summaryrefslogtreecommitdiffstats
path: root/src/usr/pnor
Commit message (Collapse)AuthorAgeFilesLines
* Revert "SMF: Create New UVBWLIST Partition"Ilya Smirnov2019-03-051-3/+1
| | | | | | | | | | | | | | | | | | | This reverts commit 9de9d8f7c5b5c73247dc69925a594fcd07ce060c. The logic for passing the XSCOM white/blacklist to Ultravisor will change drastically. The change in logic makes the UVBWLIST partition unneeded. This commit reverts all changes associated with UVBWLIST partition. Change-Id: Ife2b983a90be766f494c12bd60f5ac8cb394aa24 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72487 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Matthew Raybuck <matthew.raybuck@ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Initialize and test alt-master PNOR access in all bootsBill Hoffa2019-03-012-18/+29
| | | | | | | | | | | | | | | | | | - Update to istep 10 (call_host_slave_sbe_update) to validate the alternate master pnor chip in all boots (no-op for systems with only one pnor chip) - Updates to pnor callout logic to callout as a PNOR part for several of the error paths Change-Id: I9218f9a14496444288ea7985e1fb080c25f7f201 RTC: 200449 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/71489 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Statically allocate work pages for PNOR Resource ProviderDan Crowell2019-02-222-20/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | Any time the PNOR Resource Provider loads in a page that is ECC protected it allocates 0x1200 bytes to hold the data while it is decoded. Continuously allocating 2 pages from the heap leads to a couple of potential issues: - fragmentation of memory due to constant new/delete of pages - extremely low memory situation could prevent new code from paging in The solution here is to place the working buffer inside the PNOR RP class itself. This means we will only do a single allocation of the memory early on in the boot and the memory is always available. Change-Id: I7faabb6be7cc89abdb8a8fb962e0623a2bcd5e99 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/71546 Reviewed-by: Corey V. Swenson <cswenson@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* HBBL LPC Error CheckingBill Hoffa2019-02-081-1/+2
| | | | | | | | | | | | | | | | | | - To avoid IPL delays, the LPC status register should be checked prior to loading the entire PNOR image (done via LPC). If an error condition occurs, HBBL should fail out. Change-Id: I5d716213f468e28191db794bf3e5480af547b26e CQ: SW446254 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/68442 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Christian R. Geddes <crgeddes@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* SMF: Create New UVBWLIST PartitionIlya Smirnov2019-01-241-1/+3
| | | | | | | | | | | | | | | | | | | A new partition was added for the contents of the XSCOM white/blacklist called UVBWLIST. When the time comes, this partition will hold the binary representation of the aforementioned lists. The partition is dumped into hostboot reserved memory for Ultravisor consumption. Change-Id: I06ebce74aae3c0df987e5a057967842042db2bae RTC: 192422 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/68869 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add new pnorLayoutAxone.xml w/ new EECACHE sectionChristian Geddes2019-01-141-1/+2
| | | | | | | | | | | | | | | | | | | | This commit introduces a new pnor layout which will be used when the simics_axone.config file is used. (Note: axone.config was renamed to simics_axone.config). This new layout introduces the EECACHE section which will be used to store copies of the various EEPROMS in the system. The eventual goal is to be able to remove the MVPD/DJVPD sections in PNOR and only use this EECACHE section Change-Id: Ifae610c4dd7f3aa9c87a5ca911cc4faa1ba2a98a Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/70172 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Matt Derksen <mderkse1@us.ibm.com> Reviewed-by: Roland Veloz <rveloz@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Generate error when pnor is not accessed via ipmiCorey Swenson2019-01-142-3/+23
| | | | | | | | | Change-Id: Ia44001c45dbe5a0f4f51202136d2649bb365d73f Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/69585 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Make TOC partion Read-Only in all PNOR LayoutsMike Baiocchi2018-11-271-2/+2
| | | | | | | | | | | | | | | | | | | This commit ensures that the TOC(s) are all set to "read-only" via the FFS flags for all PNOR files that are created. It also does the same for the "BACKUP_PART" and "OTHER_SIDE" partitions, if they exist, as well. Change-Id: I5698045b27630e2cb83f470193526ceea02c61d3 CQ:SW423354 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/68828 Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Ilya Smirnov <ismirno@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* all scripts for hdat pnor partitionSampa Misra2018-11-271-0/+1
| | | | | | | | | | | Change-Id: Ied9c154d544d65eebfe5cfb0185ccb26545ee130 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/67144 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Jayashankar Padath <jayashankar.padath@in.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* genPnorImages: Add VERSION to signed partitionsSamuel Mendoza-Jonas2018-10-163-2/+47
| | | | | | | | | | | | | | | | | Mark VERSION as a signed partition and also check for it in the IPMI FRU setup. Change-Id: I6e8690c4f34d1f5ce92750960e6c73afcbf0a8e9 CQ:SW416159 Signed-off-by: Samuel Mendoza-Jonas <sjonas@au1.ibm.com> Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/61439 Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* sio: Add test for availabilityAndrew Jeffery2018-10-153-1/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some components can continue to operate in the face of the SuperIO controller being unavailable on the LPC bus (specifically, the UART and boot flag processing). Other components require it present (AST-based SFC implementations and the AST mailbox). Components in the latter category can just fail with an errl when they attempt to access the controller, but for those in the former category we add an isAvailable() function in the SIO namespace to sidestep dealing with errors. Specifically, isAvailable() tests for the expected error when the SuperIO controller is disabled, and returns an errlHndl_t if any other error occurs. This way true LPC errors are propagated to the caller to commit as desired. For the moment *all* errors produced by the SIO::isAvailable() LPC bus access will result in the SIO code assuming the device is absent. We should be more precise about this, but the hardware behaviour seen under hostboot currently prevents us from being more specific. This problem is highlighted by a FIXME block in the implementation of SIO::isAvailable(). Change-Id: Id30a09b48586d2054e0cdae625ee23df68ac2aa3 Signed-off-by: Andrew Jeffery <andrewrj@au1.ibm.com> Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/67460 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Corey V. Swenson <cswenson@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Revert "sio: Add test for availability - LPC error tweak"Andrew Jeffery2018-10-153-16/+1
| | | | | | | | | | | | | | | | | | This reverts commit 627379aeaa27e30d66ebb0aecf218708d465162c, which incorrectly attempted to account for LPC errors during testing for SIO absence. The broken patch interprets the OPBM status as LPCHC status and expects an LPCHC SYNC Abnormal error, however as it's the OPBM status that indicates the error we never hit the LPCHC error path to populate the errl with the error RC expected by the SIO driver. Change-Id: Ib993d4a2b9b4e5018d9273a1c82f8b5c21ec9a25 Signed-off-by: Andrew Jeffery <andrewrj@au1.ibm.com> Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/67459 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* sio: Add test for availability - LPC error tweakDan Crowell2018-10-113-1/+16
| | | | | | | | | | | | | | | | | | | | | | | | | Some components can continue to operate in the face of the SuperIO controller being unavailable on the LPC bus (specifically, the UART and boot flag processing). Other components require it present (AST-based SFC implementations and the AST mailbox). Components in the latter category can just fail with an errl when they attempt to access the controller, but for those in the former category we add an isAvailable() function in the SIO namespace to sidestep dealing with errors. Specifically, isAvailable() tests for the expected error when the SuperIO controller is disabled, and returns an errlHndl_t if any other error occurs. This way true LPC errors are propagated to the caller to commit as desired. Change-Id: Ib94ceabfd4f4e9c63c114cfe3db3c954dbb6d6e5 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/67315 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: ANDREW R. JEFFERY <andrewrj@au1.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Corey V. Swenson <cswenson@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* pnor: Fall back to AST mbox transport if IPMI is unavailableAndrew Jeffery2018-10-1010-453/+513
| | | | | | | | | | | | | Avoid a flag-day transition by allowing for old BMC releases. Eventually support for the AST mailbox will be removed and the indirection with it. Change-Id: Ic62ee6a0f2132583cba290098a52417d32eb772d Signed-off-by: Andrew Jeffery <andrewrj@au1.ibm.com> Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/66122 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* pnor: mboxdd: Rename class to PnorMboxDDAndrew Jeffery2018-10-104-44/+47
| | | | | | | | | | | | | | The rename is in preparation for introducing the fallback code, which needs to know of both the IPMI and AST mailbox implementations. Change-Id: I32c3178ac978664f0dc6797c9ba76b6a13f71b21 Signed-off-by: Andrew Jeffery <andrewrj@au1.ibm.com> Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/66121 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* pnor: ipmidd: Rename class to PnorIpmiDDAndrew Jeffery2018-10-104-49/+50
| | | | | | | | | | | | | | The rename is done in preparation for the fallback code, which needs to know of both the IPMI and AST mailbox implementations of the PNOR driver. Change-Id: Iabadb5a355f63ac72330094c842fb9c8f7afe77b Signed-off-by: Andrew Jeffery <andrewrj@au1.ibm.com> Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/66120 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* pnor: Rename the SFC-based PnorDD class to PnorSfcDDAndrew Jeffery2018-10-108-75/+80
| | | | | | | | | | | | | Clarify which back-end implementation the driver is using. Change-Id: I26cee706a27e26e0f218da0eb5289592202a5baf Signed-off-by: Andrew Jeffery <andrewrj@au1.ibm.com> Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/66119 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* pnor: Introduce an IPMI-based PNOR driver implementationAndrew Jeffery2018-10-108-15/+1246
| | | | | | | | | | | | | | | | | | Similar to the AST MBOX implementation, the IPMI PNOR implementation negotiates the layout of the LPC FW space with the BMC, but using IPMI rather than the AST mailbox as a protocol transport. The same protocol is still used and has simply been adapted to the new interface. Note that currently the change of transport has had a 2-3x impact on boot performance. Optimisation is an ongoing effort. Change-Id: I7f838f5b5e88ac877a725386a33df58ee5e7213c Signed-off-by: Andrew Jeffery <andrewrj@au1.ibm.com> Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/65942 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Additional tracing for shutdown eventsMatt Derksen2018-09-121-3/+4
| | | | | | | | | | | | | | | | | Hit an issue where a shutdown was called but all that is traced is a msgQ pointer. These traces should help associate the msgQ pointer to an actual task being shutdown. Change-Id: Ic22fdde1a146eec90f26d557e8af1ddec3c85c4e CQ:SW443508 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/65464 Reviewed-by: Christian R. Geddes <crgeddes@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Corey V. Swenson <cswenson@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Fix bad traces in pnor utility functionsDan Crowell2018-07-111-3/+3
| | | | | | | | | | | | Noticed a couple of malformed strings, fixed them. Change-Id: Ic38e88061117adc1fdaf9180015265fa27371e5e Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/61714 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Allow SPDX override as part of FW loadDan Crowell2018-07-031-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | Memory VPD contents have changed since the cards have been built so we need to provide a method to override the data as part of a FW build. We have done the same thing previously for the MEMD record on the Nimbus machines so will use the same design here for SPDX. As part of this change, the previous MEMD support was refactored to be completely generic so a single code path can be used for any arbitrary record. Change-Id: I5af5e965429c881be3de0d18c82b1d7918ac9c22 CQ: SW430659 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/61190 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/60980
* Leverage INTRP fully for SBE PSU Interrupt HandlingBill Hoffa2018-06-281-1/+1
| | | | | | | | | | | | | | | | | | | | | - Remove PSU Handling from INTRP code and instead treat PSU interrupts like any other interrupt type - Add msg_handler to SBE PSU Code to handle interrupts - Add better interrupt handling to timeout path so the interrupt condition will be cleared instead of represented continuously - Handle shutdown message from INTRP Change-Id: I5eafea806e147c22be235ae1c54a5ce4706aa012 RTC: 149698 CQ: SW418168 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/60049 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Christian R. Geddes <crgeddes@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Reduce Console Output Trace from PNOR component in OpenPowerMike Baiocchi2018-04-182-4/+4
| | | | | | | | | | | | | | | | | I found that these TRACFCOMPs were adding thousands of lines to my console output and they are benign good-path traces. I have changed them to TRACDCOMPs. Change-Id: Ia5939bfa6eb4b6efa6587ff577c76e5824b38c75 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/57359 Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Mark Read-Only Partitions as SuchIlya Smirnov2018-04-122-71/+132
| | | | | | | | | | | | | | | | | | Partitions marked with readOnly tag in the xml were treated as WRITABLE in the code. This change modifies the permissions to be READ_ONLY and adds unit tests to test the read only functionality. Change-Id: I8c1f23fd7e30edc38ff882c59716ab63a4f310e6 CQ: SW423350 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/56771 CI-Ready: ILYA SMIRNOV <ismirno@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/57066 Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
* Handle early life PNOR fails in HBRT instead of hangingMatt Derksen2018-04-094-22/+104
| | | | | | | | | | | | | | | | | | | | A hang happens when RtPNOR code creates an error log while it still hasn't initialized completely. Error log code calls PNOR code that hasn't completed initialization yet. The fix is to assert in HBRT and by the time HBRT gets restarted, PNOR should be present and accessible. Change-Id: I24a4046be9da921933e7ca9005088945a0c25cfa RTC:189291 CQ:SW423599 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/56802 Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Christian R. Geddes <crgeddes@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secure Boot: Close SBE Security BackdoorIlya Smirnov2018-03-301-1/+1
| | | | | | | | | | | | | | | | | | | | | During a key transition process from dev to prod keys the lab override bit does not get unset and does not get customized into SBE at the time of the transition. Only when the system reaches istep 10.2 with prod keys does the bit get reset. This change customizes the bit at the time of the transition, which ensures the system is secure all the way through IPL with prod keys. Change-Id: I1343d2dd95aa4549b92e46ebcb9df142303c1f0b RTC: 188958 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/56127 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Revert "Check the Section Headers in Non-Secure Mode"Nicholas E. Bofferding2018-03-264-84/+35
| | | | | | | | | | | | | | This reverts commit c82b626e6ea1d56c0d25cbd5954064e256135002. Change-Id: I0ae2328866e0f90ec583b19044ff917a4f52726c Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/56126 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Only call PNOR::init() on systems with BMCMatt Derksen2018-03-121-9/+14
| | | | | | | | | | | | | Code to fix SW412798 forgot to check for non-fsp systems. FSP systems will return an error. 0 size FIRDATA section. Change-Id: Ic2c2c49707d49b29cc38358ef6ab9dd372e8ffab Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/55373 Reviewed-by: Christian R. Geddes <crgeddes@us.ibm.com> Reviewed-by: Prachi Gupta <pragupta@us.ibm.com> CI-Ready: William G. Hoffa <wghoffa@us.ibm.com> Tested-by: William G. Hoffa <wghoffa@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Check the Section Headers in Non-Secure ModeIlya Smirnov2018-03-124-37/+86
| | | | | | | | | | | | | | | | | | | | | When a PNOR section without a header is flashed onto a system that doesn't have SECUREBOOT compiled in, no header checks are performed, but the code still acts as if the header is present, and so the virtual address of the section is set to point past the secure header, which is 0x1000 into the section image, which causes all kinds of issues. This change adds logic to check the headers even when Secure Boot features are compiled out. Change-Id: Ieece371014192f160273939a35cb175aef0ddb25 Resolves: #126 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/54831 Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secure Boot: Detach secure PNOR provider taskNick Bofferding2018-03-071-0/+4
| | | | | | | | | | | | | | | | | Once secure PNOR provider task starts, immediately detach it so that, should it die, Hostboot will terminate; otherwise, Hostboot can hang until terminated by a service processor boot timeout. Change-Id: I586db0bb56e7e1eedb1183cda34e4bda4bc03bbd CQ: SW419735 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/55048 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Initialize FIRDATA section and ErrlManager just incase BMC resetsMatt Derksen2018-03-071-31/+64
| | | | | | | | | | | | | | | | | | | PRD needs to read the PNOR to tell OCC where to write in the pnor. This will cache the PNOR section so PRD will not fail the read call. If an error is created with pnor inaccessible, errl manager could get stuck unless it was initialized first. Change-Id: Ia7212bf99e947a1016423b37aff6f13ddfc7190a CQ:SW412798 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/54990 Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Roland Veloz <rveloz@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> CI-Ready: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Tweak IBM SFC flash settings for Micron chipsDean Sanner2018-02-072-7/+15
| | | | | | | | | | | | | | | -Micron flash chips were failing in FSP based systems Removed offending settings, but need to figure out why -Also added in some useful printk's for debug Change-Id: I46c1c7ce7d5f74d9302985ac821214ff25c6bfc1 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/53344 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Prachi Gupta <pragupta@us.ibm.com> Reviewed-by: Richard J. Knight <rjknight@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Collect better FFDC on ROM verification errorsStephen Cprek2018-01-311-2/+3
| | | | | | | | | | | | | | | | | | | | Collect both the UTIL and RUNTIME component traces on a ROM verify failure Added a new Errlog User Details sections "Verify Info" containing the component name, ID(s), measured, and expected hashes Change-Id: I0d0408128e05807bb906be5ee365d56d1416693f CQ:SW413889 Backport:release-fips910 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/52593 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Compile attributeOverride tool in x86.nfp environment for mnfg useMatt Derksen2018-01-211-9/+9
| | | | | | | | | | Needed to change some files to compile before C++11. Added some files to the fsp.tar so compile can happen in ODE environment. Change-Id: Ifb7a06bff5335582d794ea622f93154eff412876 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/52195 Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Tested-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Convert asserts to error logs where it makes senseStephen Cprek2017-12-203-29/+194
| | | | | | | | | | | | | | Change-Id: Idd15e39cc6be44c0865f13503bfa4482d77fcf0d RTC:181899 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/51042 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Remove Secure Boot workaroundsStephen Cprek2017-12-188-385/+37
| | | | | | | | | | | | | | | | | | | | | | | - Removing the magic number checks that would block sb functionality if things didn't appear secure - Remove Best Effort Policy and all of its related code - Remove the legacy PCR extension - Remove the non-secure header preservation path. - Always load HB base image header from the bl to hb data path vs settings unsecurely out of pnor Change-Id: Ie638384ac50ed47850985c959ea7a32e5757d64e RTC: 178520 RTC: 155374 RTC: 173489 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49925 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secure Boot: RAS Reviews: Fix load handler loggingNick Bofferding2017-12-152-9/+43
| | | | | | | | | | | | | | | | | | - Link secure load message fail log to PLID of real verification error - Increase severity of verification fail - Fixed formatting of secure load error log to be parseable Change-Id: I15cd9cb86c15d2ee112f6c606ff1bc9eaa9f453b RTC: 181899 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/50866 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Add component ID check for Master Container Lid ProcessingStephen Cprek2017-12-121-2/+2
| | | | | | | | | | | | | Change-Id: Ie6d99d6f67f09861f0d09c8432cf90abc27400b8 RTC: 181848 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/50156 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Create better anti-deadlock strategy for vfsJaymes Wilks2017-12-121-1/+1
| | | | | | | | | | | | | | | | | | | | Addresses situations in the error paths of vfs resource provider where the handler may deadlock. As a precautionary measure, the same change was applied to secure PNOR resource provider just in case a new deadlock scenario gets introduced through future code changes. Change-Id: I1bda8c28ad9a3a1758cd6b8ae2e35f67c3e0572c RTC:176134 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/50068 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add new pnor section for Centaur hw ref imageRichard J. Knight2017-12-071-0/+2
| | | | | | | | | | | | Change-Id: Id5b75f4a929456efa5da7f173ecba71af513744f RTC:144141 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49369 Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Handle ContainerHeader asserts more nicely with error logsStephen Cprek2017-12-052-32/+42
| | | | | | | | | | | | Change-Id: I2dfd02bd7c7f5b5356cd93ca967482c2d7f79ec1 RTC: 178520 RTC: 181899 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49966 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Remove limit on max size of PNOR TOCChristian Geddes2017-12-013-37/+73
| | | | | | | | | | | | | | | | | | | | | | Previously we assumed the TOC would never be larger than 4kb, this limited us to <31 sections in pnor. We are getting to the point that is not enough. To satify the github issue a change was needed in the ffs tool to correctly build the TOC so it describes its size correctly. Those changes can be found here: github.com/open-power/ffs/pull/14 The changes in this commit fix hostboot so that it will correctly parse TOCs > 4kb. Resolves open-power/zaius-openpower/#57. Change-Id: Id2d8c250b0b1e6b87adfd4d927119fe006e8910d RTC: 180032 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49926 Reviewed-by: Matt Derksen <mderkse1@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Remove annoying mbox traces (TRACF -> TRACD)Christian Geddes2017-11-211-4/+4
| | | | | | | | | | | | | | | | | While debugging some pnor stuff I had a hard time seeing any PNOR traces because these mbox related PNOR traces kept flushing out the traces I was trying to see from the buffer. This commit makes the traces TRACD (debug) rather than TRACF. Change-Id: I4f752c5d6110e8c4363276683a26f56210496b8f Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49927 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com> Reviewed-by: Prachi Gupta <pragupta@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secure Boot: Fix lid load from HB reserved memory issues at runtimeStephen Cprek2017-11-191-47/+51
| | | | | | | | | | | | | | | | | | | | - Force all PNOR sections we load from HB rserved memory to be secure Only exception is the RINGOVD section, in which we use a fake header - Add fake header when Secureboot compiled out or a section is never signed as there is no secure header preserved in virtual memory RTC: 171708 RTC: 180063 Change-Id: Ibbbd7be24ee7b199e73451c63b2c2d1f86a2c2d8 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49020 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Create new test only PNOR section to test secure Load/UnloadsJaymes Wilks2017-11-152-108/+96
| | | | | | | | | | | | | | | | | | Created a test PNOR section called TESTLOAD that only exists in standalone solely for the purpose of testing loadSecureSection and unloadSecureSection functions of secure boot. Change-Id: I8d397f96c9199b46a20dae0263822eaf3766f83f RTC:181598 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49501 Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Support selecting fips or op-build for signing processJaymes Wilks2017-11-091-0/+3
| | | | | | | | | | | | | | | | | Adds a new '--build-type' option to genPnorImages.pl to specify either fspbuild or opbuild, which adds the appropriate magic value to the secure header during the signing process. Change-Id: I46a97f88666a5cc925797d3ad0e870a5f5bac89a RTC:163655 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/48930 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Secure Boot: Enforce PNOR section component IDsNick Bofferding2017-11-031-0/+11
| | | | | | | | | | | | | | | | | - In secure mode, bootloader will enforce that HBB component ID is set - In secure mode, Hostboot will enforce that PNOR component IDs are set Change-Id: I04f3bbc45417b3229003c56e1083e1fc31c01cd7 RTC: 179422 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/48711 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Add trace to indicate verify was called on a sectionStephen Cprek2017-11-011-0/+5
| | | | | | | | | | | | | | | Want an easy way to tell if we are verifying a section when not in best effort mode. Change-Id: I159ff14b6437c56640e149abea7f9a0d1d90a550 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/48826 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Re-enable fapi2 test case moduleChristian Geddes2017-10-311-105/+107
| | | | | | | | | | | | | | | | | | | | We determined the problem to be with the getVPD test case when we tried to get the section info for the MEMD pnor section the section was not currently loaded. The reason this was sometimes passing was because the PNOR tests were loading and unloading the MEMD module. My guess was that we were getting lucking and reading MEMD while the pnor test has the section loaded Change-Id: I50c12993d639554ab919ec01bba45e5f4aae761c RTC: 181401 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/48955 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Matt Derksen <mderkse1@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Implement Secure unloadJaymes Wilks2017-10-204-52/+474
| | | | | | | | | | | | | | | Implement Secure unload of secure sections within PNOR. Change-Id: I92a00013d23e0506f89f89ec41a193eac0b25d25 RTC:157475 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/46203 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
OpenPOWER on IntegriCloud