From cefc4c2c1bf3a43a993f2091813ee181779ddee4 Mon Sep 17 00:00:00 2001
From: Stephen Cprek <smcprek@us.ibm.com>
Date: Wed, 26 Jul 2017 10:33:24 -0500
Subject: Refactor SecureBoot Workarounds to better control leniency

At this time we are trying to secure OpenPOWER in secure mode,
but allow best effort policies in other scenarios

Change-Id: I9ec2b5be49dbfcff678c4d30bb85f8762e448cb6
RTC: 170136
RTC: 155374
RTC: 168021
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43640
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
---
 src/bootloader/bootloader.C | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

(limited to 'src/bootloader')

diff --git a/src/bootloader/bootloader.C b/src/bootloader/bootloader.C
index 55969fa0b..99ac0b1ec 100644
--- a/src/bootloader/bootloader.C
+++ b/src/bootloader/bootloader.C
@@ -198,18 +198,35 @@ namespace Bootloader{
         {
             BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_SAB_UNSET);
         }
-        // # @TODO RTC:170136 terminate in this case
-        // Ensure SecureRom is actually present
+        // Terminate if a valid securerom is not present
         else if ( !g_blData->secureRomValid )
         {
+#ifdef CONFIG_SECUREBOOT_BEST_EFFORT
             BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_NO_EYECATCH);
+#else
+            BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_INVALID_SECROM);
+            /*@
+             * @errortype
+             * @moduleid     Bootloader::MOD_BOOTLOADER_VERIFY
+             * @reasoncode   SECUREBOOT::RC_SECROM_INVALID
+             * @userdata1[0:15]   TI_WITH_SRC
+             * @userdata1[16:31]  TI_BOOTLOADER
+             * @userdata1[32:63]  Failing address = 0
+             * @devdesc      Valid securerom not present
+             * @custdesc     Security failure occurred while running processor
+             *               boot code.
+             */
+            bl_terminate(Bootloader::MOD_BOOTLOADER_VERIFY,
+                         SECUREBOOT::RC_SECROM_INVALID);
+#endif
         }
-        // # @TODO RTC:170136 terminate in this case
+#ifdef CONFIG_SECUREBOOT_BEST_EFFORT
         else if ( !PNOR::cmpSecurebootMagicNumber(
                     reinterpret_cast<const uint8_t*>(i_pContainer)))
         {
             BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_NO_MAGIC_NUM);
         }
+#endif
         else
         {
             // Set startAddr to ROM_verify() function at an offset of Secure ROM
-- 
cgit v1.2.1