diff options
Diffstat (limited to 'src/usr/sbe/sbe_update.C')
-rw-r--r-- | src/usr/sbe/sbe_update.C | 129 |
1 files changed, 122 insertions, 7 deletions
diff --git a/src/usr/sbe/sbe_update.C b/src/usr/sbe/sbe_update.C index 4cdb67d1c..9ac74fdbb 100644 --- a/src/usr/sbe/sbe_update.C +++ b/src/usr/sbe/sbe_update.C @@ -35,6 +35,7 @@ #include <targeting/common/utilFilter.H> #include <targeting/common/targetservice.H> #include <targeting/common/target.H> +#include <targeting/targplatutil.H> #include <util/align.H> #include <util/crc32.H> #include <util/misc.H> @@ -271,6 +272,25 @@ namespace SBE TRACFBIN(g_trac_sbe, "updateProcessorSbeSeeproms(): Key transition new hw key hash", g_hw_keys_hash_transition_data, sizeof(g_hw_keys_hash_transition_data)); + + if(INITSERVICE::spBaseServicesEnabled()) + { + // Sync all attributes to FSP before we quiesce all the + // SBEs. + err = syncAllAttributesToFsp(); + if( err ) + { + // Failed to sync all attributes to FSP; this is not + // necessarily fatal. The key transition will continue, + // but this issue will be logged. + TRACFCOMP(g_trac_sbe, ERR_MRK + "updateProcessorSbeSeeproms: Error syncing " + "attributes to FSP, RC=0x%04X, PLID=0x%08X", + ERRL_GETRC_SAFE(err), + ERRL_GETPLID_SAFE(err)); + errlCommit(err,SBE_COMP_ID ); + } + } } for(uint32_t i=0; i<procList.size(); i++) @@ -544,6 +564,32 @@ namespace SBE } } + if(err && g_do_hw_keys_hash_transition) + { + // In theory it's possible to end up here if Hostboot fails to send + // the key transition started/succeeded message. Hostboot will + // treat that as a failure of the key transition process to call + // attention to the unexpected sequence. + errlHndl_t pError = updateKeyTransitionState( + TARGETING::KEY_TRANSITION_STATE_KEY_TRANSITION_FAILED); + if(pError) + { + TRACFCOMP(g_trac_sbe, + ERR_MRK"updateProcessorSbeSeeproms(): Failed in call to " + "updateKeyTransitionState with state of " + "KEY_TRANSITION_STATE_KEY_TRANSITION_FAILED. " + "Error log's EID=0x%08X, PLID=0x%08X, RC=0x%04X. ", + "Changing error log's PLID to 0x%08X.", + pError->eid(),pError->plid(),pError->reasonCode(), + err->plid()); + + pError->plid(err->plid()); + err->collectTrace(SBE_COMP_NAME); + err->collectTrace(SBEIO_COMP_NAME); + errlCommit(pError,SBE_COMP_ID); + } + } + TRACUCOMP( g_trac_sbe, EXIT_MRK"updateProcessorSbeSeeproms()" ); @@ -5383,6 +5429,21 @@ errlHndl_t sbeDoReboot( void ) TRACFCOMP( g_trac_sbe, ENTER_MRK"sbeDoReboot"); do{ + + if(g_do_hw_keys_hash_transition) + { + err = updateKeyTransitionState( + TARGETING::KEY_TRANSITION_STATE_KEY_TRANSITION_SUCCEEDED); + if(err) + { + TRACFCOMP(g_trac_sbe, + ERR_MRK"sbeDoReboot(): Failed in call to " + "updateKeyTransitionState with state of " + "KEY_TRANSITION_STATE_KEY_TRANSITION_SUCCEEDED"); + break; + } + } + #ifdef CONFIG_BMC_IPMI uint16_t count = SENSOR::DEFAULT_REBOOT_COUNT; SENSOR::RebootCountSensor l_sensor; @@ -5412,7 +5473,8 @@ errlHndl_t sbeDoReboot( void ) #else //non-IPMI - if( INITSERVICE::spBaseServicesEnabled() ) + if( INITSERVICE::spBaseServicesEnabled() + && !g_do_hw_keys_hash_transition) { // Sync all attributes to the FSP before doing the Shutdown err = syncAllAttributesToFsp(); @@ -5420,11 +5482,11 @@ errlHndl_t sbeDoReboot( void ) { // Something failed on the sync. Commit the error here // and continue with the Re-IPL Request - TRACFCOMP( g_trac_sbe, - ERR_MRK"sbeDoReboot() - Error " - "syncing attributes to FSP, RC=0x%X, PLID=0x%lX", - ERRL_GETRC_SAFE(err), - ERRL_GETPLID_SAFE(err)); + TRACFCOMP(g_trac_sbe, ERR_MRK + "sbeDoReboot: Error syncing attributes to FSP. " + "RC=0x%04X, PLID=0x%08X", + ERRL_GETRC_SAFE(err), + ERRL_GETPLID_SAFE(err)); errlCommit( err, SBE_COMP_ID ); } else @@ -5452,7 +5514,6 @@ errlHndl_t sbeDoReboot( void ) } #endif - #ifdef CONFIG_BMC_IPMI if(g_do_hw_keys_hash_transition) { @@ -5862,6 +5923,16 @@ errlHndl_t secureKeyTransition() // Indicate a key transition is required g_do_hw_keys_hash_transition = true; + l_errl = updateKeyTransitionState( + TARGETING::KEY_TRANSITION_STATE_KEY_TRANSITION_STARTED); + if(l_errl) + { + TRACFCOMP(g_trac_sbe,ERR_MRK "secureKeyTransition(): Failed in " + "call to updateKeyTransitionState() with state of " + "KEY_TRANSITION_STATE_KEY_TRANSITION_STARTED"); + break; + } + bool l_hw_lab_override_flag = l_nestedConHdr.sb_flags()->hw_lab_override; TRACFCOMP(g_trac_sbe, "Overriding the Lab Security Backdoor Bit due to" " key transition; new Security Backdoor Enabled bit is %d", @@ -5959,5 +6030,49 @@ errlHndl_t locateHbblIdStringBfr( void * i_pSourceBfr, return l_errl; } +errlHndl_t updateKeyTransitionState( + const TARGETING::KEY_TRANSITION_STATE i_keyTransitionState) +{ + errlHndl_t pError = nullptr; + + do { + + TRACFCOMP(g_trac_sbe, + INFO_MRK "updateKeyTransitionState: new key transition state of " + "0x%08X", + i_keyTransitionState); + + TARGETING::UTIL::getCurrentNodeTarget()->setAttr< + TARGETING::ATTR_KEY_TRANSITION_STATE>(i_keyTransitionState); + + if(INITSERVICE::spBaseServicesEnabled()) + { + auto * pMsg = msg_allocate(); + pMsg->type = SBE::MSG_KEY_TRANSITION_EVENT_OCCURRED; + pMsg->data[0] = i_keyTransitionState; + pMsg->data[1] = 0; + pMsg->extra_data = nullptr; + + pError = MBOX::sendrecv(MBOX::IPL_SERVICE_QUEUE,pMsg); + if (pError) + { + TRACFCOMP(g_trac_sbe, + ERR_MRK "updateKeyTransitionState: " + "Failed in call to MBOX::sendrecv attempting to send a " + "MSG_KEY_TRANSITION_EVENT_OCCURRED event with key transition " + "state of 0x%08X", + i_keyTransitionState); + } + + // Error or not, always have to free the memory + msg_free(pMsg); + pMsg=nullptr; + } + + } while(0); + + return pError; +} + } //end SBE Namespace |