diff options
| author | Nick Bofferding <bofferdn@us.ibm.com> | 2017-12-13 10:16:03 -0600 |
|---|---|---|
| committer | William G. Hoffa <wghoffa@us.ibm.com> | 2017-12-15 16:20:46 -0500 |
| commit | bd1519429ab3594d7808d2bd3d0d2aa824c3e062 (patch) | |
| tree | b03c77b4ada76655a553744a8ed6de77b680f0b0 /src/usr/pnor | |
| parent | 83243d5bbb3db4a79441824d5a4b4a250554f841 (diff) | |
| download | talos-hostboot-bd1519429ab3594d7808d2bd3d0d2aa824c3e062.tar.gz talos-hostboot-bd1519429ab3594d7808d2bd3d0d2aa824c3e062.zip | |
Secure Boot: RAS Reviews: Fix load handler logging
- Link secure load message fail log to PLID of real verification error
- Increase severity of verification fail
- Fixed formatting of secure load error log to be parseable
Change-Id: I15cd9cb86c15d2ee112f6c606ff1bc9eaa9f453b
RTC: 181899
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/50866
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Diffstat (limited to 'src/usr/pnor')
| -rw-r--r-- | src/usr/pnor/spnorrp.C | 41 | ||||
| -rw-r--r-- | src/usr/pnor/spnorrp.H | 11 |
2 files changed, 43 insertions, 9 deletions
diff --git a/src/usr/pnor/spnorrp.C b/src/usr/pnor/spnorrp.C index f5fc25b3d..90c53d712 100644 --- a/src/usr/pnor/spnorrp.C +++ b/src/usr/pnor/spnorrp.C @@ -303,8 +303,10 @@ void SPnorRP::initDaemon() */ uint64_t SPnorRP::verifySections(SectionId i_id, bool i_loadedPreviously, - LoadRecord* io_rec) + LoadRecord* io_rec, + uint32_t& o_plid) { + o_plid=0; SectionInfo_t l_info; errlHndl_t l_errhdl = NULL; bool failedVerify = false; @@ -616,6 +618,7 @@ uint64_t SPnorRP::verifySections(SectionId i_id, errlCommit(l_errhdl,PNOR_COMP_ID); INITSERVICE::doShutdown(l_errPlid, true); } + o_plid=l_errPlid; } return l_rc; @@ -648,6 +651,8 @@ void SPnorRP::waitForMessage() message = msg_wait( iv_msgQ ); if( message ) { + uint32_t plid=0; + // data[0] = virtual address requested // data[1] = address to place contents eff_addr = reinterpret_cast<uint8_t*>(message->data[0]); @@ -771,9 +776,11 @@ void SPnorRP::waitForMessage() TRACDCOMP(g_trac_pnor, "SPnorRP::waitForMessage> MSG_LOAD_SECTION refCount is %i",l_record->refCount); if (l_record->refCount == 0) { + uint32_t loadPlid=0; l_rc = verifySections(l_id, l_loadedPreviously, - l_record); + l_record, + loadPlid); if (l_rc) { if(!l_loadedPreviously) @@ -782,6 +789,11 @@ void SPnorRP::waitForMessage() l_record = nullptr; } status_rc = -l_rc; + + // Tunnel the PLID of the verify error to + // the caller + plid=loadPlid; + break; } } @@ -1036,7 +1048,7 @@ void SPnorRP::waitForMessage() * extra_data = Specific reason code. */ message->data[1] = status_rc; - message->extra_data = 0; + message->extra_data = reinterpret_cast<void*>(plid); rc = msg_respond( iv_msgQ, message ); if( rc ) { @@ -1094,16 +1106,17 @@ errlHndl_t loadUnloadSecureSection(const SectionId i_section, TRACFCOMP(g_trac_pnor,ERR_MRK"PNOR::loadUnloadSecureSection> Error from msg_sendrecv or msg->data[1] rc=%d", l_rc ); - /* @errorlog + /*@ + * @errortype * @severity ERRL_SEV_CRITICAL_SYS_TERM * @moduleid MOD_PNORRP_LOADUNLOADSECURESECTION * @reasoncode RC_EXTERNAL_ERROR * @userdata1 returncode from msg_sendrecv() or msg->data[1] * @userdata2[0:31] SPNOR message type [LOAD | UNLOAD] * @userdata2[32:63] Section ID - * @devdesc Could not load/unload section. - * @custdesc Security failure: unable to securely load - * requested firmware. + * @devdesc Secure Boot: Failed to securely load or unload + * signed boot firmware. + * @custdesc Failure in security subsystem */ err = new ERRORLOG::ErrlEntry( ERRORLOG::ERRL_SEV_CRITICAL_SYS_TERM, @@ -1113,6 +1126,20 @@ errlHndl_t loadUnloadSecureSection(const SectionId i_section, TWO_UINT32_TO_UINT64(i_loadUnload, i_section), true /* Add HB Software Callout */); + + // On a failure of load secure section, link the load error to this + // error by PLID, if available + if( (i_loadUnload == PNOR::MSG_LOAD_SECTION) + && (rc==0) + && (msg->data[1]!=0) + && (msg->extra_data != nullptr)) + { + // extra_data is 64 bits, PLID occupies lower 32 bits, so slice off + // the upper bits + const uint32_t plid=reinterpret_cast<uint64_t>(msg->extra_data); + err->plid(plid); + } + err->collectTrace(PNOR_COMP_NAME); err->collectTrace(SECURE_COMP_NAME); } diff --git a/src/usr/pnor/spnorrp.H b/src/usr/pnor/spnorrp.H index 878d69625..1734c96f8 100644 --- a/src/usr/pnor/spnorrp.H +++ b/src/usr/pnor/spnorrp.H @@ -145,11 +145,18 @@ class SPnorRP * @param[in/out] io_rec - Load record to store section information in * io_rec->payloadTextHash is used for comparision if * i_loadedPreviusly is true. - * @return uint64_t - Return code to pass back to message handler + * @param[out] o_plid - On function failure (return code is non-zero), + * PLID of the related error that was committed internally, + * otherwise 0. + * @return uint64_t - Return code to pass back to message handler. If a + * non-0 return code is returned, that implies the + * function also committed an error and returned a non-0 + * PLID in o_plid */ uint64_t verifySections(PNOR::SectionId i_id, bool i_loadedPreviously, - LoadRecord* io_rec); + LoadRecord* io_rec, + uint32_t& o_plid); /** * @brief Message receiver for secure space |
