Move HOMER BAR to Secure Memory in SMF Mode

This commits enables HOMER BAR to point to the top
of the secure memory on SMF-enabled systems. Consequently,
the HOMER image and hostboot reserved memory will
be moved to the secure memory if SMF is enabled.

Change-Id: I37c7527b06688a41e57f14b4107ff53a507ffae8
RTC: 198825
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/66702
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

4 files changed, 145 insertions, 1 deletions

diff --git a/src/usr/secureboot/common/common.mk b/src/usr/secureboot/common/common.mk
index 06f7a0bae..e077bbf05 100644
--- a/src/usr/secureboot/common/common.mk
+++ b/src/usr/secureboot/common/common.mk
@@ -5,7 +5,7 @@
 #
 # OpenPOWER HostBoot Project
 #
-# Contributors Listed Below - COPYRIGHT 2016,2017
+# Contributors Listed Below - COPYRIGHT 2016,2018
 # [+] International Business Machines Corp.
 #
 #
@@ -27,3 +27,4 @@ SECUREBOOT_COMMON_OBJS += securetrace.o
 SECUREBOOT_COMMON_OBJS += errlud_secure.o
 SECUREBOOT_COMMON_OBJS += containerheader.o
 
+
diff --git a/src/usr/secureboot/makefile b/src/usr/secureboot/makefile
index c9a6a91b8..eacbf9354 100644
--- a/src/usr/secureboot/makefile
+++ b/src/usr/secureboot/makefile
@@ -29,5 +29,6 @@ SUBDIRS += ext.d
 SUBDIRS += trusted.d
 SUBDIRS += runtime.d
 SUBDIRS += node_comm.d
+SUBDIRS += smf.d
 
 include ${ROOTPATH}/config.mk
diff --git a/src/usr/secureboot/smf/makefile b/src/usr/secureboot/smf/makefile
new file mode 100644
index 000000000..14b7203fb
--- /dev/null
+++ b/src/usr/secureboot/smf/makefile
@@ -0,0 +1,32 @@
+# IBM_PROLOG_BEGIN_TAG
+# This is an automatically generated prolog.
+#
+# $Source: src/usr/secureboot/smf/makefile $
+#
+# OpenPOWER HostBoot Project
+#
+# Contributors Listed Below - COPYRIGHT 2018
+# [+] International Business Machines Corp.
+#
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+#
+# IBM_PROLOG_END_TAG
+ROOTPATH = ../../../..
+
+MODULE = smf
+
+OBJS += smf_utils.o
+
+include ${ROOTPATH}/config.mk
+
diff --git a/src/usr/secureboot/smf/smf_utils.C b/src/usr/secureboot/smf/smf_utils.C
new file mode 100644
index 000000000..e8bca1fff
--- /dev/null
+++ b/src/usr/secureboot/smf/smf_utils.C
@@ -0,0 +1,110 @@
+/* IBM_PROLOG_BEGIN_TAG                                                   */
+/* This is an automatically generated prolog.                             */
+/*                                                                        */
+/* $Source: src/usr/secureboot/smf/smf_utils.C $                          */
+/*                                                                        */
+/* OpenPOWER HostBoot Project                                             */
+/*                                                                        */
+/* Contributors Listed Below - COPYRIGHT 2018                             */
+/* [+] International Business Machines Corp.                              */
+/*                                                                        */
+/*                                                                        */
+/* Licensed under the Apache License, Version 2.0 (the "License");        */
+/* you may not use this file except in compliance with the License.       */
+/* You may obtain a copy of the License at                                */
+/*                                                                        */
+/*     http://www.apache.org/licenses/LICENSE-2.0                         */
+/*                                                                        */
+/* Unless required by applicable law or agreed to in writing, software    */
+/* distributed under the License is distributed on an "AS IS" BASIS,      */
+/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or        */
+/* implied. See the License for the specific language governing           */
+/* permissions and limitations under the License.                         */
+/*                                                                        */
+/* IBM_PROLOG_END_TAG                                                     */
+#include <secureboot/smf_utils.H>
+#include <targeting/common/target.H>
+#include <targeting/common/targetservice.H>
+#include <targeting/targplatutil.H>
+#include <secureboot/secure_reasoncodes.H>
+#include <assert.h>
+#include <limits.h>
+
+namespace SECUREBOOT
+{
+
+namespace SMF
+{
+
+const uint64_t MIN_SMF_MEMORY_AMT = 256 * MEGABYTE;
+
+bool isSmfEnabled()
+{
+    uint8_t l_smfEnabled = true;
+
+    TARGETING::Target* l_sys = nullptr;
+    TARGETING::targetService().getTopLevelTarget(l_sys);
+    crit_assert(l_sys != nullptr);
+    l_smfEnabled = l_sys->getAttr<TARGETING::ATTR_SMF_ENABLED>();
+    return l_smfEnabled;
+}
+
+errlHndl_t checkRiskLevelForSmf()
+{
+    errlHndl_t l_errl = nullptr;
+
+    do {
+
+    TARGETING::Target* l_sys = nullptr;
+    TARGETING::targetService().getTopLevelTarget(l_sys);
+    crit_assert(l_sys);
+    auto l_riskLevel = l_sys->getAttr<TARGETING::ATTR_RISK_LEVEL>();
+
+    TARGETING::Target* l_pMasterProc = nullptr;
+    l_errl = TARGETING::targetService()
+                                .queryMasterProcChipTargetHandle(l_pMasterProc);
+    if(l_errl)
+    {
+        break;
+    }
+
+    auto l_masterProcModel = l_pMasterProc->getAttr<TARGETING::ATTR_MODEL>();
+
+    // SMF is enabled by default on Axone, so need to check the risk level
+    // only on P9C/P9N.
+    // WARNING: If more risk levels are added in the future that don't
+    // support SMF, the below check needs to be altered accordingly.
+    if(l_riskLevel <TARGETING::UTIL::P9N23_P9C13_NATIVE_SMF_RUGBY_FAVOR_SECURITY
+       && (
+            (l_masterProcModel == TARGETING::MODEL_CUMULUS) ||
+            (l_masterProcModel == TARGETING::MODEL_NIMBUS)
+          )
+      )
+    {
+        /*@
+        * @errortype
+        * @reasoncode  SECUREBOOT::RC_RISK_LEVEL_TOO_LOW
+        * @severity    ERRORLOG::ERRL_SEV_UNRECOVERABLE
+        * @moduleid    SECUREBOOT::MOD_CHECK_RISK_LEVEL_FOR_SMF
+        * @userdata1   Current risk level of the system
+        * @userdata2   Minimum risk level required
+        * @devdesc     SMF is enabled on the system of incorrect risk level
+        * @custdesc    A problem occurred during the IPL of the system.
+        */
+        l_errl = new ERRORLOG::ErrlEntry(ERRORLOG::ERRL_SEV_UNRECOVERABLE,
+                                       SECUREBOOT::MOD_CHECK_RISK_LEVEL_FOR_SMF,
+                                       SECUREBOOT::RC_RISK_LEVEL_TOO_LOW,
+                                       l_riskLevel,
+                                       TARGETING::UTIL::P9N23_P9C13_NATIVE_SMF_RUGBY_FAVOR_SECURITY,
+                                       ERRORLOG::ErrlEntry::ADD_SW_CALLOUT);
+        break;
+    }
+
+    } while(0);
+
+    return l_errl;
+}
+
+} // namespace SMF
+
+} // namespace SECUREBOOT