Skip to content

Commit

Permalink
Attempt to unlock encryption in NVDIMM Arm function
Browse files Browse the repository at this point in the history 
Ensure encryption is unlocked when NVDIMM is armed at runtime.
Failure to unlock will generate additional Arm error and
prevent Arm from continuing.

CQ:SW477075
Change-Id: I7f97a6b8d574562d4e4abeb256020df5433d3a5f
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/84559
Reviewed-by: Dean Sanner <dsanner@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: TSUNG K YEUNG <tyeung@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M Crowell <dcrowell@us.ibm.com>
  • Loading branch information
@cvswen @dcrowell77
cvswen authored and dcrowell77 committed Oct 2, 2019
1 parent 1e1c803 commit adc61f1
Show file tree
Hide file tree
Showing 2 changed files with 55 additions and 1 deletion.
2 changes: 2 additions & 0 deletions src/include/usr/isteps/nvdimm/nvdimmreasoncodes.H
View file
Expand Up @@ -108,6 +108,7 @@ enum nvdimmModuleId
NVDIMM_COMPARE_CKSUM = 0x3A,
NVDIMM_CHECK_FW_SLOT = 0x3B,
NVDIMM_ARM_PRE_CHECK = 0x3C,
NVDIMM_ARM = 0x3D,
};

/**
Expand Down Expand Up @@ -201,6 +202,7 @@ enum nvdimmReasonCode
NVDIMM_INVALID_FW_SLOT = NVDIMM_COMP_ID | 0x50,
NVDIMM_ERASE_ERROR = NVDIMM_COMP_ID | 0x51,
NVDIMM_ARM_PRE_CHECK_FAILED = NVDIMM_COMP_ID | 0x52,
NVDIMM_ARM_ENCRYPTION_UNLOCK_FAILED = NVDIMM_COMP_ID | 0x53,
};

enum UserDetailsTypes
Expand Down
54 changes: 53 additions & 1 deletion src/usr/isteps/nvdimm/runtime/nvdimm_rt.C
View file
Expand Up @@ -232,7 +232,7 @@ errlHndl_t nvdimmArmPreCheck(Target* i_nvdimm)
*@userdata1[32:39] l_continue
*@userdata1[40:47] l_module_health
*@userdata1[48:56] l_ready
*@userdata1[57:63] l_fwuupdate
*@userdata1[57:63] l_fwupdate
*@userdata2 <UNUSED>
*@devdesc NVDIMM threw an error or failed to set event
* notifications during arming
Expand Down Expand Up @@ -301,6 +301,58 @@ bool nvdimmArm(TargetHandleList &i_nvdimmTargetList)
}
}

// Encryption unlocked check
// Check one nvdimm at a time
for (auto const l_nvdimm : i_nvdimmTargetList)
{
// Unlock function will create an error log
// Create another here to make it clear that the arm failed
TargetHandleList l_nvdimmTargetList;
l_nvdimmTargetList.push_back(l_nvdimm);
if (!nvdimm_encrypt_unlock(l_nvdimmTargetList))
{
TRACFCOMP(g_trac_nvdimm, ERR_MRK"nvdimmArm() nvdimm[%X] - failed NVDimm Arm encryption unlock",
get_huid(l_nvdimm));
/*@
*@errortype
*@reasoncode NVDIMM_ARM_ENCRYPTION_UNLOCK_FAILED
*@severity ERRORLOG_SEV_PREDICTIVE
*@moduleid NVDIMM_ARM
*@userdata1 Target Huid
*@userdata2 <UNUSED>
*@devdesc NVDIMM failed to unlock encryption during arming
*@custdesc NVDIMM failed to ARM
*/
l_err = new ERRORLOG::ErrlEntry(
ERRORLOG::ERRL_SEV_PREDICTIVE,
NVDIMM_ARM,
NVDIMM_ARM_ENCRYPTION_UNLOCK_FAILED,
get_huid(l_nvdimm),
0x0,
ERRORLOG::ErrlEntry::NO_SW_CALLOUT );

l_err->collectTrace( NVDIMM_COMP_NAME );

// Callout the dimm
l_err->addHwCallout( l_nvdimm,
HWAS::SRCI_PRIORITY_MED,
HWAS::DELAYED_DECONFIG,
HWAS::GARD_NULL);

// Read relevant regs for trace data
nvdimmTraceRegs(l_nvdimm, l_RegInfo);
nvdimmAddPage4Regs(l_nvdimm,l_err);
nvdimmAddVendorLog(l_nvdimm, l_err);

// Add reg traces to the error log
NVDIMM::UdNvdimmOPParms( l_RegInfo ).addToLog(l_err);

// Commit the error then exit
errlCommit(l_err, NVDIMM_COMP_ID);
return false;
}
}

// Mask MBACALFIR EventN to separate ARM handling
for (TargetHandleList::iterator it = i_nvdimmTargetList.begin();
it != i_nvdimmTargetList.end();)
Expand Down

0 comments on commit adc61f1

Please sign in to comment.