diff options
author | Ilya Smirnov <ismirno@us.ibm.com> | 2018-05-29 15:16:28 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2018-06-19 17:35:42 -0400 |
commit | c7384e829f3dec35cbdf3a18dba432c8fcd1c069 (patch) | |
tree | e8af37ef4ae44b51ce06afb478c93e7df4813cf0 /src | |
parent | 112e8c957fb6c7be34c86f4005badc5b88871764 (diff) | |
download | talos-hostboot-c7384e829f3dec35cbdf3a18dba432c8fcd1c069.tar.gz talos-hostboot-c7384e829f3dec35cbdf3a18dba432c8fcd1c069.zip |
Secure Boot: Support API to fence off all node processors' secure mailboxes
This change imlpements the logic to lock down the Abus
secure mailboxes prior to starting PHyp. The lock down
is perormed as part of secure node communication in istep 18
Change-Id: I4bc678ce7844290a7229b605406d5d3c689a0c6c
RTC: 191005
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/59692
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/include/usr/secureboot/secure_reasoncodes.H | 2 | ||||
-rw-r--r-- | src/include/usr/secureboot/service_ext.H | 40 | ||||
-rw-r--r-- | src/usr/isteps/istep18/establish_system_smp.C | 6 | ||||
-rw-r--r-- | src/usr/secureboot/ext/makefile | 18 | ||||
-rw-r--r-- | src/usr/secureboot/ext/service_ext.C | 105 |
5 files changed, 170 insertions, 1 deletions
diff --git a/src/include/usr/secureboot/secure_reasoncodes.H b/src/include/usr/secureboot/secure_reasoncodes.H index c584ed107..8b18b9a5e 100644 --- a/src/include/usr/secureboot/secure_reasoncodes.H +++ b/src/include/usr/secureboot/secure_reasoncodes.H @@ -48,6 +48,7 @@ namespace SECUREBOOT MOD_SECURE_GET_ALL_SEC_REGS = 0x0E, MOD_SECURE_LOAD_HEADER = 0x0F, MOD_SECURE_VALIDATE_ECID_COUNT = 0x10, + MOD_LOCK_ABUS_SEC_MAILBOXES = 0x11, // Use 0x20-0x2F range for Node Communications MOD_NCDD_CHECK_FOR_ERRORS = 0x20, @@ -80,6 +81,7 @@ namespace SECUREBOOT RC_DEVICE_READ_ERR = SECURE_COMP_ID | 0x11, RC_INVALID_BASE_HEADER = SECURE_COMP_ID | 0x12, RC_INVALID_ECID_COUNT = SECURE_COMP_ID | 0x13, + RC_LOCK_MAILBOXES_FAILED = SECURE_COMP_ID | 0x14, // Use 0x20-0x2F range for Node Communications RC_NCDD_HW_ERROR_FOUND = SECURE_COMP_ID | 0x20, diff --git a/src/include/usr/secureboot/service_ext.H b/src/include/usr/secureboot/service_ext.H new file mode 100644 index 000000000..4be08d52f --- /dev/null +++ b/src/include/usr/secureboot/service_ext.H @@ -0,0 +1,40 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/include/usr/secureboot/service_ext.H $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2018 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ +#ifndef __SERVICE_EXT_H +#define __SERVICE_EXT_H + +#include <errl/errlentry.H> + +namespace SECUREBOOT +{ + /* + * @brief Calls p9_update_security_ctrl HWP to lock down the Abus secure + * mailboxes on all functional processors. All errors are committed + * internally. + */ + void lockAbusSecMailboxes(); + +} // namespace SECUREBOOT +#endif diff --git a/src/usr/isteps/istep18/establish_system_smp.C b/src/usr/isteps/istep18/establish_system_smp.C index c5e4aab2d..a912bfcab 100644 --- a/src/usr/isteps/istep18/establish_system_smp.C +++ b/src/usr/isteps/istep18/establish_system_smp.C @@ -82,6 +82,8 @@ #include "establish_system_smp.H" +#include <secureboot/service_ext.H> + namespace ESTABLISH_SYSTEM_SMP { @@ -537,6 +539,10 @@ void *host_sys_fab_iovalid_processing(void* io_ptr ) sys->setAttr<TARGETING::ATTR_HB_EXISTING_IMAGE>(hb_existing_image); +#ifdef CONFIG_TPMDD + SECUREBOOT::lockAbusSecMailboxes(); +#endif + // after agreement, open a-busses as required // @TODO RTC:187337 -- HB doesn't have the knowledge of attributes that // p9_fab_iovalid requires at the moment. Currently, this is being called diff --git a/src/usr/secureboot/ext/makefile b/src/usr/secureboot/ext/makefile index 952a8cc56..9b5adeaf7 100644 --- a/src/usr/secureboot/ext/makefile +++ b/src/usr/secureboot/ext/makefile @@ -5,7 +5,7 @@ # # OpenPOWER HostBoot Project # -# Contributors Listed Below - COPYRIGHT 2013,2017 +# Contributors Listed Below - COPYRIGHT 2013,2018 # [+] International Business Machines Corp. # # @@ -26,7 +26,23 @@ ROOTPATH = ../../../.. MODULE = secureboot_ext SUBDIRS += +PERV_HWP_PATH = $(ROOTPATH)/src/import/chips/p9/procedures/hwp/perv + OBJS += $(if $(CONFIG_DRTM),drtm.o) +OBJS += $(if $(CONFIG_SECUREBOOT), service_ext.o) + +VPATH += $(PERV_HWP_PATH) + +EXTRAINCDIR += $(ROOTPATH)/src/include/usr +EXTRAINCDIR += $(ROOTPATH)/src/include/usr/fapi2/ +EXTRAINCDIR += $(ROOTPATH)/src/import/hwpf/fapi2/include +EXTRAINCDIR += $(ROOTPATH)/src/import/chips/common/utils/imageProcs +EXTRAINCDIR += $(ROOTPATH)/src/import/chips/p9/procedures/hwp/ffdc +EXTRAINCDIR += $(PERV_HWP_PATH) + +#Include HWP procedure makefiles +include $(ROOTPATH)/procedure.rules.mk +include $(PERV_HWP_PATH)/p9_update_security_ctrl.mk CFLAGS += -iquote ../ include ${ROOTPATH}/config.mk diff --git a/src/usr/secureboot/ext/service_ext.C b/src/usr/secureboot/ext/service_ext.C new file mode 100644 index 000000000..1f8595a71 --- /dev/null +++ b/src/usr/secureboot/ext/service_ext.C @@ -0,0 +1,105 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/usr/secureboot/ext/service_ext.C $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2018 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ +#include <secureboot/service_ext.H> +#include <targeting/common/util.H> +#include <targeting/common/target.H> +#include <errl/errlentry.H> +#include <errl/errlmanager.H> +#include <errl/errludtarget.H> +#include <secureboot/secure_reasoncodes.H> + +#include "../common/securetrace.H" + +#include <fapi2.H> +#include <fapi2/plat_hwp_invoker.H> + +#include <p9_update_security_ctrl.H> +#include <config.h> + +namespace SECUREBOOT +{ + +void lockAbusSecMailboxes() +{ +#ifdef CONFIG_TPMDD + errlHndl_t l_errl = nullptr; + TARGETING::TargetHandleList l_procs; + getAllChips(l_procs, TARGETING::TYPE_PROC, true); + + auto l_pProc = l_procs.begin(); + while(l_pProc != l_procs.end()) + { + const fapi2::Target<fapi2::TARGET_TYPE_PROC_CHIP>l_fapiProc(*l_pProc); + FAPI_INVOKE_HWP(l_errl, + p9_update_security_ctrl, + l_fapiProc, + false, // do not force security + true); // lock down Abus mailboxes + + if(l_errl) + { + SB_ERR("lockAbusSecMailboxes: p9_update_security_ctrl failed for" + " proc 0x%X!. Deconfiguring the proc.", + TARGETING::get_huid(*l_pProc)); + + auto l_plid = l_errl->plid(); + + ERRORLOG::ErrlUserDetailsTarget(*l_pProc).addToLog(l_errl); + ERRORLOG::errlCommit(l_errl, SECURE_COMP_ID); + + /* + * @errortype + * @reasoncode RC_LOCK_MAILBOXES_FAILED + * @moduleid MOD_LOCK_ABUS_SEC_MAILBOXES + * @userdata1 Target HUID + * @devdesc Failed to lock Abus secure mailboxes + * on target processor. + * @custdesc Secure Boot failure + */ + l_errl = new ERRORLOG::ErrlEntry(ERRORLOG::ERRL_SEV_UNRECOVERABLE, + SECUREBOOT::MOD_LOCK_ABUS_SEC_MAILBOXES, + SECUREBOOT::RC_LOCK_MAILBOXES_FAILED, + TARGETING::get_huid(*l_pProc), + 0, + true); + l_errl->addHwCallout(*l_pProc, + HWAS::SRCI_PRIORITY_LOW, + HWAS::DELAYED_DECONFIG, + HWAS::GARD_NULL); + l_errl->collectTrace(SECURE_COMP_NAME); + l_errl->collectTrace(FAPI_TRACE_NAME); + l_errl->plid(l_plid); + ERRORLOG::ErrlUserDetailsTarget(*l_pProc).addToLog(l_errl); + + ERRORLOG::errlCommit(l_errl, SECURE_COMP_ID); + } + + ++l_pProc; + + } // while +#endif +} + +} // namespace SECUREBOOT |