Secure Boot: Centaur Security: Fix handling of 9 Centaur registers

Removed or modified 9 security sensitive Centaur SCOM registers Change-Id: Iee2e7a08995e2540be477fcea75a4c804422171d CQ: SW431769 CMVC-Prereq: 1058651 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/60534 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
open-power · Jun 18, 2018 · 30fe987 · 30fe987
1 parent 8fcc681
commit 30fe987
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 34 deletions.
diff --git a/src/build/citest/etc/workarounds.postsimsetup b/src/build/citest/etc/workarounds.postsimsetup
@@ -40,3 +40,6 @@ cp $BACKING_BUILD/src/simu/data/cec-chip/p9c.act $sb/simu/data/cec-chip
 cp $BACKING_BUILD/src/simu/data/cec-chip/p9n.act $sb/simu/data/cec-chip
 patch -p0 $sb/simu/data/cec-chip/p9c.act $PROJECT_ROOT/src/build/citest/etc/patches/p9c.act.iovalid.patch
 patch -p0 $sb/simu/data/cec-chip/p9n.act $PROJECT_ROOT/src/build/citest/etc/patches/p9n.act.iovalid.patch
+
+# Pull in Centaur action file changes to support Centaur security
+sbex -t 1058651
diff --git a/src/import/chips/p9/security/Centaur_Register_List.csv b/src/import/chips/p9/security/Centaur_Register_List.csv
@@ -1,11 +1,6 @@
 #Register Address,WAND,WOR,Init/Expected Value,Mask Value,
 1000000,1000004,1000005,7001900000000003,,
-# @TODO: CQ SW431769
-# Some bits (see mask) are not tracking as expected
-2000000,2000004,2000005,7001900000000003,FFFE7FFFFFFFFFFD,
-# @TODO: CQ SW431769
-# This is a FIR register and bits randomly pop on, making caching unreliable
-#2010800,2010801,2010802,0000400000000000,,
+2000000,2000004,2000005,7001900000000003,,
 2010803,2010804,2010805,FFFFFFE000000000,,
 2010C42,,,,,
 201140A,,,,,
@@ -38,31 +33,15 @@
 2012300,,,0000A00000000000,,
 201230B,,,,,
 2030000,,,,,
-# @TODO: CQ SW431769
-# 0:1 CLOCK_CMD masked off because it auto-resets to 0
-# Right now mask those bits off for the comparison, but consider
-# modeling the auto reset behavior
+# Bits 0:1 (CLOCK_CMD) masked off because they auto-reset to 0
 2030006,,,0FE00E0000000000,3FFFFFFFFFFFFFFF,
 2030007,,,,,
-# @TODO: CQ SW431769
-# Enabling causes 2011882 to report wrongly for some reason
-#20F0012,20F0013,20F0014,4016620000000000,3FFFBDFFFFFFFFFF,
-# @TODO: CQ SW431769
-# This is broken, needs more attention
-#3000000,3000004,3000005,7001900000000003,,
+20F0012,20F0013,20F0014,8016200000000000,,
+3000000,3000004,3000005,7001900000000003,,
 3010414,,,7FFFFFFFFFFFD7FF,,
 3010415,,,BFFFFFFFFFFFEFFF,,
 3010433,,,8484212100000000,,
 301060A,,,,,
-# @TODO: CQ SW431769
-# First 2 bits reset by HW without SW knowledge
-# So need to either let the HW read through for these bits, or
-# ignore the register
-#301060B,,,,3FFFFFFFFFFFFFFF,
-# @TODO: CQ SW431769
-# Expected value is way off from actual value for
-# unknown reasons.  Fix or ignore the register
-#301060D,,,,,
 301060E,,,,,
 301060F,,,,,
 3010614,,,FFE0000000000000,,
@@ -119,11 +98,6 @@
 3010651,,,,,
 3010652,,,,,
 3010653,,,,,
-# @TODO: CQ SW431769
-# First 2 bits reset by HW without SW knowledge
-# So need to either let the HW read through for these bits, or
-# ignore the register
-#30106A5,,,,3FFFFFFFFFFFFFFF,
 30106A7,,,0000000400000000,,
 30106BE,,,,,
 30106BF,,,,,
@@ -139,7 +113,4 @@
 3012300,,,0000A00000000000,,
 301230B,,,,,
 3030000,,,,,
-# @TODO: CQ SW431769
-# Enabling this register causes failing
-# behavior for 303000
-#30F0012,30F0013,30F0014,,,
+30F0012,30F0013,30F0014,8016200000000000,,