Secure Boot: Log error when attribute override attempted in secure mode

While in secure boot, the first time an attribute override is
attempted, an error is logged to let the User know that the
override did not take. A flag was created in hb only
attributes which tracks if attribute override has been
attempted.

Change-Id: Ife99e0cfa17934a02abeb291dfd7e06fe86e75e2
RTC: 205071
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72079
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Ilya Smirnov <ismirno@us.ibm.com>
Reviewed-by: Matthew Raybuck <matthew.raybuck@ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

3 files changed, 61 insertions, 2 deletions

diff --git a/src/usr/fapi2/plat_attr_override_sync.C b/src/usr/fapi2/plat_attr_override_sync.C
index 47751806a..0d9da23b9 100644
--- a/src/usr/fapi2/plat_attr_override_sync.C
+++ b/src/usr/fapi2/plat_attr_override_sync.C
@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2015,2018                        */
+/* Contributors Listed Below - COPYRIGHT 2015,2019                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -270,6 +270,13 @@ void AttrOverrideSync::monitorForFspMessages()
     msg_q_t l_pMsgQ = msg_q_create();
     errlHndl_t l_pErr = MBOX::msgq_register(MBOX::HB_HWPF_ATTR_MSGQ, l_pMsgQ);
 
+    // Find out if attributes override has been attempted
+    TARGETING::Target* l_pSys = nullptr;
+    TARGETING::targetService().getTopLevelTarget(l_pSys);
+    // Assert that l_pSys is no longer nullptr
+    assert(l_pSys != nullptr, "AttrOverrideSync::monitorForFspMessages() "
+           "expected top level target, but got nullptr.");
+
     if (l_pErr)
     {
         // In the unlikely event that registering fails, the code will commit an
@@ -296,6 +303,33 @@ void AttrOverrideSync::monitorForFspMessages()
                          "Message (0x%X) from FSP since attribute overrides "
                          "are not allowed",
                          l_pMsg->type);
+
+                // Checking if OVERRIDES_ATTEMPTED_FLAG has not been set to 1.
+                // If so, then this is the first time attributes override is
+                // attempted in an FSP, while in secure mode; in this case, log
+                // an error stating that attributes override was attempted.
+                if (!l_pSys->
+                        getAttr<TARGETING::ATTR_OVERRIDES_ATTEMPTED_FLAG>())
+                {
+                    /*@
+                     * @errortype
+                     * @reasoncode       RC_ATTR_OVERRIDE_DISALLOWED
+                     * @severity         ERRORLOG::ERRL_SEV_INFORMATIONAL
+                     * @moduleid         MOD_FAPI2_MONITOR_FOR_FSP_MSGS
+                     * @devdesc          Attribute overrides were rejected
+                     *                   because system is in secure mode
+                     * @custdesc         Action not allowed in secure mode
+                     */
+                    l_pErr = new ERRORLOG::ErrlEntry(
+                            ERRORLOG::ERRL_SEV_INFORMATIONAL,
+                            MOD_FAPI2_MONITOR_FOR_FSP_MSGS,
+                            RC_ATTR_OVERRIDE_DISALLOWED);
+                    l_pErr->collectTrace(SECURE_COMP_NAME);
+                    SECUREBOOT::addSecureUserDetailsToErrlog(l_pErr);
+                    errlCommit(l_pErr, HWPF_COMP_ID);
+                    l_pSys->
+                        setAttr<TARGETING::ATTR_OVERRIDES_ATTEMPTED_FLAG>(true);
+                }
             }
             else if (l_chunk.iv_pAttributes == NULL)
             {
@@ -972,7 +1006,7 @@ void AttrOverrideSync::dynSetAttrOverrides()
     if (!SECUREBOOT::allowAttrOverrides())
     {
         FAPI_INF("AttrOverrideSync::dynSetAttrOverrides: skipping since "
-                 "attribute overrides are not allowed");
+                "attribute overrides are not allowed");
         return;
     }
 
diff --git a/src/usr/targeting/common/xmltohb/attribute_types_hb.xml b/src/usr/targeting/common/xmltohb/attribute_types_hb.xml
index 89fad2f17..99991eedb 100755
--- a/src/usr/targeting/common/xmltohb/attribute_types_hb.xml
+++ b/src/usr/targeting/common/xmltohb/attribute_types_hb.xml
@@ -946,6 +946,28 @@
   </attribute>
 
   <attribute>
+    <description>
+      While in Secureboot, this value is set to 1 the first time attribute
+      override is attempted and error logged.
+    </description>
+    <id>OVERRIDES_ATTEMPTED_FLAG</id>
+    <persistency>volatile-zeroed</persistency>
+    <simpleType>
+      <uint8_t>
+        <default>0x00</default>
+      </uint8_t>
+    </simpleType>
+    <readable/>
+    <writeable/>
+    <range>
+      <min>0</min>
+      <max>1</max>
+    </range>
+    <no_export/>
+    <hbOnly/>
+  </attribute>
+
+  <attribute>
     <id>PART_NUMBER</id>
     <description>The part number for a particular FRU target</description>
     <simpleType>
diff --git a/src/usr/targeting/common/xmltohb/target_types_hb.xml b/src/usr/targeting/common/xmltohb/target_types_hb.xml
index 713eb7aa9..c32bdfb8a 100644
--- a/src/usr/targeting/common/xmltohb/target_types_hb.xml
+++ b/src/usr/targeting/common/xmltohb/target_types_hb.xml
@@ -309,6 +309,9 @@
     <attribute>
       <id>OCC_COMMON_AREA_PHYS_ADDR</id>
     </attribute>
+    <attribute>
+      <id>OVERRIDES_ATTEMPTED_FLAG</id>
+    </attribute>
   </targetTypeExtension>
 
   <targetTypeExtension>