Terminate the IPL for Physical Presence Detection Erros in Mnfg Mode

This commit updates the existing logic such that in a manufacturing mode IPL any errors related to opening or interacting with a physical presence detection window will terminate the IPL. Change-Id: I2771241e745e6775e3a62b2d29e04171b0a6d159 RTC:210301 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/94140 Reviewed-by: Ilya Smirnov <ismirno@us.ibm.com> Reviewed-by: Nicholas E Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M Crowell <dcrowell@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
open-power · Mar 31, 2020 · 74d6847 · 74d6847
1 parent 14846f0
commit 74d6847
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 11 deletions.
diff --git a/src/include/usr/ipmi/ipmisensor.H b/src/include/usr/ipmi/ipmisensor.H
@@ -1069,7 +1069,7 @@ namespace SENSOR
      *      maintained by the BMC.
      *
      *   Usage:
-     *      uint8_t key_clear_request_value = 0x0100;
+     *      uint8_t key_clear_request_value = 0x01; //MSByte of Key Clear value
      *      KeyClearRequestSensor l_sensor;
      *      l_sensor.setKeyClearRequestValue( key_clear_request_value );
      *

diff --git a/src/usr/ipmiext/ipmisensor.C b/src/usr/ipmiext/ipmisensor.C
@@ -1035,7 +1035,7 @@ namespace SENSOR
     //
     errlHndl_t KeyClearRequestSensor::setKeyClearRequest(const uint8_t i_value)
     {
-        // This is a threshhhold sensor that sets one byte of data in the
+        // This is a threshold sensor that sets one byte of data in the
         // iv_sensor_reading field
         iv_msg->iv_sensor_reading = i_value;
 
@@ -1047,7 +1047,7 @@ namespace SENSOR
     //
     errlHndl_t KeyClearRequestSensor::getKeyClearRequest( uint8_t &o_value )
     {
-        // This is a threshhhold sensor that returns one byte of data in
+        // This is a threshold sensor that returns one byte of data in
         // the sensor_status field
         getSensorReadingData l_data;
 

diff --git a/src/usr/secureboot/ext/phys_presence.C b/src/usr/secureboot/ext/phys_presence.C
@@ -54,6 +54,37 @@ using namespace ERRORLOG;
 namespace SECUREBOOT
 {
 
+/**
+ *  @brief Local function returning if IPL is in Mnfg Mode
+ *
+ *  @return Returns true if in manufactoring mode (based on MNFG_FLAG_SRC_TERM
+ *          being enabled in ATTR_MNFG_FLAGS); otherwise, returns false
+ */
+bool isMnfgIpl(void)
+{
+    bool retVal = false;
+
+    // Find out if in manufacturing mode
+    TARGETING::Target* pTopLevel = nullptr;
+    TARGETING::targetService().getTopLevelTarget(pTopLevel);
+    assert(pTopLevel != nullptr,"Top level target was nullptr");
+
+    auto mnfgFlags = pTopLevel->getAttr<TARGETING::ATTR_MNFG_FLAGS>();
+
+    if (mnfgFlags & TARGETING::MNFG_FLAG_SRC_TERM)
+    {
+        retVal = true;
+    }
+
+    return retVal;
+}
+
+/**
+ * @brief Checks if the Physical Presence Window was opened and if
+ *        Physical Presence was asserted.
+ *
+ *        See src/include/usr/secureboot/phys_presence_if.H for details
+ */
 errlHndl_t detectPhysPresence(void)
 {
     errlHndl_t err = nullptr;
@@ -347,11 +378,14 @@ errlHndl_t detectPhysPresence(void)
         sys->setAttr<ATTR_PHYS_PRES_ASSERTED>(is_phys_pres_asserted);
     }
 
-    // If there is an error, but there was not a key clear request requiring
-    // the assertion of physical presence, make the error informational and
-    // commit it here so as not to halt the IPL
+    // If there is an error...
+    // 1) but there was not a key clear request requiring the assertion of
+    // physical presence --AND--
+    // 2) it wasn't a mnfg mode IPL, then
+    // make the error informational and commit it here so as not to halt the IPL
     if ((err != nullptr) &&
-        (doesKeyClearRequestPhysPres == false))
+        (doesKeyClearRequestPhysPres == false) &&
+        (isMnfgIpl() == false))
     {
         err->setSev(ERRORLOG::ERRL_SEV_INFORMATIONAL);
         SB_ERR("detectPhysPresence: Setting ERR to informational and "
@@ -370,6 +404,14 @@ errlHndl_t detectPhysPresence(void)
     return err;
 }
 
+/**
+ * @brief Handle Physical Presence Window first checks to see if a physical
+ *        presence window should be opened.  Then, if necessary, it sets up
+ *        the physical presence detect circuit and then shuts down the
+ *        system.
+ *
+ *        See src/include/usr/secureboot/phys_presence_if.H for details
+ */
 errlHndl_t handlePhysPresenceWindow(void)
 {
     errlHndl_t err = nullptr;
@@ -646,11 +688,14 @@ errlHndl_t handlePhysPresenceWindow(void)
 
     } while (0);
 
-    // If there is an error, but there was not a key clear request requiring
-    // the assertion of physical presence, make the error informational and
-    // commit it here so as not to halt the IPL
+    // If there is an error...
+    // 1) but there was not a key clear request requiring the assertion of
+    // physical presence --AND--
+    // 2) it wasn't a mnfg mode IPL, then
+    // make the error informational and commit it here so as not to halt the IPL
     if ((err != nullptr) &&
-        (doesKeyClearRequestPhysPres == false))
+        (doesKeyClearRequestPhysPres == false) &&
+        (isMnfgIpl() == false))
     {
         err->setSev(ERRORLOG::ERRL_SEV_INFORMATIONAL);
         SB_ERR("handlePhysPresenceWindow: Setting ERR to informational and "