbox scratch register 3 bit
+     *      6 to be set.  In that case, SBE will disable security for the
+     *      processor, otherwise (policy clear/attribute set) it will not change
+     *      the security settings.
+     *
+     *  @param[in] i_flags Various flags read from the secure header
+     */
+    void processLabOverride(
+        const sb_flags_t& i_flags) const;
+
+    /**
+     *  @brief Apply firmware key indicator policies for the given section
+     *
+     *  @par Detailed Description:
+     *      Reads the HW/SW policy flags from the given section's container
+     *      header and applies any applicable policies.
+     *
+     *  @param[in] i_header Reference to requested section's container header
+     *  @param[in] i_sectionId Section's ID
+     *
+     *  @return errlHndl_t Error log handle; nullptr if success, pointer to
+     *      valid error log otherwise.
+     */
+    errlHndl_t processFwKeyIndicators(
+        const SECUREBOOT::ContainerHeader& i_header,
+        const PNOR::SectionId              i_sectionId) const;
 };
 #endif