Fix SECUREBOOT runtime interfaces and tests

This commit fixes the SECUREBOOT::allowAttrOverrides() function and also allows for more accurate secureboot testing at runtime. Change-Id: Ife86bd3f6311247438dd68a1a191d5de86892512 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/44635 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
author: Mike Baiocchi <mbaiocch@us.ibm.com> 2017-08-15 10:44:28 -0500
committer: Daniel M. Crowell <dcrowell@us.ibm.com> 2017-08-18 10:25:30 -0400
commit: 6a040451c75c888ad1ecca9e10988c119cbbba84 (patch)
tree: a9d5a61847b56e5b55903a3e5f9e1f68ee919ea4 /src/usr/secureboot
parent: 8709c1f2823e69ae8315967d5bc2f34646e90354 (diff)
download: talos-hostboot-6a040451c75c888ad1ecca9e10988c119cbbba84.tar.gz
talos-hostboot-6a040451c75c888ad1ecca9e10988c119cbbba84.zip
2 files changed, 56 insertions, 15 deletions
diff --git a/src/usr/secureboot/runtime/rt_secureboot.C b/src/usr/secureboot/runtime/rt_secureboot.C
index 2277cce29..0c24c3875 100644
--- a/src/usr/secureboot/runtime/rt_secureboot.C
+++ b/src/usr/secureboot/runtime/rt_secureboot.C
@@ -40,7 +40,6 @@
 #include <targeting/common/commontargeting.H>
 #include <targeting/common/targetservice.H>
 #include <devicefw/userif.H>
-#include <util/misc.H>
 
 namespace SECUREBOOT
 {
@@ -95,20 +94,16 @@ bool allowAttrOverrides()
     if (enabled())
     {
         // Check attribute to see if overrides are allowed in secure mode
-        if ( Util::isTargetingLoaded() )
-        {
-            TARGETING::TargetService& tS = TARGETING::targetService();
-            TARGETING::Target* sys = nullptr;
-            (void) tS.getTopLevelTarget( sys );
-            assert(sys, "SECUREBOOT::allowAttrOverrides() system target is NULL");
-
-            retVal = sys->getAttr<
-                TARGETING::ATTR_ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE>();
-
-            SB_INF("SECUREBOOT::allowAttrOverrides: "
-                   "Inside Attr check: retVal=0x%X",
-                   retVal);
-       }
+        TARGETING::TargetService& tS = TARGETING::targetService();
+        TARGETING::Target* sys = nullptr;
+        (void) tS.getTopLevelTarget( sys );
+        assert(sys, "SECUREBOOT::allowAttrOverrides() system target is NULL");
+
+        retVal = sys->getAttr<
+            TARGETING::ATTR_ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE>();
+
+        SB_INF("SECUREBOOT::allowAttrOverrides: Inside Attr check: retVal=0x%X",
+               retVal);
     }
     else
     {
diff --git a/src/usr/secureboot/runtime/test/testsecureboot_rt.H b/src/usr/secureboot/runtime/test/testsecureboot_rt.H
index 4173c0855..a7bd93830 100644
--- a/src/usr/secureboot/runtime/test/testsecureboot_rt.H
+++ b/src/usr/secureboot/runtime/test/testsecureboot_rt.H
@@ -35,8 +35,13 @@
 #include <runtime/interface.h>
 #include <config.h>
 
+#include <runtime/rt_targeting.H>
+#include <errl/errlmanager.H>
+#include <devicefw/userif.H>
+
 #include "common/securetrace.H"
 #include <secureboot/service.H>
+#include <secureboot/settings.H>
 
 class SecurebootRtTestSuite: public CxxTest::TestSuite
 {
@@ -100,8 +105,44 @@ class SecurebootRtTestSuite: public CxxTest::TestSuite
     {
         SB_ENTER("SecurebootRtTestSuite::testBaseInterfaces");
 
+        errlHndl_t l_errl = nullptr;
+
         do {
 
+        // Runtime scom tests return zeroed buffers unless a write is
+        // performed first, so write Security register.
+        uint64_t l_regValue = 0;
+        size_t l_size = sizeof(l_regValue);
+
+        TARGETING::TargetService& tS = TARGETING::targetService();
+        TARGETING::Target* masterProcChipTargetHandle = nullptr;
+
+        l_errl = tS.queryMasterProcChipTargetHandle(masterProcChipTargetHandle);
+
+        if (l_errl)
+        {
+            TS_FAIL("SecurebootRtTestSuite::testBaseInterfaces: Failed to get masterProcChipTargetHandle");
+            break;
+        }
+
+        // Set SAB and SUL
+        l_regValue |= static_cast<uint64_t>(SECUREBOOT::ProcSecurity::SabBit);
+        l_regValue |= static_cast<uint64_t>(SECUREBOOT::ProcSecurity::SULBit);
+        l_errl = deviceWrite(
+                     masterProcChipTargetHandle,
+                     &l_regValue, l_size,
+                     DEVICE_SCOM_ADDRESS(
+                         static_cast<uint64_t>(
+                             SECUREBOOT::ProcSecurity::SwitchRegister)));
+
+        if (l_errl)
+        {
+            TS_FAIL("SecurebootRtTestSuite::testBaseInterfaces: Failed to Write Security Switch Register");
+            break;
+        }
+        assert(l_size == sizeof(l_regValue));
+
+
         SB_INF("SECUREBOOT::enabled() = %d", SECUREBOOT::enabled());
 
         SB_INF("SECUREBOOT::allowAttrOverrides() = %d",
@@ -109,6 +150,11 @@ class SecurebootRtTestSuite: public CxxTest::TestSuite
 
         } while(0);
 
+        if (l_errl)
+        {
+            errlCommit(l_errl, SECURE_COMP_ID);
+        }
+
         SB_EXIT("SecurebootRtTestSuite::testBaseInterfaces");
     }
author	Mike Baiocchi <mbaiocch@us.ibm.com>	2017-08-15 10:44:28 -0500
committer	Daniel M. Crowell <dcrowell@us.ibm.com>	2017-08-18 10:25:30 -0400
commit	6a040451c75c888ad1ecca9e10988c119cbbba84 (patch)
tree	a9d5a61847b56e5b55903a3e5f9e1f68ee919ea4 /src/usr/secureboot
parent	8709c1f2823e69ae8315967d5bc2f34646e90354 (diff)
download	talos-hostboot-6a040451c75c888ad1ecca9e10988c119cbbba84.tar.gz talos-hostboot-6a040451c75c888ad1ecca9e10988c119cbbba84.zip