talos-hostboot/src/usr/i2c/tpmdd.C, branch master

Add FFDC to 'No Functional TPM' Fails

2018-03-19T15:40:49+00:00

When no functional TPMs are detected, but TPMs are required, this commit will capture the Security Registers of each processor in the system and add them to the error log. It also updates how the tpmMarkFailed() function links and commits various error logs. Change-Id: I2e95bbfcb6ab3f3dff26149f234c219d4280e1fb CQ:SW417814 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/54808 CI-Ready: Michael Baiocchi Reviewed-by: Nicholas E. Bofferding Reviewed-by: ILYA SMIRNOV Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Daniel M. Crowell

Secure Boot: Mark redundant TPM not present until SMP is enabled

2018-03-15T22:13:50+00:00

Until the SMP is up, a redundant TPM is not able to be presence detected. This change updates the TPM presence detect routine to report a TPM connected to remote processor as not present when the remote processor is not connected to the SMP, so that Hostboot doesn't hit errors attempting to access/use the TPM at inappropriate times. Change-Id: I10aa683ec073be2b44e810746bee320dd6366184 RTC: 184515 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/55814 Reviewed-by: ILYA SMIRNOV Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Christopher J. Engel Reviewed-by: Michael Baiocchi Reviewed-by: Daniel M. Crowell

Update TPM Retry Policy and Timings

2018-01-25T14:05:18+00:00

This commit allows for all TPMDD errors to be re-tried (not just NACK errors) and adds a longer wait time between retries. Change-Id: Ibc38483881e710519f4a30cde5359c69fbbdaa62 Backport: release-fips910 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/52392 Reviewed-by: Timothy R. Block Reviewed-by: Christopher J. Engel Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Nicholas E. Bofferding Reviewed-by: William G. Hoffa

Add TPM device driver support for DRTM PCR reset sequence

2017-03-08T14:42:10+00:00

Change-Id: Ief02e10fc85d09b837e20dfb529186e2da4269fd Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35935 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: Nicholas E. Bofferding Tested-by: Jenkins OP Build CI Reviewed-by: Michael Baiocchi Reviewed-by: Daniel M. Crowell

Support DRTM RIT protection

2017-03-03T18:51:19+00:00

- Added mailbox scratch register 7 definition - Added DRTM functions - Added set/clear security switch register functions - Added additional security switch bit definitions - Added secureboot extended library to host DRTM functions - Inhibited TPM start command in DRTM flow - Added new config options for DRTM and DRTM RIT protection - Added new DRTM attribute to indicate if DRTM is active - Added new DRTM attribute to hold DRTM payload address - Added new DRTM attribute to initiate DRTM in lieu of loading payload - Updated target service init to determine DRTM settings - Updated host start payload step to initiate DRTM if conditions are met - Updated host MPIPL service to verify DRTM payload and clean up DRTM HW state - Updated host gard step to verify DRTM HW state - Rerouted PCR extensions to PCR 17 in DRTM boot - Use locality 2 for all PCR extensions in DRTM boot - Inhibit extension logging (for now) in DRTM boot - Only extend seperator to PCR 17 in DRTM boot Change-Id: Id52c36c3a64ca002571396d605caa308d9dc0199 RTC: 157140 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35633 Tested-by: Jenkins Server Reviewed-by: Michael Baiocchi Reviewed-by: Stephen M. Cprek Tested-by: FSP CI Jenkins Reviewed-by: Timothy R. Block Tested-by: Jenkins OP Build CI Reviewed-by: Daniel M. Crowell

Add base support for TPM locality 2

2017-02-08T21:13:12+00:00

- Added locality 2 enum - Updated check for localities to include locality 2 - Updated MRW generator to add locality 2 - Updated standalone config files to include locality 2 - Updated TPM_INFO to include locality 2 Change-Id: I385f331875c59568def895c1b89fcdc14dda6234 RTC: 157140 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35916 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Tested-by: Jenkins OP Build CI Reviewed-by: Marshall J. Wilks Reviewed-by: Stephen M. Cprek Reviewed-by: Michael Baiocchi Reviewed-by: Timothy R. Block Reviewed-by: Christopher J. Engel Reviewed-by: Daniel M. Crowell

Add TPM4 locality support

2017-01-27T21:41:57+00:00

Change-Id: I9f16fe77ee18f3d8839d0a06f9322ca1b1e47d93 RTC: 134415 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35271 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Tested-by: Jenkins OP Build CI Reviewed-by: Michael Baiocchi Reviewed-by: Nicholas E. Bofferding Reviewed-by: Timothy R. Block Reviewed-by: William G. Hoffa

Trustedboot support for using TPM target

2016-08-22T17:47:05+00:00

Change-Id: I362085fd81663b9b8ec56ed9e0670cf71fc851e4 RTC: 153386 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/28482 Reviewed-by: Christopher J. Engel Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: William G. Hoffa

Support for TPM Required attribute to allow system to IPL without a TPM

2016-07-27T16:22:07+00:00

Change-Id: I53e841036dfff75c6ed7d04ee55292b1285a6bee RTC: 125287 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/27454 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: Christopher J. Engel Reviewed-by: William G. Hoffa

Trustedboot add TPM and associated i2c master to the devtree

2016-06-09T02:45:27+00:00

Change-Id: Ic2edee549d23669f046a6e78f0cfae838faaec2d RTC: 125287 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/25470 Reviewed-by: Marshall J. Wilks Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: Daniel M. Crowell