port p8 secureboot settings code to p9

Update the p9 branch to handle the secure settings states as per p8
code but with the new updated p9 constant values. Remove caching of
register values.

Change-Id: I0a29ce0103a8f9b60b421a4bb625f12adcd916f8
RTC:161916
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/32490
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>

6 files changed, 92 insertions, 35 deletions

diff --git a/src/usr/secureboot/base/containerheader.C b/src/usr/secureboot/base/containerheader.C
index 5f8e2fdc7..a807d7d12 100644
--- a/src/usr/secureboot/base/containerheader.C
+++ b/src/usr/secureboot/base/containerheader.C
@@ -23,8 +23,7 @@
 /*                                                                        */
 /* IBM_PROLOG_END_TAG                                                     */
 #include <secureboot/containerheader.H>
-
-extern trace_desc_t* g_trac_secure;
+#include "../common/securetrace.H"
 
 // Quick change for unit testing
 //#define TRACUCOMP(args...)  TRACFCOMP(args)
diff --git a/src/usr/secureboot/base/securerom.C b/src/usr/secureboot/base/securerom.C
index dd859c6ab..9a1bca5ae 100644
--- a/src/usr/secureboot/base/securerom.C
+++ b/src/usr/secureboot/base/securerom.C
@@ -32,12 +32,11 @@
 #include <devicefw/driverif.H>
 #include <errl/errlentry.H>
 #include <errl/errlmanager.H>
+#include "../common/securetrace.H"
 
 #include "securerom.H"
 #include "../settings.H"
 
-extern trace_desc_t* g_trac_secure;
-
 // Quick change for unit testing
 //#define TRACUCOMP(args...)  TRACFCOMP(args)
 #define TRACUCOMP(args...)
@@ -103,6 +102,8 @@ void getHwHashKeys(sha2_hash_t o_hash)
  Public Methods
  ********************/
 
+// allow external methods to access g_trac_secure
+using namespace SECUREBOOT;
 
 /**
  * @brief Initialize Secure Rom by loading it into memory and
diff --git a/src/usr/secureboot/base/service.C b/src/usr/secureboot/base/service.C
index a557655f3..59750b786 100644
--- a/src/usr/secureboot/base/service.C
+++ b/src/usr/secureboot/base/service.C
@@ -42,7 +42,7 @@
 #include <kernel/console.H>
 #include <console/consoleif.H>
 
-extern trace_desc_t* g_trac_secure;
+#include "../common/securetrace.H"
 
 // Quick change for unit testing
 //#define TRACUCOMP(args...)  TRACFCOMP(args)
@@ -97,7 +97,12 @@ bool enabled()
     return Singleton<Settings>::instance().getEnabled();
 }
 
-void handleSecurebootFailure(errlHndl_t &io_err, const bool i_waitForShutdown)
+bool getJumperState()
+{
+    return Singleton<Settings>::instance().getJumperState();
+}
+
+void handleSecurebootFailure(errlHndl_t &io_err, bool i_waitForShutdown)
 {
     TRACFCOMP( g_trac_secure, ENTER_MRK"handleSecurebootFailure()");
 
diff --git a/src/usr/secureboot/base/settings.C b/src/usr/secureboot/base/settings.C
index 8caa6708c..9f4377178 100644
--- a/src/usr/secureboot/base/settings.C
+++ b/src/usr/secureboot/base/settings.C
@@ -23,42 +23,70 @@
 /*                                                                        */
 /* IBM_PROLOG_END_TAG                                                     */
 #include <errl/errlentry.H>
+#include <errl/errlmanager.H>
 #include <devicefw/userif.H>
-
+#include <secureboot/service.H>
 #include "settings.H"
 
 // SECUREBOOT : General driver traces
-trace_desc_t* g_trac_secure = NULL;
-TRAC_INIT(&g_trac_secure, SECURE_COMP_NAME, KILOBYTE); //1K
-
+#include "../common/securetrace.H"
 
 namespace SECUREBOOT
 {
-    const uint64_t Settings::SECURITY_SWITCH_REGISTER = 0x00010005;
-    const uint64_t
-        Settings::SECURITY_SWITCH_TRUSTED_BOOT = 0x4000000000000000ull;
+    using namespace TARGETING;
 
     void Settings::_init()
     {
-        errlHndl_t l_errl = NULL;
-        size_t size = sizeof(iv_regValue);
+        // cache only the enabled flag
+        iv_enabled = (0 != (getSecuritySwitch() &
+                                static_cast<uint64_t>(ProcSecurity::SabBit)));
+    }
 
-        // Read / cache security switch setting from processor.
-        l_errl = deviceRead(TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL,
-                            &iv_regValue, size,
-                            DEVICE_SCOM_ADDRESS(SECURITY_SWITCH_REGISTER));
+    bool Settings::getEnabled() const
+    {
+        return iv_enabled;
+    }
 
-        // If this errors, we're in bad shape and shouldn't trust anything.
-        assert(NULL == l_errl);
+    bool Settings::getJumperState() const
+    {
+        auto l_regValue = readSecurityRegister(
+                        static_cast<uint64_t>(ProcCbsControl::StatusRegister));
+
+        return 0 != (l_regValue &
+                        static_cast<uint64_t>(ProcCbsControl::JumperStateBit));
     }
 
-    bool Settings::getEnabled()
+    uint64_t Settings::getSecuritySwitch() const
     {
-        return 0 != (iv_regValue & SECURITY_SWITCH_TRUSTED_BOOT);
+        return readSecurityRegister(
+                        static_cast<uint64_t>(ProcSecurity::SwitchRegister));
     }
 
-    uint64_t Settings::getSecuritySwitch()
+    uint64_t Settings::readSecurityRegister(const uint64_t i_scomAddress) const
     {
-        return iv_regValue;
+        errlHndl_t l_errl = nullptr;
+        uint64_t l_regValue = 0;
+        size_t size = sizeof(l_regValue);
+
+        // Read secure register setting from processor.
+        l_errl = deviceRead(MASTER_PROCESSOR_CHIP_TARGET_SENTINEL,
+                            &l_regValue, size,
+                            DEVICE_SCOM_ADDRESS(i_scomAddress));
+
+        if (nullptr != l_errl)
+        {
+            errlCommit(l_errl, SECURE_COMP_ID);
+            // This assert is needed because the deviceRead returns an
+            // informational error log so the system would otherwise not be
+            // halted.
+            assert(false,"SECUREBOOT::Settings::readSecurityRegister() Unable"
+                        " to read security register");
+        }
+        assert(size == sizeof(l_regValue),
+            "size returned from device read is not the expected size of %i",
+                                                           sizeof(l_regValue));
+
+        return l_regValue;
     }
+
 }
diff --git a/src/usr/secureboot/base/test/secureromtest.H b/src/usr/secureboot/base/test/secureromtest.H
index d324de8cc..805b5bc2b 100644
--- a/src/usr/secureboot/base/test/secureromtest.H
+++ b/src/usr/secureboot/base/test/secureromtest.H
@@ -37,12 +37,15 @@
 
 #include "../securerom.H"
 
-extern trace_desc_t* g_trac_secure;
+#include "../../common/securetrace.H"
 
 // Quick change for unit testing
 //#define TRACUCOMP(args...)  TRACFCOMP(args)
 #define TRACUCOMP(args...)
 
+// simply the syntax of accessing g_trac_secure
+using namespace SECUREBOOT;
+
 /**********************************************************************/
 /*  UTILITY FUNCTIONS                                                 */
 /*  -- note: these functions do not commit error logs                 */
diff --git a/src/usr/secureboot/settings.H b/src/usr/secureboot/settings.H
index 3da86e3cb..499fea5eb 100644
--- a/src/usr/secureboot/settings.H
+++ b/src/usr/secureboot/settings.H
@@ -36,25 +36,46 @@ namespace SECUREBOOT
     class Settings
     {
         public:
-            Settings() : iv_regValue(0) { _init(); };
+            Settings() : iv_enabled(false) { _init(); };
             ~Settings() {};
 
             /** @brief Determine if Secureboot is enabled. */
-            bool getEnabled();
+            bool getEnabled() const;
 
             /** @brief Get security switch register value */
-            uint64_t getSecuritySwitch();
+            uint64_t getSecuritySwitch() const;
+
+            /** @brief Returns the state of the secure jumper as reported by the
+             *      master processor.
+             *
+             *  @par Detailed Description:
+             *      Returns the state of the secure jumper as reported by the
+             *      master processor.  This should NOT be used to determine
+             *      whether security is enabled, because several conditions are
+             *      aggregated together to determine that.  To query whether
+             *      security is actually enabled or not, call the enabled() API.
+             *      This is a limited-use API intended to be called by trusted
+             *      boot code to determine whether a system shipped with a
+             *      secure jumper applied or removed, in order to decide
+             *      whether to enforce the "TPM Required" policy or not.
+             *  @return Boolean indicating acting master processor's secure
+             *      jumper state
+             *  @retval true Jumper is configured to request HW security.  This
+             *      does not necessarily imply security is enabled, because an
+             *      open SBE can override the HW policy.  Use the getEnabled()
+             *      API to determine whether security is actually enabled.
+             *  @retval false Jumper is configured to disble HW security.
+             */
+            bool getJumperState() const;
 
         private:
             void _init();
 
-            /** Cached register value. */
-            uint64_t iv_regValue;
+            /** helper function to encapsulate the details of register reads */
+            uint64_t readSecurityRegister(const uint64_t i_scomAddress) const;
 
-            /** SCOM address for security settings. */
-            static const uint64_t SECURITY_SWITCH_REGISTER;
-            /** Bitfield mask for Secureboot enable flag. */
-            static const uint64_t SECURITY_SWITCH_TRUSTED_BOOT;
+            /** Cached secure boot enabled value */
+            bool iv_enabled;
     };
 }