summaryrefslogtreecommitdiffstats
path: root/src/sbefw
diff options
context:
space:
mode:
authorspashabk-in <shakeebbk@in.ibm.com>2017-11-29 05:03:30 -0600
committerSachin Gupta <sgupta2m@in.ibm.com>2017-12-14 23:55:39 -0500
commitb69dc93d5b0334616388745028d039f9e7154916 (patch)
treea5bb515e5ae4816eee6eb0cd4a5b91ceaf933925 /src/sbefw
parent29a1f8977c0c89a40bff5ecf6c399a9b849cd594 (diff)
downloadtalos-sbe-b69dc93d5b0334616388745028d039f9e7154916.tar.gz
talos-sbe-b69dc93d5b0334616388745028d039f9e7154916.zip
Chip-op filtering
Implement chip-op filtering in secure mode Change-Id: Ia7d18de28b387615e5c61bc9693229c168f2d418 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/50128 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: AMIT J. TENDOLKAR <amit.tendolkar@in.ibm.com> Reviewed-by: Sachin Gupta <sgupta2m@in.ibm.com>
Diffstat (limited to 'src/sbefw')
-rw-r--r--src/sbefw/sbe_sp_intf.H1
-rw-r--r--src/sbefw/sbecmdparser.C29
-rw-r--r--src/sbefw/sbecmdparser.H36
-rw-r--r--src/sbefw/sbecmdprocessor.C2
-rw-r--r--src/sbefw/sbecmdreceiver.C21
5 files changed, 64 insertions, 25 deletions
diff --git a/src/sbefw/sbe_sp_intf.H b/src/sbefw/sbe_sp_intf.H
index 8584269b..8c66a096 100644
--- a/src/sbefw/sbe_sp_intf.H
+++ b/src/sbefw/sbe_sp_intf.H
@@ -218,6 +218,7 @@ enum sbeSecondaryResponse
SBE_SEC_MEM_REGION_AMEND_ATTEMPTED = 0x17,
SBE_SEC_INPUT_BUFFER_OVERFLOW = 0x18,
SBE_SEC_INVALID_PARAMS = 0x19,
+ SBE_SEC_BLACKLISTED_CHIPOP_ACCESS = 0x20,
};
/**
diff --git a/src/sbefw/sbecmdparser.C b/src/sbefw/sbecmdparser.C
index ba6b1e5a..73963936 100644
--- a/src/sbefw/sbecmdparser.C
+++ b/src/sbefw/sbecmdparser.C
@@ -50,6 +50,7 @@
#include "sbecmdtracearray.H"
#include "sbecmdCntrlTimer.H"
#include "sbecmdfastarray.H"
+#include "sbeglobals.H"
// Declaration
static const uint16_t HARDWARE_FENCED_STATE =
@@ -170,12 +171,12 @@ static sbeCmdStruct_t g_sbeRegAccessCmdArray [] =
{
{sbeGetReg,
SBE_CMD_GETREG,
- HARDWARE_FENCED_STATE,
+ HARDWARE_FENCED_STATE | SBE_FENCE_AT_SECURE_MODE,
},
{sbePutReg,
SBE_CMD_PUTREG,
- PUT_HARDWARE_FENCED_STATE,
+ PUT_HARDWARE_FENCED_STATE | SBE_FENCE_AT_SECURE_MODE,
},
};
@@ -475,11 +476,12 @@ uint8_t sbeValidateCmdClass (const uint8_t i_cmdClass,
////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////
-bool sbeIsCmdAllowedAtState (const uint8_t i_cmdClass,
- const uint8_t i_cmdOpcode)
+sbeChipOpRc_t sbeIsCmdAllowed (const uint8_t i_cmdClass,
+ const uint8_t i_cmdOpcode)
{
#define SBE_FUNC " sbeIsCmdAllowedAtState "
bool l_ret = true;
+ sbeChipOpRc_t retRc;
uint8_t l_numCmds = 0;
sbeCmdStruct_t *l_pCmd = NULL;
l_numCmds = sbeGetCmdStructAttr (i_cmdClass, &l_pCmd);
@@ -555,10 +557,25 @@ bool sbeIsCmdAllowedAtState (const uint8_t i_cmdClass,
l_ret = false;
break;
}
+
+ if(false == l_ret)
+ {
+ retRc.primStatus = SBE_PRI_INVALID_COMMAND;
+ retRc.secStatus = SBE_SEC_COMMAND_NOT_ALLOWED_IN_THIS_STATE;
+ break;
+ }
+ // Check if the command is allowed in current security mode
+ if((SBE_GLOBAL->sbeFWSecurityEnabled)
+ && (SBE_FENCE_AT_SECURE_MODE & l_pCmd->cmd_state_fence))
+ {
+ retRc.primStatus = SBE_PRI_UNSECURE_ACCESS_DENIED;
+ retRc.secStatus = SBE_SEC_BLACKLISTED_CHIPOP_ACCESS;
+ break;
+ }
+ break;
}
}
- // For any other state, which is not handled above, return from here
- return l_ret;
+ return retRc;
#undef SBE_FUNC
}
diff --git a/src/sbefw/sbecmdparser.H b/src/sbefw/sbecmdparser.H
index 7ecffb07..f969aec2 100644
--- a/src/sbefw/sbecmdparser.H
+++ b/src/sbefw/sbecmdparser.H
@@ -5,7 +5,7 @@
/* */
/* OpenPOWER sbe Project */
/* */
-/* Contributors Listed Below - COPYRIGHT 2015,2016 */
+/* Contributors Listed Below - COPYRIGHT 2015,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
@@ -33,7 +33,24 @@
#define __SBEFW_SBECMDPARSER_H
#include <stdint.h>
+#include "sbe_sp_intf.H"
+// Chip-op response codes
+typedef struct sbeChipOpRc
+{
+ sbePrimResponse primStatus;
+ sbeSecondaryResponse secStatus;
+
+ sbeChipOpRc():primStatus(SBE_PRI_OPERATION_SUCCESSFUL),
+ secStatus(SBE_SEC_OPERATION_SUCCESSFUL)
+ {}
+
+ bool success()
+ {
+ return (primStatus == SBE_PRI_OPERATION_SUCCESSFUL) &&
+ (secStatus == SBE_SEC_OPERATION_SUCCESSFUL);
+ }
+} sbeChipOpRc_t;
/**
* @brief SBE Command structure associating an opcode of a command
@@ -42,10 +59,10 @@
*/
typedef uint32_t (*sbeChipOpFunc_t) (uint8_t *i_pArg);
-typedef struct {
- sbeChipOpFunc_t cmd_func; /* Command function pointer */
- uint8_t cmd_opcode; /* Command opcode */
- uint16_t cmd_state_fence; /* Command fencing based on SBE state */
+typedef struct sbeCmdStruct {
+ sbeChipOpFunc_t cmd_func; /* Command function pointer */
+ uint8_t cmd_opcode; /* Command opcode */
+ uint16_t cmd_state_fence; /* Command fencing based on SBE state */
} sbeCmdStruct_t;
/**
@@ -62,6 +79,7 @@ enum sbe_command_fence_attrs
SBE_FENCE_AT_RUNTIME = 0x0010, ///< Fence off at Runtime state
SBE_FENCE_AT_QUIESCE = 0x0020, ///< Fense off at Quiesce state
SBE_FENCE_AT_DMT = 0x0040, ///< Fense off at DMT state
+ SBE_FENCE_AT_SECURE_MODE = 0x0080, ///< Fense off in secure mode
};
/**
@@ -79,16 +97,16 @@ uint8_t sbeValidateCmdClass (const uint8_t i_cmdClass,
const uint8_t i_cmdOpcode);
/**
- * @brief sbeIsCmdAllowedAtState Validates if the command is allowed
+ * @brief sbeIsCmdAllowed Validates if the command is allowed
* at the current SBE state
*
* @param[in] i_cmdClass Command class code
* @param[in] i_cmdOpcode Command opcode
*
- * @return true command is allowed at the current state
- * false command is not allowed at the current state
+ * @return sbeChipOpRc_t Indicating primary and secondary status of
+ * chip-op
*/
-bool sbeIsCmdAllowedAtState (const uint8_t i_cmdClass,
+sbeChipOpRc_t sbeIsCmdAllowed (const uint8_t i_cmdClass,
const uint8_t i_cmdOpcode);
diff --git a/src/sbefw/sbecmdprocessor.C b/src/sbefw/sbecmdprocessor.C
index 1f47dd6b..a0cea086 100644
--- a/src/sbefw/sbecmdprocessor.C
+++ b/src/sbefw/sbecmdprocessor.C
@@ -67,6 +67,7 @@ void sbeHandlePsuResponse (const uint32_t i_rc)
case SBE_SEC_COMMAND_CLASS_NOT_SUPPORTED:
case SBE_SEC_COMMAND_NOT_SUPPORTED:
case SBE_SEC_COMMAND_NOT_ALLOWED_IN_THIS_STATE:
+ case SBE_SEC_BLACKLISTED_CHIPOP_ACCESS:
// Caller sent an invalid Command class/opcode
// Set the Ack bit in SBE->PSU DB register
l_rc = sbeAcknowledgeHost();
@@ -149,6 +150,7 @@ void sbeHandleFifoResponse (const uint32_t i_rc)
case SBE_SEC_COMMAND_CLASS_NOT_SUPPORTED:
case SBE_SEC_COMMAND_NOT_SUPPORTED:
case SBE_SEC_COMMAND_NOT_ALLOWED_IN_THIS_STATE:
+ case SBE_SEC_BLACKLISTED_CHIPOP_ACCESS:
// Caller sent Invalid Command
case SBE_SEC_OS_FAILURE:
diff --git a/src/sbefw/sbecmdreceiver.C b/src/sbefw/sbecmdreceiver.C
index 5883ebed..c8459dcd 100644
--- a/src/sbefw/sbecmdreceiver.C
+++ b/src/sbefw/sbecmdreceiver.C
@@ -201,28 +201,29 @@ void sbeCommandReceiver_routine(void *i_pArg)
// Need to return from receiver thread itself for fenced rejection
// of command, but there might be contention on the response sent
// over FIFO/Mailbox usage.
- if(false == sbeIsCmdAllowedAtState(l_cmdClass, l_command))
+ sbeChipOpRc_t cmdAllowedStatus = sbeIsCmdAllowed(l_cmdClass, l_command);
+ if( !cmdAllowedStatus.success() && !SBE::isSimicsRunning() )
{
- // This command is not allowed in this state
- SBE_ERROR("Chip-Op CmdClass[0x%02X] Cmd[0x%02X] not allowed in "
- "State - [0x%04X] ",l_cmdClass,l_command,
+ SBE_ERROR("Chip-Op CmdClass[0x%02X] Cmd[0x%02X] not allowed "
+ "secondary status[0x%04X] State - [0x%02X]",
+ l_cmdClass,l_command,
+ cmdAllowedStatus.secStatus,
SbeRegAccess::theSbeRegAccess().getSbeState());
if ( SBE_INTERFACE_PSU == curInterface )
{
- SBE_GLOBAL->sbeSbe2PsuRespHdr.setStatus(SBE_PRI_INVALID_COMMAND,
- SBE_SEC_COMMAND_NOT_ALLOWED_IN_THIS_STATE);
+ SBE_GLOBAL->sbeSbe2PsuRespHdr.setStatus(cmdAllowedStatus.primStatus,
+ cmdAllowedStatus.secStatus);
}
else if ( SBE_INTERFACE_FIFO == curInterface )
{
- SBE_GLOBAL->sbeCmdRespHdr.setStatus(SBE_PRI_INVALID_COMMAND,
- SBE_SEC_COMMAND_NOT_ALLOWED_IN_THIS_STATE);
+ SBE_GLOBAL->sbeCmdRespHdr.setStatus(cmdAllowedStatus.primStatus,
+ cmdAllowedStatus.secStatus);
}
- l_rc = SBE_SEC_COMMAND_NOT_ALLOWED_IN_THIS_STATE;
+ l_rc = cmdAllowedStatus.secStatus;
break;
}
-
} while (false); // Inner do..while ends
SBE_GLOBAL->sbeIntrSource.setIntrSource(SBE_RX_ROUTINE, curInterface );
OpenPOWER on IntegriCloud