diff options
author | Stephen Glancy <sglancy@us.ibm.com> | 2018-03-12 11:23:06 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2018-03-21 16:18:13 -0400 |
commit | 218a4862f0d0b0bedb5728577b19f9970622c3a0 (patch) | |
tree | d73e5395a7f32b2d7db7894b6ee6e9210723f266 /src | |
parent | b4699ae10c2adbc975c708de8980b2c0c54a08c5 (diff) | |
download | talos-hostboot-218a4862f0d0b0bedb5728577b19f9970622c3a0.tar.gz talos-hostboot-218a4862f0d0b0bedb5728577b19f9970622c3a0.zip |
Adds secure mode boot for memory buffer chips
Change-Id: I7d0ce9a9b51324ac89a05aeb6b68447fa200227b
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/55639
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Hostboot CI <hostboot-ci+hostboot@us.ibm.com>
Dev-Ready: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Louis Stermole <stermole@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Jennifer A. Stofer <stofer@us.ibm.com>
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/55657
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src')
3 files changed, 227 insertions, 1 deletions
diff --git a/src/import/chips/centaur/procedures/hwp/memory/p9c_mss_secure_boot.C b/src/import/chips/centaur/procedures/hwp/memory/p9c_mss_secure_boot.C index 4a597c51d..b6b308316 100644 --- a/src/import/chips/centaur/procedures/hwp/memory/p9c_mss_secure_boot.C +++ b/src/import/chips/centaur/procedures/hwp/memory/p9c_mss_secure_boot.C @@ -22,3 +22,146 @@ /* permissions and limitations under the License. */ /* */ /* IBM_PROLOG_END_TAG */ + +/// +/// @file p9c_mss_secure_boot.C +/// @brief Sets up secure mode boot and checks that it is setup properly +/// +/// *HWP HWP Owner: Luke Mulkey <lwmulkey@us.ibm.com> +/// *HWP HWP Backup: Andre Marin <aamarin@us.ibm.com> +/// *HWP Team: Memory +/// *HWP Level: 3 +/// *HWP Consumed by: HB:CI +/// + +//------------------------------------------------------------------------------ +// Includes +//------------------------------------- +#include <p9c_mss_secure_boot.H> +#include <cen_gen_scom_addresses.H> +#include <cen_gen_scom_addresses_fld.H> +#include <generic/memory/lib/utils/c_str.H> + +extern "C" +{ + /// + /// @brief Enables secure mode boot + /// @param[in] i_target Reference to target + /// @return FAPI2_RC_SUCCESS iff successful + /// @note Calls mss::c_str which is NOT thread safe unless the platform supports thread local storage... + /// + fapi2::ReturnCode p9c_mss_secure_boot( const fapi2::Target<fapi2::TARGET_TYPE_MEMBUF_CHIP>& i_target ) + { + // Sets up secure mode + FAPI_TRY(mss::setup_secure_mode_boot(i_target)); + + // Verifies that we're in secure mode + FAPI_TRY(mss::verify_secure_mode_boot_on(i_target)); + + // Note: the workbook says we should check the clocks + // Granted this procedure should be called after memory ECC is all setup + // Therefore, clocks should be on, so we're going to skip this portion of the test + + // TK add in setup of secure mode boot FIRs - currently awaiting values from the RAS team + + fapi_try_exit: + return fapi2::current_err; + } + +} // extern "C" + +namespace mss +{ + +//------------------------------------------------------------------------------ +// Constants and enums +//------------------------------------------------------------------------------ + +// Vector of registers for enabling/checking secure mode +static const std::vector<uint64_t> REGISTERS = +{ + CEN_TCN_SYNC_CONFIG_PCB, + CEN_TCM_SYNC_CONFIG_PCB, +}; + +/// +/// @brief Enables secure mode boot +/// @param[in] i_target Reference to target +/// @return FAPI2_RC_SUCCESS iff successful +/// +fapi2::ReturnCode setup_secure_mode_boot( const fapi2::Target<fapi2::TARGET_TYPE_MEMBUF_CHIP>& i_target ) +{ + // Loops through all registers and sets up secure mode boot + for(const auto l_reg : REGISTERS) + { + fapi2::buffer<uint64_t> l_data; + FAPI_TRY(fapi2::getScom(i_target, l_reg, l_data)); + l_data.setBit<CEN_TCN_SYNC_CONFIG_CHIP_PROTECTION_ENABLE>(); + FAPI_TRY(fapi2::putScom(i_target, l_reg, l_data)); + } + +fapi_try_exit: + return fapi2::current_err; +} + +/// +/// @brief Verifies secure mode boot is in a given position for a given register +/// @param[in] i_target Reference to target +/// @param[in] i_register the register to check +/// @param[in] i_state boolean for the registers bit state +/// @return FAPI2_RC_SUCCESS iff successful +/// +fapi2::ReturnCode verify_secure_mode_boot( const fapi2::Target<fapi2::TARGET_TYPE_MEMBUF_CHIP>& i_target, + const uint64_t i_register, + const bool i_state ) +{ + fapi2::buffer<uint64_t> l_data; + FAPI_TRY(fapi2::getScom(i_target, i_register, l_data)); + FAPI_ASSERT(l_data.getBit<CEN_TCN_SYNC_CONFIG_CHIP_PROTECTION_ENABLE>() == i_state, + fapi2::MSS_SECURE_BOOT_BAD_VALUE() + .set_TARGET(i_target) + .set_EXPECTED_LEVEL(i_state) + .set_ACTUAL_LEVEL(l_data.getBit<CEN_TCN_SYNC_CONFIG_CHIP_PROTECTION_ENABLE>()) + .set_REGISTER(i_register), + "%s secure mode boot on register 0x%016lx is at level %d should be at %d", + mss::c_str(i_target), i_register, l_data.getBit<CEN_TCN_SYNC_CONFIG_CHIP_PROTECTION_ENABLE>(), i_state); + +fapi_try_exit: + return fapi2::current_err; +} + +/// +/// @brief Verifies secure mode boot is on +/// @param[in] i_target Reference to target +/// @return FAPI2_RC_SUCCESS iff successful +/// +fapi2::ReturnCode verify_secure_mode_boot_on( const fapi2::Target<fapi2::TARGET_TYPE_MEMBUF_CHIP>& i_target ) +{ + // Loops through all registers and checks that secure mode boot is on + for(const auto l_reg : REGISTERS) + { + FAPI_TRY(verify_secure_mode_boot(i_target, l_reg, true)) + } + +fapi_try_exit: + return fapi2::current_err; +} + +/// +/// @brief Verifies secure mode boot is off +/// @param[in] i_target Reference to target +/// @return FAPI2_RC_SUCCESS iff successful +/// +fapi2::ReturnCode verify_secure_mode_boot_off( const fapi2::Target<fapi2::TARGET_TYPE_MEMBUF_CHIP>& i_target ) +{ + // Loops through all registers and checks that secure mode boot is on + for(const auto l_reg : REGISTERS) + { + FAPI_TRY(verify_secure_mode_boot(i_target, l_reg, false)) + } + +fapi_try_exit: + return fapi2::current_err; +} + +} diff --git a/src/import/chips/centaur/procedures/hwp/memory/p9c_mss_secure_boot.H b/src/import/chips/centaur/procedures/hwp/memory/p9c_mss_secure_boot.H index d58bdb340..8ec435712 100644 --- a/src/import/chips/centaur/procedures/hwp/memory/p9c_mss_secure_boot.H +++ b/src/import/chips/centaur/procedures/hwp/memory/p9c_mss_secure_boot.H @@ -22,3 +22,66 @@ /* permissions and limitations under the License. */ /* */ /* IBM_PROLOG_END_TAG */ + +/// +/// @file p9c_mss_secure_boot.H +/// @brief Sets up secure mode boot and checks that it is setup properly +/// +/// *HWP HWP Owner: Luke Mulkey <lwmulkey@us.ibm.com> +/// *HWP HWP Backup: Andre Marin <aamarin@us.ibm.com> +/// *HWP Team: Memory +/// *HWP Level: 3 +/// *HWP Consumed by: HB:CI +/// + +#ifndef P9C_MSS_SECURE_BOOT +#define P9C_MSS_SECURE_BOOT + +//------------------------------------------------------------------------------ +// Includes +//------------------------------------------------------------------------------ + + +#include <fapi2.H> + +typedef fapi2::ReturnCode (*p9c_mss_secure_boot_FP_t)(const fapi2::Target<fapi2::TARGET_TYPE_MEMBUF_CHIP>& i_target); + +extern "C" +{ + + /// + /// @brief Enables secure mode boot + /// @param[in] i_target Reference to target + /// @return FAPI2_RC_SUCCESS iff successful + /// @note Calls mss::c_str which is NOT thread safe unless the platform supports thread local storage... + /// + fapi2::ReturnCode p9c_mss_secure_boot( const fapi2::Target<fapi2::TARGET_TYPE_MEMBUF_CHIP>& i_target ); + +} // extern "C" + +namespace mss +{ + +/// +/// @brief Enables secure mode boot +/// @param[in] i_target Reference to target +/// @return FAPI2_RC_SUCCESS iff successful +/// +fapi2::ReturnCode setup_secure_mode_boot( const fapi2::Target<fapi2::TARGET_TYPE_MEMBUF_CHIP>& i_target ); + +/// +/// @brief Verifies secure mode boot is on +/// @param[in] i_target Reference to target +/// @return FAPI2_RC_SUCCESS iff successful +/// +fapi2::ReturnCode verify_secure_mode_boot_on( const fapi2::Target<fapi2::TARGET_TYPE_MEMBUF_CHIP>& i_target ); + +/// +/// @brief Verifies secure mode boot is off +/// @param[in] i_target Reference to target +/// @return FAPI2_RC_SUCCESS iff successful +/// +fapi2::ReturnCode verify_secure_mode_boot_off( const fapi2::Target<fapi2::TARGET_TYPE_MEMBUF_CHIP>& i_target ); +} + +#endif /* P9C_MSS_SECURE_BOOT */ diff --git a/src/import/chips/centaur/procedures/xml/error_info/p9c_memory_errors.xml b/src/import/chips/centaur/procedures/xml/error_info/p9c_memory_errors.xml index bc2e52bb1..b92b9cb18 100644 --- a/src/import/chips/centaur/procedures/xml/error_info/p9c_memory_errors.xml +++ b/src/import/chips/centaur/procedures/xml/error_info/p9c_memory_errors.xml @@ -5,7 +5,7 @@ <!-- --> <!-- OpenPOWER HostBoot Project --> <!-- --> -<!-- Contributors Listed Below - COPYRIGHT 2016,2017 --> +<!-- Contributors Listed Below - COPYRIGHT 2016,2018 --> <!-- [+] International Business Machines Corp. --> <!-- --> <!-- --> @@ -341,6 +341,26 @@ <scomRegister>CEN_FIR_WOF_REG</scomRegister> </registerFfdc> +<hwpError> + <rc>RC_MSS_SECURE_BOOT_BAD_VALUE</rc> + <description>Secure mode boot value is at an incorrect state</description> + <ffdc>TARGET</ffdc> + <ffdc>EXPECTED_LEVEL</ffdc> + <ffdc>ACTUAL_LEVEL</ffdc> + <ffdc>REGISTER</ffdc> + <callout> + <target>TARGET</target> + <priority>HIGH</priority> + </callout> + <callout> + <procedure>CODE</procedure> + <priority>LOW</priority> + </callout> + <deconfigure> + <target>TARGET</target> + </deconfigure> +</hwpError> + <!-- EDIT THIS FILE DIRECTLY. THE ODS FILE METHOD IS NO LONGER VALID --> </hwpErrors> |