From 89c19d7e3a5b6f2781636ca5373672f38d8f0a13 Mon Sep 17 00:00:00 2001 From: Stephen Cprek Date: Wed, 27 Sep 2017 16:22:04 -0500 Subject: Process Components in Master Container Lid Change-Id: I31523494f462c88addb51973f605b2ed72674e97 RTC: 125304 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/46840 Tested-by: Jenkins Server Reviewed-by: Nicholas E. Bofferding Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Reviewed-by: Michael Baiocchi Reviewed-by: Marshall J. Wilks Tested-by: FSP CI Jenkins Reviewed-by: William G. Hoffa --- src/include/usr/runtime/preverifiedlidmgr.H | 33 ++++++++- src/include/usr/secureboot/trustedbootif.H | 3 + src/include/usr/util/util_reasoncodes.H | 6 +- src/include/usr/util/utillidmgr.H | 2 +- src/include/usr/util/utilmclmgr.H | 110 +++++++++++++++++++++++++++- 5 files changed, 145 insertions(+), 9 deletions(-) (limited to 'src/include') diff --git a/src/include/usr/runtime/preverifiedlidmgr.H b/src/include/usr/runtime/preverifiedlidmgr.H index ca096e5e1..185a0d24f 100644 --- a/src/include/usr/runtime/preverifiedlidmgr.H +++ b/src/include/usr/runtime/preverifiedlidmgr.H @@ -66,6 +66,24 @@ class PreVerifiedLidMgr const uint64_t i_addr, const size_t i_size); + /** + * @brief Load PNOR section into HB reserved memory + * + * @param[in] i_sec - PNOR section ID + * @param[in] i_addr - Virtual Address of PNOR section + * @param[in] i_size - Size of PNOR section + * @param[in] i_isPhypComp - Indicates if PHYP lids + * NOTE: PHYP lids go to address HRMOR - 4K + * @param[out] o_resvMemAddr - Mainstore address Lid was put in + * + * @return Error handle if error + */ + static errlHndl_t loadFromMCL(const uint32_t i_lidId, + const uint64_t i_addr, + const size_t i_size, + const bool i_isPhypComp, + uint64_t &o_resvMemAddr); + protected: /** @@ -106,14 +124,20 @@ class PreVerifiedLidMgr const uint64_t i_addr, const size_t i_size); + /** + * @brief Internal implementation of loadFromMCL function. + */ + errlHndl_t _loadFromMCL(const uint32_t i_lidId, + const uint64_t i_addr, + const size_t i_size, + const bool i_isPhypComp, + uint64_t &o_resvMemAddr); + // Private Members/Variables // Cache the payload type static TARGETING::PAYLOAD_KIND cv_payloadKind; - // Bool to check if the first PHYP lid has been loaded or not. - static bool cv_phypLidSeen; - // Collection of data needed for Hostboot Reserved Memory struct ResvMemInfo { @@ -131,7 +155,7 @@ class PreVerifiedLidMgr // Collection of data needed for Hostboot Reserved Memory static ResvMemInfo cv_resvMemInfo; - // Location for PHYP lids to go. + // Collection of data needed for PHYP's placement into HB reserved memory static ResvMemInfo cv_phypResvMemInfo; // Map of what lids have been loaded already. @@ -197,6 +221,7 @@ class PreVerifiedLidMgr // Allow test cases to have direct access friend class PreVerifiedLidMgrTest; + friend class MasterContainerLidMgrTest; }; diff --git a/src/include/usr/secureboot/trustedbootif.H b/src/include/usr/secureboot/trustedbootif.H index 8f79756d9..41ba6ece9 100644 --- a/src/include/usr/secureboot/trustedbootif.H +++ b/src/include/usr/secureboot/trustedbootif.H @@ -44,6 +44,9 @@ namespace TRUSTEDBOOT { + // Const string to append to PCR extension messages + extern const char* const FW_KEY_HASH_EXT; + struct _TpmLogMgr; // Hostboot code just maps the TpmTarget type, which shared APIs use, as a diff --git a/src/include/usr/util/util_reasoncodes.H b/src/include/usr/util/util_reasoncodes.H index f90784c77..77fd1e628 100644 --- a/src/include/usr/util/util_reasoncodes.H +++ b/src/include/usr/util/util_reasoncodes.H @@ -49,7 +49,8 @@ namespace Util UTIL_TCE_UNMAP_PSIHB = 0x0F, // UtilTceMgr::unmapPsiHostBridge UTIL_MCL_INIT_MEM = 0x10, // MasterContainerLidMgr::initMem UTIL_MCL_REL_MEM = 0x11, // MasterContainerLidMgr::releaseMem - + UTIL_MCL_PROCESS_COMP = 0x12, // MasterContainerLidMgr::processComponent + UTIL_MCL_VERIFY_EXT = 0x13, // MasterContainerLidMgr::verifyExtend }; enum ReasonCode @@ -77,7 +78,8 @@ namespace Util UTIL_TCE_BLOCK_UNMAP_FAIL = UTIL_COMP_ID | 0x15, UTIL_MM_BLOCK_MAP_FAILED = UTIL_COMP_ID | 0x16, UTIL_MM_BLOCK_UNMAP_FAILED = UTIL_COMP_ID | 0x17, - + UTIL_MCL_SIZE_MISMATCH = UTIL_COMP_ID | 0x18, + UTIL_MCL_COMPID_MISMATCH = UTIL_COMP_ID | 0x19, }; }; diff --git a/src/include/usr/util/utillidmgr.H b/src/include/usr/util/utillidmgr.H index 725e51671..c2ac2d9a0 100644 --- a/src/include/usr/util/utillidmgr.H +++ b/src/include/usr/util/utillidmgr.H @@ -50,7 +50,7 @@ enum LidId TEST_LIDID = 0x00000111, OCC_LIDID = 0x81e00430, OCC_CONTAINER_LIDID = 0x80d0000b, - MCL_LIDID = 0x80D00020, + MCL_LIDID = 0x80d00020, // TODO RTC 172767 Make utillidmgr LIDID structure attribute driven WOF_LIDID = 0x81e00440, WOF_CONTAINER_LIDID = 0x80d00015, diff --git a/src/include/usr/util/utilmclmgr.H b/src/include/usr/util/utilmclmgr.H index 58a73bae4..f33d4001f 100644 --- a/src/include/usr/util/utilmclmgr.H +++ b/src/include/usr/util/utilmclmgr.H @@ -40,7 +40,11 @@ namespace MCL // Component ID(name) within MCL typedef std::array ComponentID; -// Defines to simplify syntax when checking for the MCL and POWERVM comp ids +// Component ID in string form +// NOTE: ComponentID in the MCL does not include NULL terminator so include room +typedef char CompIdString[17]; + +// Constants to simplify checking for the MCL and POWERVM comp ids extern const ComponentID g_MclCompId; extern const ComponentID g_PowervmCompId; @@ -194,8 +198,46 @@ struct CompInfo void print() const; }; +// Comparator to ensure PHYP is always the first component to be processed +struct CompOrderCompare { + bool operator() (const ComponentID& lhs, const ComponentID& rhs) const + { + if((lhs == g_PowervmCompId)) + { + return true; + } + else if ((rhs == g_PowervmCompId)) + { + return false; + } + + return lhs CompInfoMap; +typedef std::map CompInfoMap; + +/** + * @brief Convert Component ID to a char* + * Helpful for trace + * + * @param[in] i_compId - Component ID to convert + * @param[out] o_compIdStr - Component ID String + * + * @return N/A + */ +void compIdToString(const ComponentID i_compId, CompIdString o_compIdStr); + +/** + * @brief Convert/truncate Component ID to a uint64_t + * Helpful for FFDC + * + * @param[in] i_compId - Component ID to convert + * + * @return uint64_t - truncated Component ID + */ +uint64_t compIdToInt(const ComponentID i_compId); // @brief Class to manager the Master Container Lid provided by the FSP class MasterContainerLidMgr @@ -214,6 +256,12 @@ class MasterContainerLidMgr */ ~MasterContainerLidMgr(); + /** + * @brief Process each component in the MCL. + * See: processComponent for more info + */ + errlHndl_t processComponents(); + protected: /** @@ -280,6 +328,52 @@ class MasterContainerLidMgr */ void printCompInfoCache(); + /** + * @brief Process single component in the MCL. + * Loads, verifies, tpm extends lids and loads into hb resv memory + * + * @param[in] i_compId - Component Id + * @param[in] io_compInfo - Component info of component to process + * + * @return Error handle if error + */ + errlHndl_t processComponent(const ComponentID& i_compId, + CompInfo& io_compInfo); + + /** + * @brief Load all lids associated with a Component into contiguous memory + * NOTE: updates the lid sizes in CompInfo + * + * @param[in] io_compInfo - Component info of component to verify + * @param[out] o_totalSize - Size of all lids reported by the FSP + * + * @return Error handle if error + */ + errlHndl_t loadLids(CompInfo& io_compInfo, size_t& o_totalSize); + + /** + * @brief Verify and Extend Component + * + * @param[in] i_compId - Component Id + * @param[in] io_compInfo - Component info of component to verify + * + * @return Error handle if error + * Note: Will not return on Secure Verification Error + */ + errlHndl_t verifyExtend(const ComponentID& i_compId, + CompInfo& io_compInfo); + + /** + * @brief TPM extend information for secure components + * + * @param[in] i_compId - Component Id + * @param[in] i_conHdr - Container header with information to extend + * + * @return Error handle if error + */ + errlHndl_t tpmExtend(const ComponentID& i_compId, + const SECUREBOOT::ContainerHeader& i_conHdr) const; + // Physical addresses reserved for the MCL itself uint64_t iv_mclAddr; @@ -292,15 +386,27 @@ class MasterContainerLidMgr // Maximum size of memory for temp MCL mgr workspace size_t iv_tmpSize; + // Maximum size based on MCL or temp components + size_t iv_maxSize; + // Pointer to MCL virtual address space void* iv_pMclVaddr; // Pointer to MCL temp virtual address space void* iv_pTempVaddr; + // Pointer to either MCL or TMP virtual address spaces + void* iv_pVaddr; + // Cache Components and their corresponding lids CompInfoMap iv_compInfoCache; + // Indicates that Master Container Lid has a header + bool iv_hasHeader; + + // Cache current comp id string for easy tracing + CompIdString iv_curCompIdStr; + // Allow test cases to call custom constructors and have direct access friend class ::MasterContainerLidMgrTest; }; -- cgit v1.2.1