SBE FW security switch

Implement SBE firmware security switch based on ATTR_SECURITY_ENABLE Change-Id: I435aad38c59e80c81925bd1f4b109aafd1993b1c Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/44959 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Sachin Gupta <sgupta2m@in.ibm.com>
open-power · Sep 6, 2017 · 75a82b7 · 75a82b7
1 parent 708be51
commit 75a82b7
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 26 deletions.
diff --git a/src/sbefw/sbeSecureMemRegionManager.C b/src/sbefw/sbeSecureMemRegionManager.C
@@ -6,6 +6,7 @@
 /* OpenPOWER sbe Project                                                  */
 /*                                                                        */
 /* Contributors Listed Below - COPYRIGHT 2017                             */
+/* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
 /* Licensed under the Apache License, Version 2.0 (the "License");        */
@@ -24,6 +25,7 @@
 #include "sbeSecureMemRegionManager.H"
 #include "sbetrace.H"
 #include "sbeutil.H"
+#include "sbeglobals.H"
 
 #ifndef __SBEFW_SEEPROM__
 
@@ -154,30 +156,33 @@ sbeSecondaryResponse SBESecureMemRegionManager::isAccessAllowed(
 {
     #define SBE_FUNC "SBESecureMemRegionManager::isAccessAllowed"
     sbeSecondaryResponse rc = SBE_SEC_OPERATION_SUCCESSFUL;
-    while(i_region.size > 0)
+    if(SBE_GLOBAL->sbeFWSecurityEnabled)
     {
-        secureMemRegion_t foundregion = getPartialRegionSize(i_region);
-        // Check if the found region has allowable access level
-        // and that the region overlap is from the beginning itself
-        if((i_region.mode & foundregion.mode) &&
-                (i_region.startAddress == foundregion.startAddress))
+        while(i_region.size > 0)
         {
-            SBE_INFO(SBE_FUNC" foundRegion Mem[0x%08X%08X], size[0x%08X]",
-                    SBE::higher32BWord(foundregion.startAddress),
-                    SBE::lower32BWord(foundregion.startAddress),
-                    foundregion.size);
-            i_region.size -= foundregion.size;
-            i_region.startAddress += foundregion.size;
-        }
-        else
-        {
-            SBE_ERROR(SBE_FUNC" Non secure access to memory blocked "
-                      "Addr[0x%08X%08X] Size[0x%08X]",
-                      SBE::higher32BWord(i_region.startAddress),
-                      SBE::lower32BWord(i_region.startAddress),
-                      i_region.size);
-            rc = SBE_SEC_BLACKLISTED_MEM_ACCESS;
-            break;
+            secureMemRegion_t foundregion = getPartialRegionSize(i_region);
+            // Check if the found region has allowable access level
+            // and that the region overlap is from the beginning itself
+            if((i_region.mode & foundregion.mode) &&
+                    (i_region.startAddress == foundregion.startAddress))
+            {
+                SBE_INFO(SBE_FUNC" foundRegion Mem[0x%08X%08X], size[0x%08X]",
+                        SBE::higher32BWord(foundregion.startAddress),
+                        SBE::lower32BWord(foundregion.startAddress),
+                        foundregion.size);
+                i_region.size -= foundregion.size;
+                i_region.startAddress += foundregion.size;
+            }
+            else
+            {
+                SBE_ERROR(SBE_FUNC" Non secure access to memory blocked "
+                          "Addr[0x%08X%08X] Size[0x%08X]",
+                          SBE::higher32BWord(i_region.startAddress),
+                          SBE::lower32BWord(i_region.startAddress),
+                          i_region.size);
+                rc = SBE_SEC_BLACKLISTED_MEM_ACCESS;
+                break;
+            }
         }
     }
     return rc;

diff --git a/src/sbefw/sbecmdiplcontrol.C b/src/sbefw/sbecmdiplcontrol.C
@@ -39,7 +39,6 @@
 #include "sbestates.H"
 #include "sbecmdcntrldmt.H"
 #include "sbeglobals.H"
-
 // TODO Workaround
 #include "plat_target_parms.H"
 
@@ -644,6 +643,11 @@ ReturnCode performAttrSetup( )
         }
         // Apply the gard records
         rc = plat_ApplyGards();
+
+        // Fetch FW security status
+        FAPI_ATTR_GET(fapi2::ATTR_SECURITY_ENABLE,
+                      fapi2::Target<fapi2::TARGET_TYPE_SYSTEM>(),
+                      SBE_GLOBAL->sbeFWSecurityEnabled);
      }while(0);
     SBE_EXIT(SBE_FUNC);
     return rc;

diff --git a/src/sbefw/sbeglobals.H b/src/sbefw/sbeglobals.H
@@ -82,6 +82,8 @@ class SBEGlobalsSingleton
         sbeHostAddr_t hostFFDCAddr;
         // Key Addr Pair
         sbeStashMemoryPair_t sbeKeyAddrPair;
+        // SBE FW security enabled; 0 - disabled; 1 - enabled
+        uint8_t sbeFWSecurityEnabled;
 
         ////////////////////////////////////////////////////////////////
         //// @brief PkThread structure for SBE Command Receiver thread
@@ -109,7 +111,8 @@ class SBEGlobalsSingleton
             sbeSemCmdRecv(),
             sbeSemCmdProcess(),
             SBERole(SBE_ROLE_MASTER),
-            sbefreq(( 133 * 1000 * 1000)/SBE::SBE_TO_NEST_FREQ_FACTOR)
+            sbefreq(( 133 * 1000 * 1000)/SBE::SBE_TO_NEST_FREQ_FACTOR),
+            sbeFWSecurityEnabled(1)
         {
         }
 };

diff --git a/src/test/framework/etc/patches/standalone.simics.patch b/src/test/framework/etc/patches/standalone.simics.patch
@@ -1,6 +1,8 @@
-48c48
+63c63,65
 < ($hb_masterproc).proc_chip.invoke parallel_store SCOM 0x5003A "00000000_00000000" 64
 ---
 > ($hb_masterproc).proc_chip.invoke parallel_store SCOM 0x5003A "80000000_00000000" 64
-51a52
+> # Set security enabled bit
+> ($hb_masterproc).proc_chip.invoke parallel_store SCOM 0x00050001 "0C000002_00000000" 64
+67a70
 > ($hb_masterproc).proc_chip.invoke parallel_store FSIMBOX 0x08 "00080000" 32