Skip to content

Commit

Permalink
Check Scratch Register 3 bit 7 and set new ATTR_SECURE_SETTINGS
Browse files Browse the repository at this point in the history 
Change-Id: Ia125ce6fdf5a15acf30a11e3124fae86c645d96c
RTC:163094
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/41107
Reviewed-by: Thi N. Tran <thi@us.ibm.com>
Reviewed-by: Sachin Gupta <sgupta2m@in.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: PPE CI <ppe-ci+hostboot@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Tested-by: Hostboot CI <hostboot-ci+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Matt K. Light <mklight@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Reviewed-by: Jennifer A. Stofer <stofer@us.ibm.com>
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/41110
Reviewed-by: Hostboot Team <hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
  • Loading branch information
@mabaiocchi @sgupta2m
mabaiocchi authored and sgupta2m committed Jun 7, 2017
1 parent e7bc187 commit f3be129
Show file tree
Hide file tree
Showing 5 changed files with 57 additions and 12 deletions.
16 changes: 15 additions & 1 deletion src/import/chips/p9/procedures/hwp/nest/p9_sbe_hb_structures.H
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,20 @@ enum SbeBootloaderVersion
MMIO_BARS_ADDED = 0x00090003,
};

union BootloaderSecureSettings
{
uint8_t data8;
struct
{
// Bit Breakdown - sync with ATTR_SECURE_SETTINGS
uint8_t reserved : 5; // reserved
uint8_t allowAttrOverrides : 1; // Allow Attribute Overrides in
// Secure Mode
uint8_t securityOverride : 1; // Security Override
uint8_t secureAccessBit : 1; // Secure Access Bit
} __attribute__((packed));
};

// Structure starts at the bootloader zero address
struct BootloaderConfigData_t
{
Expand All @@ -67,7 +81,7 @@ struct BootloaderConfigData_t
uint8_t pnorBootSide; // byte 9 0=PNOR side A, 1=PNOR side B [ATTR_PNOR_BOOT_SIDE]
uint16_t pnorSizeMB; // bytes 10:11 Size of PNOR in MB [ATTR_PNOR_SIZE]
uint64_t blLoadSize; // bytes 12:19 Size of Load (Exception vectors and Bootloader)
uint8_t secureAccessBit; // byte 20
BootloaderSecureSettings secureSettings ; // byte 20
uint64_t xscomBAR; // bytes 21:28 XSCOM MMIO BAR
uint64_t lpcBAR; // bytes 29:36 LPC MMIO BAR
};
Expand Down
15 changes: 9 additions & 6 deletions src/import/chips/p9/procedures/hwp/nest/p9_sbe_load_bootloader.C
View file
Original file line number Diff line number Diff line change
Expand Up @@ -203,10 +203,13 @@ fapi2::ReturnCode p9_sbe_load_bootloader(
// Pass size of load including exception vectors and Bootloader
l_bootloader_config_data.blLoadSize = l_exception_vector_size + i_payload_size;

// Get Secure Access Bit
FAPI_TRY(fapi2::getScom(i_master_chip_target, PERV_CBS_CS_SCOM, l_dataBuf),
"fapiGetScom of PERV_CBS_CS_SCOM failed");
l_bootloader_config_data.secureAccessBit = l_dataBuf.getBit<4>() ? 1 : 0;
// Set Secure Settings Byte
FAPI_TRY(FAPI_ATTR_GET(fapi2::ATTR_SECURE_SETTINGS, FAPI_SYSTEM, l_bootloader_config_data.secureSettings.data8));

// -- re-read Secure Access Bit in case it's changed
FAPI_TRY(fapi2::getScom(i_master_chip_target, PERV_CBS_CS_SCOM, l_dataBuf));

l_bootloader_config_data.secureSettings.secureAccessBit = l_dataBuf.getBit<4>() ? 1 : 0;
l_dataBuf.flush<0>();

// fill in MMIO BARs
Expand Down Expand Up @@ -288,10 +291,10 @@ fapi2::ReturnCode p9_sbe_load_bootloader(
{
l_data_to_pass_to_pba_array[i] = (l_bootloader_config_data.blLoadSize >> (56 - 8 * ((i - 12) % 8))) & 0xFF;
}
//At address X + 0x14 (20) put the secure access bit
//At address X + 0x14 (20) put the secure access byte
else if (i == 20)
{
l_data_to_pass_to_pba_array[i] = l_bootloader_config_data.secureAccessBit;
l_data_to_pass_to_pba_array[i] = l_bootloader_config_data.secureSettings.data8;
}
//At address X + 0x1B (21-28) put the XSCOM BAR
else if (i < 29)
Expand Down
19 changes: 15 additions & 4 deletions src/import/chips/p9/procedures/hwp/perv/p9_sbe_attr_setup.C
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@

//## auto_generated
#include "p9_sbe_attr_setup.H"

#include <p9_sbe_hb_structures.H>
#include <p9_perv_scom_addresses.H>

enum P9_SETUP_SBE_CONFIG_scratch4
Expand Down Expand Up @@ -118,12 +118,13 @@ fapi2::ReturnCode p9_sbe_attr_setup(const
//set_security_access
{
fapi2::buffer<uint64_t> l_read_reg;
BootloaderSecureSettings l_secure_settings;
l_secure_settings.data8 = 0;

FAPI_DBG("Reading ATTR_SECURITY_MODE");
FAPI_TRY(FAPI_ATTR_GET(fapi2::ATTR_SECURITY_MODE, FAPI_SYSTEM, l_read_1));
//Getting CBS_CS register value
FAPI_TRY(fapi2::getScom(i_target_chip, PERV_CBS_CS_SCOM,
l_read_reg));
FAPI_TRY(fapi2::getScom(i_target_chip, PERV_CBS_CS_SCOM, l_read_reg));

if ( (!l_read_1) // Security override possible
&& (l_read_scratch8.getBit<2>()) ) // scratch 3 is valid
Expand All @@ -141,14 +142,24 @@ fapi2::ReturnCode p9_sbe_attr_setup(const
l_read_reg.clearBit<4>(); //PIB.CBS_CS.CBS_CS_SECURE_ACCESS_BIT = 0
FAPI_TRY(fapi2::putScom(i_target_chip, PERV_CBS_CS_SCOM, l_read_reg));
}

FAPI_DBG("Copying mailbox scratch register 3 bits 6,7 to "
"ATTR_SECURE_SETTINGS");
l_secure_settings.securityOverride = l_read_scratch_reg.getBit<6>();
l_secure_settings.allowAttrOverrides = l_read_scratch_reg.getBit<7>();
}

// Include the Secure Access Bit now, but will double check before
// setting bootloader data later
l_secure_settings.secureAccessBit = l_read_reg.getBit<4>();
FAPI_DBG("Setting up ATTR_SECURITY_SETTINGS");
FAPI_TRY(FAPI_ATTR_SET(fapi2::ATTR_SECURE_SETTINGS, FAPI_SYSTEM, l_secure_settings.data8));

l_read_1 = 0;
l_read_1.writeBit<7>(l_read_reg.getBit<4>());

FAPI_DBG("Setting ATTR_SECURITY_ENABLE with the SAB state");
FAPI_TRY(FAPI_ATTR_SET(fapi2::ATTR_SECURITY_ENABLE, FAPI_SYSTEM, l_read_1));

}
//read_scratch1_reg
{
Expand Down
4 changes: 4 additions & 0 deletions src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_attributes.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -253,6 +253,10 @@
<name>ATTR_SBE_BOOT_SIDE</name>
<value>0x00</value>
</entry>
<entry>
<name>ATTR_SECURE_SETTINGS</name>
<value>0x00</value>
</entry>
<!-- TODO we need to change this once the absolute address is known -->
<entry>
<name>ATTR_SBE_HBBL_EXCEPTION_INSTRUCT</name>
Expand Down
15 changes: 14 additions & 1 deletion src/import/chips/p9/procedures/xml/attribute_info/p9_sbe_load_bootloader_attributes.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<!-- -->
<!-- OpenPOWER sbe Project -->
<!-- -->
<!-- Contributors Listed Below - COPYRIGHT 2015,2016 -->
<!-- Contributors Listed Below - COPYRIGHT 2015,2017 -->
<!-- [+] International Business Machines Corp. -->
<!-- -->
<!-- -->
Expand Down Expand Up @@ -77,6 +77,19 @@
<platInit/>
<initToZero/>
</attribute>
<attribute>
<id>ATTR_SECURE_SETTINGS</id>
<targetType>TARGET_TYPE_SYSTEM</targetType>
<description>Byte collecting Security Overrides
bits 0:4 - reserved
bit 5 - Allow Attribute Overrides in Securemode
bit 6 - Override Security Setting
bit 7 - Secure Access Bit
</description>
<valueType>uint8</valueType>
<writeable/>
<initToZero/>
</attribute>
<attribute>
<id>ATTR_SBE_HBBL_EXCEPTION_INSTRUCT</id>
<targetType>TARGET_TYPE_SYSTEM</targetType>
Expand Down

0 comments on commit f3be129

Please sign in to comment.