Talos™ II hostboot sources https://git.raptorcs.com/git/talos-hostboot/atom?h=07-25-2019 2020-02-13T14:55:47+00:00 2020-02-13T14:55:47+00:00 Mike Baiocchi mbaiocch@us.ibm.com 2019-12-20T17:50:01+00:00 urn:sha1:20b285f6301b51c67ab734fe36123fa8da4a6021 This commit adds a top-level README.md file to the secureboot component that then calls into new README.md files in the different sub-directories. Change-Id: I7460a0e591232c2f8387321b0251ac3f62a1c76e Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/89025 Reviewed-by: Ilya Smirnov <ismirno@us.ibm.com> Reviewed-by: Nicholas E Bofferding <bofferdn@us.ibm.com> Reviewed-by: Christopher J Engel <cjengel@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M Crowell <dcrowell@us.ibm.com> 2020-02-03T15:22:01+00:00 Mike Baiocchi mbaiocch@us.ibm.com 2020-01-31T06:09:04+00:00 urn:sha1:26554a3e54aac96a8bafa9ab4fabb45e126d5e1d Originally TRACE_ERR_FMT and TRACE_ERR_ARGS were defined in centaurScomCache.H for the P9 'master' branch. This commit puts them into the more proper errlentry.H file like they are for P10's 'master-p10' branch. Change-Id: Icb7af6ae721a15036804b7d35f49911888eb5eaf Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/90705 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Zachary Clark <zach@ibm.com> Reviewed-by: Nicholas E Bofferding <bofferdn@us.ibm.com> Reviewed-by: William G Hoffa <wghoffa@us.ibm.com> 2019-12-06T16:28:47+00:00 Dan Crowell dcrowell@us.ibm.com 2019-11-20T18:36:48+00:00 urn:sha1:c46f1ee5b8b9f7ea7e398f373f990b6e3440a257 Rather than having to remember to include config.h anywhere we reference a CONFIG variable (and usually forgetting), this adds it to the default compiler flags so that it gets included in every source file we build. Change-Id: I53622ab4d46c55d942e98cae6ec03049fd5b3d08 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/87475 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Zachary Clark <zach@ibm.com> Reviewed-by: Roland Veloz <rveloz@us.ibm.com> Reviewed-by: Christian R Geddes <crgeddes@us.ibm.com> Reviewed-by: Nicholas E Bofferding <bofferdn@us.ibm.com> 2019-07-30T20:17:31+00:00 Ilya Smirnov ismirno@us.ibm.com 2019-07-22T19:21:12+00:00 urn:sha1:3ab493b6935dd508c27e9fcce2dd03826e26f14e When the TPM required policy is off, node comm path should not commit any errors as to not confuse the testers/customers. This commit silences the errors from the node comm protocol when TPM is not required. In addition, when TPM is required, we want to fail the boot if node comm is unsuccessful. Logic has been added to pass the error info up to FSP in case of any error in istep18 (when node comm runs). Change-Id: I76d48780790b6fee759b3ccc60a858f0a8835dee CQ: SW466658 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/80937 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Glenn Miles <milesg@ibm.com> Reviewed-by: Daniel M Crowell <dcrowell@us.ibm.com> 2019-03-05T14:53:09+00:00 Mike Baiocchi mbaiocch@us.ibm.com 2019-02-19T16:55:19+00:00 urn:sha1:d74d3932d989bca5b533c48024ac135ec9991d64 This commit adds many checks to callout potential issues with the new multinode trustedboot transfer protocol. It also improves some TPM-related traces. Change-Id: Ice3f8be0668cc63321eeb2562bb8ffe610284b6a RTC:203642 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72363 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Ilya Smirnov <ismirno@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2019-03-01T21:06:57+00:00 Ilya Smirnov ismirno@us.ibm.com 2019-02-19T15:19:35+00:00 urn:sha1:b1c1b2cc5e78267fadb9001587f66566cf19159e This commit introduces a new attribute TPM_POISONED used to indicate that a certain TPM was poisoned during the boot. This attribute is also used to adjust the trustedboot flag in HDAT: if the primary TPM was poisoned during the IPL, the trustedboot setting is turned off in HDAT. Change-Id: I32ff6e79ebba0e38c0e8b4b9bd4aa0f52a250d9a RTC: 203645 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72129 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2019-02-26T21:55:47+00:00 Ilya Smirnov ismirno@us.ibm.com 2019-02-22T15:54:57+00:00 urn:sha1:cab3c5b1f80c36dcb9015d7085ee5b11948d4232 This commit adds the size of the quote and signature fields returned from the TPM as part of enhanced multinode comm to the generated slave quote. This will make it easier to process the slave quote for remote attestation. Change-Id: Iab0d66bf5c34f49441fec346c6964458c58cff1f RTC: 203645 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72357 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2019-02-22T16:03:08+00:00 Mike Baiocchi mbaiocch@us.ibm.com 2019-02-14T16:43:14+00:00 urn:sha1:5420b7312c8ad13ab1372ec00a3974012c7587d9 This commit adds a new exchange of data between the master and slave nodes to further enhance our Trustedboot IPL. It builds upon updates to the transfer mechanism between the nodes and new TPM commands on the nodes. Change-Id: I18bd152e4bd3aeb9b79eb9ec774fc80871874155 RTC:203642 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/71903 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Ilya Smirnov <ismirno@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2019-02-20T17:38:57+00:00 Ilya Smirnov ismirno@us.ibm.com 2019-01-29T15:54:24+00:00 urn:sha1:3a6180ba355940c952f332ebd514c8eb15ef7c7a This commit introduces the logic to create the master node nodecomm request to the slave nodes and logic to process the responses from the slave nodes. The data from the slave nodes (the slave quote) is hashed and extended into PCR1. The binary quote blob is also included in the TPM log as a log message. Additional changes: the logic to relocate the TPM log to increase its size, and the logic to allow uint8_t* instead of char* as the TPM log message. Change-Id: Ide4465f0d4a91aec815c9db5d765cdbde231dcd3 RTC: 203644 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/71407 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2019-02-19T22:56:50+00:00 Ilya Smirnov ismirno@us.ibm.com 2019-01-15T22:08:48+00:00 urn:sha1:00325c6de8baa143c8e06e9324d6ba997465aa1f This commit introduces the logic to create the slave response for the new enhanced multinode comm protocol. The slave response consists of an eye catcher, node ID, quote and signature data from TPM, PCR contents of the slave node TPM, Attestation Key Certificate, and the TPM log. All of the above data is packaged into a binary blob to be sent back to the master node. Change-Id: I927c6ca937e6c07af4185cf54c782697c5d822f6 RTC: 203643 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/70791 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>