Talos™ II hostboot sources https://git.raptorcs.com/git/talos-hostboot/atom?h=07-25-2019 2019-12-06T16:28:47+00:00 2019-12-06T16:28:47+00:00 Dan Crowell dcrowell@us.ibm.com 2019-11-20T18:36:48+00:00 urn:sha1:c46f1ee5b8b9f7ea7e398f373f990b6e3440a257 Rather than having to remember to include config.h anywhere we reference a CONFIG variable (and usually forgetting), this adds it to the default compiler flags so that it gets included in every source file we build. Change-Id: I53622ab4d46c55d942e98cae6ec03049fd5b3d08 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/87475 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Zachary Clark <zach@ibm.com> Reviewed-by: Roland Veloz <rveloz@us.ibm.com> Reviewed-by: Christian R Geddes <crgeddes@us.ibm.com> Reviewed-by: Nicholas E Bofferding <bofferdn@us.ibm.com> 2019-11-14T14:28:02+00:00 Mike Baiocchi mbaiocch@us.ibm.com 2019-09-12T14:00:52+00:00 urn:sha1:35964668f9dc302401ff03c691e579a4c48eecea This commit does the following: - Adds an interface to detect if physical presence has been asserted -- This happens in istep 6 -- If the window is open to detect this, it is then closed here - Adds an interface to possibly open the window to look for physical presence -- This happens in istep 10 -- It first checks to see if the window should be opened -- If the window is opened then the system shuts down to wait for physical presence to be asserted on the next power on - Adds the necessary attributes to support and test this functionality RTC:211220 Change-Id: I05a26ebad581875a4b9f2a51eb1ca3062f36c5fb Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/84656 Reviewed-by: Ilya Smirnov <ismirno@us.ibm.com> Reviewed-by: Christopher J Engel <cjengel@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E Bofferding <bofferdn@us.ibm.com> 2019-04-12T17:12:41+00:00 Ilya Smirnov ismirno@us.ibm.com 2019-03-28T13:32:24+00:00 urn:sha1:d1d3f44dd9394894efd35b822c33ce36a6d01392 New procedure to call the SBE chip op to pass the SBE the address at which it will populate the Ultravisor XSCOM white/blacklist. The white/blacklist is also included in hostboot reserved memory and is passed to HDAT. Change-Id: If28854a73fa521297084bdee391fab95aa4f9a8a RTC: 192422 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/75238 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2019-04-12T17:12:11+00:00 Ilya Smirnov ismirno@us.ibm.com 2018-12-11T15:47:55+00:00 urn:sha1:a9addc3db4f8940ca38fb63c99fcab26126c88f0 For SMF to be enabled, HOMER requires a small amount of non-SMF (unsecure) memory where the "jump to Ultravisor" instruction can be put (to transition to UV mode). This commit sets up a region of non-secure memory space for that purpose. Change-Id: Ib91ec69f49a4e174e65f3c2aad337a68eaa0803b RTC: 205986 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/70699 Reviewed-by: Prem Shanker Jha <premjha2@in.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2019-03-05T14:53:09+00:00 Mike Baiocchi mbaiocch@us.ibm.com 2019-02-19T16:55:19+00:00 urn:sha1:d74d3932d989bca5b533c48024ac135ec9991d64 This commit adds many checks to callout potential issues with the new multinode trustedboot transfer protocol. It also improves some TPM-related traces. Change-Id: Ice3f8be0668cc63321eeb2562bb8ffe610284b6a RTC:203642 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72363 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Ilya Smirnov <ismirno@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2019-03-01T21:20:41+00:00 Ilya Smirnov ismirno@us.ibm.com 2018-11-12T14:51:33+00:00 urn:sha1:ed35e3da7c2606f6fe0930725892deae85df33b7 This change introduces the unit tests (and helper functions) to test the SMF memory distribution algorithm. Change-Id: I0084f869d582e96354f06ec76c3de416c9838701 RTC: 192411 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/68679 Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2019-03-01T21:06:57+00:00 Ilya Smirnov ismirno@us.ibm.com 2019-02-19T15:19:35+00:00 urn:sha1:b1c1b2cc5e78267fadb9001587f66566cf19159e This commit introduces a new attribute TPM_POISONED used to indicate that a certain TPM was poisoned during the boot. This attribute is also used to adjust the trustedboot flag in HDAT: if the primary TPM was poisoned during the IPL, the trustedboot setting is turned off in HDAT. Change-Id: I32ff6e79ebba0e38c0e8b4b9bd4aa0f52a250d9a RTC: 203645 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72129 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2019-02-26T21:55:47+00:00 Ilya Smirnov ismirno@us.ibm.com 2019-02-22T15:54:57+00:00 urn:sha1:cab3c5b1f80c36dcb9015d7085ee5b11948d4232 This commit adds the size of the quote and signature fields returned from the TPM as part of enhanced multinode comm to the generated slave quote. This will make it easier to process the slave quote for remote attestation. Change-Id: Iab0d66bf5c34f49441fec346c6964458c58cff1f RTC: 203645 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72357 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2019-02-20T17:38:57+00:00 Ilya Smirnov ismirno@us.ibm.com 2019-01-29T15:54:24+00:00 urn:sha1:3a6180ba355940c952f332ebd514c8eb15ef7c7a This commit introduces the logic to create the master node nodecomm request to the slave nodes and logic to process the responses from the slave nodes. The data from the slave nodes (the slave quote) is hashed and extended into PCR1. The binary quote blob is also included in the TPM log as a log message. Additional changes: the logic to relocate the TPM log to increase its size, and the logic to allow uint8_t* instead of char* as the TPM log message. Change-Id: Ide4465f0d4a91aec815c9db5d765cdbde231dcd3 RTC: 203644 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/71407 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2019-02-19T22:56:50+00:00 Ilya Smirnov ismirno@us.ibm.com 2019-01-15T22:08:48+00:00 urn:sha1:00325c6de8baa143c8e06e9324d6ba997465aa1f This commit introduces the logic to create the slave response for the new enhanced multinode comm protocol. The slave response consists of an eye catcher, node ID, quote and signature data from TPM, PCR contents of the slave node TPM, Attestation Key Certificate, and the TPM log. All of the above data is packaged into a binary blob to be sent back to the master node. Change-Id: I927c6ca937e6c07af4185cf54c782697c5d822f6 RTC: 203643 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/70791 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>