Secure Boot: Implement Centaur SCOM cache

This change implements a Centaur SCOM cache for sensitive SCOM registers.  The
cache is initialized and enabled before the first Centaur SCOM, and disabled
just prior to locking down the Centaur configuration.  Once the Centaur has been
locked down, the real register values are compared to the cache entries, and the
Centaur is deconfigured (not garded) on any mismatch in assumptions.

RTC: 187288
Change-Id: I7b13bfd7eb6b427aba115d6944958bf55e171008
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/57532
Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

1 files changed, 65 insertions, 1 deletions

diff --git a/src/usr/scom/scom.C b/src/usr/scom/scom.C
index ef9bdf8e6..2dcf4a3c0 100644
--- a/src/usr/scom/scom.C
+++ b/src/usr/scom/scom.C
@@ -50,6 +50,14 @@
 #include <targeting/common/utilFilter.H>
 #include <targeting/namedtarget.H>
 
+#include <config.h>
+
+#ifndef __HOSTBOOT_RUNTIME
+#ifdef CONFIG_SECUREBOOT
+#include <secureboot/service.H>
+#include <scom/centaurScomCache.H>
+#endif
+#endif
 
 // Trace definition
 trace_desc_t* g_trac_scom = NULL;
@@ -161,7 +169,6 @@ errlHndl_t scomMemBufPerformOp(DeviceFW::OperationType i_opType,
 {
     errlHndl_t l_err = NULL;
 
-
     uint64_t l_scomAddr = va_arg(i_args,uint64_t);
 
     l_err = checkIndirectAndDoScom(i_opType,
@@ -219,6 +226,39 @@ errlHndl_t checkIndirectAndDoScom(DeviceFW::OperationType i_opType,
     errlHndl_t l_err = NULL;
 
     do {
+
+#ifndef __HOSTBOOT_RUNTIME
+#ifdef CONFIG_SECUREBOOT
+    if(   (i_opType == DeviceFW::READ)
+       && (i_target != TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL)
+       && SECUREBOOT::enabled()
+       && SECUREBOOT::CENTAUR_SECURITY::ScomCache::getInstance().cacheEnabled()
+       && (i_target->getAttr<TARGETING::ATTR_TYPE>()==TARGETING::TYPE_MEMBUF))
+    {
+        bool skipScom=true;
+        uint64_t cacheData=0;
+        l_err=SECUREBOOT::CENTAUR_SECURITY::ScomCache::getInstance().
+            read(i_target,i_addr,skipScom,cacheData);
+        if(l_err)
+        {
+            TRACFCOMP(g_trac_scom, ERR_MRK
+                "checkIndirectAndDoScom: failed in call to ScomCache::read() "
+                "for HUID = 0x%08X, address = 0x%016llX",
+                TARGETING::get_huid(i_target),
+                i_addr);
+            break;
+        }
+
+        if(skipScom)
+        {
+            *reinterpret_cast<uint64_t*>(io_buffer) = cacheData;
+            io_buflen=sizeof(cacheData);
+            break;
+        }
+    }
+#endif
+#endif
+
         // Do we need to do the indirect logic or not?
         bool l_runIndirectLogic = true;
 
@@ -329,6 +369,30 @@ errlHndl_t checkIndirectAndDoScom(DeviceFW::OperationType i_opType,
 
     } while(0);
 
+#ifndef __HOSTBOOT_RUNTIME
+#ifdef CONFIG_SECUREBOOT
+    if(   !l_err
+       && (i_opType == DeviceFW::WRITE)
+       && (i_target!=TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL)
+       && SECUREBOOT::enabled()
+       && SECUREBOOT::CENTAUR_SECURITY::ScomCache::getInstance().cacheEnabled()
+       && (i_target->getAttr<TARGETING::ATTR_TYPE>()==TARGETING::TYPE_MEMBUF) )
+    {
+        l_err = SECUREBOOT::CENTAUR_SECURITY::ScomCache::getInstance().
+            write(i_target,i_addr,
+            *reinterpret_cast<uint64_t*>(io_buffer));
+        if(l_err)
+        {
+            TRACFCOMP(g_trac_scom, ERR_MRK
+                "checkIndirectAndDoScom: failed in call to ScomCache::write() "
+                "for HUID = 0x%08X, address = 0x%016llX",
+                TARGETING::get_huid(i_target),
+                i_addr);
+        }
+    }
+#endif
+#endif
+
     return l_err;
 }