summaryrefslogtreecommitdiffstats
path: root/src/sbefw/core
diff options
context:
space:
mode:
authorspashabk-in <shakeebbk@in.ibm.com>2018-01-23 05:19:54 -0600
committerSachin Gupta <sgupta2m@in.ibm.com>2018-03-06 10:38:27 -0500
commit8e9d92bf3c8fc86ad2885db215ac9e87dcb6dceb (patch)
tree3b57400140a90d1bb3a323bfbf8af7c462b7fcca /src/sbefw/core
parent160637c9e837f942480db4db7809123e91b2912a (diff)
downloadtalos-sbe-8e9d92bf3c8fc86ad2885db215ac9e87dcb6dceb.tar.gz
talos-sbe-8e9d92bf3c8fc86ad2885db215ac9e87dcb6dceb.zip
Check for disable scom filtering bit
Disable scom filtering if the scom filtering disable bit is set Change-Id: I866275da3b05d340636e5e847eb63e14b3a67937 cmvc-prereq: 1046050 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/53854 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: RAJA DAS <rajadas2@in.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/52428 Reviewed-by: Sachin Gupta <sgupta2m@in.ibm.com>
Diffstat (limited to 'src/sbefw/core')
-rw-r--r--src/sbefw/core/sbe_sp_intf.H1
-rw-r--r--src/sbefw/core/sberegaccess.H19
-rw-r--r--src/sbefw/core/sbeutil.H15
3 files changed, 30 insertions, 5 deletions
diff --git a/src/sbefw/core/sbe_sp_intf.H b/src/sbefw/core/sbe_sp_intf.H
index 4b6c7704..76895ae3 100644
--- a/src/sbefw/core/sbe_sp_intf.H
+++ b/src/sbefw/core/sbe_sp_intf.H
@@ -221,6 +221,7 @@ enum sbeSecondaryResponse
SBE_SEC_BLACKLISTED_CHIPOP_ACCESS = 0x20,
SBE_SEC_DMT_TIMEOUT = 0x21,
SBE_SEC_SYSTEM_CHECKSTOP = 0x22,
+ SBE_SEC_BLACKLISTED_REG_ACCESS_BLOCKED = 0x23,
};
/**
diff --git a/src/sbefw/core/sberegaccess.H b/src/sbefw/core/sberegaccess.H
index cff354b3..62d07d41 100644
--- a/src/sbefw/core/sberegaccess.H
+++ b/src/sbefw/core/sberegaccess.H
@@ -35,6 +35,7 @@
#include <stdint.h>
#include "sbestates.H"
#include "sbeevents.H"
+#include "fapi2.H"
/**
* @brief Utility singleton that SBEFW can use to read write various scratch
@@ -257,6 +258,19 @@ class SbeRegAccess
*/
bool isSbeRegressionBit();
+ /*
+ * @brief Get disable scom filtering bit
+ *
+ * @return scom filtering disable allowed
+ */
+ bool disableScomFiltering()
+ {
+ fapi2::Target<fapi2::TARGET_TYPE_SYSTEM> FAPI_SYSTEM;
+ uint8_t readData;
+ FAPI_ATTR_GET(fapi2::ATTR_SECURITY_MODE, FAPI_SYSTEM, readData);
+ return (!readData &&
+ iv_disableScomFiltering);
+ }
private:
/**
@@ -275,9 +289,10 @@ class SbeRegAccess
uint64_t iv_fspAttached : 1;
uint64_t iv_collectFFDC : 1;
uint64_t iv_sendFFDC : 1;
- uint64_t iv_mbx3DontCare1 : 6;
+ uint64_t iv_mbx3DontCare1 : 5;
+ uint64_t iv_disableScomFiltering : 1;
uint64_t iv_disableInvalidScomAddrCheck : 1;
- uint64_t iv_mbx3DontCare : 19;
+ uint64_t iv_mbx3DontCare2 : 19;
uint64_t iv_mbx3Unused : 32;
};
uint64_t iv_mbx3;
diff --git a/src/sbefw/core/sbeutil.H b/src/sbefw/core/sbeutil.H
index 9528eabd..73850ff7 100644
--- a/src/sbefw/core/sbeutil.H
+++ b/src/sbefw/core/sbeutil.H
@@ -49,10 +49,19 @@ if ((l_rc) != SBE_SEC_OPERATION_SUCCESSFUL) \
#define CHECK_SBE_SECURITY_RC_AND_BREAK_IF_NOT_SUCCESS(addr, op, resp) \
if (!SBE_SECURITY::isAllowed(addr, op)) \
{ \
- resp->setStatus(SBE_PRI_UNSECURE_ACCESS_DENIED, \
- SBE_SEC_BLACKLISTED_REG_ACCESS); \
/* TODO via RTC 180983:Enable this once the BL/WL registers are settled */ \
- /*break;*/ \
+ if(SbeRegAccess::theSbeRegAccess().disableScomFiltering()) \
+ { \
+ /* security override possible && scom filtering disabled */ \
+ resp->setStatus(SBE_PRI_UNSECURE_ACCESS_DENIED, \
+ SBE_SEC_BLACKLISTED_REG_ACCESS); \
+ } \
+ else \
+ { \
+ resp->setStatus(SBE_PRI_UNSECURE_ACCESS_DENIED, \
+ SBE_SEC_BLACKLISTED_REG_ACCESS_BLOCKED); \
+ break; \
+ } \
}
#define mfdec() \
OpenPOWER on IntegriCloud