diff options
| -rw-r--r-- | src/include/usr/runtime/runtime.H | 4 | ||||
| -rw-r--r-- | src/include/usr/runtime/runtime_reasoncodes.H | 3 | ||||
| -rw-r--r-- | src/include/usr/secureboot/service.H | 17 | ||||
| -rw-r--r-- | src/include/usr/vmmconst.h | 5 | ||||
| -rw-r--r-- | src/usr/isteps/istep16/call_host_ipl_complete.C | 20 | ||||
| -rw-r--r-- | src/usr/runtime/populate_hbruntime.C | 68 |
6 files changed, 117 insertions, 0 deletions
diff --git a/src/include/usr/runtime/runtime.H b/src/include/usr/runtime/runtime.H index 5ae784b74..3ac97e81a 100644 --- a/src/include/usr/runtime/runtime.H +++ b/src/include/usr/runtime/runtime.H @@ -31,6 +31,7 @@ #include <errl/errlentry.H> #include <hdat/hdat.H> #include "../../../src/usr/runtime/hdatstructs.H" +#include <vmmconst.h> namespace RUNTIME { @@ -237,6 +238,9 @@ enum SbeUnsecureMemoryRegions SP_HOST_UNTRUSTED_COMM_AREA_SIZE = 64*MEGABYTE, SP_HOST_UNTRUSTED_OPAL_TRACE_ADDR = 0x31000000, SP_HOST_UNTRUSTED_OPAL_TRACE_SIZE = 1*MEGABYTE, + + SP_HOST_ATTN_SIZE_LIMIT = (SP_HOST_UNTRUSTED_COMM_AREA_SIZE + - PHYP_ATTN_AREA_OFFSET), }; /** diff --git a/src/include/usr/runtime/runtime_reasoncodes.H b/src/include/usr/runtime/runtime_reasoncodes.H index 3dd2fc01e..79ebe37a8 100644 --- a/src/include/usr/runtime/runtime_reasoncodes.H +++ b/src/include/usr/runtime/runtime_reasoncodes.H @@ -65,6 +65,7 @@ namespace RUNTIME MOD_RT_ATTR_SYNC_REQUEST = 0x25, /**< rt_fwnotify.C */ MOD_CHECK_HB_RES_MEM_LIMIT = 0x26, /**< populate_hbruntime.C */ MOD_INIT_RT_RES_MEM_TRACE_BUF = 0x27, /**< rt_rsvdtracebuffer.C */ + MOD_OPEN_UNTRUSTED_SP_AREAS = 0x28, /**< populate_hbruntime.C */ }; enum RuntimeReasonCode @@ -135,6 +136,8 @@ namespace RUNTIME RC_HOST_TIMER_THREAD_FAIL = RUNTIME_COMP_ID | 0x3F, RC_RT_RES_TRACE_BUF_DUMPED = RUNTIME_COMP_ID | 0x40, RC_RT_RES_TRACE_BUF_INVALID = RUNTIME_COMP_ID | 0x41, + RC_SP_ATTN_AREA_OVERFLOW = RUNTIME_COMP_ID | 0x42, + RC_SP_ATTN_AREA1_SIZE_OVERFLOW = RUNTIME_COMP_ID | 0x43, }; enum UserDetailsTypes diff --git a/src/include/usr/secureboot/service.H b/src/include/usr/secureboot/service.H index cb2829147..3060e9225 100644 --- a/src/include/usr/secureboot/service.H +++ b/src/include/usr/secureboot/service.H @@ -32,6 +32,9 @@ #include <cstdint> #include <securerom/sha512.H> #include <securerom/ROM.H> +#include <vmmconst.h> +#include <sys/misc.h> +#include <kernel/vmmmgr.H> /* * @brief Used to capture the first 4 bytes of the hash for tracing purposes @@ -363,6 +366,20 @@ namespace SECUREBOOT */ errlHndl_t setSbeSecurityMode(uint8_t i_sbeSecurityMode); + /* + * @brief Calculates the node's proposed start address for the system's + * SP ATTN areas, which becomes the effective configuration if it's + * elected as the master. + * + * @return uint64_t Absolute start address for the intended SP ATTN areas + */ + inline uint64_t calcSpAttnAreaStart() + { + auto hrmorVal = cpu_spr_value(CPU_SPR_HRMOR); + return (hrmorVal - VMM_HRMOR_OFFSET + PHYP_ATTN_AREA_OFFSET) + | VmmManager::FORCE_PHYS_ADDR; + } + } #endif diff --git a/src/include/usr/vmmconst.h b/src/include/usr/vmmconst.h index 5da954974..177802bab 100644 --- a/src/include/usr/vmmconst.h +++ b/src/include/usr/vmmconst.h @@ -144,6 +144,11 @@ enum BlockPriority #define VMM_HRMOR_OFFSET (128*MEGABYTE) #define VMM_HB_RSV_MEM_SIZE (256*MEGABYTE) +/** PHYP ATTN AREA OFFSET */ +/** This offset is relative to the lowest address in a given node */ +#define PHYP_ATTN_AREA_OFFSET (59*MEGABYTE) +#define PHYP_ATTN_AREA_1_SIZE (1*KILOBYTE) + /** Hardwired offsets from HRMOR to HOMER images in real mem */ /** HOMER starts immediately after our HB memory */ /** <n0p0 HRMOR = 128MB> + <memory size = 64MB> = 192 MB */ diff --git a/src/usr/isteps/istep16/call_host_ipl_complete.C b/src/usr/isteps/istep16/call_host_ipl_complete.C index a96703191..1d2f711a7 100644 --- a/src/usr/isteps/istep16/call_host_ipl_complete.C +++ b/src/usr/isteps/istep16/call_host_ipl_complete.C @@ -51,6 +51,10 @@ #include <ipmi/ipmisensor.H> #endif +#include <vmmconst.h> +#include <targeting/targplatutil.H> +#include <secureboot/service.H> + using namespace ERRORLOG; using namespace TARGETING; using namespace ISTEP; @@ -282,6 +286,22 @@ void* call_host_ipl_complete (void *io_pArgs) break; } + // populate PHYP ATTN Area Attributes with values + if ( INITSERVICE::spBaseServicesEnabled() && is_phyp_load()) + { + // calculate absolute address for PHYP SP ATTN areas + auto l_abs = SECUREBOOT::calcSpAttnAreaStart(); + + auto spAttnArea1Addr = l_abs; + auto spAttnArea2Addr = l_abs + PHYP_ATTN_AREA_1_SIZE; + + auto l_nodeTgt = TARGETING::UTIL::getCurrentNodeTarget(); + + l_nodeTgt->setAttr<ATTR_ATTN_AREA_1_ADDR>(spAttnArea1Addr); + l_nodeTgt->setAttr<ATTR_ATTN_AREA_2_ADDR>(spAttnArea2Addr); + TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace, INFO_MRK"Set attributes for PHYP ATTN areas. ATTN Area 1: 0x%.16llX ATTN Area 2: 0x%.16llX", spAttnArea1Addr, spAttnArea2Addr); + } + // Sync attributes to Fsp l_err = syncAllAttributesToFsp(); diff --git a/src/usr/runtime/populate_hbruntime.C b/src/usr/runtime/populate_hbruntime.C index 7672a572a..db2fa42c7 100644 --- a/src/usr/runtime/populate_hbruntime.C +++ b/src/usr/runtime/populate_hbruntime.C @@ -3403,6 +3403,74 @@ errlHndl_t openUntrustedSpCommArea(const uint64_t i_commBase) l_spAttnStartAddr, l_spAttnCombinedSize); + // If in phyp mode and the master + if (TARGETING::is_phyp_load() && TARGETING::UTIL::isCurrentMasterNode()) + { + // make sure ATTN area never grows beyond the SP/PHyp untrusted region + if (l_spAttnCombinedSize > SP_HOST_ATTN_SIZE_LIMIT) + { + TRACFCOMP( g_trac_runtime, + ERR_MRK"openUntrustedSpCommArea(): Combined sizes of SP ATTN area 1 and area 2 are larger than 0x%.16llX. ATTN1 sz: 0x%.16llX, ATTN2 sz: 0x%.16llX", + SP_HOST_ATTN_SIZE_LIMIT, + l_pCpuCtrlInfo->spAttnArea1.size, + l_pCpuCtrlInfo->spAttnArea2.size); + + /*@ + * @errortype + * @moduleid RUNTIME::MOD_OPEN_UNTRUSTED_SP_AREAS + * @reasoncode RUNTIME::RC_SP_ATTN_AREA_OVERFLOW + * @userdata1 SP ATTN Area total size + * @userdata2 SP ATTN Area start address + * @devdesc SP ATTN Areas attempting to allocate past valid + * memory range. + * @custdesc Failure in the security subsystem. + */ + l_err = new ERRORLOG::ErrlEntry( + ERRORLOG::ERRL_SEV_UNRECOVERABLE, + RUNTIME::MOD_OPEN_UNTRUSTED_SP_AREAS, + RUNTIME::RC_SP_ATTN_AREA_OVERFLOW, + l_spAttnCombinedSize, + l_spAttnStartAddr, + true); + l_err->collectTrace(RUNTIME_COMP_NAME); + break; + } + // Make sure our intended ATTN area 1 size is not smaller than the ATTN + // area 1 size reported in HDAT + if (PHYP_ATTN_AREA_1_SIZE < l_pCpuCtrlInfo->spAttnArea1.size) + { + TRACFCOMP( g_trac_runtime, + ERR_MRK"openUntrustedSpCommArea(): Hostboot's proposed SP ATTN area 1 size is smaller than what is reported in HDAT. Proposed ATTN1 sz: 0x%.16llX, HDAT ATTN1 sz: 0x%.16llX", + PHYP_ATTN_AREA_1_SIZE, + l_pCpuCtrlInfo->spAttnArea1.size); + + /*@ + * @errortype + * @moduleid RUNTIME::MOD_OPEN_UNTRUSTED_SP_AREAS + * @reasoncode RUNTIME::RC_SP_ATTN_AREA1_SIZE_OVERFLOW + * @userdata1 SP ATTN Area 1 size proposed by hostboot + * @userdata2 SP ATTN Area 1 size reported in HDAT + * @devdesc SP ATTN Area 1 size exceeds the maximum. + * @custdesc Failure in the security subsystem. + */ + l_err = new ERRORLOG::ErrlEntry( + ERRORLOG::ERRL_SEV_UNRECOVERABLE, + RUNTIME::MOD_OPEN_UNTRUSTED_SP_AREAS, + RUNTIME::RC_SP_ATTN_AREA1_SIZE_OVERFLOW, + PHYP_ATTN_AREA_1_SIZE, + l_pCpuCtrlInfo->spAttnArea1.size, + true); + l_err->collectTrace(RUNTIME_COMP_NAME); + break; + } + + // calculate absolute address for PHYP SP ATTN areas + auto l_abs = SECUREBOOT::calcSpAttnAreaStart(); + + l_pCpuCtrlInfo->spAttnArea1.address = l_abs; + l_pCpuCtrlInfo->spAttnArea2.address = l_abs + PHYP_ATTN_AREA_1_SIZE; + } + // Open unsecure SBE memory regions // Loop through all functional Procs TARGETING::TargetHandleList l_procChips; |
