Refactor SecureBoot Workarounds to better control leniency

At this time we are trying to secure OpenPOWER in secure mode,
but allow best effort policies in other scenarios

Change-Id: I9ec2b5be49dbfcff678c4d30bb85f8762e448cb6
RTC: 170136
RTC: 155374
RTC: 168021
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43640
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

1 files changed, 5 insertions, 3 deletions

diff --git a/src/usr/secureboot/base/securerommgr.H b/src/usr/secureboot/base/securerommgr.H
index bf8812342..b221d2c10 100644
--- a/src/usr/secureboot/base/securerommgr.H
+++ b/src/usr/secureboot/base/securerommgr.H
@@ -97,11 +97,13 @@ class SecureRomManager
         void hashConcatBlobs (const blobPair_t &i_blobs, SHA512_t o_buf) const;
 
         /*
-         * @brief Getter for private "is valid" variable
+         * @brief Determines if best effort policy is enabled and allowed when
+         *        SecureROM is invalid.
+         *        Asserts secure rom is valid if bestEffortPolicy is false
          *
-         * @return bool - True if valid, false otherwise
+         * @return bool - True if enabled, false otherwise
          */
-        bool isValid();
+        bool secureRomValidPolicy() const;
 
         /*
          * @brief Get offset of function from the start of the SecureROM