Skip to content

Commit

Permalink
Secure Boot: RAS Reviews: Fix load handler logging
Browse files Browse the repository at this point in the history 
- Link secure load message fail log to PLID of real verification error
- Increase severity of verification fail
- Fixed formatting of secure load error log to be parseable

Change-Id: I15cd9cb86c15d2ee112f6c606ff1bc9eaa9f453b
RTC: 181899
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/50866
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
  • Loading branch information
@wghoffa
Nick Bofferding authored and wghoffa committed Dec 15, 2017
1 parent 83243d5 commit bd15194
Show file tree
Hide file tree
Showing 3 changed files with 46 additions and 9 deletions.
41 changes: 34 additions & 7 deletions src/usr/pnor/spnorrp.C
View file
Expand Up @@ -303,8 +303,10 @@ void SPnorRP::initDaemon()
*/
uint64_t SPnorRP::verifySections(SectionId i_id,
bool i_loadedPreviously,
LoadRecord* io_rec)
LoadRecord* io_rec,
uint32_t& o_plid)
{
o_plid=0;
SectionInfo_t l_info;
errlHndl_t l_errhdl = NULL;
bool failedVerify = false;
Expand Down Expand Up @@ -616,6 +618,7 @@ uint64_t SPnorRP::verifySections(SectionId i_id,
errlCommit(l_errhdl,PNOR_COMP_ID);
INITSERVICE::doShutdown(l_errPlid, true);
}
o_plid=l_errPlid;
}

return l_rc;
Expand Down Expand Up @@ -648,6 +651,8 @@ void SPnorRP::waitForMessage()
message = msg_wait( iv_msgQ );
if( message )
{
uint32_t plid=0;

// data[0] = virtual address requested
// data[1] = address to place contents
eff_addr = reinterpret_cast<uint8_t*>(message->data[0]);
Expand Down Expand Up @@ -771,9 +776,11 @@ void SPnorRP::waitForMessage()
TRACDCOMP(g_trac_pnor, "SPnorRP::waitForMessage> MSG_LOAD_SECTION refCount is %i",l_record->refCount);
if (l_record->refCount == 0)
{
uint32_t loadPlid=0;
l_rc = verifySections(l_id,
l_loadedPreviously,
l_record);
l_record,
loadPlid);
if (l_rc)
{
if(!l_loadedPreviously)
Expand All @@ -782,6 +789,11 @@ void SPnorRP::waitForMessage()
l_record = nullptr;
}
status_rc = -l_rc;

// Tunnel the PLID of the verify error to
// the caller
plid=loadPlid;

break;
}
}
Expand Down Expand Up @@ -1036,7 +1048,7 @@ void SPnorRP::waitForMessage()
* extra_data = Specific reason code.
*/
message->data[1] = status_rc;
message->extra_data = 0;
message->extra_data = reinterpret_cast<void*>(plid);
rc = msg_respond( iv_msgQ, message );
if( rc )
{
Expand Down Expand Up @@ -1094,16 +1106,17 @@ errlHndl_t loadUnloadSecureSection(const SectionId i_section,

TRACFCOMP(g_trac_pnor,ERR_MRK"PNOR::loadUnloadSecureSection> Error from msg_sendrecv or msg->data[1] rc=%d",
l_rc );
/* @errorlog
/*@
* @errortype
* @severity ERRL_SEV_CRITICAL_SYS_TERM
* @moduleid MOD_PNORRP_LOADUNLOADSECURESECTION
* @reasoncode RC_EXTERNAL_ERROR
* @userdata1 returncode from msg_sendrecv() or msg->data[1]
* @userdata2[0:31] SPNOR message type [LOAD | UNLOAD]
* @userdata2[32:63] Section ID
* @devdesc Could not load/unload section.
* @custdesc Security failure: unable to securely load
* requested firmware.
* @devdesc Secure Boot: Failed to securely load or unload
* signed boot firmware.
* @custdesc Failure in security subsystem
*/
err = new ERRORLOG::ErrlEntry(
ERRORLOG::ERRL_SEV_CRITICAL_SYS_TERM,
Expand All @@ -1113,6 +1126,20 @@ errlHndl_t loadUnloadSecureSection(const SectionId i_section,
TWO_UINT32_TO_UINT64(i_loadUnload,
i_section),
true /* Add HB Software Callout */);

// On a failure of load secure section, link the load error to this
// error by PLID, if available
if( (i_loadUnload == PNOR::MSG_LOAD_SECTION)
&& (rc==0)
&& (msg->data[1]!=0)
&& (msg->extra_data != nullptr))
{
// extra_data is 64 bits, PLID occupies lower 32 bits, so slice off
// the upper bits
const uint32_t plid=reinterpret_cast<uint64_t>(msg->extra_data);
err->plid(plid);
}

err->collectTrace(PNOR_COMP_NAME);
err->collectTrace(SECURE_COMP_NAME);
}
Expand Down
11 changes: 9 additions & 2 deletions src/usr/pnor/spnorrp.H
View file
Expand Up @@ -145,11 +145,18 @@ class SPnorRP
* @param[in/out] io_rec - Load record to store section information in
* io_rec->payloadTextHash is used for comparision if
* i_loadedPreviusly is true.
* @return uint64_t - Return code to pass back to message handler
* @param[out] o_plid - On function failure (return code is non-zero),
* PLID of the related error that was committed internally,
* otherwise 0.
* @return uint64_t - Return code to pass back to message handler. If a
* non-0 return code is returned, that implies the
* function also committed an error and returned a non-0
* PLID in o_plid
*/
uint64_t verifySections(PNOR::SectionId i_id,
bool i_loadedPreviously,
LoadRecord* io_rec);
LoadRecord* io_rec,
uint32_t& o_plid);

/**
* @brief Message receiver for secure space
Expand Down
3 changes: 3 additions & 0 deletions src/usr/secureboot/base/service.C
View file
Expand Up @@ -379,6 +379,9 @@ void handleSecurebootFailure(errlHndl_t &io_err, const bool i_waitForShutdown,

assert(io_err != NULL, "Secureboot Failure has a NULL error log")

// Secure Boot failure is a critical error
io_err->setSev(ERRORLOG::ERRL_SEV_CRITICAL_SYS_TERM);

// Grab errlog reason code before committing.
uint16_t l_rc = io_err->reasonCode();

Expand Down

0 comments on commit bd15194

Please sign in to comment.