From 93aa36ba8134af8a1d7ccd16bb6b6f85644c9219 Mon Sep 17 00:00:00 2001 From: Sachin Gupta Date: Sun, 14 Jan 2018 10:09:43 -0600 Subject: Avoid istep skipping in secure mode Change-Id: I273c1e1f6720db08eb66366a3c1e88f8b10b5411 RTC: 184523 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/51931 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: Shakeeb A. Pasha B K Reviewed-by: RAJA DAS Reviewed-by: Sachin Gupta --- src/sbefw/app/power/istep.C | 50 ++++++++++++++++++++++++++++++++++++++----- src/sbefw/core/ipl.C | 7 ++++-- src/sbefw/core/sbeglobals.H | 3 ++- src/sbefw/core/sberegaccess.H | 13 ++++++++++- 4 files changed, 64 insertions(+), 9 deletions(-) diff --git a/src/sbefw/app/power/istep.C b/src/sbefw/app/power/istep.C index 77445b85..29622d8d 100644 --- a/src/sbefw/app/power/istep.C +++ b/src/sbefw/app/power/istep.C @@ -6,6 +6,7 @@ /* OpenPOWER sbe Project */ /* */ /* Contributors Listed Below - COPYRIGHT 2017,2018 */ +/* [+] International Business Machines Corp. */ /* */ /* */ /* Licensed under the Apache License, Version 2.0 (the "License"); */ @@ -44,19 +45,18 @@ using namespace fapi2; //---------------------------------------------------------------------------- bool validateIstep (const uint8_t i_major, const uint8_t i_minor) { - bool valid = true; + #define SBE_FUNC "validateIstep " + bool valid = false; do { if( 0 == i_minor ) { - valid = false; break; } // istep 2.1 loads image to PIBMEM // So SBE control loop can not execute istep 2.1. if(( i_major == 2 ) && ( i_minor == 1) ) { - valid = false; break; } @@ -65,26 +65,66 @@ bool validateIstep (const uint8_t i_major, const uint8_t i_minor) if(( i_major == 3 && i_minor > SLAVE_LAST_MINOR_ISTEP ) || ( i_major > 3 )) { - valid = false; break; } } + uint32_t prevMajorNumber = + SbeRegAccess::theSbeRegAccess().getSbeMajorIstepNumber(); + uint32_t prevMinorNumber = + SbeRegAccess::theSbeRegAccess().getSbeMinorIstepNumber(); + SBE_INFO(SBE_FUNC"prevMajorNumber:%u prevMinorNumber:%u ", + prevMajorNumber, prevMinorNumber ); + if( 0 == prevMajorNumber ) + { + prevMajorNumber = 2; + prevMinorNumber = 1; + } + + uint32_t nextMajorIstep = prevMajorNumber; + uint32_t nextMinorIstep = prevMinorNumber + 1; + for(size_t entry = 0; entry < istepTable.len; entry++) { auto istepTableEntry = &istepTable.istepMajorArr[entry]; + if( istepTableEntry->istepMajorNum == prevMajorNumber) + { + if( prevMinorNumber == istepTableEntry->len ) + { + nextMajorIstep = prevMajorNumber + 1; + nextMinorIstep = 1; + } + } if( i_major == istepTableEntry->istepMajorNum ) { if( i_minor > istepTableEntry->len ) { - valid = false; + break; + } + // If secuirty is not enabled, no further chacks asre required + if( !SBE_GLOBAL->sbeFWSecurityEnabled) + { + valid = true; + break; } + + if( ( i_major != nextMajorIstep) || + ( i_minor != nextMinorIstep) ) + { + SBE_ERROR("Secuity validation failed for executing istep " + "Skipping istep or MPIPL via istep not allowed " + "in secure mode. nextMajorIstep:%u " + "nextMinorIstep:%u", nextMajorIstep, nextMinorIstep); + break; + } + valid = true; break; } } } while(0); return valid; + #undef SBE_FUNC } //---------------------------------------------------------------------------- diff --git a/src/sbefw/core/ipl.C b/src/sbefw/core/ipl.C index 965a198b..d331af59 100644 --- a/src/sbefw/core/ipl.C +++ b/src/sbefw/core/ipl.C @@ -6,6 +6,7 @@ /* OpenPOWER sbe Project */ /* */ /* Contributors Listed Below - COPYRIGHT 2017,2018 */ +/* [+] International Business Machines Corp. */ /* */ /* */ /* Licensed under the Apache License, Version 2.0 (the "License"); */ @@ -66,14 +67,16 @@ ReturnCode sbeExecuteIstep (const uint8_t i_major, const uint8_t i_minor) } } - (void)SbeRegAccess::theSbeRegAccess().updateSbeStep(i_major, i_minor); - if(rc != FAPI2_RC_SUCCESS) { SBE_ERROR( SBE_FUNC" FAPI RC:0x%08X", rc); (void)SbeRegAccess::theSbeRegAccess().stateTransition( SBE_DUMP_FAILURE_EVENT); } + else + { + (void)SbeRegAccess::theSbeRegAccess().updateSbeStep(i_major, i_minor); + } return rc; #undef SBE_FUNC diff --git a/src/sbefw/core/sbeglobals.H b/src/sbefw/core/sbeglobals.H index c26967a6..e182a20b 100644 --- a/src/sbefw/core/sbeglobals.H +++ b/src/sbefw/core/sbeglobals.H @@ -5,7 +5,8 @@ /* */ /* OpenPOWER sbe Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2017 */ +/* Contributors Listed Below - COPYRIGHT 2017,2018 */ +/* [+] International Business Machines Corp. */ /* */ /* */ /* Licensed under the Apache License, Version 2.0 (the "License"); */ diff --git a/src/sbefw/core/sberegaccess.H b/src/sbefw/core/sberegaccess.H index 420cf795..a51f6e81 100644 --- a/src/sbefw/core/sberegaccess.H +++ b/src/sbefw/core/sberegaccess.H @@ -5,7 +5,8 @@ /* */ /* OpenPOWER sbe Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2016,2017 */ +/* Contributors Listed Below - COPYRIGHT 2016,2018 */ +/* [+] International Business Machines Corp. */ /* */ /* */ /* Licensed under the Apache License, Version 2.0 (the "License"); */ @@ -219,6 +220,16 @@ class SbeRegAccess return iv_majorStep; } + /** + * @brief Get the SBE minor istep number + * + * @return SBE current minor istep number + * + */ + uint8_t getSbeMinorIstepNumber() const + { + return iv_minorStep; + } /** * @brief Update the SBE State as per the transition event * -- cgit v1.2.1