Secure Boot: Shutdown after key transition

- Fence off istep path after istep dispatcher stops
- Automatically power off after a key transition has completed
- Added IPMI API to power off system

Change-Id: I74eaec08e86d0cbc46db6aa1674845c53bcf14d4
RTC: 174017
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43436
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>

1 files changed, 53 insertions, 16 deletions

diff --git a/src/usr/sbe/sbe_update.C b/src/usr/sbe/sbe_update.C
index 7fe922427..ee116b14a 100644
--- a/src/usr/sbe/sbe_update.C
+++ b/src/usr/sbe/sbe_update.C
@@ -54,6 +54,8 @@
 #include <sbeio/sbeioif.H>
 #include <sbe/sbereasoncodes.H>
 #include <sbe/sbe_update.H>
+#include <initservice/initsvcreasoncodes.H>
+
 #ifdef CONFIG_BMC_IPMI
 #include <ipmi/ipmisensor.H>
 #include <ipmi/ipmiwatchdog.H>
@@ -481,8 +483,10 @@ namespace SBE
             /**************************************************************/
             /*  Perform System Operation                                  */
             /**************************************************************/
-            // Restart IPL if SBE Update requires it
-            if ( l_restartNeeded == true )
+
+            // Restart IPL if SBE Update requires it or key transition occurred
+            if (   (l_restartNeeded == true)
+                || (g_do_hw_keys_hash_transition))
             {
                 TRACFCOMP( g_trac_sbe,
                            INFO_MRK"updateProcessorSbeSeeproms(): Restart "
@@ -5037,25 +5041,58 @@ errlHndl_t sbeDoReboot( void )
 #endif
 
 #ifdef CONFIG_CONSOLE
-        CONSOLE::displayf(SBE_COMP_NAME, "System Rebooting To "
-                          "Perform SBE Update\n");
-        CONSOLE::flush();
+        if(g_do_hw_keys_hash_transition)
+        {
+            CONSOLE::displayf(SBE_COMP_NAME, "Performing Secure Boot key transition\n");
+            CONSOLE::displayf(SBE_COMP_NAME, "System will power off after completion\n");
+            CONSOLE::flush();
+        }
+        else
+        {
+            CONSOLE::displayf(SBE_COMP_NAME, "System Rebooting To "
+                              "Perform SBE Update\n");
+            CONSOLE::flush();
+        }
 #endif
 
 
 #ifdef CONFIG_BMC_IPMI
-        // initate a graceful power cycle
-        TRACFCOMP( g_trac_sbe,"sbeDoReboot: "
-                   "requesting chassis power cycle");
-        INITSERVICE::requestReboot();
+        if(g_do_hw_keys_hash_transition)
+        {
+            // Initiate a graceful power off
+            TRACFCOMP(g_trac_sbe,
+                INFO_MRK"sbeDoReboot(): Performing Secure Boot key transition. "
+                "Requesting power off");
+            INITSERVICE::requestPowerOff();
+        }
+        else
+        {
+            // Initiate a graceful power cycle
+            TRACFCOMP( g_trac_sbe,"sbeDoReboot: "
+                       "requesting power cycle");
+            INITSERVICE::requestReboot();
+        }
 #else //non-IPMI
-        TRACFCOMP( g_trac_sbe,
-                   INFO_MRK"sbeDoReboot(): Calling "
-                   "INITSERVICE::doShutdown() with "
-                   "SBE_UPDATE_REQUEST_REIPL = 0x%X",
-                   SBE_UPDATE_REQUEST_REIPL );
-        // shutdown/TI hostboot
-        INITSERVICE::doShutdown(SBE_UPDATE_REQUEST_REIPL);
+        if(g_do_hw_keys_hash_transition)
+        {
+            TRACFCOMP(g_trac_sbe,
+                INFO_MRK"sbeDoReboot(): Performing Secure Boot key transition. "
+                "Calling INITSERVICE::doShutdown() with "
+                "SHUTDOWN_NOT_RECONFIG_LOOP = 0x%08X",
+                INITSERVICE::SHUTDOWN_NOT_RECONFIG_LOOP );
+            INITSERVICE::doShutdown(INITSERVICE::
+                                    SHUTDOWN_NOT_RECONFIG_LOOP);
+        }
+        else
+        {
+            TRACFCOMP( g_trac_sbe,
+                       INFO_MRK"sbeDoReboot(): Calling "
+                       "INITSERVICE::doShutdown() with "
+                       "SBE_UPDATE_REQUEST_REIPL = 0x%08X",
+                       SBE_UPDATE_REQUEST_REIPL );
+            // shutdown/TI hostboot
+            INITSERVICE::doShutdown(SBE_UPDATE_REQUEST_REIPL);
+        }
 #endif
 
     }while(0);