diff options
author | Mike Baiocchi <mbaiocch@us.ibm.com> | 2017-05-30 07:40:20 -0500 |
---|---|---|
committer | Sachin Gupta <sgupta2m@in.ibm.com> | 2017-06-07 00:02:06 -0400 |
commit | f3be129ba3c9be22c90c5502a2317ac284ffe5df (patch) | |
tree | 7fbb98a61780c791959f63c2a0482c741ecf4445 /src | |
parent | e7bc187c7d48108c96391122975e2be3c20d7d3f (diff) | |
download | talos-sbe-f3be129ba3c9be22c90c5502a2317ac284ffe5df.tar.gz talos-sbe-f3be129ba3c9be22c90c5502a2317ac284ffe5df.zip |
Check Scratch Register 3 bit 7 and set new ATTR_SECURE_SETTINGS
Change-Id: Ia125ce6fdf5a15acf30a11e3124fae86c645d96c
RTC:163094
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/41107
Reviewed-by: Thi N. Tran <thi@us.ibm.com>
Reviewed-by: Sachin Gupta <sgupta2m@in.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: PPE CI <ppe-ci+hostboot@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Tested-by: Hostboot CI <hostboot-ci+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Matt K. Light <mklight@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Reviewed-by: Jennifer A. Stofer <stofer@us.ibm.com>
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/41110
Reviewed-by: Hostboot Team <hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Diffstat (limited to 'src')
5 files changed, 57 insertions, 12 deletions
diff --git a/src/import/chips/p9/procedures/hwp/nest/p9_sbe_hb_structures.H b/src/import/chips/p9/procedures/hwp/nest/p9_sbe_hb_structures.H index b8b426e8..38ce24c1 100644 --- a/src/import/chips/p9/procedures/hwp/nest/p9_sbe_hb_structures.H +++ b/src/import/chips/p9/procedures/hwp/nest/p9_sbe_hb_structures.H @@ -59,6 +59,20 @@ enum SbeBootloaderVersion MMIO_BARS_ADDED = 0x00090003, }; +union BootloaderSecureSettings +{ + uint8_t data8; + struct + { + // Bit Breakdown - sync with ATTR_SECURE_SETTINGS + uint8_t reserved : 5; // reserved + uint8_t allowAttrOverrides : 1; // Allow Attribute Overrides in + // Secure Mode + uint8_t securityOverride : 1; // Security Override + uint8_t secureAccessBit : 1; // Secure Access Bit + } __attribute__((packed)); +}; + // Structure starts at the bootloader zero address struct BootloaderConfigData_t { @@ -67,7 +81,7 @@ struct BootloaderConfigData_t uint8_t pnorBootSide; // byte 9 0=PNOR side A, 1=PNOR side B [ATTR_PNOR_BOOT_SIDE] uint16_t pnorSizeMB; // bytes 10:11 Size of PNOR in MB [ATTR_PNOR_SIZE] uint64_t blLoadSize; // bytes 12:19 Size of Load (Exception vectors and Bootloader) - uint8_t secureAccessBit; // byte 20 + BootloaderSecureSettings secureSettings ; // byte 20 uint64_t xscomBAR; // bytes 21:28 XSCOM MMIO BAR uint64_t lpcBAR; // bytes 29:36 LPC MMIO BAR }; diff --git a/src/import/chips/p9/procedures/hwp/nest/p9_sbe_load_bootloader.C b/src/import/chips/p9/procedures/hwp/nest/p9_sbe_load_bootloader.C index 46641c8e..b4138e1e 100644 --- a/src/import/chips/p9/procedures/hwp/nest/p9_sbe_load_bootloader.C +++ b/src/import/chips/p9/procedures/hwp/nest/p9_sbe_load_bootloader.C @@ -203,10 +203,13 @@ fapi2::ReturnCode p9_sbe_load_bootloader( // Pass size of load including exception vectors and Bootloader l_bootloader_config_data.blLoadSize = l_exception_vector_size + i_payload_size; - // Get Secure Access Bit - FAPI_TRY(fapi2::getScom(i_master_chip_target, PERV_CBS_CS_SCOM, l_dataBuf), - "fapiGetScom of PERV_CBS_CS_SCOM failed"); - l_bootloader_config_data.secureAccessBit = l_dataBuf.getBit<4>() ? 1 : 0; + // Set Secure Settings Byte + FAPI_TRY(FAPI_ATTR_GET(fapi2::ATTR_SECURE_SETTINGS, FAPI_SYSTEM, l_bootloader_config_data.secureSettings.data8)); + + // -- re-read Secure Access Bit in case it's changed + FAPI_TRY(fapi2::getScom(i_master_chip_target, PERV_CBS_CS_SCOM, l_dataBuf)); + + l_bootloader_config_data.secureSettings.secureAccessBit = l_dataBuf.getBit<4>() ? 1 : 0; l_dataBuf.flush<0>(); // fill in MMIO BARs @@ -288,10 +291,10 @@ fapi2::ReturnCode p9_sbe_load_bootloader( { l_data_to_pass_to_pba_array[i] = (l_bootloader_config_data.blLoadSize >> (56 - 8 * ((i - 12) % 8))) & 0xFF; } - //At address X + 0x14 (20) put the secure access bit + //At address X + 0x14 (20) put the secure access byte else if (i == 20) { - l_data_to_pass_to_pba_array[i] = l_bootloader_config_data.secureAccessBit; + l_data_to_pass_to_pba_array[i] = l_bootloader_config_data.secureSettings.data8; } //At address X + 0x1B (21-28) put the XSCOM BAR else if (i < 29) diff --git a/src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C b/src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C index 6fb2e78a..5c09e9e1 100644 --- a/src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C +++ b/src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C @@ -38,7 +38,7 @@ //## auto_generated #include "p9_sbe_attr_setup.H" - +#include <p9_sbe_hb_structures.H> #include <p9_perv_scom_addresses.H> enum P9_SETUP_SBE_CONFIG_scratch4 @@ -118,12 +118,13 @@ fapi2::ReturnCode p9_sbe_attr_setup(const //set_security_access { fapi2::buffer<uint64_t> l_read_reg; + BootloaderSecureSettings l_secure_settings; + l_secure_settings.data8 = 0; FAPI_DBG("Reading ATTR_SECURITY_MODE"); FAPI_TRY(FAPI_ATTR_GET(fapi2::ATTR_SECURITY_MODE, FAPI_SYSTEM, l_read_1)); //Getting CBS_CS register value - FAPI_TRY(fapi2::getScom(i_target_chip, PERV_CBS_CS_SCOM, - l_read_reg)); + FAPI_TRY(fapi2::getScom(i_target_chip, PERV_CBS_CS_SCOM, l_read_reg)); if ( (!l_read_1) // Security override possible && (l_read_scratch8.getBit<2>()) ) // scratch 3 is valid @@ -141,14 +142,24 @@ fapi2::ReturnCode p9_sbe_attr_setup(const l_read_reg.clearBit<4>(); //PIB.CBS_CS.CBS_CS_SECURE_ACCESS_BIT = 0 FAPI_TRY(fapi2::putScom(i_target_chip, PERV_CBS_CS_SCOM, l_read_reg)); } + + FAPI_DBG("Copying mailbox scratch register 3 bits 6,7 to " + "ATTR_SECURE_SETTINGS"); + l_secure_settings.securityOverride = l_read_scratch_reg.getBit<6>(); + l_secure_settings.allowAttrOverrides = l_read_scratch_reg.getBit<7>(); } + // Include the Secure Access Bit now, but will double check before + // setting bootloader data later + l_secure_settings.secureAccessBit = l_read_reg.getBit<4>(); + FAPI_DBG("Setting up ATTR_SECURITY_SETTINGS"); + FAPI_TRY(FAPI_ATTR_SET(fapi2::ATTR_SECURE_SETTINGS, FAPI_SYSTEM, l_secure_settings.data8)); + l_read_1 = 0; l_read_1.writeBit<7>(l_read_reg.getBit<4>()); FAPI_DBG("Setting ATTR_SECURITY_ENABLE with the SAB state"); FAPI_TRY(FAPI_ATTR_SET(fapi2::ATTR_SECURITY_ENABLE, FAPI_SYSTEM, l_read_1)); - } //read_scratch1_reg { diff --git a/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_attributes.xml b/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_attributes.xml index e00c1e77..6558a63b 100644 --- a/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_attributes.xml +++ b/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_attributes.xml @@ -253,6 +253,10 @@ <name>ATTR_SBE_BOOT_SIDE</name> <value>0x00</value> </entry> + <entry> + <name>ATTR_SECURE_SETTINGS</name> + <value>0x00</value> + </entry> <!-- TODO we need to change this once the absolute address is known --> <entry> <name>ATTR_SBE_HBBL_EXCEPTION_INSTRUCT</name> diff --git a/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_load_bootloader_attributes.xml b/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_load_bootloader_attributes.xml index c593b80a..3fd1c8ce 100644 --- a/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_load_bootloader_attributes.xml +++ b/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_load_bootloader_attributes.xml @@ -5,7 +5,7 @@ <!-- --> <!-- OpenPOWER sbe Project --> <!-- --> -<!-- Contributors Listed Below - COPYRIGHT 2015,2016 --> +<!-- Contributors Listed Below - COPYRIGHT 2015,2017 --> <!-- [+] International Business Machines Corp. --> <!-- --> <!-- --> @@ -78,6 +78,19 @@ <initToZero/> </attribute> <attribute> + <id>ATTR_SECURE_SETTINGS</id> + <targetType>TARGET_TYPE_SYSTEM</targetType> + <description>Byte collecting Security Overrides + bits 0:4 - reserved + bit 5 - Allow Attribute Overrides in Securemode + bit 6 - Override Security Setting + bit 7 - Secure Access Bit + </description> + <valueType>uint8</valueType> + <writeable/> + <initToZero/> +</attribute> +<attribute> <id>ATTR_SBE_HBBL_EXCEPTION_INSTRUCT</id> <targetType>TARGET_TYPE_SYSTEM</targetType> <description>Instruction for exception vector that will be put into the exception vector if not 0</description> |