diff options
author | Ryan Grimm <grimm@linux.ibm.com> | 2019-10-25 14:14:27 -0400 |
---|---|---|
committer | Ram Pai <linuxram@us.ibm.com> | 2020-11-03 12:52:37 -0500 |
commit | b982d6cbcda9cd6286d0d9593918cc72da534b14 (patch) | |
tree | 0da7fdcfd6bb425b3f56b76c9763a2b817d2d2b8 | |
parent | 6e3a764d4d4f5abb6a3b647a0df51ca840e993e8 (diff) | |
download | skiboot-b982d6cbcda9cd6286d0d9593918cc72da534b14.zip skiboot-b982d6cbcda9cd6286d0d9593918cc72da534b14.tar.gz skiboot-b982d6cbcda9cd6286d0d9593918cc72da534b14.tar.bz2 |
pef: Fix up handling of HB reserves
For Hostboot, Skiboot parses secure memory from the HDAT table and
creates the secure-memory-ranges property. Then, Skiboot reserves the
entire secure memory region and names it ibm,secure-mem<n> where n is
the nth region found.
Later, Skiboot parses reserves from secure memory and if found in secure
memory the reserve is split. For example:
ibm,hbrt-code-image@1200ffd110000
ibm,hbrt-data@1200ffd550000
ibm,homer-image@1200ffd800000
ibm,homer-image@1200ffdc00000
ibm,occ-common-area@1200fff800000
ibm,sbe-comm@1200ffd0e0000
ibm,sbe-comm@1200ffd100000
ibm,sbe-ffdc@1200ffd0d0000
ibm,sbe-ffdc@1200ffd0f0000
ibm,secure-crypt-algo-code@1200ffd0c0000
ibm,secure-mem0@1000e00000000
ibm,secure-mem1@1200e00000000
ibm,secure-mem1@1200ffccf8000
ibm,secure-mem1@1200ffe000000
ibm,unsecure-homer@200dffe00000
ibm,uvbwlist@1200ffccf0000
For Mambo, ultra.tcl creates the secure-memory-ranges property at 8GB.
Mambo has no protection on secure memory, so a watchpoint should be used
to ensure Skiboot does not touch secure memory. ultra.tcl creates the
ibm,secure-mem reserve.
For BML, the BML script parses secure memory from the Cronus config file
and creates the secure-memory-ranges proprty.
In all cases, the console log should indicate secure memory has been
found and added to the device tree. For example:
UV: Secure memory range added to DT [0x000100fe00000000..0x001010000000000]
Signed-off-by: Ryan Grimm <grimm@linux.ibm.com>
-rw-r--r-- | hw/ultravisor.c | 64 |
1 files changed, 7 insertions, 57 deletions
diff --git a/hw/ultravisor.c b/hw/ultravisor.c index 3a2596a..510f56a 100644 --- a/hw/ultravisor.c +++ b/hw/ultravisor.c @@ -24,6 +24,7 @@ static char *uv_image = NULL; static size_t uv_image_size; struct xz_decompress *uv_xz = NULL; static struct uv_opal *uv_opal; +static int num_secure_ranges = 0; struct memcons uv_memcons __section(".data.memcons") = { .magic = MEMCONS_MAGIC, @@ -111,59 +112,6 @@ static uint64_t find_uv_fw_base_addr(struct dt_node *uv_node) return base_addr; } -static void reserve_secure_memory_region(void) -{ - struct dt_node *uv_node = find_uv_node(); - struct dt_node *hb_node; - const struct dt_property *ranges; - uint64_t *range, *rangesp, sm_size, addr; - char buf[128]; - int i=0; - - ranges = dt_find_property(uv_node, "secure-memory-ranges"); - if (!ranges) - return; - - hb_node = dt_find_by_path(dt_root, "/ibm,hostboot"); - if (hb_node) - prlog(PR_INFO, "Hostboot detected\n"); - - for (rangesp = (uint64_t *)(ranges->prop + ranges->len), - range = (uint64_t *)ranges->prop; - range < rangesp; - range += 2) { - addr = dt_get_number(range, 2); - if (!addr) - break; - - sm_size = dt_get_number(range + 1, 2); - if (!sm_size) - break; - - /* Remove Hostboot regions from secure memory 0 so we don't abort - * on overlapping regions */ - if (hb_node) { - prlog(PR_INFO, "Secure region %d, removing HB region\n", i); - /* TODO: Check with Hostboot for memory map */ - sm_size = sm_size - UV_HB_RESERVE_SIZE; - } - - snprintf(buf, 128, "ibm,secure-region-%d",i++); - mem_reserve_fw(strdup(buf), addr, sm_size); - } - - return; -} - -static void reserve_uv_memory(struct uv_opal *uv_opal) -{ - if (uv_opal->uv_base_addr == UV_LOAD_BASE) { - mem_reserve_fw("ibm,uv-code", UV_LOAD_BASE, UV_LOAD_MAX_SIZE); - } else { - reserve_secure_memory_region(); - } -} - static int create_dtb_uv(void *uv_fdt) { if (fdt_create(uv_fdt, UV_FDT_MAX_SIZE)) { @@ -377,8 +325,6 @@ start: goto load_error; } - reserve_uv_memory(uv_opal); - load_error: free_uv(); free(uv_xz); @@ -433,6 +379,7 @@ bool uv_add_mem_range(__be64 start, __be64 end) { struct dt_node *uv_node; bool ret = false; + char buff[128]; if (!is_msr_bit_set(MSR_S)) return ret; @@ -449,10 +396,13 @@ bool uv_add_mem_range(__be64 start, __be64 end) return false; } - ret = dt_append_memory_range(uv_node, start, end - start + 1); + ret = dt_append_memory_range(uv_node, start, end - start); if (ret) - prlog(PR_NOTICE, "Secure memory range added [0x%016llx..0x%015llx]\n", start, end); + prlog(PR_NOTICE, "UV: Secure memory range added to DT [0x%016llx..0x%015llx]\n", start, end); + + snprintf(buff, 128, "ibm,secure-mem%d", num_secure_ranges++); + mem_reserve_fw(strdup(buff), start, end - start); return ret; } |