Talos™ II hostboot sources https://git.raptorcs.com/git/talos-hostboot/atom?h=master 2018-05-11T01:49:40+00:00 2018-05-11T01:49:40+00:00 Jaymes Wilks mjwilks@us.ibm.com 2018-04-24T15:01:59+00:00 urn:sha1:98bee5bbab00b1fcb8c6b6255ac07e62e2800b60 A new programming interface allows us to obtain random numbers from the TPM more easily (i.e. in a more high-level way). Change-Id: Ibd3d3b320411bea146d6eab4d1a59ca760bc726c RTC:191000 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/57802 Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2018-05-03T20:02:25+00:00 Ilya Smirnov ismirno@us.ibm.com 2018-04-25T18:18:24+00:00 urn:sha1:43c4502d3b0b87020665a65ad2843e0ddc319063 Change the "TPM Required" policy to "Primary TPM Required," wherein only the presence and functionality of the primary TPM (attached to the acting master proc) will be considered when evaluating the TPM required condition. The presence and functionality of the backup TPM will not play a role in this policy. Change-Id: Id968123d0fc399c531da7429fdb8efabfa66c53c Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/57843 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com> 2018-05-02T20:03:48+00:00 Ilya Smirnov ismirno@us.ibm.com 2018-04-10T22:37:13+00:00 urn:sha1:b013c352cce4f0f7da2a59020b782a67732e5259 This change implements the detection and initialization of the backup TPM in istep 10.14. The backup TPM is presence-detected and initialized; the logs of the primary TPM are extended into the secondary TPM in istep 10.14. After the initialization of the secondary TPM, all events are extended into both TPMs. A test was created to test whether the backup TPM is initialized correctly. Change-Id: I305500c9f680115e684ab153fc882b8d5364b0d4 RTC: 134912 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/57374 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2018-03-30T21:07:19+00:00 Mike Baiocchi mbaiocch@us.ibm.com 2018-03-22T21:12:21+00:00 urn:sha1:55f0053bc34e10d118e383f782b7be5cb14f59d2 This commit resets the I2C buses connected to the TPMs early in the IPL since the FSP can't do the reset for us as they lack a FSI I2C connection to the TPMs. Change-Id: I4b4893da447f3c567c04a8d0c2b647f2927ec0ab RTC:188956 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/56188 Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2018-03-19T15:40:49+00:00 Mike Baiocchi mbaiocch@us.ibm.com 2018-02-27T23:19:35+00:00 urn:sha1:234ef44536ae27e0d83fdbade72d284dd3f1160f When no functional TPMs are detected, but TPMs are required, this commit will capture the Security Registers of each processor in the system and add them to the error log. It also updates how the tpmMarkFailed() function links and commits various error logs. Change-Id: I2e95bbfcb6ab3f3dff26149f234c219d4280e1fb CQ:SW417814 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/54808 CI-Ready: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2018-03-01T14:51:04+00:00 Mike Baiocchi mbaiocch@us.ibm.com 2018-02-28T19:01:46+00:00 urn:sha1:eeadfb7bf9852f327256b17786796809458118ce This commit updates the general I2C reset function to only reset certain engine(s) of the I2C master. This new functionality is then used to reset all of the processor I2C engines that can drive the TPMs on MPIPLs. Change-Id: Ie19e93233b5012b69d59bfc3f485ce2914d665da CQ:SW419116 Backport:release-fips910 Backport:release-fips900 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/54840 CI-Ready: Nicholas E. Bofferding <bofferdn@us.ibm.com> CI-Ready: Marshall J. Wilks <mjwilks@us.ibm.com> CI-Ready: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2018-02-25T02:33:06+00:00 Nick Bofferding bofferdn@us.ibm.com 2018-02-22T20:13:11+00:00 urn:sha1:24bc6a1bee514ae580733f1695c7d82edc4da4cb When SECUREBOOT::getJumperState() returns error, save off the error PLID before committing it, to avoid a segfault condition Change-Id: I968c73de11abf580b19720c4ee9689e38c155bb6 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/54596 Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Reviewed-by: Richard J. Knight <rjknight@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2018-02-10T17:26:10+00:00 Jaymes Wilks mjwilks@us.ibm.com 2018-01-29T18:41:13+00:00 urn:sha1:24252f0e54b00714d4665377696069532e724e63 Adds more useful information to the developer and customer descriptions of error logs that are created when the TPM required policy is broken. Change-Id: Ib2c42c85cb5689b5a791ab96709dc40f4bbd85d4 CQ:SW415447 Backport:release-fips910 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/52848 Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2018-02-01T22:59:52+00:00 Mike Baiocchi mbaiocch@us.ibm.com 2018-01-26T23:51:38+00:00 urn:sha1:1d437c8dc54886f43ab77447f0456c49f5b69c04 While verifying the PAYLOAD in memory before moving it to its final location, this commit parses the PAYLOAD's header and verifies that it has the correct componentId. It also extends the PAYLOAD information to the TPM. Change-Id: Ie333d1ba5919b36919b207f25ad60806359ed710 RTC:168745 Backport: release-fips910 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/52837 Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> 2018-01-19T16:40:03+00:00 Nick Bofferding bofferdn@us.ibm.com 2018-01-17T04:10:15+00:00 urn:sha1:7a5fdcbd0c459808c1fc8a5c181c131fa7c8e3b5 Change-Id: Id2bd6597e930015dfad0ae4196aa326948bdee8e Backport: release-fips910 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/52095 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>