diff options
author | Mike Baiocchi <mbaiocch@us.ibm.com> | 2017-07-01 01:43:12 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-08-09 13:47:00 -0400 |
commit | 776d1086a7ed224c482d2da3c49b2c597b8776ab (patch) | |
tree | 1da81d9f9edec18550b4bd69dcfd95140e741fa1 /src/usr/targeting | |
parent | e676209189922c5105629a9785a25958ba0972a9 (diff) | |
download | talos-hostboot-776d1086a7ed224c482d2da3c49b2c597b8776ab.tar.gz talos-hostboot-776d1086a7ed224c482d2da3c49b2c597b8776ab.zip |
Secureboot: Inhibit attribute overrides and sync exposures
For Secureboot purposes, we don't consider the FSP a secure source. So
this commit inhibts attribute overrides and any sort of attribute syncing
from the FSP.
Change-Id: I941ab5083d3055bc29237839aaaf4b723a2b0e90
RTC:175071
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/42687
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/targeting')
-rw-r--r-- | src/usr/targeting/attrPlatOverride.C | 8 | ||||
-rwxr-xr-x | src/usr/targeting/attrrp.C | 7 | ||||
-rw-r--r-- | src/usr/targeting/attrsync.C | 27 | ||||
-rw-r--r-- | src/usr/targeting/runtime/attrPlatOverride_rt.C | 2 | ||||
-rw-r--r-- | src/usr/targeting/test/testattrtank.H | 14 |
5 files changed, 54 insertions, 4 deletions
diff --git a/src/usr/targeting/attrPlatOverride.C b/src/usr/targeting/attrPlatOverride.C index a5f2a18c0..dafb27fb2 100644 --- a/src/usr/targeting/attrPlatOverride.C +++ b/src/usr/targeting/attrPlatOverride.C @@ -27,6 +27,7 @@ #include <targeting/common/trace.H> #include <targeting/common/targreasoncodes.H> #include <errl/errlmanager.H> +#include <secureboot/service.H> namespace TARGETING { @@ -71,6 +72,13 @@ errlHndl_t getAttrOverrides(PNOR::SectionInfo_t &i_sectionInfo, do { + if (!SECUREBOOT::allowAttrOverrides()) + { + TRACFCOMP(g_trac_targeting,"attrPlatOverride::getAttrOverrides: " + "skipping since Attribute Overrides are not allowed"); + break; + } + TRACFCOMP( g_trac_targeting, "Section id=%d, size=%d", i_sectionInfo.id, i_sectionInfo.size ); uint32_t l_index = 0; diff --git a/src/usr/targeting/attrrp.C b/src/usr/targeting/attrrp.C index 66be9a33f..2c9f0b6fe 100755 --- a/src/usr/targeting/attrrp.C +++ b/src/usr/targeting/attrrp.C @@ -52,6 +52,7 @@ #include <fapi2/plat_attr_override_sync.H> #include <targeting/attrPlatOverride.H> #include <config.h> +#include <secureboot/service.H> using namespace INITSERVICE; using namespace ERRORLOG; @@ -929,6 +930,12 @@ namespace TARGETING size_t l_maxSize = io_size; io_size = 0; + if (!SECUREBOOT::allowAttrOverrides()) + { + TRACFCOMP( g_trac_targeting, "AttrRP::_saveOverrides: skipping " + "since Attribute Overrides are not allowed."); + } + // Save the fapi and temp overrides // Note: no need to look at PERM because those were added to // the base targeting model diff --git a/src/usr/targeting/attrsync.C b/src/usr/targeting/attrsync.C index 6faca132a..4201776be 100644 --- a/src/usr/targeting/attrsync.C +++ b/src/usr/targeting/attrsync.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2012,2016 */ +/* Contributors Listed Below - COPYRIGHT 2012,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -27,7 +27,7 @@ #include <targeting/common/trace.H> #include <initservice/initserviceif.H> #include <errl/hberrltypes.H> - +#include <secureboot/service.H> using namespace ERRORLOG; @@ -67,6 +67,14 @@ namespace TARGETING "section type %u total pages %d", iv_section_to_sync, iv_total_pages ); + if (!SECUREBOOT::allowAttrOverrides()) + { + TARG_INF("AttributeSync::updateSectionData(): skipping since " + "attribute overrides are not allowed and we don't " + "trust the FSP, but still returning ATTR_SYNC_SUCCESS"); + return ATTR_SYNC_SUCCESS; + } + ATTR_SYNC_RC l_rc = ATTR_SYNC_SUCCESS; // call the targeting function here to get context. @@ -167,6 +175,13 @@ namespace TARGETING memset( &l_page, 0, sizeof(TARGETING::sectionRefData) ); do{ + if (!SECUREBOOT::allowAttrOverrides()) + { + TARG_INF("AttributeSync::syncSectionFromFsp(): skipping since " + "attribute overrides are not allowed and we don't " + "trust the FSP"); + break; + } // send a request to FSP to sync to Hostboot l_errl = sendSyncToHBRequestMessage(); @@ -554,6 +569,14 @@ namespace TARGETING break; } + if (!SECUREBOOT::allowAttrOverrides()) + { + TARG_INF("syncAllAttributesFromFsp(): skipping since " + "attribute overrides are not allowed and we don't " + "trust the FSP"); + break; + } + // create Hostboot message queue msg_q_t l_pHbMsgQ = msg_q_create(); diff --git a/src/usr/targeting/runtime/attrPlatOverride_rt.C b/src/usr/targeting/runtime/attrPlatOverride_rt.C index 6b9fc5a8f..fcd6aabc1 100644 --- a/src/usr/targeting/runtime/attrPlatOverride_rt.C +++ b/src/usr/targeting/runtime/attrPlatOverride_rt.C @@ -54,7 +54,7 @@ int apply_attr_override(uint8_t* i_data, bool l_allowOverrides = true; #ifdef CONFIG_SECUREBOOT - l_allowOverrides = !SECUREBOOT::enabled(); + l_allowOverrides = SECUREBOOT::allowAttrOverrides(); #endif if (l_allowOverrides) diff --git a/src/usr/targeting/test/testattrtank.H b/src/usr/targeting/test/testattrtank.H index 247076e58..e1a2b22af 100644 --- a/src/usr/targeting/test/testattrtank.H +++ b/src/usr/targeting/test/testattrtank.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2013,2014 */ +/* Contributors Listed Below - COPYRIGHT 2013,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -36,6 +36,7 @@ #include <targeting/common/attributeTank.H> #include <targeting/attrPlatOverride.H> #include <pnor/pnorif.H> +#include <kernel/bltohbdatamgr.H> using namespace TARGETING; @@ -1171,6 +1172,13 @@ public: l_attrPermSec.name = "Test Attr Perm"; l_attrPermSec.vaddr = reinterpret_cast<uint64_t>(malloc(3*l_chunkSize)); + + // This test needs Attribute Overrides to work, so save global variable + // before setting it to 'true' for the duration of this test + bool save_allowAttrOverrides = g_BlToHbDataManager.iv_data.allowAttrOverrides; + g_BlToHbDataManager.iv_data.allowAttrOverrides = true; + TS_TRACE("testBMCAttrOverride: saved Allow Attr Override (%d) and set to true", save_allowAttrOverrides); + do { // Create local AttributeTanks @@ -1448,6 +1456,10 @@ public: } while(0); + // Restore Allow Attr Override Setting + g_BlToHbDataManager.iv_data.allowAttrOverrides = save_allowAttrOverrides; + TS_TRACE("testBMCAttrOverride: restored Allow Attr Override (%d)", save_allowAttrOverrides); + // Free memory free (reinterpret_cast<char *>(l_attrTmpSec.vaddr)); free (reinterpret_cast<char *>(l_attrPermSec.vaddr)); |