summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/bootloader/bootloader.C7
-rw-r--r--src/include/bootloader/bootloaderif.H9
-rw-r--r--src/include/kernel/bltohbdatamgr.H19
-rw-r--r--src/include/usr/initservice/mboxRegs.H17
-rw-r--r--src/kernel/bltohbdatamgr.C21
-rw-r--r--src/usr/isteps/istep08/call_host_slave_sbe_config.C6
-rw-r--r--src/usr/pnor/pnor_common.C58
-rw-r--r--src/usr/targeting/common/xmltohb/attribute_types_hb.xml22
-rwxr-xr-xsrc/usr/targeting/common/xmltohb/target_types_hb.xml1
-rwxr-xr-xsrc/usr/targeting/targetservicestart.C24
10 files changed, 165 insertions, 19 deletions
diff --git a/src/bootloader/bootloader.C b/src/bootloader/bootloader.C
index cb13f0da4..9d33097e6 100644
--- a/src/bootloader/bootloader.C
+++ b/src/bootloader/bootloader.C
@@ -84,12 +84,17 @@ namespace Bootloader{
// Read SBE HB shared data.
const auto l_blConfigData = reinterpret_cast<BootloaderConfigData_t *>(
SBE_HB_COMM_ADDR);
- // Set secure Access Bit
+ // Set Secure Settings
// Ensure SBE to Bootloader structure has the SAB member
+ // and other Secure Settings
if (l_blConfigData->version >= SAB_ADDED)
{
g_blData->blToHbData.secureAccessBit =
l_blConfigData->secureSettings.secureAccessBit;
+ g_blData->blToHbData.securityOverride =
+ l_blConfigData->secureSettings.securityOverride;
+ g_blData->blToHbData.allowAttrOverrides =
+ l_blConfigData->secureSettings.allowAttrOverrides;
}
// Find secure ROM addr
diff --git a/src/include/bootloader/bootloaderif.H b/src/include/bootloader/bootloaderif.H
index e54688f81..3ec6261be 100644
--- a/src/include/bootloader/bootloaderif.H
+++ b/src/include/bootloader/bootloaderif.H
@@ -75,7 +75,8 @@ struct BlToHbData
branchtableOffset(0), secureRom(nullptr),
secureRomSize(0), hwKeysHash(nullptr),
hwKeysHashSize(0), hbbHeader(nullptr),
- hbbHeaderSize(0), secureAccessBit(false),
+ hbbHeaderSize(0), secureAccessBit(0),
+ securityOverride(0), allowAttrOverrides(0),
xscomBAR(MMIO_GROUP0_CHIP0_XSCOM_BASE_ADDR),
lpcBAR(MMIO_GROUP0_CHIP0_LPC_BASE_ADDR) {}
@@ -97,8 +98,12 @@ struct BlToHbData
const void* hbbHeader;
// size of Hostboot base header
size_t hbbHeaderSize;
- // Secure Access Bit
+ // Secure Setting - Secure Access Bit
bool secureAccessBit;
+ // Secure Setting - Security Override
+ bool securityOverride;
+ // Secure Setting - Allow Attribute Overrides in Securemode
+ bool allowAttrOverrides;
// XSCOM MMIO BAR
uint64_t xscomBAR;
// LPC MMIO BAR
diff --git a/src/include/kernel/bltohbdatamgr.H b/src/include/kernel/bltohbdatamgr.H
index 87db201ab..3e701b01b 100644
--- a/src/include/kernel/bltohbdatamgr.H
+++ b/src/include/kernel/bltohbdatamgr.H
@@ -143,13 +143,28 @@ class BlToHbDataManager
const size_t getHbbHeaderSize() const;
/*
- * @brief Returns internal secure access bit
+ * @brief Returns internal Secure Setting: Secure Access Bit
*
- * @return bool secure access bit
+ * @return bool Secure Access Bit
*/
const bool getSecureAccessBit() const;
/*
+ * @brief Returns internal Secure Setting: Security Override
+ *
+ * @return bool Security Override Setting
+ */
+ const bool getSecurityOverride() const;
+
+ /*
+ * @brief Returns internal Secure Setting: Allow Attribute Overrides
+ * in Secure Mode
+ *
+ * @return bool Allow Attribute Overrides Setting
+ */
+ const bool getAllowAttrOverrides() const;
+
+ /*
* @brief Returns internal preserved size
*
* @return size_t preserved size
diff --git a/src/include/usr/initservice/mboxRegs.H b/src/include/usr/initservice/mboxRegs.H
index cde76b1e9..90f639e38 100644
--- a/src/include/usr/initservice/mboxRegs.H
+++ b/src/include/usr/initservice/mboxRegs.H
@@ -82,14 +82,15 @@ namespace SPLESS
uint32_t data32;
struct
{
- uint32_t istepMode :1; //0
- uint32_t goToRuntime :1; //1
- uint32_t isMpipl :1; //2
- uint32_t fspAttached :1; //3
- uint32_t reserved1 :1; //4
- uint32_t sbeInternalFFDC :1; //5
- uint32_t overrideSecurity :1; //6
- uint32_t reserved2 :25; //7:31
+ uint32_t istepMode :1; //0
+ uint32_t goToRuntime :1; //1
+ uint32_t isMpipl :1; //2
+ uint32_t fspAttached :1; //3
+ uint32_t reserved1 :1; //4
+ uint32_t sbeInternalFFDC :1; //5
+ uint32_t overrideSecurity :1; //6
+ uint32_t allowAttrOverrides :1; //7
+ uint32_t reserved2 :24; //8:31
} PACKED;
};
diff --git a/src/kernel/bltohbdatamgr.C b/src/kernel/bltohbdatamgr.C
index 1623cf485..95a21ab17 100644
--- a/src/kernel/bltohbdatamgr.C
+++ b/src/kernel/bltohbdatamgr.C
@@ -27,6 +27,7 @@
#include <kernel/console.H>
#include <assert.h>
#include <arch/memorymap.H>
+#include <bootloader/bootloaderif.H>
// Global and only BlToHbDataManager instance
BlToHbDataManager g_BlToHbDataManager;
@@ -57,7 +58,9 @@ void BlToHbDataManager::print() const
if(iv_data.version >= Bootloader::BLTOHB_SAB)
{
- printkd("-- secureAccessBit = 0x%X\n", iv_data.secureAccessBit);
+ printkd("-- secureSettings: SAB=%d, SecOvrd=%d, AllowAttrOvrd=%d\n",
+ iv_data.secureAccessBit, iv_data.securityOverride,
+ iv_data.allowAttrOverrides);
}
if(iv_dataValid)
{
@@ -124,10 +127,12 @@ void BlToHbDataManager::initValid (const Bootloader::BlToHbData& i_data)
iv_data.hbbHeaderSize = i_data.hbbHeaderSize;
printk("Version=%lX\n",i_data.version);
- // Ensure Bootloader to HB structure has the SAB member
+ // Ensure Bootloader to HB structure has the Secure Settings
if(iv_data.version >= Bootloader::BLTOHB_SAB)
{
iv_data.secureAccessBit = i_data.secureAccessBit;
+ iv_data.securityOverride = i_data.securityOverride;
+ iv_data.allowAttrOverrides = i_data.allowAttrOverrides;
}
// Ensure Bootloader to HB structure has the MMIO members
@@ -247,6 +252,18 @@ const bool BlToHbDataManager::getSecureAccessBit() const
return iv_data.secureAccessBit;
}
+const bool BlToHbDataManager::getSecurityOverride() const
+{
+ validAssert();
+ return iv_data.securityOverride;
+}
+
+const bool BlToHbDataManager::getAllowAttrOverrides() const
+{
+ validAssert();
+ return iv_data.allowAttrOverrides;
+}
+
const size_t BlToHbDataManager::getPreservedSize() const
{
validAssert();
diff --git a/src/usr/isteps/istep08/call_host_slave_sbe_config.C b/src/usr/isteps/istep08/call_host_slave_sbe_config.C
index 9280500e8..0c30f6191 100644
--- a/src/usr/isteps/istep08/call_host_slave_sbe_config.C
+++ b/src/usr/isteps/istep08/call_host_slave_sbe_config.C
@@ -108,6 +108,12 @@ void* call_host_slave_sbe_config(void *io_pArgs)
TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace, INFO_MRK
"WARNING: Requesting security disable on non-master processors.");
}
+ if(l_scratch3.allowAttrOverrides)
+ {
+ TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace, INFO_MRK
+ "WARNING: Requesting allowing Attribute Overrides on "
+ "non-master processors even if secure mode.");
+ }
// grab the boot flags from the master proc
INITSERVICE::SPLESS::MboxScratch5_t l_scratch5;
diff --git a/src/usr/pnor/pnor_common.C b/src/usr/pnor/pnor_common.C
index 2eb710a16..e69c5312b 100644
--- a/src/usr/pnor/pnor_common.C
+++ b/src/usr/pnor/pnor_common.C
@@ -38,6 +38,14 @@
#include <secureboot/trustedbootif.H>
#include <devicefw/driverif.H>
+#ifndef __HOSTBOOT_RUNTIME
+#include <kernel/bltohbdatamgr.H>
+#else
+#include <targeting/common/targetservice.H>
+#include <targeting/common/target.H>
+#include <util/misc.H>
+#endif
+
// Trace definition
trace_desc_t* g_trac_pnor = NULL;
TRAC_INIT(&g_trac_pnor, PNOR_COMP_NAME, 4*KILOBYTE, TRACE::BUFFER_SLOW); //4K
@@ -386,10 +394,52 @@ errlHndl_t PNOR::extendHash(uint64_t i_addr,
bool PNOR::isInhibitedSection(const uint32_t i_section)
{
#ifdef CONFIG_SECUREBOOT
- return (i_section == ATTR_PERM ||
- i_section == ATTR_TMP ||
- i_section == RINGOVD ) &&
- SECUREBOOT::enabled();
+ bool retVal = false;
+
+ if ((i_section == ATTR_PERM ||
+ i_section == ATTR_TMP ||
+ i_section == RINGOVD )
+ && SECUREBOOT::enabled() )
+ {
+ // Default to these sections not being allowed in secure mode
+ retVal = true;
+
+
+#ifndef __HOSTBOOT_RUNTIME
+ // This is the scenario where a section might be inhibited so check
+ // global struct from bootloader for this setting
+ retVal = ! ( g_BlToHbDataManager.getAllowAttrOverrides() );
+
+ TRACFCOMP(g_trac_pnor, INFO_MRK"PNOR::isInhibitedSection: "
+ "Inside Attr check: retVal=0x%X, i_section=%s",
+ retVal,
+ PNOR::SectionIdToString(i_section));
+
+#else
+ // This is the scenario where a section might be inhibited so check
+ // attribute to determine if these sections are allowed
+ if ( Util::isTargetingLoaded() )
+ {
+ TARGETING::TargetService& tS = TARGETING::targetService();
+ TARGETING::Target* sys = nullptr;
+ (void) tS.getTopLevelTarget( sys );
+ assert(sys, "PNOR::isInhibitedSection() system target is NULL");
+
+ retVal = ! (sys->getAttr<
+ TARGETING::ATTR_ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE>());
+
+ TRACFCOMP(g_trac_pnor, INFO_MRK"PNOR::isInhibitedSection: "
+ "Inside Attr check: retVal=0x%X, attr=0x%X, i_section=%s",
+ retVal,
+ sys->getAttr<
+ TARGETING::ATTR_ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE>(),
+ PNOR::SectionIdToString(i_section));
+ }
+#endif
+
+ }
+
+ return retVal;
#else
return false;
#endif
diff --git a/src/usr/targeting/common/xmltohb/attribute_types_hb.xml b/src/usr/targeting/common/xmltohb/attribute_types_hb.xml
index aac5b3cf2..e762f0426 100644
--- a/src/usr/targeting/common/xmltohb/attribute_types_hb.xml
+++ b/src/usr/targeting/common/xmltohb/attribute_types_hb.xml
@@ -1193,4 +1193,26 @@
<hbOnly/>
</attribute>
+<attribute>
+ <id>ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE</id>
+ <description>
+ Indicates if Attribute Overrides are allowed when the system is booted
+ in secure mode. The default is 0x0, where attribute overrides are not
+ allowed. However, the SBE can read mailbox scratch register 3 bit 7
+ to set it to 0x1, meaning that attribute overrides are allowed. The SBE
+ passes this information up to hostboot via the bootloader.
+ 0x00 = Attribute Overrides are not allowed (default)
+ 0x01 = Attribute Overrides are allowed
+ </description>
+ <simpleType>
+ <uint8_t>
+ <default>0x00</default>
+ </uint8_t>
+ </simpleType>
+ <persistency>volatile-zeroed</persistency>
+ <writeable/>
+ <readable/>
+ <hbOnly/>
+</attribute>
+
</attributes>
diff --git a/src/usr/targeting/common/xmltohb/target_types_hb.xml b/src/usr/targeting/common/xmltohb/target_types_hb.xml
index 43414ed06..39bc79fff 100755
--- a/src/usr/targeting/common/xmltohb/target_types_hb.xml
+++ b/src/usr/targeting/common/xmltohb/target_types_hb.xml
@@ -49,6 +49,7 @@
<attribute><id>FORCE_PRE_PAYLOAD_DRTM</id></attribute>
<attribute><id>HB_RSV_MEM_NEXT_SECTION</id></attribute>
<attribute><id>HB_SECURITY_MODE</id></attribute>
+ <attribute><id>ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE</id></attribute>
</targetTypeExtension>
<targetTypeExtension>
diff --git a/src/usr/targeting/targetservicestart.C b/src/usr/targeting/targetservicestart.C
index 65c213d97..b32f4db53 100755
--- a/src/usr/targeting/targetservicestart.C
+++ b/src/usr/targeting/targetservicestart.C
@@ -63,6 +63,7 @@
#include <arch/memorymap.H>
#include <lpc/lpcif.H>
#include <xscom/xscomif.H>
+#include <bootloader/bootloaderif.H>
#ifdef CONFIG_DRTM
#include <secureboot/drtm.H>
@@ -152,6 +153,11 @@ static void initTargeting(errlHndl_t& io_pError)
TARG_INF("WARNING: External tool asked master proc to disable "
"security.");
}
+ if(l_scratch3.allowAttrOverrides)
+ {
+ TARG_INF("WARNING: External tool asked master proc to allow "
+ "attribute overrides even in secure mode.");
+ }
AttrRP::init(io_pError, l_isMpipl);
@@ -190,6 +196,24 @@ static void initTargeting(errlHndl_t& io_pError)
}
#endif
+ // Handle possibility of Attribute Overrides allowed in secure mode
+ bool l_allow_attr_overrides =
+ g_BlToHbDataManager.getAllowAttrOverrides();
+ if (l_allow_attr_overrides)
+ {
+ TARG_INF("Allow Attribute Overrides In Secure Mode: %d",
+ l_allow_attr_overrides);
+ l_pTopLevel->setAttr<
+ TARGETING::ATTR_ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE>(
+ l_allow_attr_overrides);
+ }
+ else
+ {
+ // Hardcode to zero to be safe
+ l_pTopLevel->setAttr<
+ TARGETING::ATTR_ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE>(0x0);
+ }
+
// No error module loaded in VPO to save load time
#ifndef CONFIG_VPO_COMPILE
// call ErrlManager function - tell him that TARG is ready!
OpenPOWER on IntegriCloud