talos-hostboot/src/usr/secureboot/trusted, branch 07-25-2019

Add README.md files to the secureboot component

2020-02-13T14:55:47+00:00

This commit adds a top-level README.md file to the secureboot component that then calls into new README.md files in the different sub-directories. Change-Id: I7460a0e591232c2f8387321b0251ac3f62a1c76e Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/89025 Reviewed-by: Ilya Smirnov Reviewed-by: Nicholas E Bofferding Reviewed-by: Christopher J Engel Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Daniel M Crowell

Automatically include config.h

2019-12-06T16:28:47+00:00

Rather than having to remember to include config.h anywhere we reference a CONFIG variable (and usually forgetting), this adds it to the default compiler flags so that it gets included in every source file we build. Change-Id: I53622ab4d46c55d942e98cae6ec03049fd5b3d08 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/87475 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Zachary Clark Reviewed-by: Roland Veloz Reviewed-by: Christian R Geddes Reviewed-by: Nicholas E Bofferding

Fix NVDIMM update error log comments

2019-08-20T17:35:45+00:00

First line of error log comment must include /*@ or error log will not be documented. Also fixed in other HB files. Change-Id: Ifa5eba6d6abd7f8565a4cc8d62a25a2b833725f2 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/82497 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: Nicholas E Bofferding Reviewed-by: Matt Derksen Reviewed-by: Daniel M Crowell

HB Improvements: Compiler Issues with Different Config Files

2019-04-05T21:52:13+00:00

Fixed compiler issues with Witherspoon, Romulus, Zaius, Boston. Change-Id: Ic4046323eb391be6ec311bc408ef9d858ceff8cd RTC: 202716 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/75552 Reviewed-by: Nicholas E. Bofferding Reviewed-by: Ilya Smirnov Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Daniel M. Crowell

Initialize backup TPM in MPIPL

2019-04-01T22:05:19+00:00

Update the boot flow to call the istep to initialize the backup TPM during an MPIPL and carry over the backup present/functional state as they were from runtime, prior to the MPIPL. Change-Id: Ic402e37cf2f465686770ff22d4f2296332b0f3f7 CQ: SW456951 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/75163 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: FSP CI Jenkins Tested-by: Jenkins OP HW Reviewed-by: Ilya Smirnov Reviewed-by: Michael Baiocchi Reviewed-by: Matthew Raybuck Reviewed-by: William G. Hoffa

Secureboot: Enhanced Nomdecomm: Quote Fix

2019-03-26T22:02:22+00:00

PCR8 was erroneously being included in the quote response from the TPM. We don't actually want to read out PCR8 in hostboot firmware. This change excludes PCR8 from the quote process. Change-Id: Ib2ace53b157b64b6a5dac392b0304b31765d7afb Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/74895 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Reviewed-by: Nicholas E. Bofferding Reviewed-by: Michael Baiocchi Reviewed-by: Daniel M. Crowell

Secureboot: Enhance Error Callouts For New Multinode Trustedboot Transfer

2019-03-05T14:53:09+00:00

This commit adds many checks to callout potential issues with the new multinode trustedboot transfer protocol. It also improves some TPM-related traces. Change-Id: Ice3f8be0668cc63321eeb2562bb8ffe610284b6a RTC:203642 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72363 Tested-by: Jenkins Server Reviewed-by: Ilya Smirnov Tested-by: Jenkins OP Build CI Tested-by: FSP CI Jenkins Tested-by: Jenkins OP HW Reviewed-by: Nicholas E. Bofferding Reviewed-by: Daniel M. Crowell

Secureboot: Enhanced Multinode Comm: TPM_POISONED

2019-03-01T21:06:57+00:00

This commit introduces a new attribute TPM_POISONED used to indicate that a certain TPM was poisoned during the boot. This attribute is also used to adjust the trustedboot flag in HDAT: if the primary TPM was poisoned during the IPL, the trustedboot setting is turned off in HDAT. Change-Id: I32ff6e79ebba0e38c0e8b4b9bd4aa0f52a250d9a RTC: 203645 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72129 Reviewed-by: Michael Baiocchi Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Nicholas E. Bofferding Reviewed-by: Daniel M. Crowell

Secureboot: Enhanced Multinode Comm: Quote Size Fix

2019-02-22T16:03:00+00:00

It was discovered that the quote and signature data returned from TPM as part of the new multinode comm contained an extra uint32 size field that should not be inlcuded into the slave quote blob. This commit removes that size field from the quote. Change-Id: Ia40eeee67567d08b1c1982f964dab1db411ff81b RTC: 203645 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72216 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: FSP CI Jenkins Tested-by: Jenkins OP HW Reviewed-by: Christopher J. Engel Reviewed-by: Nicholas E. Bofferding Reviewed-by: Daniel M. Crowell

Secureboot: Enhanced Multinode Comm: Master Node

2019-02-20T17:38:57+00:00

This commit introduces the logic to create the master node nodecomm request to the slave nodes and logic to process the responses from the slave nodes. The data from the slave nodes (the slave quote) is hashed and extended into PCR1. The binary quote blob is also included in the TPM log as a log message. Additional changes: the logic to relocate the TPM log to increase its size, and the logic to allow uint8_t* instead of char* as the TPM log message. Change-Id: Ide4465f0d4a91aec815c9db5d765cdbde231dcd3 RTC: 203644 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/71407 Reviewed-by: Michael Baiocchi Reviewed-by: Christopher J. Engel Reviewed-by: Nicholas E. Bofferding Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: FSP CI Jenkins Tested-by: Jenkins OP HW Reviewed-by: Daniel M. Crowell