summaryrefslogtreecommitdiffstats
path: root/src/include/usr/pnor
Commit message (Collapse)AuthorAgeFilesLines
* Populate OCMBFW partition with packaged imageGlenn Miles2019-04-171-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | -Adds pkgOcmbFw.pl script for packaging image from microsemi with header containing SHA512 hash of image. Script can also be used to verify existing header and parse/display header contents. -Changed dist.targets.mk to copy pkgOcmbFw.pl tool into fsp/op environments. -Changes to mkrules/hbfw/img/makefile to create 4k fake image (zero filled) and add header to file prior to signing and creating pnor partition. This is done for axone-simics only. -Minor changes to hostboot pnor code to recognize the OCMBFW PNOR partition. Change-Id: I21cd15af9ab63517491ad1897afd3a2223db0dd6 RTC: 193924 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/75669 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Matt Derksen <mderkse1@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Christian R. Geddes <crgeddes@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Revert "SMF: Create New UVBWLIST Partition"Ilya Smirnov2019-03-051-1/+0
| | | | | | | | | | | | | | | | | | | This reverts commit 9de9d8f7c5b5c73247dc69925a594fcd07ce060c. The logic for passing the XSCOM white/blacklist to Ultravisor will change drastically. The change in logic makes the UVBWLIST partition unneeded. This commit reverts all changes associated with UVBWLIST partition. Change-Id: Ife2b983a90be766f494c12bd60f5ac8cb394aa24 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72487 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Matthew Raybuck <matthew.raybuck@ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* SMF: Create New UVBWLIST PartitionIlya Smirnov2019-01-241-0/+1
| | | | | | | | | | | | | | | | | | | A new partition was added for the contents of the XSCOM white/blacklist called UVBWLIST. When the time comes, this partition will hold the binary representation of the aforementioned lists. The partition is dumped into hostboot reserved memory for Ultravisor consumption. Change-Id: I06ebce74aae3c0df987e5a057967842042db2bae RTC: 192422 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/68869 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add new pnorLayoutAxone.xml w/ new EECACHE sectionChristian Geddes2019-01-141-1/+2
| | | | | | | | | | | | | | | | | | | | This commit introduces a new pnor layout which will be used when the simics_axone.config file is used. (Note: axone.config was renamed to simics_axone.config). This new layout introduces the EECACHE section which will be used to store copies of the various EEPROMS in the system. The eventual goal is to be able to remove the MVPD/DJVPD sections in PNOR and only use this EECACHE section Change-Id: Ifae610c4dd7f3aa9c87a5ca911cc4faa1ba2a98a Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/70172 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Matt Derksen <mderkse1@us.ibm.com> Reviewed-by: Roland Veloz <rveloz@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Generate error when pnor is not accessed via ipmiCorey Swenson2019-01-141-1/+16
| | | | | | | | | Change-Id: Ia44001c45dbe5a0f4f51202136d2649bb365d73f Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/69585 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* all scripts for hdat pnor partitionSampa Misra2018-11-271-1/+2
| | | | | | | | | | | Change-Id: Ied9c154d544d65eebfe5cfb0185ccb26545ee130 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/67144 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Jayashankar Padath <jayashankar.padath@in.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* genPnorImages: Add VERSION to signed partitionsSamuel Mendoza-Jonas2018-10-161-0/+19
| | | | | | | | | | | | | | | | | Mark VERSION as a signed partition and also check for it in the IPMI FRU setup. Change-Id: I6e8690c4f34d1f5ce92750960e6c73afcbf0a8e9 CQ:SW416159 Signed-off-by: Samuel Mendoza-Jonas <sjonas@au1.ibm.com> Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/61439 Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* pnor: Introduce an IPMI-based PNOR driver implementationAndrew Jeffery2018-10-101-2/+5
| | | | | | | | | | | | | | | | | | Similar to the AST MBOX implementation, the IPMI PNOR implementation negotiates the layout of the LPC FW space with the BMC, but using IPMI rather than the AST mailbox as a protocol transport. The same protocol is still used and has simply been adapted to the new interface. Note that currently the change of transport has had a 2-3x impact on boot performance. Optimisation is an ongoing effort. Change-Id: I7f838f5b5e88ac877a725386a33df58ee5e7213c Signed-off-by: Andrew Jeffery <andrewrj@au1.ibm.com> Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/65942 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secure Boot: Report base/extended code mismatch as terminatingNick Bofferding2018-08-241-0/+1
| | | | | | | | | | | | | | | | | | | This commit flags the RC_BASE_EXT_MISMATCH reason code as a terminating reason code to tell FSP that there is an expected boot failure without a deconfiguration (and to handle like a secure boot verification failure) Change-Id: I658b0646cfccd6621ab15f889feccd2378a27d44 CQ: SW443077 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/64978 Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Reviewed-by: Matthew Raybuck <mraybuc@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Mark Read-Only Partitions as SuchIlya Smirnov2018-04-121-0/+1
| | | | | | | | | | | | | | | | | | Partitions marked with readOnly tag in the xml were treated as WRITABLE in the code. This change modifies the permissions to be READ_ONLY and adds unit tests to test the read only functionality. Change-Id: I8c1f23fd7e30edc38ff882c59716ab63a4f310e6 CQ: SW423350 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/56771 CI-Ready: ILYA SMIRNOV <ismirno@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/57066 Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
* Revert "Check the Section Headers in Non-Secure Mode"Nicholas E. Bofferding2018-03-262-12/+0
| | | | | | | | | | | | | | This reverts commit c82b626e6ea1d56c0d25cbd5954064e256135002. Change-Id: I0ae2328866e0f90ec583b19044ff917a4f52726c Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/56126 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Check the Section Headers in Non-Secure ModeIlya Smirnov2018-03-122-2/+14
| | | | | | | | | | | | | | | | | | | | | When a PNOR section without a header is flashed onto a system that doesn't have SECUREBOOT compiled in, no header checks are performed, but the code still acts as if the header is present, and so the virtual address of the section is set to point past the secure header, which is 0x1000 into the section image, which causes all kinds of issues. This change adds logic to check the headers even when Secure Boot features are compiled out. Change-Id: Ieece371014192f160273939a35cb175aef0ddb25 Resolves: #126 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/54831 Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Convert asserts to error logs where it makes senseStephen Cprek2017-12-201-0/+5
| | | | | | | | | | | | | | Change-Id: Idd15e39cc6be44c0865f13503bfa4482d77fcf0d RTC:181899 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/51042 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Remove Secure Boot workaroundsStephen Cprek2017-12-181-45/+0
| | | | | | | | | | | | | | | | | | | | | | | - Removing the magic number checks that would block sb functionality if things didn't appear secure - Remove Best Effort Policy and all of its related code - Remove the legacy PCR extension - Remove the non-secure header preservation path. - Always load HB base image header from the bl to hb data path vs settings unsecurely out of pnor Change-Id: Ie638384ac50ed47850985c959ea7a32e5757d64e RTC: 178520 RTC: 155374 RTC: 173489 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49925 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add new pnor section for Centaur hw ref imageRichard J. Knight2017-12-071-0/+1
| | | | | | | | | | | | Change-Id: Id5b75f4a929456efa5da7f173ecba71af513744f RTC:144141 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49369 Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secure Boot: Fix lid load from HB reserved memory issues at runtimeStephen Cprek2017-11-191-2/+0
| | | | | | | | | | | | | | | | | | | | - Force all PNOR sections we load from HB rserved memory to be secure Only exception is the RINGOVD section, in which we use a fake header - Add fake header when Secureboot compiled out or a section is never signed as there is no secure header preserved in virtual memory RTC: 171708 RTC: 180063 Change-Id: Ibbbd7be24ee7b199e73451c63b2c2d1f86a2c2d8 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49020 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Create new test only PNOR section to test secure Load/UnloadsJaymes Wilks2017-11-151-0/+1
| | | | | | | | | | | | | | | | | | Created a test PNOR section called TESTLOAD that only exists in standalone solely for the purpose of testing loadSecureSection and unloadSecureSection functions of secure boot. Change-Id: I8d397f96c9199b46a20dae0263822eaf3766f83f RTC:181598 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49501 Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Implement Secure unloadJaymes Wilks2017-10-202-7/+18
| | | | | | | | | | | | | | | Implement Secure unload of secure sections within PNOR. Change-Id: I92a00013d23e0506f89f89ec41a193eac0b25d25 RTC:157475 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/46203 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Enable OCC on ZZ with OpalDan Crowell2017-10-202-2/+15
| | | | | | | | | | | | Change-Id: I656c47d2468c8c31509b80492709b0f651b85b42 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/47008 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Clear ECC sections marked "clearOnEccErr" on errorDean Sanner2017-09-141-0/+1
| | | | | | | | | | | | | | | | | | | | | | - Add the capability for Hostboot to recover (with reboot) when it consumes an ECC error - PNOR layout needs to be updated to flag the recoverable sections (generally cached or throw away data like *VPD HBEL, and GUARD partitions) - Upon bad ECC detection, Hostboot will check partition flag and if set, it will clear and write good ECC to PNOR. It will then throw the normal error and terminate, waiting for the BMC to issue a reboot Change-Id: Ie4f4c0637d3962e9d4871e84a0bda8c256a74440 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/44608 Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Re-enable OCC parition in pnorStephen Cprek2017-09-081-0/+12
| | | | | | | | | | | | | | | | | | Additional Changes - Created isEmpty check for pnor sections to handle lack of FSP support when loading Lids - Removed not needed PNOR partitions from FSP layout Change-Id: I326831a1b389ef25b6f5f557d332c74f3b5e77d8 RTC:178164 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/45251 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Refactor SecureBoot Workarounds to better control leniencyStephen Cprek2017-08-252-1/+2
| | | | | | | | | | | | | | | | | | At this time we are trying to secure OpenPOWER in secure mode, but allow best effort policies in other scenarios Change-Id: I9ec2b5be49dbfcff678c4d30bb85f8762e448cb6 RTC: 170136 RTC: 155374 RTC: 168021 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43640 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Remove SBEC pnor partition from p9 codeStephen Cprek2017-07-241-1/+0
| | | | | | | | | | | | | Change-Id: I13e79a6542353e42ac809cc60295947dfb1acb96 RTC: 163810 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43048 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Base support for MEMD partition in PNORDan Crowell2017-06-291-0/+1
| | | | | | | | | | | | Change-Id: I46d90997a1e4aa57264f0d539659e0aec8795f95 RTC: 175158 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/42514 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Elizabeth K. Liner <eliner@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Corey V. Swenson <cswenson@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add HB_VOLATILE PNOR section flagDean Sanner2017-06-161-0/+1
| | | | | | | | | | | Change-Id: I8431edec1178cc062fdda943e5cade08acc5014c Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/41687 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Christian R. Geddes <crgeddes@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add support for remembering deconfigs without GUARDDean Sanner2017-05-251-0/+1
| | | | | | | | | | | | | | | | | | | | | | Currently on reconfig reboots only parts that are GUARDed are remembered and reapplied. - Add suport for a semi persisent PNOR partition, HB_VOLATILE which Hostboot uses to keep track of the reconfig reboots vs power off - Add a new GUARD type specifically for reconfig loops - Add RECALL_DECONFIG_ON_RECONFIG config flag to control what gets added to GUARD partition - During boot will add/clear guard records on deconfig based on config flags and semi persisent state. Change-Id: Iec636058cde8095c0c4216d1f95ae4fda554395e Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/39780 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Save space in Bootloader image with minimized section ID arrayMarty Gloff2017-05-231-0/+4
| | | | | | | | | | | | | | | | The PNOR section ID array takes a large amount of space to store the character strings and pointers to them. Space can be reclaimed by just storing the HBB ID. One trace is also turned off for Bootloader since it is then hit for all the other PNOR sections. Change-Id: I59585c2b976aa0351e75f477532415c669447541 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/40330 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Corey V. Swenson <cswenson@us.ibm.com> Reviewed-by: Christian R. Geddes <crgeddes@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Support gracefully adding signing headers to PNOR sectionsNick Bofferding2017-05-081-0/+42
| | | | | | | | | | | | | Change-Id: Ie8ce7672a41c0b6230918911f59ada5443c552f5 RTC: 170650 CMVC-Coreq: 1022416 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/39869 Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* pnor: Add AST Mailbox protocol supportBenjamin Herrenschmidt2017-05-012-2/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds a new alternative PnorDD that uses the Asped AST Mbox protocol as supported by OpenBMC. To enable this, you need these changes to the config: @@ -1,10 +1,12 @@ -# The Serial Flash Controller is the AST2400 BMC. -set SFC_IS_AST2500 +# We use BMC MBOX protocol for flash accesses +set PNORDD_IS_BMCMBOX +unset PNORDD_IS_SFC +unset SFC_IS_AST2500 unset SFC_IS_AST2400 unset BMC_DOES_SFC_INIT unset SFC_IS_IBM_DPSS -set ALLOW_MICRON_PNOR -set ALLOW_MACRONIX_PNOR +unset ALLOW_MICRON_PNOR +unset ALLOW_MACRONIX_PNOR Other systems need to set PNORDD_IS_SFC Change-Id: I8901288c98d8d0fce8c9a0fb31267f0001b2a731 Not-yet-signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> RTC: 170096 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/39387 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Dean Sanner <dsanner@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-by: Matthew A. Ploetz <maploetz@us.ibm.com>
* Implement Best Effort Secureboot Policy for Hostboot RuntimeStephen Cprek2017-04-281-0/+4
| | | | | | | | | | | | | Optimized getting the master proc id in rt_pnor Change-Id: Iab5c194553dddfbb642cfc9dec6398a93ab56d4a Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/39520 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Move certain pnor_utils.H function to pnorif.H that are used externallyStephen Cprek2017-04-101-0/+26
| | | | | | | | | | | | Change-Id: Ic44c769f777a458d627bc306458f3e1c3c532a63 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38542 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Read the HW Key Hash from a Processor's SBE SeepromMike Baiocchi2017-04-031-1/+24
| | | | | | | | | | | | | | | | This commit adds an interface to read the HW Key Hash located in the HBBL section of each Processor's two SBE Seeproms. Change-Id: I906434269746c296c646f7b0594575c58b145294 RTC: 167585 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38465 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secureboot best effort compatibility supportStephen Cprek2017-03-302-31/+33
| | | | | | | | | | | | Change-Id: I1671459ca58684b14f65f322ff6dccddcaad40a2 RTC: 170685 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38104 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add PNOR SectionIdToString to replace direct access to cv_EYECATCHERStephen Cprek2017-03-231-0/+1
| | | | | | | | | | | | | | | | This catches if the const array size does not match the number of pnor sections and out of range index errors Also it adds genErrlParsing for bootloader files Change-Id: I0a90816a7620022dec16bc7358a68ffbdade0083 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38159 Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Support Provisioning PNOR partition XML element.Matt Spinler2017-03-081-2/+3
| | | | | | | | | | | | | | | | | If the element is present, set a flag in the PNOR TOC. Other code, like BMC code, would then erase these partitions when the system is reprovisioned. RTC: 143305 Forwardport: yes Change-Id: I457895f65d81e0a971bf301f16be2921dc21a24a Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/20576 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Elizabeth K. Liner <eliner@us.ibm.com> Reviewed-by: Matthew A. Ploetz <maploetz@us.ibm.com>
* Add WOFDATA to PNORDan Crowell2017-02-161-4/+5
| | | | | | | | | | | | | | | The WOFDATA partition will contain the VFRT data that is used for the WOF algorithm. The data is system-specific but was split out from the MRW due to its extreme size. Change-Id: I73a062038897987d6a989c77d6163db058cb8dc0 RTC: 167303 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35651 Reviewed-by: Christian R. Geddes <crgeddes@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secure PNOR Resource Provider port from p8Jaymes Wilks2016-11-143-1/+66
| | | | | | | | | | | | | | Adds a Secure PNOR Resource Provider (SPNORRP) layer on top of the original PNORRP to handle verification of secured PNOR sections. Change-Id: Iff25abf599f3c850197c6e6d23ff03e5edf945bb RTC:163078 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/31588 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Pnor DD Changes for AST2500Bill Hoffa2016-10-311-6/+6
| | | | | | | | | | | | | | | | - Created Common sfc_ast2X000 class for common functions - Modified sfc_ast2400 class to use common class - Added sfc_ast2500 class Change-Id: I27c7674b58e006801ae03aabd60fdcfa21f49e9c RTC: 161664 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/30919 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-by: Elizabeth K. Liner <eliner@us.ibm.com> Reviewed-by: Matthew A. Ploetz <maploetz@us.ibm.com>
* Create new ring override section in PNORAndrew Geissler2016-09-221-0/+1
| | | | | | | | | | | | Change-Id: I3565abc10b38ab52b7dcc3d3c37ddbce89aa558f RTC: 156833 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/28548 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Christian R. Geddes <crgeddes@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com> Reviewed-by: Matthew A. Ploetz <maploetz@us.ibm.com>
* Update Bootloader to handle moving the TOC of PNOR aroundcrgeddes2016-08-251-0/+2
| | | | | | | | | | | | | | | | | | | Moved 1 of the PNOR TOCs from 0x8000 to TOP_OF_FLASH - 64KB. Updated bootloader and pnor access code to handle new toc location. Update the defaultPnorLayout to reflect these changes Also added a FSP default pnor xml that will generate a 128 MB image for FSP boxes to use. RTC: 154286 Change-Id: I0253590299ff9714b0d5ab12a02ac9d653b115fa Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/27461 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-by: Andrew J. Geissler <andrewg@us.ibm.com> Reviewed-by: Andres A. Lugo-Reyes <aalugore@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Update pnor section names WINK -> HCODE and PAYLOAD -> POWERVMcrgeddes2016-08-041-1/+3
| | | | | | | | | | | Change-Id: I66cc8a060f0eb7b50275a42970661247d2916035 RTC:154286 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/27228 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Elizabeth K. Liner <eliner@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Changing XZ decompressor to verify without pnor changesElizabeth Liner2016-07-181-2/+0
| | | | | | | | | | | | | This patch set is reverting previous pnor changes for XZ verification, and instead is checking the MAGIC_HEADER to verify if a section is XZ compressed. Change-Id: I17c6ec76aef0261e07042f91df550ef34c3d60b3 RTC:149915 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/26728 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Support secure load and unload API prototypeNick Bofferding2016-07-061-0/+31
| | | | | | | | | | | | | | | | | | - Implement API for load and unload of secure section - Implement test to ensure API is callable Change-Id: Ie82d7e39b6adca703c4cfa4f79fb77be54d0c88b Forwardport: yes RTC: 156118 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/26358 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Christian R. Geddes <crgeddes@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/26658
* Adding xz decompression functionality for the skiboot imageElizabeth Liner2016-03-211-1/+3
| | | | | | | | | | Change-Id: I50d1eaa8bc76a030b42f982e2a967773e113f123 RTC:125550 depends-on: I2a104ec955966a6fcb9ed94dde54ab763c30210a Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/21854 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* FFS Support for Bootloadercrgeddes2016-03-033-91/+135
| | | | | | | | | | | | | | | | | This commit moves functionality out of pnor_common.C and puts it in a new file pnor_utils.C this file will be shared with bootloader and hostboot code. Quite a few files were pulled apart in order to make includes easier across modules. These are lpc_const.H and pnor_const.H. bl_pnorAccess leverages the new pnor_utils.C file that will help the bootloader parse pnor TOC Change-Id: I740f6f8a707760756a261535e62e2d0a849324f8 RTC:134064 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/696 Tested-by: Jenkins Server Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* enable saving GARD records to PNOR in runtime.Brian Horton2015-09-031-3/+4
| | | | | | | | | | Change-Id: I1ada7061d8fb258431b64c8e02bf84b019f7b25c CQ: SW315645 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/19661 Tested-by: Jenkins Server Reviewed-by: WILLIAM G. HOFFA <wghoffa@us.ibm.com> Tested-by: Jenkins OP Build CI Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Add RC for HWSV to correct PNOR corruptionDan Crowell2015-07-171-0/+4
| | | | | | | | | | | | | | Adding a RC so HWSV can compile, actual implementation will come later Change-Id: I5467d9629bca22b9a2ae8535ab80d1b9be95bc3a RTC: 131607 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/19066 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Reviewed-by: STEPHEN M. CPREK <smcprek@us.ibm.com> Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Fix handling of ECC protected partitions at runtimeDan Crowell2015-07-021-0/+1
| | | | | | | | | | | | Modify the code to only check ECC on the logical size of the data that is read, rather than on the full physical size. Change-Id: Ia45989e64ef70e63542274ef59df2cc755f8082e Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/17467 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Reviewed-by: PRACHI GUPTA <pragupta@us.ibm.com> Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Remove pnorsbe.C and move seeprom code back to SBE namespaceStephen Cprek2015-03-101-24/+0
| | | | | | | | | | | | | | PNOR code no longer uses getSbeBootSeeprom() and it makes more sense to keep this function in the sbe component Change-Id: Ic984f1af35fcc7346242bee03c69d16796ef7c09 RTC: 123369 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/15912 Tested-by: Jenkins Server Reviewed-by: PRACHI GUPTA <pragupta@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-by: Brian H. Horton <brianh@linux.ibm.com> Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Report pnor side booted up on A/B to OPALBill Schwartz2015-02-281-0/+5
| | | | | | | | | | | | | | | This story will use the getPnorInfo and getSideInfo interfaces to fill in devtree entries informing Opal about the existence, location, and state of PNOR sides that we know about. We will pass up a list of TOCs associated with the active side and the inactive side. RTC: 109703 Change-Id: I740b086a9e22a0bc167141e3565bf813e50d9a00 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/15727 Reviewed-by: PRACHI GUPTA <pragupta@us.ibm.com> Tested-by: Jenkins Server Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
OpenPOWER on IntegriCloud