talos-hostboot/src/usr/secureboot/ext/makefile, branch 07-25-2019

Add Physical Presence Check and Window Open Features

2019-11-14T14:28:02+00:00

This commit does the following: - Adds an interface to detect if physical presence has been asserted -- This happens in istep 6 -- If the window is open to detect this, it is then closed here - Adds an interface to possibly open the window to look for physical presence -- This happens in istep 10 -- It first checks to see if the window should be opened -- If the window is opened then the system shuts down to wait for physical presence to be asserted on the next power on - Adds the necessary attributes to support and test this functionality RTC:211220 Change-Id: I05a26ebad581875a4b9f2a51eb1ca3062f36c5fb Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/84656 Reviewed-by: Ilya Smirnov Reviewed-by: Christopher J Engel Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Nicholas E Bofferding

Secure Boot: Support API to fence off all node processors' secure mailboxes

2018-06-19T21:35:42+00:00

This change imlpements the logic to lock down the Abus secure mailboxes prior to starting PHyp. The lock down is perormed as part of secure node communication in istep 18 Change-Id: I4bc678ce7844290a7229b605406d5d3c689a0c6c RTC: 191005 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/59692 Reviewed-by: Michael Baiocchi Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Daniel M. Crowell

Support DRTM RIT protection

2017-03-03T18:51:19+00:00

- Added mailbox scratch register 7 definition - Added DRTM functions - Added set/clear security switch register functions - Added additional security switch bit definitions - Added secureboot extended library to host DRTM functions - Inhibited TPM start command in DRTM flow - Added new config options for DRTM and DRTM RIT protection - Added new DRTM attribute to indicate if DRTM is active - Added new DRTM attribute to hold DRTM payload address - Added new DRTM attribute to initiate DRTM in lieu of loading payload - Updated target service init to determine DRTM settings - Updated host start payload step to initiate DRTM if conditions are met - Updated host MPIPL service to verify DRTM payload and clean up DRTM HW state - Updated host gard step to verify DRTM HW state - Rerouted PCR extensions to PCR 17 in DRTM boot - Use locality 2 for all PCR extensions in DRTM boot - Inhibit extension logging (for now) in DRTM boot - Only extend seperator to PCR 17 in DRTM boot Change-Id: Id52c36c3a64ca002571396d605caa308d9dc0199 RTC: 157140 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35633 Tested-by: Jenkins Server Reviewed-by: Michael Baiocchi Reviewed-by: Stephen M. Cprek Tested-by: FSP CI Jenkins Reviewed-by: Timothy R. Block Tested-by: Jenkins OP Build CI Reviewed-by: Daniel M. Crowell

Change copyright prolog for all files to Apache.

2014-05-22T03:16:32+00:00

Change-Id: I5664587b4f889099290ef50d50fa9ce5e580e1eb Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/11167 Tested-by: Jenkins Server Reviewed-by: A. Patrick Williams III

Update makefiles & included .mk files to use += convention.

2014-05-21T22:32:37+00:00

Change-Id: I4148bc4c770b7c3c10fe25aa18d57d1a4301e5a9 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/11194 Tested-by: Jenkins Server Reviewed-by: Christopher T. Phan Reviewed-by: A. Patrick Williams III

Secureboot memory layout support.

2013-06-14T14:09:09+00:00

* Start kernel in 1/4 cache mode per Secureboot. * Copy Secureboot header for base image for later use. * Blind-purge bottom half of cache. * Add bottom of cache into memory maps for 1/2 cache mode. RTC: 64762 Change-Id: I1b45f30a2d45c9709d4fd486cfe0ca2ce86b051c Reviewed-on: http://gfw160.austin.ibm.com:8080/gerrit/3773 Reviewed-by: Michael Baiocchi Tested-by: Jenkins Server Reviewed-by: ADAM R. MUHLE Reviewed-by: Daniel M. Crowell Reviewed-by: A. Patrick Williams III