From 75a82b734c4c5aaa274ed8e90401b00fa0e5df95 Mon Sep 17 00:00:00 2001 From: spashabk-in Date: Tue, 22 Aug 2017 06:35:07 -0500 Subject: SBE FW security switch Implement SBE firmware security switch based on ATTR_SECURITY_ENABLE Change-Id: I435aad38c59e80c81925bd1f4b109aafd1993b1c Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/44959 Tested-by: Jenkins Server Reviewed-by: Sachin Gupta --- src/sbefw/sbeSecureMemRegionManager.C | 49 +++++++++++++++++++---------------- 1 file changed, 27 insertions(+), 22 deletions(-) (limited to 'src/sbefw/sbeSecureMemRegionManager.C') diff --git a/src/sbefw/sbeSecureMemRegionManager.C b/src/sbefw/sbeSecureMemRegionManager.C index 189ee56b..27bd0f66 100644 --- a/src/sbefw/sbeSecureMemRegionManager.C +++ b/src/sbefw/sbeSecureMemRegionManager.C @@ -6,6 +6,7 @@ /* OpenPOWER sbe Project */ /* */ /* Contributors Listed Below - COPYRIGHT 2017 */ +/* [+] International Business Machines Corp. */ /* */ /* */ /* Licensed under the Apache License, Version 2.0 (the "License"); */ @@ -24,6 +25,7 @@ #include "sbeSecureMemRegionManager.H" #include "sbetrace.H" #include "sbeutil.H" +#include "sbeglobals.H" #ifndef __SBEFW_SEEPROM__ @@ -154,30 +156,33 @@ sbeSecondaryResponse SBESecureMemRegionManager::isAccessAllowed( { #define SBE_FUNC "SBESecureMemRegionManager::isAccessAllowed" sbeSecondaryResponse rc = SBE_SEC_OPERATION_SUCCESSFUL; - while(i_region.size > 0) + if(SBE_GLOBAL->sbeFWSecurityEnabled) { - secureMemRegion_t foundregion = getPartialRegionSize(i_region); - // Check if the found region has allowable access level - // and that the region overlap is from the beginning itself - if((i_region.mode & foundregion.mode) && - (i_region.startAddress == foundregion.startAddress)) + while(i_region.size > 0) { - SBE_INFO(SBE_FUNC" foundRegion Mem[0x%08X%08X], size[0x%08X]", - SBE::higher32BWord(foundregion.startAddress), - SBE::lower32BWord(foundregion.startAddress), - foundregion.size); - i_region.size -= foundregion.size; - i_region.startAddress += foundregion.size; - } - else - { - SBE_ERROR(SBE_FUNC" Non secure access to memory blocked " - "Addr[0x%08X%08X] Size[0x%08X]", - SBE::higher32BWord(i_region.startAddress), - SBE::lower32BWord(i_region.startAddress), - i_region.size); - rc = SBE_SEC_BLACKLISTED_MEM_ACCESS; - break; + secureMemRegion_t foundregion = getPartialRegionSize(i_region); + // Check if the found region has allowable access level + // and that the region overlap is from the beginning itself + if((i_region.mode & foundregion.mode) && + (i_region.startAddress == foundregion.startAddress)) + { + SBE_INFO(SBE_FUNC" foundRegion Mem[0x%08X%08X], size[0x%08X]", + SBE::higher32BWord(foundregion.startAddress), + SBE::lower32BWord(foundregion.startAddress), + foundregion.size); + i_region.size -= foundregion.size; + i_region.startAddress += foundregion.size; + } + else + { + SBE_ERROR(SBE_FUNC" Non secure access to memory blocked " + "Addr[0x%08X%08X] Size[0x%08X]", + SBE::higher32BWord(i_region.startAddress), + SBE::lower32BWord(i_region.startAddress), + i_region.size); + rc = SBE_SEC_BLACKLISTED_MEM_ACCESS; + break; + } } } return rc; -- cgit v1.2.1