Adds secure mode boot for memory buffer chips

Change-Id: I7d0ce9a9b51324ac89a05aeb6b68447fa200227b Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/55639 Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Hostboot CI <hostboot-ci+hostboot@us.ibm.com> Dev-Ready: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Louis Stermole <stermole@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Jennifer A. Stofer <stofer@us.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/55657 Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
open-power · Mar 21, 2018 · 218a486 · 218a486
1 parent b4699ae
commit 218a486
Show file tree

Hide file tree

Showing 3 changed files with 227 additions and 1 deletion.
diff --git a/src/import/chips/centaur/procedures/hwp/memory/p9c_mss_secure_boot.C b/src/import/chips/centaur/procedures/hwp/memory/p9c_mss_secure_boot.C
@@ -22,3 +22,146 @@
 /* permissions and limitations under the License.                         */
 /*                                                                        */
 /* IBM_PROLOG_END_TAG                                                     */
+
+///
+/// @file p9c_mss_secure_boot.C
+/// @brief  Sets up secure mode boot and checks that it is setup properly
+///
+/// *HWP HWP Owner: Luke Mulkey <lwmulkey@us.ibm.com>
+/// *HWP HWP Backup: Andre Marin <aamarin@us.ibm.com>
+/// *HWP Team: Memory
+/// *HWP Level: 3
+/// *HWP Consumed by: HB:CI
+///
+
+//------------------------------------------------------------------------------
+//  Includes
+//-------------------------------------
+#include <p9c_mss_secure_boot.H>
+#include <cen_gen_scom_addresses.H>
+#include <cen_gen_scom_addresses_fld.H>
+#include <generic/memory/lib/utils/c_str.H>
+
+extern "C"
+{
+    ///
+    /// @brief Enables secure mode boot
+    /// @param[in]  i_target  Reference to target
+    /// @return FAPI2_RC_SUCCESS iff successful
+    /// @note Calls mss::c_str which is NOT thread safe unless the platform supports thread local storage...
+    ///
+    fapi2::ReturnCode p9c_mss_secure_boot( const fapi2::Target<fapi2::TARGET_TYPE_MEMBUF_CHIP>& i_target )
+    {
+        // Sets up secure mode
+        FAPI_TRY(mss::setup_secure_mode_boot(i_target));
+
+        // Verifies that we're in secure mode
+        FAPI_TRY(mss::verify_secure_mode_boot_on(i_target));
+
+        // Note: the workbook says we should check the clocks
+        // Granted this procedure should be called after memory ECC is all setup
+        // Therefore, clocks should be on, so we're going to skip this portion of the test
+
+        // TK add in setup of secure mode boot FIRs - currently awaiting values from the RAS team
+
+    fapi_try_exit:
+        return fapi2::current_err;
+    }
+
+} // extern "C"
+
+namespace mss
+{
+
+//------------------------------------------------------------------------------
+// Constants and enums
+//------------------------------------------------------------------------------
+
+// Vector of registers for enabling/checking secure mode
+static const std::vector<uint64_t> REGISTERS =
+{
+    CEN_TCN_SYNC_CONFIG_PCB,
+    CEN_TCM_SYNC_CONFIG_PCB,
+};
+
+///
+/// @brief Enables secure mode boot
+/// @param[in]  i_target  Reference to target
+/// @return FAPI2_RC_SUCCESS iff successful
+///
+fapi2::ReturnCode setup_secure_mode_boot( const fapi2::Target<fapi2::TARGET_TYPE_MEMBUF_CHIP>& i_target )
+{
+    // Loops through all registers and sets up secure mode boot
+    for(const auto l_reg : REGISTERS)
+    {
+        fapi2::buffer<uint64_t> l_data;
+        FAPI_TRY(fapi2::getScom(i_target, l_reg, l_data));
+        l_data.setBit<CEN_TCN_SYNC_CONFIG_CHIP_PROTECTION_ENABLE>();
+        FAPI_TRY(fapi2::putScom(i_target, l_reg, l_data));
+    }
+
+fapi_try_exit:
+    return fapi2::current_err;
+}
+
+///
+/// @brief Verifies secure mode boot is in a given position for a given register
+/// @param[in]  i_target  Reference to target
+/// @param[in]  i_register the register to check
+/// @param[in]  i_state boolean for the registers bit state
+/// @return FAPI2_RC_SUCCESS iff successful
+///
+fapi2::ReturnCode verify_secure_mode_boot( const fapi2::Target<fapi2::TARGET_TYPE_MEMBUF_CHIP>& i_target,
+        const uint64_t i_register,
+        const bool i_state )
+{
+    fapi2::buffer<uint64_t> l_data;
+    FAPI_TRY(fapi2::getScom(i_target, i_register, l_data));
+    FAPI_ASSERT(l_data.getBit<CEN_TCN_SYNC_CONFIG_CHIP_PROTECTION_ENABLE>() == i_state,
+                fapi2::MSS_SECURE_BOOT_BAD_VALUE()
+                .set_TARGET(i_target)
+                .set_EXPECTED_LEVEL(i_state)
+                .set_ACTUAL_LEVEL(l_data.getBit<CEN_TCN_SYNC_CONFIG_CHIP_PROTECTION_ENABLE>())
+                .set_REGISTER(i_register),
+                "%s secure mode boot on register 0x%016lx is at level %d should be at %d",
+                mss::c_str(i_target), i_register, l_data.getBit<CEN_TCN_SYNC_CONFIG_CHIP_PROTECTION_ENABLE>(), i_state);
+
+fapi_try_exit:
+    return fapi2::current_err;
+}
+
+///
+/// @brief Verifies secure mode boot is on
+/// @param[in]  i_target  Reference to target
+/// @return FAPI2_RC_SUCCESS iff successful
+///
+fapi2::ReturnCode verify_secure_mode_boot_on( const fapi2::Target<fapi2::TARGET_TYPE_MEMBUF_CHIP>& i_target )
+{
+    // Loops through all registers and checks that secure mode boot is on
+    for(const auto l_reg : REGISTERS)
+    {
+        FAPI_TRY(verify_secure_mode_boot(i_target, l_reg, true))
+    }
+
+fapi_try_exit:
+    return fapi2::current_err;
+}
+
+///
+/// @brief Verifies secure mode boot is off
+/// @param[in]  i_target  Reference to target
+/// @return FAPI2_RC_SUCCESS iff successful
+///
+fapi2::ReturnCode verify_secure_mode_boot_off( const fapi2::Target<fapi2::TARGET_TYPE_MEMBUF_CHIP>& i_target )
+{
+    // Loops through all registers and checks that secure mode boot is on
+    for(const auto l_reg : REGISTERS)
+    {
+        FAPI_TRY(verify_secure_mode_boot(i_target, l_reg, false))
+    }
+
+fapi_try_exit:
+    return fapi2::current_err;
+}
+
+}
diff --git a/src/import/chips/centaur/procedures/hwp/memory/p9c_mss_secure_boot.H b/src/import/chips/centaur/procedures/hwp/memory/p9c_mss_secure_boot.H
@@ -22,3 +22,66 @@
 /* permissions and limitations under the License.                         */
 /*                                                                        */
 /* IBM_PROLOG_END_TAG                                                     */
+
+///
+/// @file p9c_mss_secure_boot.H
+/// @brief  Sets up secure mode boot and checks that it is setup properly
+///
+/// *HWP HWP Owner: Luke Mulkey <lwmulkey@us.ibm.com>
+/// *HWP HWP Backup: Andre Marin <aamarin@us.ibm.com>
+/// *HWP Team: Memory
+/// *HWP Level: 3
+/// *HWP Consumed by: HB:CI
+///
+
+#ifndef P9C_MSS_SECURE_BOOT
+#define P9C_MSS_SECURE_BOOT
+
+//------------------------------------------------------------------------------
+//  Includes
+//------------------------------------------------------------------------------
+
+
+#include <fapi2.H>
+
+typedef fapi2::ReturnCode (*p9c_mss_secure_boot_FP_t)(const fapi2::Target<fapi2::TARGET_TYPE_MEMBUF_CHIP>& i_target);
+
+extern "C"
+{
+
+    ///
+    /// @brief Enables secure mode boot
+    /// @param[in]  i_target  Reference to target
+    /// @return FAPI2_RC_SUCCESS iff successful
+    /// @note Calls mss::c_str which is NOT thread safe unless the platform supports thread local storage...
+    ///
+    fapi2::ReturnCode p9c_mss_secure_boot( const fapi2::Target<fapi2::TARGET_TYPE_MEMBUF_CHIP>& i_target );
+
+} // extern "C"
+
+namespace mss
+{
+
+///
+/// @brief Enables secure mode boot
+/// @param[in]  i_target  Reference to target
+/// @return FAPI2_RC_SUCCESS iff successful
+///
+fapi2::ReturnCode setup_secure_mode_boot( const fapi2::Target<fapi2::TARGET_TYPE_MEMBUF_CHIP>& i_target );
+
+///
+/// @brief Verifies secure mode boot is on
+/// @param[in]  i_target  Reference to target
+/// @return FAPI2_RC_SUCCESS iff successful
+///
+fapi2::ReturnCode verify_secure_mode_boot_on( const fapi2::Target<fapi2::TARGET_TYPE_MEMBUF_CHIP>& i_target );
+
+///
+/// @brief Verifies secure mode boot is off
+/// @param[in]  i_target  Reference to target
+/// @return FAPI2_RC_SUCCESS iff successful
+///
+fapi2::ReturnCode verify_secure_mode_boot_off( const fapi2::Target<fapi2::TARGET_TYPE_MEMBUF_CHIP>& i_target );
+}
+
+#endif /* P9C_MSS_SECURE_BOOT */
diff --git a/src/import/chips/centaur/procedures/xml/error_info/p9c_memory_errors.xml b/src/import/chips/centaur/procedures/xml/error_info/p9c_memory_errors.xml
@@ -5,7 +5,7 @@
 <!--                                                                        -->
 <!-- OpenPOWER HostBoot Project                                             -->
 <!--                                                                        -->
-<!-- Contributors Listed Below - COPYRIGHT 2016,2017                        -->
+<!-- Contributors Listed Below - COPYRIGHT 2016,2018                        -->
 <!-- [+] International Business Machines Corp.                              -->
 <!--                                                                        -->
 <!--                                                                        -->
@@ -341,6 +341,26 @@
   <scomRegister>CEN_FIR_WOF_REG</scomRegister>
 </registerFfdc>
 
+<hwpError>
+  <rc>RC_MSS_SECURE_BOOT_BAD_VALUE</rc>
+  <description>Secure mode boot value is at an incorrect state</description>
+  <ffdc>TARGET</ffdc>
+  <ffdc>EXPECTED_LEVEL</ffdc>
+  <ffdc>ACTUAL_LEVEL</ffdc>
+  <ffdc>REGISTER</ffdc>
+  <callout>
+    <target>TARGET</target>
+    <priority>HIGH</priority>
+  </callout>
+  <callout>
+    <procedure>CODE</procedure>
+    <priority>LOW</priority>
+  </callout>
+  <deconfigure>
+    <target>TARGET</target>
+  </deconfigure>
+</hwpError>
+
 
 <!-- EDIT THIS FILE DIRECTLY. THE ODS FILE METHOD IS NO LONGER VALID -->
 </hwpErrors>