diff options
author | spashabk-in <shakeebbk@in.ibm.com> | 2017-08-22 06:35:07 -0500 |
---|---|---|
committer | Sachin Gupta <sgupta2m@in.ibm.com> | 2017-09-06 07:54:36 -0400 |
commit | 75a82b734c4c5aaa274ed8e90401b00fa0e5df95 (patch) | |
tree | f185ce7c246a7ddbe4dd1fa5d73558af4caaaaef /src/sbefw/sbeSecureMemRegionManager.C | |
parent | 708be51a63b378eb92a85e30661f77cbaf0d8807 (diff) | |
download | talos-sbe-75a82b734c4c5aaa274ed8e90401b00fa0e5df95.tar.gz talos-sbe-75a82b734c4c5aaa274ed8e90401b00fa0e5df95.zip |
SBE FW security switch
Implement SBE firmware security switch
based on ATTR_SECURITY_ENABLE
Change-Id: I435aad38c59e80c81925bd1f4b109aafd1993b1c
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/44959
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Sachin Gupta <sgupta2m@in.ibm.com>
Diffstat (limited to 'src/sbefw/sbeSecureMemRegionManager.C')
-rw-r--r-- | src/sbefw/sbeSecureMemRegionManager.C | 49 |
1 files changed, 27 insertions, 22 deletions
diff --git a/src/sbefw/sbeSecureMemRegionManager.C b/src/sbefw/sbeSecureMemRegionManager.C index 189ee56b..27bd0f66 100644 --- a/src/sbefw/sbeSecureMemRegionManager.C +++ b/src/sbefw/sbeSecureMemRegionManager.C @@ -6,6 +6,7 @@ /* OpenPOWER sbe Project */ /* */ /* Contributors Listed Below - COPYRIGHT 2017 */ +/* [+] International Business Machines Corp. */ /* */ /* */ /* Licensed under the Apache License, Version 2.0 (the "License"); */ @@ -24,6 +25,7 @@ #include "sbeSecureMemRegionManager.H" #include "sbetrace.H" #include "sbeutil.H" +#include "sbeglobals.H" #ifndef __SBEFW_SEEPROM__ @@ -154,30 +156,33 @@ sbeSecondaryResponse SBESecureMemRegionManager::isAccessAllowed( { #define SBE_FUNC "SBESecureMemRegionManager::isAccessAllowed" sbeSecondaryResponse rc = SBE_SEC_OPERATION_SUCCESSFUL; - while(i_region.size > 0) + if(SBE_GLOBAL->sbeFWSecurityEnabled) { - secureMemRegion_t foundregion = getPartialRegionSize(i_region); - // Check if the found region has allowable access level - // and that the region overlap is from the beginning itself - if((i_region.mode & foundregion.mode) && - (i_region.startAddress == foundregion.startAddress)) + while(i_region.size > 0) { - SBE_INFO(SBE_FUNC" foundRegion Mem[0x%08X%08X], size[0x%08X]", - SBE::higher32BWord(foundregion.startAddress), - SBE::lower32BWord(foundregion.startAddress), - foundregion.size); - i_region.size -= foundregion.size; - i_region.startAddress += foundregion.size; - } - else - { - SBE_ERROR(SBE_FUNC" Non secure access to memory blocked " - "Addr[0x%08X%08X] Size[0x%08X]", - SBE::higher32BWord(i_region.startAddress), - SBE::lower32BWord(i_region.startAddress), - i_region.size); - rc = SBE_SEC_BLACKLISTED_MEM_ACCESS; - break; + secureMemRegion_t foundregion = getPartialRegionSize(i_region); + // Check if the found region has allowable access level + // and that the region overlap is from the beginning itself + if((i_region.mode & foundregion.mode) && + (i_region.startAddress == foundregion.startAddress)) + { + SBE_INFO(SBE_FUNC" foundRegion Mem[0x%08X%08X], size[0x%08X]", + SBE::higher32BWord(foundregion.startAddress), + SBE::lower32BWord(foundregion.startAddress), + foundregion.size); + i_region.size -= foundregion.size; + i_region.startAddress += foundregion.size; + } + else + { + SBE_ERROR(SBE_FUNC" Non secure access to memory blocked " + "Addr[0x%08X%08X] Size[0x%08X]", + SBE::higher32BWord(i_region.startAddress), + SBE::lower32BWord(i_region.startAddress), + i_region.size); + rc = SBE_SEC_BLACKLISTED_MEM_ACCESS; + break; + } } } return rc; |