From b70fc1ac984f9da0d9e4932b8a9e40b1ccf4da50 Mon Sep 17 00:00:00 2001
From: Jaymes Wilks <mjwilks@us.ibm.com>
Date: Wed, 13 Sep 2017 09:53:39 -0500
Subject: Implement Secure unload

Implement Secure unload of secure sections within PNOR.

Change-Id: I92a00013d23e0506f89f89ec41a193eac0b25d25
RTC:157475
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/46203
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
---
 src/usr/pnor/spnorrp.H | 34 +++++++++++++++++++++++++++++++---
 1 file changed, 31 insertions(+), 3 deletions(-)

(limited to 'src/usr/pnor/spnorrp.H')

diff --git a/src/usr/pnor/spnorrp.H b/src/usr/pnor/spnorrp.H
index 889b70f43..878d69625 100644
--- a/src/usr/pnor/spnorrp.H
+++ b/src/usr/pnor/spnorrp.H
@@ -116,6 +116,13 @@ class SPnorRP
         uint8_t* secAddr;
         size_t textSize;
         size_t infoSize;
+        size_t refCount;
+        SHA512_t payloadTextHash;
+        LoadRecord()
+        :secAddr(nullptr), textSize(0), infoSize(0), refCount(0)
+        {
+            memset(&payloadTextHash[0], 0, SHA512_DIGEST_LENGTH);
+        }
     };
     std::map<PNOR::SectionId, LoadRecord*> iv_loadedSections;
 
@@ -127,11 +134,22 @@ class SPnorRP
 
     /**
      * @brief Load secure sections into temporary address space and verify them
-     * @param[in]  i_secId - PNOR section id to verify
-     * @param[in]  o_rec - Load record to store section information in
+     * @note The Load record is not only used for output of the section info
+     *       from the verifySections, but is also used as input via the
+     *       payloadTextHash field, which is used (if i_loadedPreviously is
+     *       true) to help determine if the PCR extend should be recalculated.
+     *
+     * @param[in]     i_secId - PNOR section id to verify
+     * @param[in]     i_loadedPreviously - indicates section has been securely
+     *                loaded previously
+     * @param[in/out] io_rec - Load record to store section information in
+     *                io_rec->payloadTextHash is used for comparision if
+     *                i_loadedPreviusly is true.
      * @return  uint64_t - Return code to pass back to message handler
      */
-    uint64_t verifySections(PNOR::SectionId i_id, LoadRecord* o_rec);
+    uint64_t verifySections(PNOR::SectionId i_id,
+                            bool i_loadedPreviously,
+                            LoadRecord* io_rec);
 
     /**
      * @brief  Message receiver for secure space
@@ -160,6 +178,16 @@ class SPnorRP
     errlHndl_t setPermission(void* va, uint64_t size,
                                        uint64_t accessType) const;
 
+    /**
+     * @brief  A wrapper for mm_remove_pages that encapsulates an error log
+     * @note   This is a special case of mm_remove_pages that makes use of
+     *         PAGE_REMOVAL_OPS "RELEASE" setting
+     *
+     * @param[in] i_va - virtual start address of pages to be removed
+     * @param[in] i_size - size of block to remove
+     */
+    errlHndl_t removePages(void* i_va, uint64_t i_size) const;
+
     /**
      * @brief  Handles any additional section specific verification checks.
      * @param[in]  i_vaddr - vaddr of PNOR section to verify. Includes header
-- 
cgit v1.2.1