diff options
| author | Jaymes Wilks <mjwilks@us.ibm.com> | 2016-11-08 10:58:25 -0600 |
|---|---|---|
| committer | William G. Hoffa <wghoffa@us.ibm.com> | 2017-01-05 14:00:52 -0500 |
| commit | fd1dc5a2c009d61145e2bb96865cf5de47674fb4 (patch) | |
| tree | b418fb811189020bb509a566fec40c660b04452d /src/usr/secureboot/base/settings.C | |
| parent | 82af686f8456f594ae17409f1e1e70fc55485cd8 (diff) | |
| download | talos-hostboot-fd1dc5a2c009d61145e2bb96865cf5de47674fb4.tar.gz talos-hostboot-fd1dc5a2c009d61145e2bb96865cf5de47674fb4.zip | |
port p8 secureboot settings code to p9
Update the p9 branch to handle the secure settings states as per p8
code but with the new updated p9 constant values. Remove caching of
register values.
Change-Id: I0a29ce0103a8f9b60b421a4bb625f12adcd916f8
RTC:161916
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/32490
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot/base/settings.C')
| -rw-r--r-- | src/usr/secureboot/base/settings.C | 66 |
1 files changed, 47 insertions, 19 deletions
diff --git a/src/usr/secureboot/base/settings.C b/src/usr/secureboot/base/settings.C index 8caa6708c..9f4377178 100644 --- a/src/usr/secureboot/base/settings.C +++ b/src/usr/secureboot/base/settings.C @@ -23,42 +23,70 @@ /* */ /* IBM_PROLOG_END_TAG */ #include <errl/errlentry.H> +#include <errl/errlmanager.H> #include <devicefw/userif.H> - +#include <secureboot/service.H> #include "settings.H" // SECUREBOOT : General driver traces -trace_desc_t* g_trac_secure = NULL; -TRAC_INIT(&g_trac_secure, SECURE_COMP_NAME, KILOBYTE); //1K - +#include "../common/securetrace.H" namespace SECUREBOOT { - const uint64_t Settings::SECURITY_SWITCH_REGISTER = 0x00010005; - const uint64_t - Settings::SECURITY_SWITCH_TRUSTED_BOOT = 0x4000000000000000ull; + using namespace TARGETING; void Settings::_init() { - errlHndl_t l_errl = NULL; - size_t size = sizeof(iv_regValue); + // cache only the enabled flag + iv_enabled = (0 != (getSecuritySwitch() & + static_cast<uint64_t>(ProcSecurity::SabBit))); + } - // Read / cache security switch setting from processor. - l_errl = deviceRead(TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL, - &iv_regValue, size, - DEVICE_SCOM_ADDRESS(SECURITY_SWITCH_REGISTER)); + bool Settings::getEnabled() const + { + return iv_enabled; + } - // If this errors, we're in bad shape and shouldn't trust anything. - assert(NULL == l_errl); + bool Settings::getJumperState() const + { + auto l_regValue = readSecurityRegister( + static_cast<uint64_t>(ProcCbsControl::StatusRegister)); + + return 0 != (l_regValue & + static_cast<uint64_t>(ProcCbsControl::JumperStateBit)); } - bool Settings::getEnabled() + uint64_t Settings::getSecuritySwitch() const { - return 0 != (iv_regValue & SECURITY_SWITCH_TRUSTED_BOOT); + return readSecurityRegister( + static_cast<uint64_t>(ProcSecurity::SwitchRegister)); } - uint64_t Settings::getSecuritySwitch() + uint64_t Settings::readSecurityRegister(const uint64_t i_scomAddress) const { - return iv_regValue; + errlHndl_t l_errl = nullptr; + uint64_t l_regValue = 0; + size_t size = sizeof(l_regValue); + + // Read secure register setting from processor. + l_errl = deviceRead(MASTER_PROCESSOR_CHIP_TARGET_SENTINEL, + &l_regValue, size, + DEVICE_SCOM_ADDRESS(i_scomAddress)); + + if (nullptr != l_errl) + { + errlCommit(l_errl, SECURE_COMP_ID); + // This assert is needed because the deviceRead returns an + // informational error log so the system would otherwise not be + // halted. + assert(false,"SECUREBOOT::Settings::readSecurityRegister() Unable" + " to read security register"); + } + assert(size == sizeof(l_regValue), + "size returned from device read is not the expected size of %i", + sizeof(l_regValue)); + + return l_regValue; } + } |
