diff options
-rw-r--r-- | src/bootloader/bootloader.C | 7 | ||||
-rw-r--r-- | src/include/bootloader/bootloaderif.H | 9 | ||||
-rw-r--r-- | src/include/kernel/bltohbdatamgr.H | 19 | ||||
-rw-r--r-- | src/include/usr/initservice/mboxRegs.H | 17 | ||||
-rw-r--r-- | src/kernel/bltohbdatamgr.C | 21 | ||||
-rw-r--r-- | src/usr/isteps/istep08/call_host_slave_sbe_config.C | 6 | ||||
-rw-r--r-- | src/usr/pnor/pnor_common.C | 58 | ||||
-rw-r--r-- | src/usr/targeting/common/xmltohb/attribute_types_hb.xml | 22 | ||||
-rwxr-xr-x | src/usr/targeting/common/xmltohb/target_types_hb.xml | 1 | ||||
-rwxr-xr-x | src/usr/targeting/targetservicestart.C | 24 |
10 files changed, 165 insertions, 19 deletions
diff --git a/src/bootloader/bootloader.C b/src/bootloader/bootloader.C index cb13f0da4..9d33097e6 100644 --- a/src/bootloader/bootloader.C +++ b/src/bootloader/bootloader.C @@ -84,12 +84,17 @@ namespace Bootloader{ // Read SBE HB shared data. const auto l_blConfigData = reinterpret_cast<BootloaderConfigData_t *>( SBE_HB_COMM_ADDR); - // Set secure Access Bit + // Set Secure Settings // Ensure SBE to Bootloader structure has the SAB member + // and other Secure Settings if (l_blConfigData->version >= SAB_ADDED) { g_blData->blToHbData.secureAccessBit = l_blConfigData->secureSettings.secureAccessBit; + g_blData->blToHbData.securityOverride = + l_blConfigData->secureSettings.securityOverride; + g_blData->blToHbData.allowAttrOverrides = + l_blConfigData->secureSettings.allowAttrOverrides; } // Find secure ROM addr diff --git a/src/include/bootloader/bootloaderif.H b/src/include/bootloader/bootloaderif.H index e54688f81..3ec6261be 100644 --- a/src/include/bootloader/bootloaderif.H +++ b/src/include/bootloader/bootloaderif.H @@ -75,7 +75,8 @@ struct BlToHbData branchtableOffset(0), secureRom(nullptr), secureRomSize(0), hwKeysHash(nullptr), hwKeysHashSize(0), hbbHeader(nullptr), - hbbHeaderSize(0), secureAccessBit(false), + hbbHeaderSize(0), secureAccessBit(0), + securityOverride(0), allowAttrOverrides(0), xscomBAR(MMIO_GROUP0_CHIP0_XSCOM_BASE_ADDR), lpcBAR(MMIO_GROUP0_CHIP0_LPC_BASE_ADDR) {} @@ -97,8 +98,12 @@ struct BlToHbData const void* hbbHeader; // size of Hostboot base header size_t hbbHeaderSize; - // Secure Access Bit + // Secure Setting - Secure Access Bit bool secureAccessBit; + // Secure Setting - Security Override + bool securityOverride; + // Secure Setting - Allow Attribute Overrides in Securemode + bool allowAttrOverrides; // XSCOM MMIO BAR uint64_t xscomBAR; // LPC MMIO BAR diff --git a/src/include/kernel/bltohbdatamgr.H b/src/include/kernel/bltohbdatamgr.H index 87db201ab..3e701b01b 100644 --- a/src/include/kernel/bltohbdatamgr.H +++ b/src/include/kernel/bltohbdatamgr.H @@ -143,13 +143,28 @@ class BlToHbDataManager const size_t getHbbHeaderSize() const; /* - * @brief Returns internal secure access bit + * @brief Returns internal Secure Setting: Secure Access Bit * - * @return bool secure access bit + * @return bool Secure Access Bit */ const bool getSecureAccessBit() const; /* + * @brief Returns internal Secure Setting: Security Override + * + * @return bool Security Override Setting + */ + const bool getSecurityOverride() const; + + /* + * @brief Returns internal Secure Setting: Allow Attribute Overrides + * in Secure Mode + * + * @return bool Allow Attribute Overrides Setting + */ + const bool getAllowAttrOverrides() const; + + /* * @brief Returns internal preserved size * * @return size_t preserved size diff --git a/src/include/usr/initservice/mboxRegs.H b/src/include/usr/initservice/mboxRegs.H index cde76b1e9..90f639e38 100644 --- a/src/include/usr/initservice/mboxRegs.H +++ b/src/include/usr/initservice/mboxRegs.H @@ -82,14 +82,15 @@ namespace SPLESS uint32_t data32; struct { - uint32_t istepMode :1; //0 - uint32_t goToRuntime :1; //1 - uint32_t isMpipl :1; //2 - uint32_t fspAttached :1; //3 - uint32_t reserved1 :1; //4 - uint32_t sbeInternalFFDC :1; //5 - uint32_t overrideSecurity :1; //6 - uint32_t reserved2 :25; //7:31 + uint32_t istepMode :1; //0 + uint32_t goToRuntime :1; //1 + uint32_t isMpipl :1; //2 + uint32_t fspAttached :1; //3 + uint32_t reserved1 :1; //4 + uint32_t sbeInternalFFDC :1; //5 + uint32_t overrideSecurity :1; //6 + uint32_t allowAttrOverrides :1; //7 + uint32_t reserved2 :24; //8:31 } PACKED; }; diff --git a/src/kernel/bltohbdatamgr.C b/src/kernel/bltohbdatamgr.C index 1623cf485..95a21ab17 100644 --- a/src/kernel/bltohbdatamgr.C +++ b/src/kernel/bltohbdatamgr.C @@ -27,6 +27,7 @@ #include <kernel/console.H> #include <assert.h> #include <arch/memorymap.H> +#include <bootloader/bootloaderif.H> // Global and only BlToHbDataManager instance BlToHbDataManager g_BlToHbDataManager; @@ -57,7 +58,9 @@ void BlToHbDataManager::print() const if(iv_data.version >= Bootloader::BLTOHB_SAB) { - printkd("-- secureAccessBit = 0x%X\n", iv_data.secureAccessBit); + printkd("-- secureSettings: SAB=%d, SecOvrd=%d, AllowAttrOvrd=%d\n", + iv_data.secureAccessBit, iv_data.securityOverride, + iv_data.allowAttrOverrides); } if(iv_dataValid) { @@ -124,10 +127,12 @@ void BlToHbDataManager::initValid (const Bootloader::BlToHbData& i_data) iv_data.hbbHeaderSize = i_data.hbbHeaderSize; printk("Version=%lX\n",i_data.version); - // Ensure Bootloader to HB structure has the SAB member + // Ensure Bootloader to HB structure has the Secure Settings if(iv_data.version >= Bootloader::BLTOHB_SAB) { iv_data.secureAccessBit = i_data.secureAccessBit; + iv_data.securityOverride = i_data.securityOverride; + iv_data.allowAttrOverrides = i_data.allowAttrOverrides; } // Ensure Bootloader to HB structure has the MMIO members @@ -247,6 +252,18 @@ const bool BlToHbDataManager::getSecureAccessBit() const return iv_data.secureAccessBit; } +const bool BlToHbDataManager::getSecurityOverride() const +{ + validAssert(); + return iv_data.securityOverride; +} + +const bool BlToHbDataManager::getAllowAttrOverrides() const +{ + validAssert(); + return iv_data.allowAttrOverrides; +} + const size_t BlToHbDataManager::getPreservedSize() const { validAssert(); diff --git a/src/usr/isteps/istep08/call_host_slave_sbe_config.C b/src/usr/isteps/istep08/call_host_slave_sbe_config.C index 9280500e8..0c30f6191 100644 --- a/src/usr/isteps/istep08/call_host_slave_sbe_config.C +++ b/src/usr/isteps/istep08/call_host_slave_sbe_config.C @@ -108,6 +108,12 @@ void* call_host_slave_sbe_config(void *io_pArgs) TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace, INFO_MRK "WARNING: Requesting security disable on non-master processors."); } + if(l_scratch3.allowAttrOverrides) + { + TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace, INFO_MRK + "WARNING: Requesting allowing Attribute Overrides on " + "non-master processors even if secure mode."); + } // grab the boot flags from the master proc INITSERVICE::SPLESS::MboxScratch5_t l_scratch5; diff --git a/src/usr/pnor/pnor_common.C b/src/usr/pnor/pnor_common.C index 2eb710a16..e69c5312b 100644 --- a/src/usr/pnor/pnor_common.C +++ b/src/usr/pnor/pnor_common.C @@ -38,6 +38,14 @@ #include <secureboot/trustedbootif.H> #include <devicefw/driverif.H> +#ifndef __HOSTBOOT_RUNTIME +#include <kernel/bltohbdatamgr.H> +#else +#include <targeting/common/targetservice.H> +#include <targeting/common/target.H> +#include <util/misc.H> +#endif + // Trace definition trace_desc_t* g_trac_pnor = NULL; TRAC_INIT(&g_trac_pnor, PNOR_COMP_NAME, 4*KILOBYTE, TRACE::BUFFER_SLOW); //4K @@ -386,10 +394,52 @@ errlHndl_t PNOR::extendHash(uint64_t i_addr, bool PNOR::isInhibitedSection(const uint32_t i_section) { #ifdef CONFIG_SECUREBOOT - return (i_section == ATTR_PERM || - i_section == ATTR_TMP || - i_section == RINGOVD ) && - SECUREBOOT::enabled(); + bool retVal = false; + + if ((i_section == ATTR_PERM || + i_section == ATTR_TMP || + i_section == RINGOVD ) + && SECUREBOOT::enabled() ) + { + // Default to these sections not being allowed in secure mode + retVal = true; + + +#ifndef __HOSTBOOT_RUNTIME + // This is the scenario where a section might be inhibited so check + // global struct from bootloader for this setting + retVal = ! ( g_BlToHbDataManager.getAllowAttrOverrides() ); + + TRACFCOMP(g_trac_pnor, INFO_MRK"PNOR::isInhibitedSection: " + "Inside Attr check: retVal=0x%X, i_section=%s", + retVal, + PNOR::SectionIdToString(i_section)); + +#else + // This is the scenario where a section might be inhibited so check + // attribute to determine if these sections are allowed + if ( Util::isTargetingLoaded() ) + { + TARGETING::TargetService& tS = TARGETING::targetService(); + TARGETING::Target* sys = nullptr; + (void) tS.getTopLevelTarget( sys ); + assert(sys, "PNOR::isInhibitedSection() system target is NULL"); + + retVal = ! (sys->getAttr< + TARGETING::ATTR_ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE>()); + + TRACFCOMP(g_trac_pnor, INFO_MRK"PNOR::isInhibitedSection: " + "Inside Attr check: retVal=0x%X, attr=0x%X, i_section=%s", + retVal, + sys->getAttr< + TARGETING::ATTR_ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE>(), + PNOR::SectionIdToString(i_section)); + } +#endif + + } + + return retVal; #else return false; #endif diff --git a/src/usr/targeting/common/xmltohb/attribute_types_hb.xml b/src/usr/targeting/common/xmltohb/attribute_types_hb.xml index aac5b3cf2..e762f0426 100644 --- a/src/usr/targeting/common/xmltohb/attribute_types_hb.xml +++ b/src/usr/targeting/common/xmltohb/attribute_types_hb.xml @@ -1193,4 +1193,26 @@ <hbOnly/> </attribute> +<attribute> + <id>ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE</id> + <description> + Indicates if Attribute Overrides are allowed when the system is booted + in secure mode. The default is 0x0, where attribute overrides are not + allowed. However, the SBE can read mailbox scratch register 3 bit 7 + to set it to 0x1, meaning that attribute overrides are allowed. The SBE + passes this information up to hostboot via the bootloader. + 0x00 = Attribute Overrides are not allowed (default) + 0x01 = Attribute Overrides are allowed + </description> + <simpleType> + <uint8_t> + <default>0x00</default> + </uint8_t> + </simpleType> + <persistency>volatile-zeroed</persistency> + <writeable/> + <readable/> + <hbOnly/> +</attribute> + </attributes> diff --git a/src/usr/targeting/common/xmltohb/target_types_hb.xml b/src/usr/targeting/common/xmltohb/target_types_hb.xml index 43414ed06..39bc79fff 100755 --- a/src/usr/targeting/common/xmltohb/target_types_hb.xml +++ b/src/usr/targeting/common/xmltohb/target_types_hb.xml @@ -49,6 +49,7 @@ <attribute><id>FORCE_PRE_PAYLOAD_DRTM</id></attribute> <attribute><id>HB_RSV_MEM_NEXT_SECTION</id></attribute> <attribute><id>HB_SECURITY_MODE</id></attribute> + <attribute><id>ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE</id></attribute> </targetTypeExtension> <targetTypeExtension> diff --git a/src/usr/targeting/targetservicestart.C b/src/usr/targeting/targetservicestart.C index 65c213d97..b32f4db53 100755 --- a/src/usr/targeting/targetservicestart.C +++ b/src/usr/targeting/targetservicestart.C @@ -63,6 +63,7 @@ #include <arch/memorymap.H> #include <lpc/lpcif.H> #include <xscom/xscomif.H> +#include <bootloader/bootloaderif.H> #ifdef CONFIG_DRTM #include <secureboot/drtm.H> @@ -152,6 +153,11 @@ static void initTargeting(errlHndl_t& io_pError) TARG_INF("WARNING: External tool asked master proc to disable " "security."); } + if(l_scratch3.allowAttrOverrides) + { + TARG_INF("WARNING: External tool asked master proc to allow " + "attribute overrides even in secure mode."); + } AttrRP::init(io_pError, l_isMpipl); @@ -190,6 +196,24 @@ static void initTargeting(errlHndl_t& io_pError) } #endif + // Handle possibility of Attribute Overrides allowed in secure mode + bool l_allow_attr_overrides = + g_BlToHbDataManager.getAllowAttrOverrides(); + if (l_allow_attr_overrides) + { + TARG_INF("Allow Attribute Overrides In Secure Mode: %d", + l_allow_attr_overrides); + l_pTopLevel->setAttr< + TARGETING::ATTR_ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE>( + l_allow_attr_overrides); + } + else + { + // Hardcode to zero to be safe + l_pTopLevel->setAttr< + TARGETING::ATTR_ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE>(0x0); + } + // No error module loaded in VPO to save load time #ifndef CONFIG_VPO_COMPILE // call ErrlManager function - tell him that TARG is ready! |