diff options
author | Ilya Smirnov <ismirno@us.ibm.com> | 2018-09-26 10:35:24 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2018-11-13 13:23:59 -0600 |
commit | 1aae1ba2930ceb5d72b9855c8003c1d8371c0791 (patch) | |
tree | 4da3ed64fb3558db00e68b659c9bfdde79d26258 /src/usr/secureboot | |
parent | de9ec8dc9ca52d350d02c0862409fba939692c1e (diff) | |
download | talos-hostboot-1aae1ba2930ceb5d72b9855c8003c1d8371c0791.tar.gz talos-hostboot-1aae1ba2930ceb5d72b9855c8003c1d8371c0791.zip |
Move HOMER BAR to Secure Memory in SMF Mode
This commits enables HOMER BAR to point to the top
of the secure memory on SMF-enabled systems. Consequently,
the HOMER image and hostboot reserved memory will
be moved to the secure memory if SMF is enabled.
Change-Id: I37c7527b06688a41e57f14b4107ff53a507ffae8
RTC: 198825
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/66702
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot')
-rw-r--r-- | src/usr/secureboot/common/common.mk | 3 | ||||
-rw-r--r-- | src/usr/secureboot/makefile | 1 | ||||
-rw-r--r-- | src/usr/secureboot/smf/makefile | 32 | ||||
-rw-r--r-- | src/usr/secureboot/smf/smf_utils.C | 110 |
4 files changed, 145 insertions, 1 deletions
diff --git a/src/usr/secureboot/common/common.mk b/src/usr/secureboot/common/common.mk index 06f7a0bae..e077bbf05 100644 --- a/src/usr/secureboot/common/common.mk +++ b/src/usr/secureboot/common/common.mk @@ -5,7 +5,7 @@ # # OpenPOWER HostBoot Project # -# Contributors Listed Below - COPYRIGHT 2016,2017 +# Contributors Listed Below - COPYRIGHT 2016,2018 # [+] International Business Machines Corp. # # @@ -27,3 +27,4 @@ SECUREBOOT_COMMON_OBJS += securetrace.o SECUREBOOT_COMMON_OBJS += errlud_secure.o SECUREBOOT_COMMON_OBJS += containerheader.o + diff --git a/src/usr/secureboot/makefile b/src/usr/secureboot/makefile index c9a6a91b8..eacbf9354 100644 --- a/src/usr/secureboot/makefile +++ b/src/usr/secureboot/makefile @@ -29,5 +29,6 @@ SUBDIRS += ext.d SUBDIRS += trusted.d SUBDIRS += runtime.d SUBDIRS += node_comm.d +SUBDIRS += smf.d include ${ROOTPATH}/config.mk diff --git a/src/usr/secureboot/smf/makefile b/src/usr/secureboot/smf/makefile new file mode 100644 index 000000000..14b7203fb --- /dev/null +++ b/src/usr/secureboot/smf/makefile @@ -0,0 +1,32 @@ +# IBM_PROLOG_BEGIN_TAG +# This is an automatically generated prolog. +# +# $Source: src/usr/secureboot/smf/makefile $ +# +# OpenPOWER HostBoot Project +# +# Contributors Listed Below - COPYRIGHT 2018 +# [+] International Business Machines Corp. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. +# +# IBM_PROLOG_END_TAG +ROOTPATH = ../../../.. + +MODULE = smf + +OBJS += smf_utils.o + +include ${ROOTPATH}/config.mk + diff --git a/src/usr/secureboot/smf/smf_utils.C b/src/usr/secureboot/smf/smf_utils.C new file mode 100644 index 000000000..e8bca1fff --- /dev/null +++ b/src/usr/secureboot/smf/smf_utils.C @@ -0,0 +1,110 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/usr/secureboot/smf/smf_utils.C $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2018 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ +#include <secureboot/smf_utils.H> +#include <targeting/common/target.H> +#include <targeting/common/targetservice.H> +#include <targeting/targplatutil.H> +#include <secureboot/secure_reasoncodes.H> +#include <assert.h> +#include <limits.h> + +namespace SECUREBOOT +{ + +namespace SMF +{ + +const uint64_t MIN_SMF_MEMORY_AMT = 256 * MEGABYTE; + +bool isSmfEnabled() +{ + uint8_t l_smfEnabled = true; + + TARGETING::Target* l_sys = nullptr; + TARGETING::targetService().getTopLevelTarget(l_sys); + crit_assert(l_sys != nullptr); + l_smfEnabled = l_sys->getAttr<TARGETING::ATTR_SMF_ENABLED>(); + return l_smfEnabled; +} + +errlHndl_t checkRiskLevelForSmf() +{ + errlHndl_t l_errl = nullptr; + + do { + + TARGETING::Target* l_sys = nullptr; + TARGETING::targetService().getTopLevelTarget(l_sys); + crit_assert(l_sys); + auto l_riskLevel = l_sys->getAttr<TARGETING::ATTR_RISK_LEVEL>(); + + TARGETING::Target* l_pMasterProc = nullptr; + l_errl = TARGETING::targetService() + .queryMasterProcChipTargetHandle(l_pMasterProc); + if(l_errl) + { + break; + } + + auto l_masterProcModel = l_pMasterProc->getAttr<TARGETING::ATTR_MODEL>(); + + // SMF is enabled by default on Axone, so need to check the risk level + // only on P9C/P9N. + // WARNING: If more risk levels are added in the future that don't + // support SMF, the below check needs to be altered accordingly. + if(l_riskLevel <TARGETING::UTIL::P9N23_P9C13_NATIVE_SMF_RUGBY_FAVOR_SECURITY + && ( + (l_masterProcModel == TARGETING::MODEL_CUMULUS) || + (l_masterProcModel == TARGETING::MODEL_NIMBUS) + ) + ) + { + /*@ + * @errortype + * @reasoncode SECUREBOOT::RC_RISK_LEVEL_TOO_LOW + * @severity ERRORLOG::ERRL_SEV_UNRECOVERABLE + * @moduleid SECUREBOOT::MOD_CHECK_RISK_LEVEL_FOR_SMF + * @userdata1 Current risk level of the system + * @userdata2 Minimum risk level required + * @devdesc SMF is enabled on the system of incorrect risk level + * @custdesc A problem occurred during the IPL of the system. + */ + l_errl = new ERRORLOG::ErrlEntry(ERRORLOG::ERRL_SEV_UNRECOVERABLE, + SECUREBOOT::MOD_CHECK_RISK_LEVEL_FOR_SMF, + SECUREBOOT::RC_RISK_LEVEL_TOO_LOW, + l_riskLevel, + TARGETING::UTIL::P9N23_P9C13_NATIVE_SMF_RUGBY_FAVOR_SECURITY, + ERRORLOG::ErrlEntry::ADD_SW_CALLOUT); + break; + } + + } while(0); + + return l_errl; +} + +} // namespace SMF + +} // namespace SECUREBOOT |