diff options
author | Ilya Smirnov <ismirno@us.ibm.com> | 2018-03-23 17:02:12 -0500 |
---|---|---|
committer | Sachin Gupta <sgupta2m@in.ibm.com> | 2018-04-02 23:13:38 -0400 |
commit | 0883fb85d489b31b7caec780a3180a08b7d2623a (patch) | |
tree | ffbedba0ab869b654aaa44378b7e7ee8d17ec0b5 | |
parent | 6b765f17d22314191282f2b1bc64543e8841a598 (diff) | |
download | talos-sbe-0883fb85d489b31b7caec780a3180a08b7d2623a.tar.gz talos-sbe-0883fb85d489b31b7caec780a3180a08b7d2623a.zip |
Pass SBE Security Backdoor Bit to HB Bootloader
Add a "SBE security backdoor" bit to reflect the state of the SBE
security backdoor; the bit is passed to the hostboot bootloader from SBE.
The new bit is the inverse of the ATTR_SECURITY_MODE attribute.
Also bump the version of SBE/bootloader to reflect the change.
Change-Id: Idf3009447c51c66306c043daf7f8189b8cbf2f36
RTC:188961
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/56309
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: PPE CI <ppe-ci+hostboot@us.ibm.com>
Tested-by: Hostboot CI <hostboot-ci+hostboot@us.ibm.com>
Reviewed-by: Sachin Gupta <sgupta2m@in.ibm.com>
Reviewed-by: Jennifer A. Stofer <stofer@us.ibm.com>
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/56318
4 files changed, 14 insertions, 6 deletions
diff --git a/src/import/chips/p9/procedures/hwp/nest/p9_sbe_hb_structures.H b/src/import/chips/p9/procedures/hwp/nest/p9_sbe_hb_structures.H index 2a4ca38c..3780b3bb 100644 --- a/src/import/chips/p9/procedures/hwp/nest/p9_sbe_hb_structures.H +++ b/src/import/chips/p9/procedures/hwp/nest/p9_sbe_hb_structures.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER sbe Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2016,2017 */ +/* Contributors Listed Below - COPYRIGHT 2016,2018 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -60,6 +60,7 @@ enum SbeBootloaderVersion SAB_ADDED = 0x00090002, MMIO_BARS_ADDED = 0x00090003, ADDR_STASH_SUPPORT_ADDED = 0x00090004, + SBE_BACKDOOR_BIT_ADDED = 0x00090005, }; union BootloaderSecureSettings @@ -68,7 +69,8 @@ union BootloaderSecureSettings struct { // Bit Breakdown - sync with ATTR_SECURE_SETTINGS - uint8_t reserved : 5; // reserved + uint8_t reserved : 4; // reserved + uint8_t secBackdoorBit : 1; // SBE Security Backdoor Bit uint8_t allowAttrOverrides : 1; // Allow Attribute Overrides in // Secure Mode uint8_t securityOverride : 1; // Security Override diff --git a/src/import/chips/p9/procedures/hwp/nest/p9_sbe_load_bootloader.C b/src/import/chips/p9/procedures/hwp/nest/p9_sbe_load_bootloader.C index fed5330f..74d35da0 100644 --- a/src/import/chips/p9/procedures/hwp/nest/p9_sbe_load_bootloader.C +++ b/src/import/chips/p9/procedures/hwp/nest/p9_sbe_load_bootloader.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER sbe Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015,2017 */ +/* Contributors Listed Below - COPYRIGHT 2015,2018 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -413,7 +413,7 @@ get_bootloader_config_data( l_chip_base_address_mmio), "Error from p9_fbc_utils_get_chip_base_address (chip)"); - l_bootloader_config_data.version = ADDR_STASH_SUPPORT_ADDED; + l_bootloader_config_data.version = SBE_BACKDOOR_BIT_ADDED; // XSCOM BAR offset FAPI_TRY(FAPI_ATTR_GET(fapi2::ATTR_PROC_XSCOM_BAR_BASE_ADDR_OFFSET, diff --git a/src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C b/src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C index 03ed40bb..522a5fd2 100644 --- a/src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C +++ b/src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C @@ -129,6 +129,11 @@ fapi2::ReturnCode p9_sbe_attr_setup(const FAPI_DBG("Reading ATTR_SECURITY_MODE"); FAPI_TRY(FAPI_ATTR_GET(fapi2::ATTR_SECURITY_MODE, FAPI_SYSTEM, l_read_1)); + + //Transfer SBE Security Backdoor Bit + //Need to invert the bit since 1 == Secure mode == Backdoor disabled + // 0 == Unsecure mode == Backdoor enabled + l_secure_settings.secBackdoorBit = !l_read_1; //Getting CBS_CS register value FAPI_TRY(fapi2::getScom(i_target_chip, PERV_CBS_CS_SCOM, read_cbs_reg)); diff --git a/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_load_bootloader_attributes.xml b/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_load_bootloader_attributes.xml index 0fd5d891..348d37d4 100644 --- a/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_load_bootloader_attributes.xml +++ b/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_load_bootloader_attributes.xml @@ -5,7 +5,7 @@ <!-- --> <!-- OpenPOWER sbe Project --> <!-- --> -<!-- Contributors Listed Below - COPYRIGHT 2015,2017 --> +<!-- Contributors Listed Below - COPYRIGHT 2015,2018 --> <!-- [+] International Business Machines Corp. --> <!-- --> <!-- --> @@ -81,7 +81,8 @@ <id>ATTR_SECURE_SETTINGS</id> <targetType>TARGET_TYPE_SYSTEM</targetType> <description>Byte collecting Security Overrides - bits 0:4 - reserved + bits 0:3 - reserved + bit 4 - SBE Security Backdoor Enabled bit 5 - Allow Attribute Overrides in Securemode bit 6 - Override Security Setting bit 7 - Secure Access Bit |