Add Security Settings User Details to Error Logs

Change-Id: Ife4a19ea7f94670143b701f740c80f991f924601
RTC:165693
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/41904
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

4 files changed, 158 insertions, 0 deletions

diff --git a/src/usr/secureboot/common/errlud_secure.C b/src/usr/secureboot/common/errlud_secure.C
index 660038b8e..1af61daba 100644
--- a/src/usr/secureboot/common/errlud_secure.C
+++ b/src/usr/secureboot/common/errlud_secure.C
@@ -30,6 +30,7 @@
 #include <secureboot/service.H>
 #include <secureboot/secure_reasoncodes.H>
 #include "errlud_secure.H"
+#include <kernel/bltohbdatamgr.H>
 
 namespace SECUREBOOT
 {
@@ -121,5 +122,47 @@ UdTargetHwKeyHash::~UdTargetHwKeyHash()
 
 }
 
+//------------------------------------------------------------------------------
+//  SECURE Security Settings User Details
+//------------------------------------------------------------------------------
+UdSecuritySettings::UdSecuritySettings()
+{
+    // Set up Ud instance variables
+    iv_CompId = SECURE_COMP_ID;
+    iv_Version = SECURE_UDT_VERSION_1;
+    iv_SubSection = SECURE_UDT_SECURITY_SETTINGS;
+
+    char * l_pBuf = reinterpret_cast<char *>(reallocUsrBuf(
+                                                        sizeof(detailsLayout)));
+
+    detailsLayout * l_pDetailsLayout = reinterpret_cast<detailsLayout *>(l_pBuf);
+
+    //***** Version SECURE_UDT_VERSION_1 Memory Layout *****
+    // 1 byte   : Secure Access Bit
+    // 1 byte   : Security Override
+    // 1 byte   : Allow Attribute Overrides
+
+    l_pDetailsLayout->secAccessBit = 0xFF;
+    l_pDetailsLayout->secOverride = 0xFF;
+    l_pDetailsLayout->allowAttrOverride = 0xFF;
+
+#ifndef __HOSTBOOT_RUNTIME
+    // Only check BlToHbData if it is valid, otherwise fields defaulted to 0xFF
+    if (g_BlToHbDataManager.isValid())
+    {
+        l_pDetailsLayout->secAccessBit = g_BlToHbDataManager.getSecureAccessBit();
+        l_pDetailsLayout->secOverride = g_BlToHbDataManager.getSecurityOverride();
+        l_pDetailsLayout->allowAttrOverride = g_BlToHbDataManager.getAllowAttrOverrides();
+    }
+#endif
+
+}
+
+//------------------------------------------------------------------------------
+UdSecuritySettings::~UdSecuritySettings()
+{
+
+}
+
 } // end SECUREBOOT namespace
 
diff --git a/src/usr/secureboot/common/errlud_secure.H b/src/usr/secureboot/common/errlud_secure.H
index a3247597b..dddc479eb 100644
--- a/src/usr/secureboot/common/errlud_secure.H
+++ b/src/usr/secureboot/common/errlud_secure.H
@@ -125,6 +125,54 @@ class UdTargetHwKeyHash : public ERRORLOG::ErrlUserDetails
     UdTargetHwKeyHash& operator = (UdTargetHwKeyHash&&) = delete;
 };
 
+/**
+ * @class UdSecuritySettings
+ *
+ * Adds Security Settings to an error log as user detail data
+ */
+class UdSecuritySettings : public ERRORLOG::ErrlUserDetails
+{
+  public:
+    /**
+     *  @brief Constructor
+     */
+    UdSecuritySettings();
+
+    /**
+     *  @brief Destructor
+     */
+    virtual ~UdSecuritySettings();
+
+    /**
+     * Delete Copy Constructor
+     */
+    UdSecuritySettings(const UdSecuritySettings&) = delete;
+
+    /**
+     * Delete Copy Assignment
+     */
+    UdSecuritySettings& operator= (const UdSecuritySettings&) = delete;
+
+    /**
+     * Delete Move Constructor
+     */
+    UdSecuritySettings (UdSecuritySettings&&) = delete;
+
+    /**
+     * Delete Move Assignment
+     */
+    UdSecuritySettings& operator = (UdSecuritySettings&&) = delete;
+
+    private:
+        // Errl User Details layout
+        struct detailsLayout
+        {
+            uint8_t secAccessBit;
+            uint8_t secOverride;
+            uint8_t allowAttrOverride;
+        };
+
+};
 
 } // end SECUREBOOT namespace
 
diff --git a/src/usr/secureboot/common/plugins/errludP_secure.H b/src/usr/secureboot/common/plugins/errludP_secure.H
index 02305a4c1..39a8126d6 100644
--- a/src/usr/secureboot/common/plugins/errludP_secure.H
+++ b/src/usr/secureboot/common/plugins/errludP_secure.H
@@ -165,6 +165,70 @@ private:
     UdParserTargetHwKeyHash & operator=(const UdParserTargetHwKeyHash&);
 };
 
+/**
+ * @class UdParserSecuritySettings
+ *
+ * Parses UdSecuritySettings
+ */
+class UdParserSecuritySettings : public ERRORLOG::ErrlUserDetailsParser
+{
+  public:
+    /**
+     *  @brief Constructor
+     */
+    UdParserSecuritySettings() {}
+
+    /**
+     *  @brief Destructor
+     */
+    virtual ~UdParserSecuritySettings() {}
+
+    /**
+     *  @brief Parses string user detail data from an error log
+     *
+     *  @param  i_version Version of the data
+     *  @param  i_parse   ErrlUsrParser object for outputting information
+     *  @param  i_pBuffer Pointer to buffer containing detail data
+     *  @param  i_buflen  Length of the buffer
+     */
+    virtual void parse(errlver_t i_version,
+                       ErrlUsrParser & i_parser,
+                       void * i_pBuffer,
+                       const uint32_t i_buflen) const
+    {
+        //***** Version 1 Memory Layout *****
+        // 1 byte   : Secure Access Bit
+        // 1 byte   : Security Override
+        // 1 byte   : Allow Attribute Overrides
+
+        detailsLayout* l_databuf = static_cast<detailsLayout*>(i_pBuffer);
+
+        i_parser.PrintHeading("Security Settings");
+        if (i_version >= 1)
+        {
+            i_parser.PrintNumber("Secure Access Bit","0x%.2X",
+                                 l_databuf->secAccessBit);
+            i_parser.PrintNumber("Security Override","0x%.2X",
+                                 l_databuf->secOverride);
+            i_parser.PrintNumber("Allow Attribute Overrides","0x%.2X",
+                                 l_databuf->allowAttrOverride);
+        }
+    }
+
+  private:
+    // Disabled
+    UdParserSecuritySettings(const UdParserSecuritySettings&);
+    UdParserSecuritySettings & operator=(const UdParserSecuritySettings&);
+
+    // Errl User Details layout
+    struct detailsLayout
+    {
+        uint8_t secAccessBit;
+        uint8_t secOverride;
+        uint8_t allowAttrOverride;
+    };
+};
+
 
 
 } // end SECUREBOOT namespace
diff --git a/src/usr/secureboot/common/plugins/secureUdParserFactory.H b/src/usr/secureboot/common/plugins/secureUdParserFactory.H
index e3ab91d48..5b6d540fa 100644
--- a/src/usr/secureboot/common/plugins/secureUdParserFactory.H
+++ b/src/usr/secureboot/common/plugins/secureUdParserFactory.H
@@ -41,6 +41,9 @@ namespace SECUREBOOT
 
                 registerParser<SECUREBOOT::UdParserTargetHwKeyHash>
                   (SECURE_UDT_TARGET_HW_KEY_HASH);
+
+                registerParser<SECUREBOOT::UdParserSecuritySettings>
+                  (SECURE_UDT_SECURITY_SETTINGS);
             }
 
         private: