From adc61f1bddd14ae2ec47f931f496f40d1f96dada Mon Sep 17 00:00:00 2001 From: Corey Swenson Date: Mon, 30 Sep 2019 17:34:35 -0500 Subject: [PATCH] Attempt to unlock encryption in NVDIMM Arm function Ensure encryption is unlocked when NVDIMM is armed at runtime. Failure to unlock will generate additional Arm error and prevent Arm from continuing. CQ:SW477075 Change-Id: I7f97a6b8d574562d4e4abeb256020df5433d3a5f Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/84559 Reviewed-by: Dean Sanner Tested-by: Jenkins Server Reviewed-by: TSUNG K YEUNG Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Daniel M Crowell --- .../usr/isteps/nvdimm/nvdimmreasoncodes.H | 2 + src/usr/isteps/nvdimm/runtime/nvdimm_rt.C | 54 ++++++++++++++++++- 2 files changed, 55 insertions(+), 1 deletion(-) diff --git a/src/include/usr/isteps/nvdimm/nvdimmreasoncodes.H b/src/include/usr/isteps/nvdimm/nvdimmreasoncodes.H index 6b29098990d..573693512a5 100644 --- a/src/include/usr/isteps/nvdimm/nvdimmreasoncodes.H +++ b/src/include/usr/isteps/nvdimm/nvdimmreasoncodes.H @@ -108,6 +108,7 @@ enum nvdimmModuleId NVDIMM_COMPARE_CKSUM = 0x3A, NVDIMM_CHECK_FW_SLOT = 0x3B, NVDIMM_ARM_PRE_CHECK = 0x3C, + NVDIMM_ARM = 0x3D, }; /** @@ -201,6 +202,7 @@ enum nvdimmReasonCode NVDIMM_INVALID_FW_SLOT = NVDIMM_COMP_ID | 0x50, NVDIMM_ERASE_ERROR = NVDIMM_COMP_ID | 0x51, NVDIMM_ARM_PRE_CHECK_FAILED = NVDIMM_COMP_ID | 0x52, + NVDIMM_ARM_ENCRYPTION_UNLOCK_FAILED = NVDIMM_COMP_ID | 0x53, }; enum UserDetailsTypes diff --git a/src/usr/isteps/nvdimm/runtime/nvdimm_rt.C b/src/usr/isteps/nvdimm/runtime/nvdimm_rt.C index dfe84e3ff0f..4caf2faab11 100644 --- a/src/usr/isteps/nvdimm/runtime/nvdimm_rt.C +++ b/src/usr/isteps/nvdimm/runtime/nvdimm_rt.C @@ -232,7 +232,7 @@ errlHndl_t nvdimmArmPreCheck(Target* i_nvdimm) *@userdata1[32:39] l_continue *@userdata1[40:47] l_module_health *@userdata1[48:56] l_ready - *@userdata1[57:63] l_fwuupdate + *@userdata1[57:63] l_fwupdate *@userdata2 *@devdesc NVDIMM threw an error or failed to set event * notifications during arming @@ -301,6 +301,58 @@ bool nvdimmArm(TargetHandleList &i_nvdimmTargetList) } } + // Encryption unlocked check + // Check one nvdimm at a time + for (auto const l_nvdimm : i_nvdimmTargetList) + { + // Unlock function will create an error log + // Create another here to make it clear that the arm failed + TargetHandleList l_nvdimmTargetList; + l_nvdimmTargetList.push_back(l_nvdimm); + if (!nvdimm_encrypt_unlock(l_nvdimmTargetList)) + { + TRACFCOMP(g_trac_nvdimm, ERR_MRK"nvdimmArm() nvdimm[%X] - failed NVDimm Arm encryption unlock", + get_huid(l_nvdimm)); + /*@ + *@errortype + *@reasoncode NVDIMM_ARM_ENCRYPTION_UNLOCK_FAILED + *@severity ERRORLOG_SEV_PREDICTIVE + *@moduleid NVDIMM_ARM + *@userdata1 Target Huid + *@userdata2 + *@devdesc NVDIMM failed to unlock encryption during arming + *@custdesc NVDIMM failed to ARM + */ + l_err = new ERRORLOG::ErrlEntry( + ERRORLOG::ERRL_SEV_PREDICTIVE, + NVDIMM_ARM, + NVDIMM_ARM_ENCRYPTION_UNLOCK_FAILED, + get_huid(l_nvdimm), + 0x0, + ERRORLOG::ErrlEntry::NO_SW_CALLOUT ); + + l_err->collectTrace( NVDIMM_COMP_NAME ); + + // Callout the dimm + l_err->addHwCallout( l_nvdimm, + HWAS::SRCI_PRIORITY_MED, + HWAS::DELAYED_DECONFIG, + HWAS::GARD_NULL); + + // Read relevant regs for trace data + nvdimmTraceRegs(l_nvdimm, l_RegInfo); + nvdimmAddPage4Regs(l_nvdimm,l_err); + nvdimmAddVendorLog(l_nvdimm, l_err); + + // Add reg traces to the error log + NVDIMM::UdNvdimmOPParms( l_RegInfo ).addToLog(l_err); + + // Commit the error then exit + errlCommit(l_err, NVDIMM_COMP_ID); + return false; + } + } + // Mask MBACALFIR EventN to separate ARM handling for (TargetHandleList::iterator it = i_nvdimmTargetList.begin(); it != i_nvdimmTargetList.end();)