From 776d1086a7ed224c482d2da3c49b2c597b8776ab Mon Sep 17 00:00:00 2001
From: Mike Baiocchi <mbaiocch@us.ibm.com>
Date: Sat, 1 Jul 2017 01:43:12 -0500
Subject: Secureboot: Inhibit attribute overrides and sync exposures

For Secureboot purposes, we don't consider the FSP a secure source.  So
this commit inhibts attribute overrides and any sort of attribute syncing
from the FSP.

Change-Id: I941ab5083d3055bc29237839aaaf4b723a2b0e90
RTC:175071
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/42687
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
---
 src/usr/targeting/attrrp.C | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src/usr/targeting/attrrp.C')

diff --git a/src/usr/targeting/attrrp.C b/src/usr/targeting/attrrp.C
index 66be9a33f..2c9f0b6fe 100755
--- a/src/usr/targeting/attrrp.C
+++ b/src/usr/targeting/attrrp.C
@@ -52,6 +52,7 @@
 #include <fapi2/plat_attr_override_sync.H>
 #include <targeting/attrPlatOverride.H>
 #include <config.h>
+#include <secureboot/service.H>
 
 using namespace INITSERVICE;
 using namespace ERRORLOG;
@@ -929,6 +930,12 @@ namespace TARGETING
             size_t l_maxSize = io_size;
             io_size = 0;
 
+            if (!SECUREBOOT::allowAttrOverrides())
+            {
+                TRACFCOMP( g_trac_targeting, "AttrRP::_saveOverrides: skipping "
+                           "since Attribute Overrides are not allowed.");
+            }
+
             // Save the fapi and temp overrides
             //   Note: no need to look at PERM because those were added to
             //         the base targeting model
-- 
cgit v1.2.1