diff options
author | spashabk-in <shakeebbk@in.ibm.com> | 2017-10-16 04:09:32 -0500 |
---|---|---|
committer | Sachin Gupta <sgupta2m@in.ibm.com> | 2017-12-04 22:35:51 -0500 |
commit | 1f0bc6efb21793e7275d11f42323a8eb00c2e835 (patch) | |
tree | bc4c5b78080f92be99b3bfd1917a50f3106ff046 /src/import | |
parent | 2f7237360522806f1eeca80aab59ec3c0afa5d1e (diff) | |
download | talos-sbe-1f0bc6efb21793e7275d11f42323a8eb00c2e835.tar.gz talos-sbe-1f0bc6efb21793e7275d11f42323a8eb00c2e835.zip |
Handle security security bit in p9_sbe_attr_setup
Fix enabling of security in the current power cycle
Change-Id: I546407d90989a876a75b5d36312d31e438024940
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/48440
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: PPE CI <ppe-ci+hostboot@us.ibm.com>
Reviewed-by: Sachin Gupta <sgupta2m@in.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Jennifer A. Stofer <stofer@us.ibm.com>
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/48444
Reviewed-by: Hostboot Team <hostboot@us.ibm.com>
Diffstat (limited to 'src/import')
-rw-r--r-- | src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C | 58 |
1 files changed, 38 insertions, 20 deletions
diff --git a/src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C b/src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C index 697978f1..b4f39831 100644 --- a/src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C +++ b/src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C @@ -124,41 +124,59 @@ fapi2::ReturnCode p9_sbe_attr_setup(const //set_security_access { - fapi2::buffer<uint64_t> l_read_reg; + fapi2::buffer<uint64_t> read_cbs_reg; BootloaderSecureSettings l_secure_settings; l_secure_settings.data8 = 0; FAPI_DBG("Reading ATTR_SECURITY_MODE"); FAPI_TRY(FAPI_ATTR_GET(fapi2::ATTR_SECURITY_MODE, FAPI_SYSTEM, l_read_1)); //Getting CBS_CS register value - FAPI_TRY(fapi2::getScom(i_target_chip, PERV_CBS_CS_SCOM, l_read_reg)); - - if ( (!l_read_1) // Security override possible - && (l_read_scratch8.getBit<2>()) ) // scratch 3 is valid + FAPI_TRY(fapi2::getScom(i_target_chip, PERV_CBS_CS_SCOM, read_cbs_reg)); + + /* + ------------------------------------------------------------------------------------------------------------ + Jumper val/SMD Value SBE Security override policy scratch reg 3 bit 6 Result + ------------------------------------------------------------------------------------------------------------ + 1(request disable) x(don't care) x(don't care) Non-secure + 0(don't req disable) x(invalid scratch 3) x Secure + 0 1(don't check mbox) x Secure + 0 0(check mbox - dev only) 0(don't ask for disable) Secure + 0 0 1(ask for disable) Non-secure + ------------------------------------------------------------------------------------------------------------ + */ + if (read_cbs_reg.getBit<5>() == 0) { - FAPI_DBG("Reading mailbox scratch register 3 bit 6 to check " - "for external security override request"); + if ( (!l_read_1) // Security override possible + && (l_read_scratch8.getBit<2>()) ) // scratch 3 is valid + { + FAPI_DBG("Reading mailbox scratch register 3 bit 6 to check " + "for external security override request"); + + //Getting SCRATCH_REGISTER_3 register value + FAPI_TRY(fapi2::getScom(i_target_chip, PERV_SCRATCH_REGISTER_3_SCOM, + l_read_scratch_reg)); //l_read_scratch_reg = PIB.SCRATCH_REGISTER_3 + + read_cbs_reg.writeBit<4>(!l_read_scratch_reg.getBit<6>()); - //Getting SCRATCH_REGISTER_3 register value - FAPI_TRY(fapi2::getScom(i_target_chip, PERV_SCRATCH_REGISTER_3_SCOM, - l_read_scratch_reg)); //l_read_scratch_reg = PIB.SCRATCH_REGISTER_3 + FAPI_DBG("Copying mailbox scratch register 3 bits 6,7 to " + "ATTR_SECURE_SETTINGS"); + l_secure_settings.securityOverride = l_read_scratch_reg.getBit<6>(); + l_secure_settings.allowAttrOverrides = l_read_scratch_reg.getBit<7>(); - if(l_read_scratch_reg.getBit<6>()) + } + else { - FAPI_DBG("Clear Security Access Bit"); - l_read_reg.clearBit<4>(); //PIB.CBS_CS.CBS_CS_SECURE_ACCESS_BIT = 0 - FAPI_TRY(fapi2::putScom(i_target_chip, PERV_CBS_CS_SCOM, l_read_reg)); + // Enable secure mode + read_cbs_reg.setBit<4>(); } - - FAPI_DBG("Copying mailbox scratch register 3 bits 6,7 to " - "ATTR_SECURE_SETTINGS"); - l_secure_settings.securityOverride = l_read_scratch_reg.getBit<6>(); - l_secure_settings.allowAttrOverrides = l_read_scratch_reg.getBit<7>(); } + // Update CBS_CS register + FAPI_TRY(fapi2::putScom(i_target_chip, PERV_CBS_CS_SCOM, read_cbs_reg)); + // Include the Secure Access Bit now, but will double check before // setting bootloader data later - l_secure_settings.secureAccessBit = l_read_reg.getBit<4>(); + l_secure_settings.secureAccessBit = read_cbs_reg.getBit<4>(); FAPI_DBG("Setting up ATTR_SECURITY_SETTINGS"); FAPI_TRY(FAPI_ATTR_SET(fapi2::ATTR_SECURE_SETTINGS, FAPI_SYSTEM, l_secure_settings.data8)); } |