Use Scratch Reg 3 Bit 7 to allow Attribute Overrides in Secure Mode

Change-Id: Ic9b220dc3480c13e1b1ac1c69a0be148ab5ea977
RTC:163094
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/41114
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Martin Gloff <mgloff@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

src/bootloader/bootloader.C

@@ -84,12 +84,17 @@ namespace Bootloader{
         // Read SBE HB shared data.
         const auto l_blConfigData = reinterpret_cast<BootloaderConfigData_t *>(
                                                               SBE_HB_COMM_ADDR);
-        // Set secure Access Bit
+        // Set Secure Settings
         // Ensure SBE to Bootloader structure has the SAB member
+        //   and other Secure Settings
         if (l_blConfigData->version >= SAB_ADDED)
         {
             g_blData->blToHbData.secureAccessBit =
                 l_blConfigData->secureSettings.secureAccessBit;
+            g_blData->blToHbData.securityOverride =
+                l_blConfigData->secureSettings.securityOverride;
+            g_blData->blToHbData.allowAttrOverrides =
+                l_blConfigData->secureSettings.allowAttrOverrides;
         }
 
         // Find secure ROM addr

src/include/bootloader/bootloaderif.H

@@ -75,7 +75,8 @@ struct BlToHbData
                    branchtableOffset(0), secureRom(nullptr),
                    secureRomSize(0), hwKeysHash(nullptr),
                    hwKeysHashSize(0), hbbHeader(nullptr),
-                   hbbHeaderSize(0), secureAccessBit(false),
+                   hbbHeaderSize(0), secureAccessBit(0),
+                   securityOverride(0), allowAttrOverrides(0),
                    xscomBAR(MMIO_GROUP0_CHIP0_XSCOM_BASE_ADDR),
                    lpcBAR(MMIO_GROUP0_CHIP0_LPC_BASE_ADDR) {}
 
@@ -97,8 +98,12 @@ struct BlToHbData
     const void* hbbHeader;
     // size of Hostboot base header
     size_t hbbHeaderSize;
-    // Secure Access Bit
+    // Secure Setting - Secure Access Bit
     bool secureAccessBit;
+    // Secure Setting - Security Override
+    bool securityOverride;
+    // Secure Setting - Allow Attribute Overrides in Securemode
+    bool allowAttrOverrides;
     // XSCOM MMIO BAR
     uint64_t xscomBAR;
     // LPC MMIO BAR

src/include/kernel/bltohbdatamgr.H

@@ -143,12 +143,27 @@ class BlToHbDataManager
         const size_t getHbbHeaderSize() const;
 
         /*
-         * @brief Returns internal secure access bit
+         * @brief Returns internal Secure Setting: Secure Access Bit
          *
-         * @return bool     secure access bit
+         * @return bool     Secure Access Bit
          */
         const bool getSecureAccessBit() const;
 
+        /*
+         * @brief Returns internal Secure Setting: Security Override
+         *
+         * @return bool     Security Override Setting
+         */
+        const bool getSecurityOverride() const;
+
+        /*
+         * @brief Returns internal Secure Setting: Allow Attribute Overrides
+         *        in Secure Mode
+         *
+         * @return bool      Allow Attribute Overrides Setting
+         */
+        const bool getAllowAttrOverrides() const;
+
         /*
          * @brief Returns internal preserved size
          *

src/include/usr/initservice/mboxRegs.H

@@ -82,14 +82,15 @@ namespace SPLESS
         uint32_t data32;
         struct
         {
-            uint32_t istepMode        :1;   //0
-            uint32_t goToRuntime      :1;   //1
-            uint32_t isMpipl          :1;   //2
-            uint32_t fspAttached      :1;   //3
-            uint32_t reserved1        :1;   //4
-            uint32_t sbeInternalFFDC  :1;   //5
-            uint32_t overrideSecurity :1;   //6
-            uint32_t reserved2        :25;  //7:31
+            uint32_t istepMode           :1;   //0
+            uint32_t goToRuntime         :1;   //1
+            uint32_t isMpipl             :1;   //2
+            uint32_t fspAttached         :1;   //3
+            uint32_t reserved1           :1;   //4
+            uint32_t sbeInternalFFDC     :1;   //5
+            uint32_t overrideSecurity    :1;   //6
+            uint32_t allowAttrOverrides  :1;   //7
+            uint32_t reserved2           :24;  //8:31
         } PACKED;
     };
 

src/kernel/bltohbdatamgr.C

@@ -27,6 +27,7 @@
 #include <kernel/console.H>
 #include <assert.h>
 #include <arch/memorymap.H>
+#include <bootloader/bootloaderif.H>
 
 // Global and only BlToHbDataManager instance
 BlToHbDataManager g_BlToHbDataManager;
@@ -57,7 +58,9 @@ void BlToHbDataManager::print() const
 
     if(iv_data.version >= Bootloader::BLTOHB_SAB)
     {
-        printkd("-- secureAccessBit = 0x%X\n", iv_data.secureAccessBit);
+        printkd("-- secureSettings: SAB=%d, SecOvrd=%d, AllowAttrOvrd=%d\n",
+                iv_data.secureAccessBit, iv_data.securityOverride,
+                iv_data.allowAttrOverrides);
     }
     if(iv_dataValid)
     {
@@ -124,10 +127,12 @@ void BlToHbDataManager::initValid (const Bootloader::BlToHbData& i_data)
     iv_data.hbbHeaderSize = i_data.hbbHeaderSize;
 
 printk("Version=%lX\n",i_data.version);
-    // Ensure Bootloader to HB structure has the SAB member
+    // Ensure Bootloader to HB structure has the Secure Settings
     if(iv_data.version >= Bootloader::BLTOHB_SAB)
     {
         iv_data.secureAccessBit = i_data.secureAccessBit;
+        iv_data.securityOverride = i_data.securityOverride;
+        iv_data.allowAttrOverrides = i_data.allowAttrOverrides;
     }
 
     // Ensure Bootloader to HB structure has the MMIO members
@@ -247,6 +252,18 @@ const bool BlToHbDataManager::getSecureAccessBit() const
     return iv_data.secureAccessBit;
 }
 
+const bool BlToHbDataManager::getSecurityOverride() const
+{
+    validAssert();
+    return iv_data.securityOverride;
+}
+
+const bool BlToHbDataManager::getAllowAttrOverrides() const
+{
+    validAssert();
+    return iv_data.allowAttrOverrides;
+}
+
 const size_t BlToHbDataManager::getPreservedSize() const
 {
     validAssert();

src/usr/isteps/istep08/call_host_slave_sbe_config.C

@@ -108,6 +108,12 @@ void* call_host_slave_sbe_config(void *io_pArgs)
         TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace, INFO_MRK
             "WARNING: Requesting security disable on non-master processors.");
     }
+    if(l_scratch3.allowAttrOverrides)
+    {
+        TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace, INFO_MRK
+            "WARNING: Requesting allowing Attribute Overrides on "
+            "non-master processors even if secure mode.");
+    }
 
     // grab the boot flags from the master proc
     INITSERVICE::SPLESS::MboxScratch5_t l_scratch5;

src/usr/pnor/pnor_common.C

@@ -38,6 +38,14 @@
 #include <secureboot/trustedbootif.H>
 #include <devicefw/driverif.H>
 
+#ifndef __HOSTBOOT_RUNTIME
+#include <kernel/bltohbdatamgr.H>
+#else
+#include <targeting/common/targetservice.H>
+#include <targeting/common/target.H>
+#include <util/misc.H>
+#endif
+
 // Trace definition
 trace_desc_t* g_trac_pnor = NULL;
 TRAC_INIT(&g_trac_pnor, PNOR_COMP_NAME, 4*KILOBYTE, TRACE::BUFFER_SLOW); //4K
@@ -386,10 +394,52 @@ errlHndl_t PNOR::extendHash(uint64_t i_addr,
 bool PNOR::isInhibitedSection(const uint32_t i_section)
 {
 #ifdef CONFIG_SECUREBOOT
-    return (i_section == ATTR_PERM ||
-            i_section == ATTR_TMP  ||
-            i_section == RINGOVD ) &&
-            SECUREBOOT::enabled();
+    bool retVal = false;
+
+    if ((i_section == ATTR_PERM ||
+         i_section == ATTR_TMP  ||
+         i_section == RINGOVD )
+         && SECUREBOOT::enabled() )
+    {
+        // Default to these sections not being allowed in secure mode
+        retVal = true;
+
+
+#ifndef __HOSTBOOT_RUNTIME
+        // This is the scenario where a section might be inhibited so check
+        // global struct from bootloader for this setting
+        retVal = ! ( g_BlToHbDataManager.getAllowAttrOverrides() );
+
+        TRACFCOMP(g_trac_pnor, INFO_MRK"PNOR::isInhibitedSection: "
+                  "Inside Attr check: retVal=0x%X, i_section=%s",
+                  retVal,
+                  PNOR::SectionIdToString(i_section));
+
+#else
+        // This is the scenario where a section might be inhibited so check
+        // attribute to determine if these sections are allowed
+        if ( Util::isTargetingLoaded() )
+        {
+            TARGETING::TargetService& tS = TARGETING::targetService();
+            TARGETING::Target* sys = nullptr;
+            (void) tS.getTopLevelTarget( sys );
+            assert(sys, "PNOR::isInhibitedSection() system target is NULL");
+
+            retVal = ! (sys->getAttr<
+                TARGETING::ATTR_ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE>());
+
+            TRACFCOMP(g_trac_pnor, INFO_MRK"PNOR::isInhibitedSection: "
+                      "Inside Attr check: retVal=0x%X, attr=0x%X, i_section=%s",
+                      retVal,
+                      sys->getAttr<
+                        TARGETING::ATTR_ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE>(),
+                      PNOR::SectionIdToString(i_section));
+       }
+#endif
+
+    }
+
+    return retVal;
 #else
     return false;
 #endif

src/usr/targeting/common/xmltohb/attribute_types_hb.xml

@@ -1193,4 +1193,26 @@
     <hbOnly/>
 </attribute>
 
+<attribute>
+    <id>ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE</id>
+    <description>
+        Indicates if Attribute Overrides are allowed when the system is booted
+        in secure mode.  The default is 0x0, where attribute overrides are not
+        allowed.  However, the SBE can read mailbox scratch register 3 bit 7
+        to set it to 0x1, meaning that attribute overrides are allowed. The SBE
+        passes this information up to hostboot via the bootloader.
+            0x00 = Attribute Overrides are not allowed (default)
+            0x01 = Attribute Overrides are allowed
+    </description>
+    <simpleType>
+        <uint8_t>
+            <default>0x00</default>
+        </uint8_t>
+    </simpleType>
+    <persistency>volatile-zeroed</persistency>
+    <writeable/>
+    <readable/>
+    <hbOnly/>
+</attribute>
+
 </attributes>

src/usr/targeting/common/xmltohb/target_types_hb.xml

@@ -49,6 +49,7 @@
     <attribute><id>FORCE_PRE_PAYLOAD_DRTM</id></attribute>
     <attribute><id>HB_RSV_MEM_NEXT_SECTION</id></attribute>
     <attribute><id>HB_SECURITY_MODE</id></attribute>
+    <attribute><id>ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE</id></attribute>
 </targetTypeExtension>
 
 <targetTypeExtension>

src/usr/targeting/targetservicestart.C

@@ -63,6 +63,7 @@
 #include <arch/memorymap.H>
 #include <lpc/lpcif.H>
 #include <xscom/xscomif.H>
+#include <bootloader/bootloaderif.H>
 
 #ifdef CONFIG_DRTM
 #include <secureboot/drtm.H>
@@ -152,6 +153,11 @@ static void initTargeting(errlHndl_t& io_pError)
         TARG_INF("WARNING: External tool asked master proc to disable "
             "security.");
     }
+    if(l_scratch3.allowAttrOverrides)
+    {
+        TARG_INF("WARNING: External tool asked master proc to allow "
+            "attribute overrides even in secure mode.");
+    }
 
     AttrRP::init(io_pError, l_isMpipl);
 
@@ -190,6 +196,24 @@ static void initTargeting(errlHndl_t& io_pError)
         }
 #endif
 
+        // Handle possibility of Attribute Overrides allowed in secure mode
+        bool l_allow_attr_overrides =
+            g_BlToHbDataManager.getAllowAttrOverrides();
+        if (l_allow_attr_overrides)
+        {
+            TARG_INF("Allow Attribute Overrides In Secure Mode: %d",
+                l_allow_attr_overrides);
+            l_pTopLevel->setAttr<
+                TARGETING::ATTR_ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE>(
+                    l_allow_attr_overrides);
+        }
+        else
+        {
+            // Hardcode to zero to be safe
+            l_pTopLevel->setAttr<
+                TARGETING::ATTR_ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE>(0x0);
+        }
+
 // No error module loaded in VPO to save load time
 #ifndef CONFIG_VPO_COMPILE
         // call ErrlManager function - tell him that TARG is ready!