talos-hostboot/src/usr/secureboot/ext, branch 07-25-2019

Add README.md files to the secureboot component

2020-02-13T14:55:47+00:00

This commit adds a top-level README.md file to the secureboot component that then calls into new README.md files in the different sub-directories. Change-Id: I7460a0e591232c2f8387321b0251ac3f62a1c76e Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/89025 Reviewed-by: Ilya Smirnov Reviewed-by: Nicholas E Bofferding Reviewed-by: Christopher J Engel Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Daniel M Crowell

Automatically include config.h

2019-12-06T16:28:47+00:00

Rather than having to remember to include config.h anywhere we reference a CONFIG variable (and usually forgetting), this adds it to the default compiler flags so that it gets included in every source file we build. Change-Id: I53622ab4d46c55d942e98cae6ec03049fd5b3d08 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/87475 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Zachary Clark Reviewed-by: Roland Veloz Reviewed-by: Christian R Geddes Reviewed-by: Nicholas E Bofferding

Add Physical Presence Check and Window Open Features

2019-11-14T14:28:02+00:00

This commit does the following: - Adds an interface to detect if physical presence has been asserted -- This happens in istep 6 -- If the window is open to detect this, it is then closed here - Adds an interface to possibly open the window to look for physical presence -- This happens in istep 10 -- It first checks to see if the window should be opened -- If the window is opened then the system shuts down to wait for physical presence to be asserted on the next power on - Adds the necessary attributes to support and test this functionality RTC:211220 Change-Id: I05a26ebad581875a4b9f2a51eb1ca3062f36c5fb Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/84656 Reviewed-by: Ilya Smirnov Reviewed-by: Christopher J Engel Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Nicholas E Bofferding

Fix NVDIMM update error log comments

2019-08-20T17:35:45+00:00

First line of error log comment must include /*@ or error log will not be documented. Also fixed in other HB files. Change-Id: Ifa5eba6d6abd7f8565a4cc8d62a25a2b833725f2 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/82497 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: Nicholas E Bofferding Reviewed-by: Matt Derksen Reviewed-by: Daniel M Crowell

Secureboot: Enhanced Multinode Comm: Master Node

2019-02-20T17:38:57+00:00

This commit introduces the logic to create the master node nodecomm request to the slave nodes and logic to process the responses from the slave nodes. The data from the slave nodes (the slave quote) is hashed and extended into PCR1. The binary quote blob is also included in the TPM log as a log message. Additional changes: the logic to relocate the TPM log to increase its size, and the logic to allow uint8_t* instead of char* as the TPM log message. Change-Id: Ide4465f0d4a91aec815c9db5d765cdbde231dcd3 RTC: 203644 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/71407 Reviewed-by: Michael Baiocchi Reviewed-by: Christopher J. Engel Reviewed-by: Nicholas E. Bofferding Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: FSP CI Jenkins Tested-by: Jenkins OP HW Reviewed-by: Daniel M. Crowell

Secure Boot: Support API to fence off all node processors' secure mailboxes

2018-06-19T21:35:42+00:00

This change imlpements the logic to lock down the Abus secure mailboxes prior to starting PHyp. The lock down is perormed as part of secure node communication in istep 18 Change-Id: I4bc678ce7844290a7229b605406d5d3c689a0c6c RTC: 191005 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/59692 Reviewed-by: Michael Baiocchi Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Daniel M. Crowell

Trustedboot support to log different event types

2017-04-23T15:22:58+00:00

Change-Id: I811e9bd38c8c365acbcf204fa638ec0eb7302b7e Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38879 Reviewed-by: Timothy R. Block Tested-by: Jenkins Server Reviewed-by: Nicholas E. Bofferding Tested-by: Jenkins OP Build CI Tested-by: FSP CI Jenkins Reviewed-by: Stephen M. Cprek Reviewed-by: Michael Baiocchi Reviewed-by: Daniel M. Crowell

Support DRTM RIT protection

2017-03-03T18:51:19+00:00

- Added mailbox scratch register 7 definition - Added DRTM functions - Added set/clear security switch register functions - Added additional security switch bit definitions - Added secureboot extended library to host DRTM functions - Inhibited TPM start command in DRTM flow - Added new config options for DRTM and DRTM RIT protection - Added new DRTM attribute to indicate if DRTM is active - Added new DRTM attribute to hold DRTM payload address - Added new DRTM attribute to initiate DRTM in lieu of loading payload - Updated target service init to determine DRTM settings - Updated host start payload step to initiate DRTM if conditions are met - Updated host MPIPL service to verify DRTM payload and clean up DRTM HW state - Updated host gard step to verify DRTM HW state - Rerouted PCR extensions to PCR 17 in DRTM boot - Use locality 2 for all PCR extensions in DRTM boot - Inhibit extension logging (for now) in DRTM boot - Only extend seperator to PCR 17 in DRTM boot Change-Id: Id52c36c3a64ca002571396d605caa308d9dc0199 RTC: 157140 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35633 Tested-by: Jenkins Server Reviewed-by: Michael Baiocchi Reviewed-by: Stephen M. Cprek Tested-by: FSP CI Jenkins Reviewed-by: Timothy R. Block Tested-by: Jenkins OP Build CI Reviewed-by: Daniel M. Crowell

Change copyright prolog for all files to Apache.

2014-05-22T03:16:32+00:00

Change-Id: I5664587b4f889099290ef50d50fa9ce5e580e1eb Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/11167 Tested-by: Jenkins Server Reviewed-by: A. Patrick Williams III

Update makefiles & included .mk files to use += convention.

2014-05-21T22:32:37+00:00

Change-Id: I4148bc4c770b7c3c10fe25aa18d57d1a4301e5a9 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/11194 Tested-by: Jenkins Server Reviewed-by: Christopher T. Phan Reviewed-by: A. Patrick Williams III