diff options
| -rw-r--r-- | src/makefile | 1 | ||||
| -rw-r--r-- | src/usr/secureboot/runtime/rt_secureboot.C | 25 | ||||
| -rw-r--r-- | src/usr/secureboot/runtime/test/testsecureboot_rt.H | 46 | ||||
| -rw-r--r-- | src/usr/targeting/runtime/test/testtargeting.H | 36 |
4 files changed, 82 insertions, 26 deletions
diff --git a/src/makefile b/src/makefile index 66f3bc226..acc5f5a37 100644 --- a/src/makefile +++ b/src/makefile @@ -185,7 +185,6 @@ EXTENDED_MODULES += ibscom EXTENDED_MODULES += thread_activate EXTENDED_MODULES += $(if $(CONFIG_VPO_COMPILE),,dump) EXTENDED_MODULES += $(if $(CONFIG_VPO_COMPILE),,runtime) -EXTENDED_MODULES += secureboot_ext EXTENDED_MODULES += $(if $(CONFIG_TPMDD),secureboot_trusted,) EXTENDED_MODULES += sbe EXTENDED_MODULES += sbeio diff --git a/src/usr/secureboot/runtime/rt_secureboot.C b/src/usr/secureboot/runtime/rt_secureboot.C index 2277cce29..0c24c3875 100644 --- a/src/usr/secureboot/runtime/rt_secureboot.C +++ b/src/usr/secureboot/runtime/rt_secureboot.C @@ -40,7 +40,6 @@ #include <targeting/common/commontargeting.H> #include <targeting/common/targetservice.H> #include <devicefw/userif.H> -#include <util/misc.H> namespace SECUREBOOT { @@ -95,20 +94,16 @@ bool allowAttrOverrides() if (enabled()) { // Check attribute to see if overrides are allowed in secure mode - if ( Util::isTargetingLoaded() ) - { - TARGETING::TargetService& tS = TARGETING::targetService(); - TARGETING::Target* sys = nullptr; - (void) tS.getTopLevelTarget( sys ); - assert(sys, "SECUREBOOT::allowAttrOverrides() system target is NULL"); - - retVal = sys->getAttr< - TARGETING::ATTR_ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE>(); - - SB_INF("SECUREBOOT::allowAttrOverrides: " - "Inside Attr check: retVal=0x%X", - retVal); - } + TARGETING::TargetService& tS = TARGETING::targetService(); + TARGETING::Target* sys = nullptr; + (void) tS.getTopLevelTarget( sys ); + assert(sys, "SECUREBOOT::allowAttrOverrides() system target is NULL"); + + retVal = sys->getAttr< + TARGETING::ATTR_ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE>(); + + SB_INF("SECUREBOOT::allowAttrOverrides: Inside Attr check: retVal=0x%X", + retVal); } else { diff --git a/src/usr/secureboot/runtime/test/testsecureboot_rt.H b/src/usr/secureboot/runtime/test/testsecureboot_rt.H index 4173c0855..a7bd93830 100644 --- a/src/usr/secureboot/runtime/test/testsecureboot_rt.H +++ b/src/usr/secureboot/runtime/test/testsecureboot_rt.H @@ -35,8 +35,13 @@ #include <runtime/interface.h> #include <config.h> +#include <runtime/rt_targeting.H> +#include <errl/errlmanager.H> +#include <devicefw/userif.H> + #include "common/securetrace.H" #include <secureboot/service.H> +#include <secureboot/settings.H> class SecurebootRtTestSuite: public CxxTest::TestSuite { @@ -100,8 +105,44 @@ class SecurebootRtTestSuite: public CxxTest::TestSuite { SB_ENTER("SecurebootRtTestSuite::testBaseInterfaces"); + errlHndl_t l_errl = nullptr; + do { + // Runtime scom tests return zeroed buffers unless a write is + // performed first, so write Security register. + uint64_t l_regValue = 0; + size_t l_size = sizeof(l_regValue); + + TARGETING::TargetService& tS = TARGETING::targetService(); + TARGETING::Target* masterProcChipTargetHandle = nullptr; + + l_errl = tS.queryMasterProcChipTargetHandle(masterProcChipTargetHandle); + + if (l_errl) + { + TS_FAIL("SecurebootRtTestSuite::testBaseInterfaces: Failed to get masterProcChipTargetHandle"); + break; + } + + // Set SAB and SUL + l_regValue |= static_cast<uint64_t>(SECUREBOOT::ProcSecurity::SabBit); + l_regValue |= static_cast<uint64_t>(SECUREBOOT::ProcSecurity::SULBit); + l_errl = deviceWrite( + masterProcChipTargetHandle, + &l_regValue, l_size, + DEVICE_SCOM_ADDRESS( + static_cast<uint64_t>( + SECUREBOOT::ProcSecurity::SwitchRegister))); + + if (l_errl) + { + TS_FAIL("SecurebootRtTestSuite::testBaseInterfaces: Failed to Write Security Switch Register"); + break; + } + assert(l_size == sizeof(l_regValue)); + + SB_INF("SECUREBOOT::enabled() = %d", SECUREBOOT::enabled()); SB_INF("SECUREBOOT::allowAttrOverrides() = %d", @@ -109,6 +150,11 @@ class SecurebootRtTestSuite: public CxxTest::TestSuite } while(0); + if (l_errl) + { + errlCommit(l_errl, SECURE_COMP_ID); + } + SB_EXIT("SecurebootRtTestSuite::testBaseInterfaces"); } diff --git a/src/usr/targeting/runtime/test/testtargeting.H b/src/usr/targeting/runtime/test/testtargeting.H index db9c74415..0e539ae85 100644 --- a/src/usr/targeting/runtime/test/testtargeting.H +++ b/src/usr/targeting/runtime/test/testtargeting.H @@ -155,10 +155,29 @@ class TargetingTestSuite : public CxxTest::TestSuite void testApplyAttrOverrides() { using namespace TARGETING; - TRACFCOMP(g_trac_targeting,"testApplyAttrOverrides"); - do + TRACFCOMP(g_trac_targeting,"testApplyAttrOverrides (temporarily allow Attr Overrides)"); + + // Must Temporarily Allow Attribute Overrides since secureboot is + // now set at runtime. Will restore later. + bool allow_attr_overrides = false; + TargetService& l_targetService = targetService(); + TARGETING::Target* l_pTarget = nullptr; + (void) l_targetService.getTopLevelTarget(l_pTarget); + if (l_pTarget == nullptr) + { + TS_FAIL("Top level target handle is NULL"); + } + else { + allow_attr_overrides = l_pTarget->getAttr< + TARGETING::ATTR_ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE>(); + l_pTarget->setAttr< + TARGETING::ATTR_ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE>(true); + } + + do + { // Get the address of the runtime apply overrides function runtimeInterfaces_t* rt_intf = getRuntimeInterfaces(); if(rt_intf == NULL) @@ -173,14 +192,6 @@ class TargetingTestSuite : public CxxTest::TestSuite } // Get the initial value of the test attribute - TargetService& l_targetService = targetService(); - TARGETING::Target* l_pTarget = NULL; - (void) l_targetService.getTopLevelTarget(l_pTarget); - if (l_pTarget == NULL) - { - TS_FAIL("Top level target handle is NULL"); - break; - } uint8_t l_attrVal = l_pTarget->getAttr<TARGETING::ATTR_SCRATCH_UINT8_1>(); uint8_t l_attrOverrideVal = l_attrVal + 1; @@ -263,6 +274,11 @@ class TargetingTestSuite : public CxxTest::TestSuite TRACFCOMP(g_trac_targeting,"testApplyAttrOverrides SUCCESS"); } while (0); + + // Restore allow_attr_overrides setting + l_pTarget->setAttr< + TARGETING::ATTR_ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE>( + allow_attr_overrides); } }; |
