summaryrefslogtreecommitdiffstats
path: root/src/usr/secureboot/ext/service_ext.C
diff options
context:
space:
mode:
Diffstat (limited to 'src/usr/secureboot/ext/service_ext.C')
-rw-r--r--src/usr/secureboot/ext/service_ext.C105
1 files changed, 105 insertions, 0 deletions
diff --git a/src/usr/secureboot/ext/service_ext.C b/src/usr/secureboot/ext/service_ext.C
new file mode 100644
index 000000000..1f8595a71
--- /dev/null
+++ b/src/usr/secureboot/ext/service_ext.C
@@ -0,0 +1,105 @@
+/* IBM_PROLOG_BEGIN_TAG */
+/* This is an automatically generated prolog. */
+/* */
+/* $Source: src/usr/secureboot/ext/service_ext.C $ */
+/* */
+/* OpenPOWER HostBoot Project */
+/* */
+/* Contributors Listed Below - COPYRIGHT 2018 */
+/* [+] International Business Machines Corp. */
+/* */
+/* */
+/* Licensed under the Apache License, Version 2.0 (the "License"); */
+/* you may not use this file except in compliance with the License. */
+/* You may obtain a copy of the License at */
+/* */
+/* http://www.apache.org/licenses/LICENSE-2.0 */
+/* */
+/* Unless required by applicable law or agreed to in writing, software */
+/* distributed under the License is distributed on an "AS IS" BASIS, */
+/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */
+/* implied. See the License for the specific language governing */
+/* permissions and limitations under the License. */
+/* */
+/* IBM_PROLOG_END_TAG */
+#include <secureboot/service_ext.H>
+#include <targeting/common/util.H>
+#include <targeting/common/target.H>
+#include <errl/errlentry.H>
+#include <errl/errlmanager.H>
+#include <errl/errludtarget.H>
+#include <secureboot/secure_reasoncodes.H>
+
+#include "../common/securetrace.H"
+
+#include <fapi2.H>
+#include <fapi2/plat_hwp_invoker.H>
+
+#include <p9_update_security_ctrl.H>
+#include <config.h>
+
+namespace SECUREBOOT
+{
+
+void lockAbusSecMailboxes()
+{
+#ifdef CONFIG_TPMDD
+ errlHndl_t l_errl = nullptr;
+ TARGETING::TargetHandleList l_procs;
+ getAllChips(l_procs, TARGETING::TYPE_PROC, true);
+
+ auto l_pProc = l_procs.begin();
+ while(l_pProc != l_procs.end())
+ {
+ const fapi2::Target<fapi2::TARGET_TYPE_PROC_CHIP>l_fapiProc(*l_pProc);
+ FAPI_INVOKE_HWP(l_errl,
+ p9_update_security_ctrl,
+ l_fapiProc,
+ false, // do not force security
+ true); // lock down Abus mailboxes
+
+ if(l_errl)
+ {
+ SB_ERR("lockAbusSecMailboxes: p9_update_security_ctrl failed for"
+ " proc 0x%X!. Deconfiguring the proc.",
+ TARGETING::get_huid(*l_pProc));
+
+ auto l_plid = l_errl->plid();
+
+ ERRORLOG::ErrlUserDetailsTarget(*l_pProc).addToLog(l_errl);
+ ERRORLOG::errlCommit(l_errl, SECURE_COMP_ID);
+
+ /*
+ * @errortype
+ * @reasoncode RC_LOCK_MAILBOXES_FAILED
+ * @moduleid MOD_LOCK_ABUS_SEC_MAILBOXES
+ * @userdata1 Target HUID
+ * @devdesc Failed to lock Abus secure mailboxes
+ * on target processor.
+ * @custdesc Secure Boot failure
+ */
+ l_errl = new ERRORLOG::ErrlEntry(ERRORLOG::ERRL_SEV_UNRECOVERABLE,
+ SECUREBOOT::MOD_LOCK_ABUS_SEC_MAILBOXES,
+ SECUREBOOT::RC_LOCK_MAILBOXES_FAILED,
+ TARGETING::get_huid(*l_pProc),
+ 0,
+ true);
+ l_errl->addHwCallout(*l_pProc,
+ HWAS::SRCI_PRIORITY_LOW,
+ HWAS::DELAYED_DECONFIG,
+ HWAS::GARD_NULL);
+ l_errl->collectTrace(SECURE_COMP_NAME);
+ l_errl->collectTrace(FAPI_TRACE_NAME);
+ l_errl->plid(l_plid);
+ ERRORLOG::ErrlUserDetailsTarget(*l_pProc).addToLog(l_errl);
+
+ ERRORLOG::errlCommit(l_errl, SECURE_COMP_ID);
+ }
+
+ ++l_pProc;
+
+ } // while
+#endif
+}
+
+} // namespace SECUREBOOT
OpenPOWER on IntegriCloud