diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/include/runtime/interface.h | 1 | ||||
-rwxr-xr-x | src/include/usr/hdat/hdat.H | 3 | ||||
-rw-r--r-- | src/include/usr/isteps/istep_reasoncodes.H | 2 | ||||
-rw-r--r-- | src/include/usr/secureboot/smf.H | 4 | ||||
-rw-r--r-- | src/include/usr/vmmconst.h | 4 | ||||
-rw-r--r-- | src/usr/isteps/istep15/host_build_stop_image.C | 91 | ||||
-rw-r--r-- | src/usr/isteps/pm/pm_common.C | 75 | ||||
-rw-r--r-- | src/usr/isteps/pm/runtime/makefile | 2 | ||||
-rw-r--r-- | src/usr/runtime/populate_hbruntime.C | 57 | ||||
-rw-r--r-- | src/usr/targeting/common/xmltohb/hb_customized_attrs.xml | 6 |
10 files changed, 219 insertions, 26 deletions
diff --git a/src/include/runtime/interface.h b/src/include/runtime/interface.h index 31f5eaddc..bd04e7774 100644 --- a/src/include/runtime/interface.h +++ b/src/include/runtime/interface.h @@ -159,6 +159,7 @@ enum MemoryError_t #define HBRT_RSVD_MEM__SECUREBOOT "ibm,secure-crypt-algo-code" #define HBRT_RSVD_MEM__DATA "ibm,hbrt-data" #define HBRT_RSVD_MEM__ARCH_REG "ibm,arch-reg-data" +#define HBRT_RSVD_MEM__UNSEC_HOMER "ibm,unsecure-homer" /* Aligned reserved memory size for Opal */ #define HBRT_RSVD_MEM_OPAL_ALIGN 64*KILOBYTE diff --git a/src/include/usr/hdat/hdat.H b/src/include/usr/hdat/hdat.H index 0f750936c..01a196a41 100755 --- a/src/include/usr/hdat/hdat.H +++ b/src/include/usr/hdat/hdat.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015,2017 */ +/* Contributors Listed Below - COPYRIGHT 2015,2019 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -225,6 +225,7 @@ enum hdatMsVpdRhbAddrRangeType : uint8_t RHB_TYPE_SECUREBOOT = 3, RHB_TYPE_HOMER_OCC = 4, RHB_TYPE_VERIFIED_PNOR = 5, + RHB_TYPE_UNSECURE_HOMER = 6, RHB_TYPE_INVALID = 0xFF }; diff --git a/src/include/usr/isteps/istep_reasoncodes.H b/src/include/usr/isteps/istep_reasoncodes.H index 7aa3abc5e..5bd5fbf94 100644 --- a/src/include/usr/isteps/istep_reasoncodes.H +++ b/src/include/usr/isteps/istep_reasoncodes.H @@ -67,6 +67,7 @@ namespace ISTEP MOD_GET_LANEMASK_FROM_HX_KEYWORD = 0x24, MOD_MSS_SCRUB = 0x25, MOD_CALL_UPDATE_UCD_FLASH = 0x26, + MOD_LOAD_HCODE = 0x27, }; /** @@ -140,6 +141,7 @@ namespace ISTEP RC_PNOR_IPMI_NOT_ENABLED = ISTEP_COMP_ID | 0x4D, RC_SLAVE_CORE_WAKEUP_ERROR = ISTEP_COMP_ID | 0x4E, RC_UCD_IMG_NOT_IN_CONTAINER = ISTEP_COMP_ID | 0x4F, + RC_MM_UNMAP_FAILED = ISTEP_COMP_ID | 0x50, }; }; diff --git a/src/include/usr/secureboot/smf.H b/src/include/usr/secureboot/smf.H index 990bce09b..e062e56c9 100644 --- a/src/include/usr/secureboot/smf.H +++ b/src/include/usr/secureboot/smf.H @@ -27,6 +27,10 @@ #include <errl/errlentry.H> #include <stdint.h> +#include <limits.h> + +// The maximum size of the unsecure HOMER region in reserved memory +#define MAX_UNSECURE_HOMER_SIZE (1 * PAGESIZE) namespace SMF_TRACE { diff --git a/src/include/usr/vmmconst.h b/src/include/usr/vmmconst.h index ee280c6c2..b6841eea4 100644 --- a/src/include/usr/vmmconst.h +++ b/src/include/usr/vmmconst.h @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2011,2018 */ +/* Contributors Listed Below - COPYRIGHT 2011,2019 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -286,6 +286,4 @@ enum BlockPriority #define PREVERLIDMGR_TEST_ADDR (512*MEGABYTE) #define PREVERLIDMGR_TEST_SIZE (64*MEGABYTE) - - #endif /* _VMMCONST_H */ diff --git a/src/usr/isteps/istep15/host_build_stop_image.C b/src/usr/isteps/istep15/host_build_stop_image.C index dc40242ed..26e3677f4 100644 --- a/src/usr/isteps/istep15/host_build_stop_image.C +++ b/src/usr/isteps/istep15/host_build_stop_image.C @@ -70,7 +70,11 @@ #include <p9n2_quad_scom_addresses_fld.H> #include <secureboot/smf_utils.H> +#include <secureboot/smf.H> #include <isteps/mem_utils.H> +#include <util/align.H> + +#include <limits.h> using namespace ERRORLOG; using namespace ISTEP; @@ -405,10 +409,10 @@ void* host_build_stop_image (void *io_pArgs) TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace, "host_build_stop_image entry" ); // allocate four temporary work buffers - void* l_temp_buffer0 = malloc(HW_IMG_RING_SIZE); - void* l_temp_buffer1 = malloc(MAX_RING_BUF_SIZE); + void* l_temp_buffer1 = malloc(HW_IMG_RING_SIZE); void* l_temp_buffer2 = malloc(MAX_RING_BUF_SIZE); void* l_temp_buffer3 = malloc(MAX_RING_BUF_SIZE); + void* l_temp_buffer4 = malloc(MAX_RING_BUF_SIZE); do { //Determine top-level system target @@ -444,10 +448,11 @@ void* host_build_stop_image (void *io_pArgs) l_memBase = get_top_homer_mem_addr(); assert (l_memBase != 0, "host_build_stop_image: Top of memory was 0!"); + l_memBase -= VMM_ALL_HOMER_OCC_MEMORY_SIZE; } TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace, - "HOMER base = %.16X", l_memBase); + "HOMER base = 0x%.16llX", l_memBase); l_pRealMemBase = reinterpret_cast<void * const>(l_memBase ); //Convert the real memory pointer to a pointer in virtual memory @@ -497,6 +502,9 @@ void* host_build_stop_image (void *io_pArgs) "Found %d functional procs in system", l_procChips.size() ); + auto l_unsecureHomerSize = + l_sys->getAttr<TARGETING::ATTR_UNSECURE_HOMER_SIZE>(); + for (const auto & l_procChip: l_procChips) { do { @@ -555,6 +563,23 @@ void* host_build_stop_image (void *io_pArgs) break; } + if(SECUREBOOT::SMF::isSmfEnabled()) + { + // In SMF mode, unsecure HOMER goes to the top of unsecure + // memory (2MB aligned); we need to subtract the size of the + // unsecure HOMER and align the resulting address to arrive + // at the correct location. + uint64_t l_unsecureHomerAddr = ALIGN_DOWN_X( + ISTEP::get_top_mem_addr() + - MAX_UNSECURE_HOMER_SIZE, + 2 * MEGABYTE); + l_procChip->setAttr<TARGETING::ATTR_UNSECURE_HOMER_ADDRESS> + (l_unsecureHomerAddr); + TRACFCOMP(ISTEPS_TRACE::g_trac_isteps_trace, + "host_build_stop_image: unsecure HOMER addr = 0x%.16llX", + l_unsecureHomerAddr); + } + //Call p9_hcode_image_build.C HWP FAPI_INVOKE_HWP( l_errl, p9_hcode_image_build, @@ -564,13 +589,13 @@ void* host_build_stop_image (void *io_pArgs) l_ringOverrides, PHASE_IPL, img_type, - l_temp_buffer0, - HW_IMG_RING_SIZE, l_temp_buffer1, - MAX_RING_BUF_SIZE, + HW_IMG_RING_SIZE, l_temp_buffer2, MAX_RING_BUF_SIZE, l_temp_buffer3, + MAX_RING_BUF_SIZE, + l_temp_buffer4, MAX_RING_BUF_SIZE); if ( l_errl ) @@ -583,6 +608,58 @@ void* host_build_stop_image (void *io_pArgs) break; } + // We now need to copy the data that was put in l_temp_buffer2 + // by the p9_hcode_image_build procedure into the unsecure + // HOMER memory + if(SECUREBOOT::SMF::isSmfEnabled()) + { + auto l_unsecureHomerAddr = l_procChip-> + getAttr<TARGETING::ATTR_UNSECURE_HOMER_ADDRESS>(); + + + assert(l_unsecureHomerSize <= MAX_RING_BUF_SIZE, + "host_build_stop_image: unsecure HOMER is bigger than the output buffer"); + assert(l_unsecureHomerSize <= MAX_UNSECURE_HOMER_SIZE, + "host_build_stop_image: the size of unsecure HOMER is more than 0x%x", MAX_UNSECURE_HOMER_SIZE); + assert(l_unsecureHomerAddr, + "host_build_stop_image: the unsecure HOMER addr is 0"); + + void* l_unsecureHomerVAddr = mm_block_map( + reinterpret_cast<void*>(l_unsecureHomerAddr), + l_unsecureHomerSize); + assert(l_unsecureHomerVAddr, + "host_build_stop_image: could not map unsecure HOMER phys addr"); + memcpy(l_unsecureHomerVAddr, + l_temp_buffer2, + l_unsecureHomerSize); + int l_rc = mm_block_unmap(l_unsecureHomerVAddr); + if(l_rc) + { + /*@ + * @errortype + * @reasoncode ISTEP::RC_MM_UNMAP_FAILED + * @severity ERRORLOG::ERRL_SEV_UNRECOVERABLE + * @moduleid ISTEP::MOD_BUILD_HCODE_IMAGES + * @userdata1 Unsecure HOMER addr + * @userdata2 RC from mm_block_unmap + * @devdesc Could not unmap unsecure HOMER's virtual + * address + * @custdesc A problem occurred during the IPL of the + * system + */ + l_errl = new ERRORLOG::ErrlEntry( + ERRORLOG::ERRL_SEV_UNRECOVERABLE, + ISTEP::MOD_BUILD_HCODE_IMAGES, + ISTEP::RC_MM_UNMAP_FAILED, + reinterpret_cast<uint64_t>( + l_unsecureHomerVAddr), + l_rc, + ERRORLOG::ErrlEntry::ADD_SW_CALLOUT); + l_errl->collectTrace(ISTEP_COMP_NAME); + break; + } + } + l_errl = applyHcodeGenCpuRegs( l_procChip, l_pImageOut, l_sizeImageOut ); @@ -654,10 +731,10 @@ void* host_build_stop_image (void *io_pArgs) } // delete working buffers - if( l_temp_buffer0 ) { free(l_temp_buffer0); } if( l_temp_buffer1 ) { free(l_temp_buffer1); } if( l_temp_buffer2 ) { free(l_temp_buffer2); } if( l_temp_buffer3 ) { free(l_temp_buffer3); } + if( l_temp_buffer4 ) { free(l_temp_buffer4); } #ifdef CONFIG_SECUREBOOT // securely unload HCODE PNOR section, if necessary diff --git a/src/usr/isteps/pm/pm_common.C b/src/usr/isteps/pm/pm_common.C index 45d566f75..376ec0278 100644 --- a/src/usr/isteps/pm/pm_common.C +++ b/src/usr/isteps/pm/pm_common.C @@ -63,6 +63,8 @@ #include <runtime/interface.h> #include <secureboot/service.H> +#include <secureboot/smf_utils.H> +#include <secureboot/smf.H> // Procedures #include <p9_pm_pba_bar_config.H> @@ -99,10 +101,12 @@ #define HBPM_UNMAP mm_block_unmap #define HBPM_MAP mm_block_map #define HBPM_PHYS_ADDR (reinterpret_cast<void*>(i_phys_addr)) +#define UNSEC_HOMER_PHYS_ADDR (reinterpret_cast<void*>(l_unsecureHomerAddr)) #else #define HBPM_UNMAP g_hostInterfaces->unmap_phys_mem #define HBPM_MAP g_hostInterfaces->map_phys_mem #define HBPM_PHYS_ADDR i_phys_addr +#define UNSEC_HOMER_PHYS_ADDR l_unsecureHomerAddr #endif @@ -264,10 +268,10 @@ namespace HBPM const fapi2::Target<fapi2::TARGET_TYPE_PROC_CHIP> l_fapiTarg(i_target); - void *l_buffer0 = (void*)malloc(HW_IMG_RING_SIZE); - void *l_buffer1 = (void*)malloc(MAX_RING_BUF_SIZE); + void *l_buffer1 = (void*)malloc(HW_IMG_RING_SIZE); void *l_buffer2 = (void*)malloc(MAX_RING_BUF_SIZE); void *l_buffer3 = (void*)malloc(MAX_RING_BUF_SIZE); + void *l_buffer4 = (void*)malloc(MAX_RING_BUF_SIZE); do { @@ -355,13 +359,13 @@ namespace HBPM (PM_LOAD == i_mode) ? PHASE_IPL : PHASE_REBUILD, l_imgType, - l_buffer0, - HW_IMG_RING_SIZE, l_buffer1, - MAX_RING_BUF_SIZE, + HW_IMG_RING_SIZE, l_buffer2, MAX_RING_BUF_SIZE, l_buffer3, + MAX_RING_BUF_SIZE, + l_buffer4, MAX_RING_BUF_SIZE); if (l_errl) @@ -379,6 +383,65 @@ namespace HBPM break; } + // If SMF is enabled, need to copy the information contained within + // l_buffer2 into the unsecure HOMER memory area + if(SECUREBOOT::SMF::isSmfEnabled()) + { + TARGETING::Target* l_sys = nullptr; + TARGETING::targetService().getTopLevelTarget(l_sys); + assert(l_sys, "Top level target is nullptr!"); + auto l_unsecureHomerSize = + l_sys->getAttr<TARGETING::ATTR_UNSECURE_HOMER_SIZE>(); + auto l_unsecureHomerAddr = i_target-> + getAttr<TARGETING::ATTR_UNSECURE_HOMER_ADDRESS>(); + TRACFCOMP(ISTEPS_TRACE::g_trac_isteps_trace, + "loadHcode: Unsecure HOMER addr: 0x%.16llx; unsecure HOMER size: 0x%x", + l_unsecureHomerAddr, l_unsecureHomerSize); + + assert(l_unsecureHomerSize <= MAX_RING_BUF_SIZE, + "loadHcode: unsecure HOMER is bigger than the output buffer"); + assert(l_unsecureHomerSize <= MAX_UNSECURE_HOMER_SIZE, + "loadHcode: the size of unsecure HOMER is more than 0x%x", MAX_UNSECURE_HOMER_SIZE); + assert(l_unsecureHomerAddr, + "loadHcode: the unsecure HOMER addr is 0"); + + void* l_unsecureHomerVAddr = HBPM_MAP( + UNSEC_HOMER_PHYS_ADDR, + l_unsecureHomerSize); + assert(l_unsecureHomerVAddr, + "loadHcode: could not map unsecure HOMER phys addr"); + memcpy(l_unsecureHomerVAddr, l_buffer2, l_unsecureHomerSize); + + int l_rc = HBPM_UNMAP(l_unsecureHomerVAddr); + if(l_rc) + { + /*@ + * @errortype + * @reasoncode ISTEP::RC_MM_UNMAP_FAILED + * @severity ERRORLOG::ERRL_SEV_UNRECOVERABLE + * @moduleid ISTEP::MOD_LOAD_HCODE + * @userdata1 Unsecure HOMER addr + * @userdata2 RC from HBPM_UNMAP + * @devdesc Could not unmap unsecure HOMER's virtual + * address + * @custdesc A problem occurred during the IPL of the + * system + */ + l_errl = new ERRORLOG::ErrlEntry( + ERRORLOG::ERRL_SEV_UNRECOVERABLE, + ISTEP::MOD_LOAD_HCODE, + ISTEP::RC_MM_UNMAP_FAILED, + reinterpret_cast<uint64_t>( + l_unsecureHomerVAddr), + l_rc, + ERRORLOG::ErrlEntry::ADD_SW_CALLOUT); + l_errl->collectTrace(ISTEP_COMP_NAME); + break; + } + + } + + // Log some info about Homer TRACFCOMP(ISTEPS_TRACE::g_trac_isteps_trace, "pImageOut=%p",i_pImageOut); @@ -455,10 +518,10 @@ namespace HBPM } while(0); - free(l_buffer0); free(l_buffer1); free(l_buffer2); free(l_buffer3); + free(l_buffer4); TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace, EXIT_MRK"loadHcode: RC=0x%X, PLID=0x%lX", diff --git a/src/usr/isteps/pm/runtime/makefile b/src/usr/isteps/pm/runtime/makefile index 287fe61a1..8a7bfe6bb 100644 --- a/src/usr/isteps/pm/runtime/makefile +++ b/src/usr/isteps/pm/runtime/makefile @@ -28,11 +28,13 @@ HOSTBOOT_RUNTIME = 1 ROOTPATH = ../../../../.. VPATH += ../ +VPATH += ${ROOTPATH}/src/usr/secureboot/smf MODULE = pm_rt ## Objects unique to HBRT OBJS += rt_pm.o +OBJS += smf_utils.o SUBDIRS += test.d diff --git a/src/usr/runtime/populate_hbruntime.C b/src/usr/runtime/populate_hbruntime.C index ea9530d7f..764404804 100644 --- a/src/usr/runtime/populate_hbruntime.C +++ b/src/usr/runtime/populate_hbruntime.C @@ -81,6 +81,8 @@ #include <vmmconst.h> #include <runtime/customize_attrs_for_payload.H> #include <isteps/mem_utils.H> +#include <secureboot/smf_utils.H> +#include <secureboot/smf.H> namespace RUNTIME { @@ -1078,6 +1080,11 @@ errlHndl_t populate_HbRsvMem(uint64_t i_nodeId, bool i_master_node) do { + TARGETING::Target* l_sys = nullptr; + TARGETING::targetService().getTopLevelTarget(l_sys); + assert(l_sys != nullptr, + "populate_HbRsvMem: top level target nullptr" ); + // Configure the ATTR_HBRT_HYP_ID attributes so that runtime code and // whichever hypervisor is loaded can reference equivalent targets // When populating hbRuntimeData, we make IPC calls if we are running @@ -1128,11 +1135,6 @@ errlHndl_t populate_HbRsvMem(uint64_t i_nodeId, bool i_master_node) // If mirroring enabled, // change address start to be at its mirrored address equivalent - TARGETING::Target* l_sys = nullptr; - TARGETING::targetService().getTopLevelTarget(l_sys); - assert( l_sys != nullptr, - "populate_HbRsvMem: top level target nullptr" ); - auto l_mirrored = l_sys->getAttr<TARGETING::ATTR_PAYLOAD_IN_MIRROR_MEM>(); if (l_mirrored) @@ -1257,8 +1259,10 @@ errlHndl_t populate_HbRsvMem(uint64_t i_nodeId, bool i_master_node) //////////////////////////////////////////////////////////////////// // Set the Architected Reserve area in OPAL and pass it down to SBE - uint64_t l_memBase = l_topMemAddr - - VMM_ARCH_REG_DATA_SIZE_ALL_PROC - VMM_ALL_HOMER_OCC_MEMORY_SIZE; + uint64_t l_memBase = l_topMemAddr + - VMM_ALL_HOMER_OCC_MEMORY_SIZE + - VMM_ARCH_REG_DATA_SIZE_ALL_PROC; + l_elog = setNextHbRsvMemEntry(HDAT::RHB_TYPE_HBRT, i_nodeId, l_memBase, @@ -1343,8 +1347,9 @@ errlHndl_t populate_HbRsvMem(uint64_t i_nodeId, bool i_master_node) } else if(TARGETING::is_sapphire_load()) { - l_endAddr = l_topMemAddr - - VMM_ALL_HOMER_OCC_MEMORY_SIZE - VMM_ARCH_REG_DATA_SIZE_ALL_PROC; + l_endAddr = l_topMemAddr + - VMM_ALL_HOMER_OCC_MEMORY_SIZE + - VMM_ARCH_REG_DATA_SIZE_ALL_PROC; startAddressValid = false; } @@ -1691,6 +1696,40 @@ errlHndl_t populate_HbRsvMem(uint64_t i_nodeId, bool i_master_node) break; } } + + // Also add unsecure HOMER to the reserved mem if in SMF mode + if(SECUREBOOT::SMF::isSmfEnabled()) + { + auto l_unsecureHomerSize = l_sys-> + getAttr<TARGETING::ATTR_UNSECURE_HOMER_SIZE>(); + + // The address of unsecure HOMER is the same among all the + // procs, so we can just fetch it from the master proc. + TARGETING::Target* l_masterProc = nullptr; + l_elog = TARGETING::targetService() + .queryMasterProcChipTargetHandle(l_masterProc); + if(l_elog) + { + break; + } + + auto l_unsecureHomerAddr = l_masterProc-> + getAttr<TARGETING::ATTR_UNSECURE_HOMER_ADDRESS>(); + assert(l_unsecureHomerAddr, + "populate_HbRsvMem: Unsecure HOMER address is 0"); + assert(l_unsecureHomerSize <= MAX_UNSECURE_HOMER_SIZE, + "populate_HbRsvMem: Unsecure HOMER size is bigger than 0x%x", MAX_UNSECURE_HOMER_SIZE); + + l_elog = setNextHbRsvMemEntry(HDAT::RHB_TYPE_UNSECURE_HOMER, + i_nodeId, + l_unsecureHomerAddr, + l_unsecureHomerSize, + HBRT_RSVD_MEM__UNSEC_HOMER); + if(l_elog) + { + break; + } + } } } while(0); diff --git a/src/usr/targeting/common/xmltohb/hb_customized_attrs.xml b/src/usr/targeting/common/xmltohb/hb_customized_attrs.xml index 3933114ad..bbbc47442 100644 --- a/src/usr/targeting/common/xmltohb/hb_customized_attrs.xml +++ b/src/usr/targeting/common/xmltohb/hb_customized_attrs.xml @@ -762,6 +762,12 @@ <id>ATTR_PROC_PCIE_IOP_SWAP</id> <writeable/> </attribute> + + <attribute> + <id>ATTR_UNSECURE_HOMER_ADDRESS</id> + <writeable/> + <persistency>volatile-zeroed</persistency> + </attribute> <!-- ===================================================================== End of customizations definitions ================================================================= --> |