summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/import/chips/p9/procedures/hwp/nest/p9_sbe_hb_structures.H16
-rw-r--r--src/import/chips/p9/procedures/hwp/nest/p9_sbe_load_bootloader.C15
-rw-r--r--src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C19
-rw-r--r--src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_attributes.xml4
-rw-r--r--src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_load_bootloader_attributes.xml15
5 files changed, 57 insertions, 12 deletions
diff --git a/src/import/chips/p9/procedures/hwp/nest/p9_sbe_hb_structures.H b/src/import/chips/p9/procedures/hwp/nest/p9_sbe_hb_structures.H
index b8b426e8..38ce24c1 100644
--- a/src/import/chips/p9/procedures/hwp/nest/p9_sbe_hb_structures.H
+++ b/src/import/chips/p9/procedures/hwp/nest/p9_sbe_hb_structures.H
@@ -59,6 +59,20 @@ enum SbeBootloaderVersion
MMIO_BARS_ADDED = 0x00090003,
};
+union BootloaderSecureSettings
+{
+ uint8_t data8;
+ struct
+ {
+ // Bit Breakdown - sync with ATTR_SECURE_SETTINGS
+ uint8_t reserved : 5; // reserved
+ uint8_t allowAttrOverrides : 1; // Allow Attribute Overrides in
+ // Secure Mode
+ uint8_t securityOverride : 1; // Security Override
+ uint8_t secureAccessBit : 1; // Secure Access Bit
+ } __attribute__((packed));
+};
+
// Structure starts at the bootloader zero address
struct BootloaderConfigData_t
{
@@ -67,7 +81,7 @@ struct BootloaderConfigData_t
uint8_t pnorBootSide; // byte 9 0=PNOR side A, 1=PNOR side B [ATTR_PNOR_BOOT_SIDE]
uint16_t pnorSizeMB; // bytes 10:11 Size of PNOR in MB [ATTR_PNOR_SIZE]
uint64_t blLoadSize; // bytes 12:19 Size of Load (Exception vectors and Bootloader)
- uint8_t secureAccessBit; // byte 20
+ BootloaderSecureSettings secureSettings ; // byte 20
uint64_t xscomBAR; // bytes 21:28 XSCOM MMIO BAR
uint64_t lpcBAR; // bytes 29:36 LPC MMIO BAR
};
diff --git a/src/import/chips/p9/procedures/hwp/nest/p9_sbe_load_bootloader.C b/src/import/chips/p9/procedures/hwp/nest/p9_sbe_load_bootloader.C
index 46641c8e..b4138e1e 100644
--- a/src/import/chips/p9/procedures/hwp/nest/p9_sbe_load_bootloader.C
+++ b/src/import/chips/p9/procedures/hwp/nest/p9_sbe_load_bootloader.C
@@ -203,10 +203,13 @@ fapi2::ReturnCode p9_sbe_load_bootloader(
// Pass size of load including exception vectors and Bootloader
l_bootloader_config_data.blLoadSize = l_exception_vector_size + i_payload_size;
- // Get Secure Access Bit
- FAPI_TRY(fapi2::getScom(i_master_chip_target, PERV_CBS_CS_SCOM, l_dataBuf),
- "fapiGetScom of PERV_CBS_CS_SCOM failed");
- l_bootloader_config_data.secureAccessBit = l_dataBuf.getBit<4>() ? 1 : 0;
+ // Set Secure Settings Byte
+ FAPI_TRY(FAPI_ATTR_GET(fapi2::ATTR_SECURE_SETTINGS, FAPI_SYSTEM, l_bootloader_config_data.secureSettings.data8));
+
+ // -- re-read Secure Access Bit in case it's changed
+ FAPI_TRY(fapi2::getScom(i_master_chip_target, PERV_CBS_CS_SCOM, l_dataBuf));
+
+ l_bootloader_config_data.secureSettings.secureAccessBit = l_dataBuf.getBit<4>() ? 1 : 0;
l_dataBuf.flush<0>();
// fill in MMIO BARs
@@ -288,10 +291,10 @@ fapi2::ReturnCode p9_sbe_load_bootloader(
{
l_data_to_pass_to_pba_array[i] = (l_bootloader_config_data.blLoadSize >> (56 - 8 * ((i - 12) % 8))) & 0xFF;
}
- //At address X + 0x14 (20) put the secure access bit
+ //At address X + 0x14 (20) put the secure access byte
else if (i == 20)
{
- l_data_to_pass_to_pba_array[i] = l_bootloader_config_data.secureAccessBit;
+ l_data_to_pass_to_pba_array[i] = l_bootloader_config_data.secureSettings.data8;
}
//At address X + 0x1B (21-28) put the XSCOM BAR
else if (i < 29)
diff --git a/src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C b/src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C
index 6fb2e78a..5c09e9e1 100644
--- a/src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C
+++ b/src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C
@@ -38,7 +38,7 @@
//## auto_generated
#include "p9_sbe_attr_setup.H"
-
+#include <p9_sbe_hb_structures.H>
#include <p9_perv_scom_addresses.H>
enum P9_SETUP_SBE_CONFIG_scratch4
@@ -118,12 +118,13 @@ fapi2::ReturnCode p9_sbe_attr_setup(const
//set_security_access
{
fapi2::buffer<uint64_t> l_read_reg;
+ BootloaderSecureSettings l_secure_settings;
+ l_secure_settings.data8 = 0;
FAPI_DBG("Reading ATTR_SECURITY_MODE");
FAPI_TRY(FAPI_ATTR_GET(fapi2::ATTR_SECURITY_MODE, FAPI_SYSTEM, l_read_1));
//Getting CBS_CS register value
- FAPI_TRY(fapi2::getScom(i_target_chip, PERV_CBS_CS_SCOM,
- l_read_reg));
+ FAPI_TRY(fapi2::getScom(i_target_chip, PERV_CBS_CS_SCOM, l_read_reg));
if ( (!l_read_1) // Security override possible
&& (l_read_scratch8.getBit<2>()) ) // scratch 3 is valid
@@ -141,14 +142,24 @@ fapi2::ReturnCode p9_sbe_attr_setup(const
l_read_reg.clearBit<4>(); //PIB.CBS_CS.CBS_CS_SECURE_ACCESS_BIT = 0
FAPI_TRY(fapi2::putScom(i_target_chip, PERV_CBS_CS_SCOM, l_read_reg));
}
+
+ FAPI_DBG("Copying mailbox scratch register 3 bits 6,7 to "
+ "ATTR_SECURE_SETTINGS");
+ l_secure_settings.securityOverride = l_read_scratch_reg.getBit<6>();
+ l_secure_settings.allowAttrOverrides = l_read_scratch_reg.getBit<7>();
}
+ // Include the Secure Access Bit now, but will double check before
+ // setting bootloader data later
+ l_secure_settings.secureAccessBit = l_read_reg.getBit<4>();
+ FAPI_DBG("Setting up ATTR_SECURITY_SETTINGS");
+ FAPI_TRY(FAPI_ATTR_SET(fapi2::ATTR_SECURE_SETTINGS, FAPI_SYSTEM, l_secure_settings.data8));
+
l_read_1 = 0;
l_read_1.writeBit<7>(l_read_reg.getBit<4>());
FAPI_DBG("Setting ATTR_SECURITY_ENABLE with the SAB state");
FAPI_TRY(FAPI_ATTR_SET(fapi2::ATTR_SECURITY_ENABLE, FAPI_SYSTEM, l_read_1));
-
}
//read_scratch1_reg
{
diff --git a/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_attributes.xml b/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_attributes.xml
index e00c1e77..6558a63b 100644
--- a/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_attributes.xml
+++ b/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_attributes.xml
@@ -253,6 +253,10 @@
<name>ATTR_SBE_BOOT_SIDE</name>
<value>0x00</value>
</entry>
+ <entry>
+ <name>ATTR_SECURE_SETTINGS</name>
+ <value>0x00</value>
+ </entry>
<!-- TODO we need to change this once the absolute address is known -->
<entry>
<name>ATTR_SBE_HBBL_EXCEPTION_INSTRUCT</name>
diff --git a/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_load_bootloader_attributes.xml b/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_load_bootloader_attributes.xml
index c593b80a..3fd1c8ce 100644
--- a/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_load_bootloader_attributes.xml
+++ b/src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_load_bootloader_attributes.xml
@@ -5,7 +5,7 @@
<!-- -->
<!-- OpenPOWER sbe Project -->
<!-- -->
-<!-- Contributors Listed Below - COPYRIGHT 2015,2016 -->
+<!-- Contributors Listed Below - COPYRIGHT 2015,2017 -->
<!-- [+] International Business Machines Corp. -->
<!-- -->
<!-- -->
@@ -78,6 +78,19 @@
<initToZero/>
</attribute>
<attribute>
+ <id>ATTR_SECURE_SETTINGS</id>
+ <targetType>TARGET_TYPE_SYSTEM</targetType>
+ <description>Byte collecting Security Overrides
+ bits 0:4 - reserved
+ bit 5 - Allow Attribute Overrides in Securemode
+ bit 6 - Override Security Setting
+ bit 7 - Secure Access Bit
+ </description>
+ <valueType>uint8</valueType>
+ <writeable/>
+ <initToZero/>
+</attribute>
+<attribute>
<id>ATTR_SBE_HBBL_EXCEPTION_INSTRUCT</id>
<targetType>TARGET_TYPE_SYSTEM</targetType>
<description>Instruction for exception vector that will be put into the exception vector if not 0</description>
OpenPOWER on IntegriCloud