summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorMike Baiocchi <mbaiocch@us.ibm.com>2017-05-30 07:40:20 -0500
committerSachin Gupta <sgupta2m@in.ibm.com>2017-06-07 00:02:06 -0400
commitf3be129ba3c9be22c90c5502a2317ac284ffe5df (patch)
tree7fbb98a61780c791959f63c2a0482c741ecf4445 /src
parente7bc187c7d48108c96391122975e2be3c20d7d3f (diff)
downloadtalos-sbe-f3be129ba3c9be22c90c5502a2317ac284ffe5df.tar.gz
talos-sbe-f3be129ba3c9be22c90c5502a2317ac284ffe5df.zip
Check Scratch Register 3 bit 7 and set new ATTR_SECURE_SETTINGS
Change-Id: Ia125ce6fdf5a15acf30a11e3124fae86c645d96c RTC:163094 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/41107 Reviewed-by: Thi N. Tran <thi@us.ibm.com> Reviewed-by: Sachin Gupta <sgupta2m@in.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: PPE CI <ppe-ci+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: Hostboot CI <hostboot-ci+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Matt K. Light <mklight@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-by: Jennifer A. Stofer <stofer@us.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/41110 Reviewed-by: Hostboot Team <hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Diffstat (limited to 'src')
-rw-r--r--src/import/chips/p9/procedures/hwp/nest/p9_sbe_hb_structures.H16
-rw-r--r--src/import/chips/p9/procedures/hwp/nest/p9_sbe_load_bootloader.C15
-rw-r--r--src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C19
-rw-r--r--src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_attributes.xml4
-rw-r--r--src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_load_bootloader_attributes.xml15
5 files changed, 57 insertions, 12 deletions
diff --git a/src/import/chips/p9/procedures/hwp/nest/p9_sbe_hb_structures.H b/src/import/chips/p9/procedures/hwp/nest/p9_sbe_hb_structures.H
index b8b426e8..38ce24c1 100644
--- a/src/import/chips/p9/procedures/hwp/nest/p9_sbe_hb_structures.H
+++ b/src/import/chips/p9/procedures/hwp/nest/p9_sbe_hb_structures.H
@@ -59,6 +59,20 @@ enum SbeBootloaderVersion
MMIO_BARS_ADDED = 0x00090003,
};
+union BootloaderSecureSettings
+{
+ uint8_t data8;
+ struct
+ {
+ // Bit Breakdown - sync with ATTR_SECURE_SETTINGS
+ uint8_t reserved : 5; // reserved
+ uint8_t allowAttrOverrides : 1; // Allow Attribute Overrides in
+ // Secure Mode
+ uint8_t securityOverride : 1; // Security Override
+ uint8_t secureAccessBit : 1; // Secure Access Bit
+ } __attribute__((packed));
+};
+
// Structure starts at the bootloader zero address
struct BootloaderConfigData_t
{
@@ -67,7 +81,7 @@ struct BootloaderConfigData_t
uint8_t pnorBootSide; // byte 9 0=PNOR side A, 1=PNOR side B [ATTR_PNOR_BOOT_SIDE]
uint16_t pnorSizeMB; // bytes 10:11 Size of PNOR in MB [ATTR_PNOR_SIZE]
uint64_t blLoadSize; // bytes 12:19 Size of Load (Exception vectors and Bootloader)
- uint8_t secureAccessBit; // byte 20
+ BootloaderSecureSettings secureSettings ; // byte 20
uint64_t xscomBAR; // bytes 21:28 XSCOM MMIO BAR
uint64_t lpcBAR; // bytes 29:36 LPC MMIO BAR
};
diff --git a/src/import/chips/p9/procedures/hwp/nest/p9_sbe_load_bootloader.C b/src/import/chips/p9/procedures/hwp/nest/p9_sbe_load_bootloader.C
index 46641c8e..b4138e1e 100644
--- a/src/import/chips/p9/procedures/hwp/nest/p9_sbe_load_bootloader.C
+++ b/src/import/chips/p9/procedures/hwp/nest/p9_sbe_load_bootloader.C
@@ -203,10 +203,13 @@ fapi2::ReturnCode p9_sbe_load_bootloader(
// Pass size of load including exception vectors and Bootloader
l_bootloader_config_data.blLoadSize = l_exception_vector_size + i_payload_size;
- // Get Secure Access Bit
- FAPI_TRY(fapi2::getScom(i_master_chip_target, PERV_CBS_CS_SCOM, l_dataBuf),
- "fapiGetScom of PERV_CBS_CS_SCOM failed");
- l_bootloader_config_data.secureAccessBit = l_dataBuf.getBit<4>() ? 1 : 0;
+ // Set Secure Settings Byte
+ FAPI_TRY(FAPI_ATTR_GET(fapi2::ATTR_SECURE_SETTINGS, FAPI_SYSTEM, l_bootloader_config_data.secureSettings.data8));
+
+ // -- re-read Secure Access Bit in case it's changed
+ FAPI_TRY(fapi2::getScom(i_master_chip_target, PERV_CBS_CS_SCOM, l_dataBuf));
+
+ l_bootloader_config_data.secureSettings.secureAccessBit = l_dataBuf.getBit<4>() ? 1 : 0;
l_dataBuf.flush<0>();
// fill in MMIO BARs
@@ -288,10 +291,10 @@ fapi2::ReturnCode p9_sbe_load_bootloader(
{
l_data_to_pass_to_pba_array[i] = (l_bootloader_config_data.blLoadSize >> (56 - 8 * ((i - 12) % 8))) & 0xFF;
}
- //At address X + 0x14 (20) put the secure access bit
+ //At address X + 0x14 (20) put the secure access byte
else if (i == 20)
{
- l_data_to_pass_to_pba_array[i] = l_bootloader_config_data.secureAccessBit;
+ l_data_to_pass_to_pba_array[i] = l_bootloader_config_data.secureSettings.data8;
}
//At address X + 0x1B (21-28) put the XSCOM BAR
else if (i < 29)
diff --git a/src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C b/src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C
index 6fb2e78a..5c09e9e1 100644
--- a/src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C
+++ b/src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C
@@ -38,7 +38,7 @@
//## auto_generated
#include "p9_sbe_attr_setup.H"
-
+#include <p9_sbe_hb_structures.H>
#include <p9_perv_scom_addresses.H>
enum P9_SETUP_SBE_CONFIG_scratch4
@@ -118,12 +118,13 @@ fapi2::ReturnCode p9_sbe_attr_setup(const
//set_security_access
{
fapi2::buffer<uint64_t> l_read_reg;
+ BootloaderSecureSettings l_secure_settings;
+ l_secure_settings.data8 = 0;
FAPI_DBG("Reading ATTR_SECURITY_MODE");
FAPI_TRY(FAPI_ATTR_GET(fapi2::ATTR_SECURITY_MODE, FAPI_SYSTEM, l_read_1));
//Getting CBS_CS register value
- FAPI_TRY(fapi2::getScom(i_target_chip, PERV_CBS_CS_SCOM,
- l_read_reg));
+ FAPI_TRY(fapi2::getScom(i_target_chip, PERV_CBS_CS_SCOM, l_read_reg));
if ( (!l_read_1) // Security override possible
&& (l_read_scratch8.getBit<2>()) ) // scratch 3 is valid
@@ -141,14 +142,24 @@ fapi2::ReturnCode p9_sbe_attr_setup(const
l_read_reg.clearBit<4>(); //PIB.CBS_CS.CBS_CS_SECURE_ACCESS_BIT = 0
FAPI_TRY(fapi2::putScom(i_target_chip, PERV_CBS_CS_SCOM, l_read_reg));
}
+
+ FAPI_DBG("Copying mailbox scratch register 3 bits 6,7 to "
+ "ATTR_SECURE_SETTINGS");
+ l_secure_settings.securityOverride = l_read_scratch_reg.getBit<6>();
+ l_secure_settings.allowAttrOverrides = l_read_scratch_reg.getBit<7>();
}
+ // Include the Secure Access Bit now, but will double check before
+ // setting bootloader data later
+ l_secure_settings.secureAccessBit = l_read_reg.getBit<4>();
+ FAPI_DBG("Setting up ATTR_SECURITY_SETTINGS");
+ FAPI_TRY(FAPI_ATTR_SET(fapi2::ATTR_SECURE_SETTINGS, FAPI_SYSTEM, l_secure_settings.data8));
+
l_read_1 = 0;
l_read_1.writeBit<7>(l_read_reg.getBit<4>());
FAPI_DBG("Setting ATTR_SECURITY_ENABLE with the SAB state");
FAPI_TRY(FAPI_ATTR_SET(fapi2::ATTR_SECURITY_ENABLE, FAPI_SYSTEM, l_read_1));
-
}
//read_scratch1_reg
{
diff --git a/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_attributes.xml b/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_attributes.xml
index e00c1e77..6558a63b 100644
--- a/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_attributes.xml
+++ b/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_attributes.xml
@@ -253,6 +253,10 @@
<name>ATTR_SBE_BOOT_SIDE</name>
<value>0x00</value>
</entry>
+ <entry>
+ <name>ATTR_SECURE_SETTINGS</name>
+ <value>0x00</value>
+ </entry>
<!-- TODO we need to change this once the absolute address is known -->
<entry>
<name>ATTR_SBE_HBBL_EXCEPTION_INSTRUCT</name>
diff --git a/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_load_bootloader_attributes.xml b/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_load_bootloader_attributes.xml
index c593b80a..3fd1c8ce 100644
--- a/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_load_bootloader_attributes.xml
+++ b/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_load_bootloader_attributes.xml
@@ -5,7 +5,7 @@
<!-- -->
<!-- OpenPOWER sbe Project -->
<!-- -->
-<!-- Contributors Listed Below - COPYRIGHT 2015,2016 -->
+<!-- Contributors Listed Below - COPYRIGHT 2015,2017 -->
<!-- [+] International Business Machines Corp. -->
<!-- -->
<!-- -->
@@ -78,6 +78,19 @@
<initToZero/>
</attribute>
<attribute>
+ <id>ATTR_SECURE_SETTINGS</id>
+ <targetType>TARGET_TYPE_SYSTEM</targetType>
+ <description>Byte collecting Security Overrides
+ bits 0:4 - reserved
+ bit 5 - Allow Attribute Overrides in Securemode
+ bit 6 - Override Security Setting
+ bit 7 - Secure Access Bit
+ </description>
+ <valueType>uint8</valueType>
+ <writeable/>
+ <initToZero/>
+</attribute>
+<attribute>
<id>ATTR_SBE_HBBL_EXCEPTION_INSTRUCT</id>
<targetType>TARGET_TYPE_SYSTEM</targetType>
<description>Instruction for exception vector that will be put into the exception vector if not 0</description>
OpenPOWER on IntegriCloud