diff options
author | Nick Bofferding <bofferdn@us.ibm.com> | 2018-04-03 10:21:06 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2018-05-10 22:37:38 -0400 |
commit | 9394f9d05ef8cad65249a7120f229f7a46ec0dc1 (patch) | |
tree | b6cdcfb30ec554276f4599e5ad69847b7ccf83dc /src/usr | |
parent | 92a48f3e7c802e6784ad8f272ff94362fe6b5845 (diff) | |
download | talos-hostboot-9394f9d05ef8cad65249a7120f229f7a46ec0dc1.tar.gz talos-hostboot-9394f9d05ef8cad65249a7120f229f7a46ec0dc1.zip |
Secure Boot: Inform FSP of key transition progress
The existing key transition flow updates all SBE SEEPROMs within the system in
the same boot, thereby quiescing all SBEs. This compromises the ability of FSP
to detect a key transition TI at the end of the update process because the SBE
is not alive to service FSP's incoming SBE FIFO request to read the memory
holding the attention information. This change adds new support to log
the key transition progress in a node target attribute introduced in an
earlier commit and send that status to FSP via a new mailbox message.
Change-Id: I828184ae8be89ac87137d7510a3c375cef2e05d7
CQ: SW418697
CMVC-Prereq: 1053806
CMVC-Prereq: 1053552
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/56677
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr')
-rw-r--r-- | src/usr/sbe/sbe_update.C | 129 |
1 files changed, 122 insertions, 7 deletions
diff --git a/src/usr/sbe/sbe_update.C b/src/usr/sbe/sbe_update.C index 4cdb67d1c..9ac74fdbb 100644 --- a/src/usr/sbe/sbe_update.C +++ b/src/usr/sbe/sbe_update.C @@ -35,6 +35,7 @@ #include <targeting/common/utilFilter.H> #include <targeting/common/targetservice.H> #include <targeting/common/target.H> +#include <targeting/targplatutil.H> #include <util/align.H> #include <util/crc32.H> #include <util/misc.H> @@ -271,6 +272,25 @@ namespace SBE TRACFBIN(g_trac_sbe, "updateProcessorSbeSeeproms(): Key transition new hw key hash", g_hw_keys_hash_transition_data, sizeof(g_hw_keys_hash_transition_data)); + + if(INITSERVICE::spBaseServicesEnabled()) + { + // Sync all attributes to FSP before we quiesce all the + // SBEs. + err = syncAllAttributesToFsp(); + if( err ) + { + // Failed to sync all attributes to FSP; this is not + // necessarily fatal. The key transition will continue, + // but this issue will be logged. + TRACFCOMP(g_trac_sbe, ERR_MRK + "updateProcessorSbeSeeproms: Error syncing " + "attributes to FSP, RC=0x%04X, PLID=0x%08X", + ERRL_GETRC_SAFE(err), + ERRL_GETPLID_SAFE(err)); + errlCommit(err,SBE_COMP_ID ); + } + } } for(uint32_t i=0; i<procList.size(); i++) @@ -544,6 +564,32 @@ namespace SBE } } + if(err && g_do_hw_keys_hash_transition) + { + // In theory it's possible to end up here if Hostboot fails to send + // the key transition started/succeeded message. Hostboot will + // treat that as a failure of the key transition process to call + // attention to the unexpected sequence. + errlHndl_t pError = updateKeyTransitionState( + TARGETING::KEY_TRANSITION_STATE_KEY_TRANSITION_FAILED); + if(pError) + { + TRACFCOMP(g_trac_sbe, + ERR_MRK"updateProcessorSbeSeeproms(): Failed in call to " + "updateKeyTransitionState with state of " + "KEY_TRANSITION_STATE_KEY_TRANSITION_FAILED. " + "Error log's EID=0x%08X, PLID=0x%08X, RC=0x%04X. ", + "Changing error log's PLID to 0x%08X.", + pError->eid(),pError->plid(),pError->reasonCode(), + err->plid()); + + pError->plid(err->plid()); + err->collectTrace(SBE_COMP_NAME); + err->collectTrace(SBEIO_COMP_NAME); + errlCommit(pError,SBE_COMP_ID); + } + } + TRACUCOMP( g_trac_sbe, EXIT_MRK"updateProcessorSbeSeeproms()" ); @@ -5383,6 +5429,21 @@ errlHndl_t sbeDoReboot( void ) TRACFCOMP( g_trac_sbe, ENTER_MRK"sbeDoReboot"); do{ + + if(g_do_hw_keys_hash_transition) + { + err = updateKeyTransitionState( + TARGETING::KEY_TRANSITION_STATE_KEY_TRANSITION_SUCCEEDED); + if(err) + { + TRACFCOMP(g_trac_sbe, + ERR_MRK"sbeDoReboot(): Failed in call to " + "updateKeyTransitionState with state of " + "KEY_TRANSITION_STATE_KEY_TRANSITION_SUCCEEDED"); + break; + } + } + #ifdef CONFIG_BMC_IPMI uint16_t count = SENSOR::DEFAULT_REBOOT_COUNT; SENSOR::RebootCountSensor l_sensor; @@ -5412,7 +5473,8 @@ errlHndl_t sbeDoReboot( void ) #else //non-IPMI - if( INITSERVICE::spBaseServicesEnabled() ) + if( INITSERVICE::spBaseServicesEnabled() + && !g_do_hw_keys_hash_transition) { // Sync all attributes to the FSP before doing the Shutdown err = syncAllAttributesToFsp(); @@ -5420,11 +5482,11 @@ errlHndl_t sbeDoReboot( void ) { // Something failed on the sync. Commit the error here // and continue with the Re-IPL Request - TRACFCOMP( g_trac_sbe, - ERR_MRK"sbeDoReboot() - Error " - "syncing attributes to FSP, RC=0x%X, PLID=0x%lX", - ERRL_GETRC_SAFE(err), - ERRL_GETPLID_SAFE(err)); + TRACFCOMP(g_trac_sbe, ERR_MRK + "sbeDoReboot: Error syncing attributes to FSP. " + "RC=0x%04X, PLID=0x%08X", + ERRL_GETRC_SAFE(err), + ERRL_GETPLID_SAFE(err)); errlCommit( err, SBE_COMP_ID ); } else @@ -5452,7 +5514,6 @@ errlHndl_t sbeDoReboot( void ) } #endif - #ifdef CONFIG_BMC_IPMI if(g_do_hw_keys_hash_transition) { @@ -5862,6 +5923,16 @@ errlHndl_t secureKeyTransition() // Indicate a key transition is required g_do_hw_keys_hash_transition = true; + l_errl = updateKeyTransitionState( + TARGETING::KEY_TRANSITION_STATE_KEY_TRANSITION_STARTED); + if(l_errl) + { + TRACFCOMP(g_trac_sbe,ERR_MRK "secureKeyTransition(): Failed in " + "call to updateKeyTransitionState() with state of " + "KEY_TRANSITION_STATE_KEY_TRANSITION_STARTED"); + break; + } + bool l_hw_lab_override_flag = l_nestedConHdr.sb_flags()->hw_lab_override; TRACFCOMP(g_trac_sbe, "Overriding the Lab Security Backdoor Bit due to" " key transition; new Security Backdoor Enabled bit is %d", @@ -5959,5 +6030,49 @@ errlHndl_t locateHbblIdStringBfr( void * i_pSourceBfr, return l_errl; } +errlHndl_t updateKeyTransitionState( + const TARGETING::KEY_TRANSITION_STATE i_keyTransitionState) +{ + errlHndl_t pError = nullptr; + + do { + + TRACFCOMP(g_trac_sbe, + INFO_MRK "updateKeyTransitionState: new key transition state of " + "0x%08X", + i_keyTransitionState); + + TARGETING::UTIL::getCurrentNodeTarget()->setAttr< + TARGETING::ATTR_KEY_TRANSITION_STATE>(i_keyTransitionState); + + if(INITSERVICE::spBaseServicesEnabled()) + { + auto * pMsg = msg_allocate(); + pMsg->type = SBE::MSG_KEY_TRANSITION_EVENT_OCCURRED; + pMsg->data[0] = i_keyTransitionState; + pMsg->data[1] = 0; + pMsg->extra_data = nullptr; + + pError = MBOX::sendrecv(MBOX::IPL_SERVICE_QUEUE,pMsg); + if (pError) + { + TRACFCOMP(g_trac_sbe, + ERR_MRK "updateKeyTransitionState: " + "Failed in call to MBOX::sendrecv attempting to send a " + "MSG_KEY_TRANSITION_EVENT_OCCURRED event with key transition " + "state of 0x%08X", + i_keyTransitionState); + } + + // Error or not, always have to free the memory + msg_free(pMsg); + pMsg=nullptr; + } + + } while(0); + + return pError; +} + } //end SBE Namespace |