diff options
Diffstat (limited to 'src/usr/pnor/spnorrp.H')
-rw-r--r-- | src/usr/pnor/spnorrp.H | 42 |
1 files changed, 41 insertions, 1 deletions
diff --git a/src/usr/pnor/spnorrp.H b/src/usr/pnor/spnorrp.H index 3ec527f37..34a6a8aab 100644 --- a/src/usr/pnor/spnorrp.H +++ b/src/usr/pnor/spnorrp.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2011,2016 */ +/* Contributors Listed Below - COPYRIGHT 2011,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -34,6 +34,12 @@ #include "pnor_common.H" #include "ffs.h" #include <config.h> +#include <securerom/ROM.H> + +namespace SECUREBOOT +{ + class ContainerHeader; +} /** * Secure PNOR Resource Provider @@ -186,5 +192,39 @@ class SPnorRP * @return errlHndl_t - NULL if success, errlHndl_t otherwise. */ errlHndl_t keyTransitionCheck(const uint8_t *i_vaddr) const; + + /** + * @brief Apply lab override policy to the attribute model + * + * @par Detailed Description: + * Reads the lab override flag from the input flag set, inverts it, and + * writes it to the ATTR_SECURITY_MODE attribute. Later, SBE update + * will customize that attribute into the SBEs. If the policy is set + * (attribute clear), the SBE will watch mailbox scratch register 3 bit + * 6 to be set. In that case, SBE will disable security for the + * processor, otherwise (policy clear/attribute set) it will not change + * the security settings. + * + * @param[in] i_flags Various flags read from the secure header + */ + void processLabOverride( + const sb_flags_t& i_flags) const; + + /** + * @brief Apply firmware key indicator policies for the given section + * + * @par Detailed Description: + * Reads the HW/SW policy flags from the given section's container + * header and applies any applicable policies. + * + * @param[in] i_header Reference to requested section's container header + * @param[in] i_sectionId Section's ID + * + * @return errlHndl_t Error log handle; nullptr if success, pointer to + * valid error log otherwise. + */ + errlHndl_t processFwKeyIndicators( + const SECUREBOOT::ContainerHeader& i_header, + const PNOR::SectionId i_sectionId) const; }; #endif |