From b70fc1ac984f9da0d9e4932b8a9e40b1ccf4da50 Mon Sep 17 00:00:00 2001 From: Jaymes Wilks Date: Wed, 13 Sep 2017 09:53:39 -0500 Subject: Implement Secure unload Implement Secure unload of secure sections within PNOR. Change-Id: I92a00013d23e0506f89f89ec41a193eac0b25d25 RTC:157475 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/46203 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Michael Baiocchi Reviewed-by: Nicholas E. Bofferding Reviewed-by: William G. Hoffa --- src/include/usr/pnor/pnor_reasoncodes.H | 6 +++++- src/include/usr/pnor/pnorif.H | 19 +++++++++++++------ 2 files changed, 18 insertions(+), 7 deletions(-) (limited to 'src/include') diff --git a/src/include/usr/pnor/pnor_reasoncodes.H b/src/include/usr/pnor/pnor_reasoncodes.H index 3eee83930..e9e98f9c5 100644 --- a/src/include/usr/pnor/pnor_reasoncodes.H +++ b/src/include/usr/pnor/pnor_reasoncodes.H @@ -105,9 +105,10 @@ namespace PNOR MOD_SPNORRP_WAITFORMESSAGE = 0xD3, /**< SPnorRP::waitForMessage */ MOD_SPNORRP_VERIFYSECTIONS = 0xD4, /**< SPnorRP::verifySections */ MOD_SPNORRP_SET_PERMISSION = 0xD5, /**< SPnorRP::initDaemon */ - MOD_PNORRP_LOADSECURESECTION = 0xD6, /**< PnorRP::loadSecureSection */ + MOD_PNORRP_LOADUNLOADSECURESECTION = 0xD6, /**< PnorRP::loadSecureSection */ MOD_SPNORRP_BASE_EXT_VER_CHK = 0xD7, /**< SPnorRP::baseExtVersCheck */ MOD_SPNORRP_KEY_TRAN_CHK = 0xD8, /**< SPnorRP::keyTransitionCheck */ + MOD_SPNORRP_REMOVE_PAGES = 0xD9, // ast_mboxdd.C MOD_ASTMBOXDD_DO_MESSAGE = 0xE0, /**< astMbox::doMessage */ @@ -178,6 +179,9 @@ namespace PNOR RC_MBOX_BAD_SEQUENCE = PNOR_COMP_ID | 0x32, RC_MBOX_ERROR_STATUS = PNOR_COMP_ID | 0x33, RC_UNSIGNED_PNOR_SECTION = PNOR_COMP_ID | 0x34, + RC_NOT_A_LOADED_SECTION = PNOR_COMP_ID | 0x35, + RC_NOT_A_SUPPORTED_SECTION = PNOR_COMP_ID | 0x36, + RC_SECURE_UNLOAD_DISALLOWED = PNOR_COMP_ID | 0x37, //@fixme-RTC:131607-Temporary value to allow HWSV compile //termination_rc diff --git a/src/include/usr/pnor/pnorif.H b/src/include/usr/pnor/pnorif.H index 7e62e6042..1c35ec852 100644 --- a/src/include/usr/pnor/pnorif.H +++ b/src/include/usr/pnor/pnorif.H @@ -94,8 +94,9 @@ errlHndl_t getSectionInfo( SectionId i_section, * placing it in the address space. Returns error if the requested * section does not have secure space support. * - * @param[in] i_section PNOR section to load. Section must not already be - * loaded. + * @param[in] i_section PNOR section to load. If the section is already loaded, + * the bulk of the load operation will not be repeated as + * a reference count is maintained for each section. * * @return errlHndl_t Error log handle * @retval NULL Successfully loaded PNOR section @@ -104,14 +105,20 @@ errlHndl_t getSectionInfo( SectionId i_section, errlHndl_t loadSecureSection(SectionId i_section); /** - * @brief Flushes any applicable pending writes and unloads requested PNOR - * section from secure virtual address space + * @brief Unloads requested PNOR section from secure virtual address space. + * There are some restrictions about which sections can be unloaded. + * 1. You cannot unload HBB, HBI, or targeting sections. These are core + * sections that need to be available as much as possible. + * 2. You can only unload sections for which the secure payload is + * the entire payload. Sections with unsecured pages are not + * supported. * - * @param[in] i_section PNOR section to unload. No-op if already unloaded. + * @param[in] i_section PNOR section to unload. * * @return errlHndl_t Error log handle * @retval NULL Successfully unloaded PNOR section - * @retval !NULL Failed to unload PNOR section + * @retval !NULL Failed to unload PNOR section for the reasons listed above + * or if the section is not currently loaded. */ errlHndl_t unloadSecureSection(SectionId i_section); -- cgit v1.2.1