From 776d1086a7ed224c482d2da3c49b2c597b8776ab Mon Sep 17 00:00:00 2001
From: Mike Baiocchi <mbaiocch@us.ibm.com>
Date: Sat, 1 Jul 2017 01:43:12 -0500
Subject: Secureboot: Inhibit attribute overrides and sync exposures

For Secureboot purposes, we don't consider the FSP a secure source.  So
this commit inhibts attribute overrides and any sort of attribute syncing
from the FSP.

Change-Id: I941ab5083d3055bc29237839aaaf4b723a2b0e90
RTC:175071
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/42687
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
---
 src/usr/secureboot/base/service.C                  | 32 ++++++++++++++++++++
 src/usr/secureboot/runtime/rt_secureboot.C         | 35 +++++++++++++++++++++-
 .../secureboot/runtime/test/testsecureboot_rt.H    | 20 ++++++++++++-
 3 files changed, 85 insertions(+), 2 deletions(-)

(limited to 'src/usr/secureboot')

diff --git a/src/usr/secureboot/base/service.C b/src/usr/secureboot/base/service.C
index fc4498908..6d0bf8ff3 100644
--- a/src/usr/secureboot/base/service.C
+++ b/src/usr/secureboot/base/service.C
@@ -41,6 +41,7 @@
 #include "purge.H"
 #include <kernel/misc.H>
 #include <kernel/console.H>
+#include <kernel/bltohbdatamgr.H>
 #include <console/consoleif.H>
 #include <util/misc.H>
 
@@ -559,4 +560,35 @@ void addSecureUserDetailsToErrolog(errlHndl_t & io_err)
     //Note: adding UdTargetHwKeyHash left to Extended image
 }
 
+#ifndef __HOSTBOOT_RUNTIME
+bool allowAttrOverrides()
+{
+    bool retVal = false;
+
+    if (enabled())
+    {
+        if (g_BlToHbDataManager.getAllowAttrOverrides())
+        {
+            retVal = true;
+            SB_INF("allowAttrOverrides: Allowing Attr Overrides in "
+                   "Secure Mode: retVal=%d", retVal);
+        }
+        else
+        {
+            retVal = false;
+            SB_INF("allowAttrOverrides: DO NOT Allow Attr Overrides in "
+                   "Secure Mode: retVal=%d", retVal);
+        }
+    }
+    else
+    {
+        retVal = true;
+        SB_DBG("allowAttrOverrides: Allow Attr Overrides in "
+                "Unsecure Mode: retVal=%d", retVal);
+    }
+
+    return retVal;
+};
+#endif
+
 } //namespace SECUREBOOT
diff --git a/src/usr/secureboot/runtime/rt_secureboot.C b/src/usr/secureboot/runtime/rt_secureboot.C
index 1c84c2bf1..2277cce29 100644
--- a/src/usr/secureboot/runtime/rt_secureboot.C
+++ b/src/usr/secureboot/runtime/rt_secureboot.C
@@ -40,7 +40,7 @@
 #include <targeting/common/commontargeting.H>
 #include <targeting/common/targetservice.H>
 #include <devicefw/userif.H>
-
+#include <util/misc.H>
 
 namespace SECUREBOOT
 {
@@ -87,6 +87,39 @@ bool enabled()
 }
 #endif
 
+#ifdef __HOSTBOOT_RUNTIME
+bool allowAttrOverrides()
+{
+    bool retVal = false;
+
+    if (enabled())
+    {
+        // Check attribute to see if overrides are allowed in secure mode
+        if ( Util::isTargetingLoaded() )
+        {
+            TARGETING::TargetService& tS = TARGETING::targetService();
+            TARGETING::Target* sys = nullptr;
+            (void) tS.getTopLevelTarget( sys );
+            assert(sys, "SECUREBOOT::allowAttrOverrides() system target is NULL");
+
+            retVal = sys->getAttr<
+                TARGETING::ATTR_ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE>();
+
+            SB_INF("SECUREBOOT::allowAttrOverrides: "
+                   "Inside Attr check: retVal=0x%X",
+                   retVal);
+       }
+    }
+    else
+    {
+        // Allow Attribute Overrides in unsecure mode
+        retVal = true;
+    }
+
+    return retVal;
+}
+#endif
+
 int verify_container(
     const void*  i_pContainer,
     const void*  i_pHwKeyHash,
diff --git a/src/usr/secureboot/runtime/test/testsecureboot_rt.H b/src/usr/secureboot/runtime/test/testsecureboot_rt.H
index ef9a641a9..4173c0855 100644
--- a/src/usr/secureboot/runtime/test/testsecureboot_rt.H
+++ b/src/usr/secureboot/runtime/test/testsecureboot_rt.H
@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2016                             */
+/* Contributors Listed Below - COPYRIGHT 2016,2017                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -36,6 +36,7 @@
 #include <config.h>
 
 #include "common/securetrace.H"
+#include <secureboot/service.H>
 
 class SecurebootRtTestSuite: public CxxTest::TestSuite
 {
@@ -95,6 +96,23 @@ class SecurebootRtTestSuite: public CxxTest::TestSuite
         SB_EXIT("SecurebootRtTestSuite::testVerifyContainer");
     }
 
+    void testBaseInterfaces()
+    {
+        SB_ENTER("SecurebootRtTestSuite::testBaseInterfaces");
+
+        do {
+
+        SB_INF("SECUREBOOT::enabled() = %d", SECUREBOOT::enabled());
+
+        SB_INF("SECUREBOOT::allowAttrOverrides() = %d",
+               SECUREBOOT::allowAttrOverrides());
+
+        } while(0);
+
+        SB_EXIT("SecurebootRtTestSuite::testBaseInterfaces");
+    }
+
+
     private:
 
 };
-- 
cgit v1.2.1