diff options
author | Stephen Cprek <smcprek@us.ibm.com> | 2017-11-27 11:44:14 -0600 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-12-05 15:16:08 -0500 |
commit | 5b5972e5580c20b3dc34bf529f7ddc1a2d872a52 (patch) | |
tree | 702ebd5824df5bf8246f6baca7e34e1370e858ef | |
parent | ca52131dad3de16f44b9c9f07b5413edf1e9742a (diff) | |
download | talos-hostboot-5b5972e5580c20b3dc34bf529f7ddc1a2d872a52.tar.gz talos-hostboot-5b5972e5580c20b3dc34bf529f7ddc1a2d872a52.zip |
Create a Trusted boot trace component and collect trace on errors
Error log trace never included "TRBOOT" trace
Change-Id: I0ff99d3d3cc78a7a25c576059d69d1644a2c802d
RTC: 181899
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/50077
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
-rw-r--r-- | src/include/usr/hbotcompid.H | 10 | ||||
-rw-r--r-- | src/include/usr/secureboot/trustedboot_reasoncodes.H | 46 | ||||
-rw-r--r-- | src/usr/isteps/istep06/call_host_update_master_tpm.C | 2 | ||||
-rw-r--r-- | src/usr/secureboot/base/service.C | 1 | ||||
-rw-r--r-- | src/usr/secureboot/common/containerheader.C | 3 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/base/trustedbootMsg.C | 7 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/base/trustedboot_base.C | 6 | ||||
-rwxr-xr-x | src/usr/secureboot/trusted/test/tpmLogMgrTest.H | 6 | ||||
-rwxr-xr-x | src/usr/secureboot/trusted/test/trustedbootTest.H | 2 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/trustedboot.C | 22 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/trustedbootUtils.C | 1 |
11 files changed, 64 insertions, 42 deletions
diff --git a/src/include/usr/hbotcompid.H b/src/include/usr/hbotcompid.H index 7f1c0308e..6f1c90675 100644 --- a/src/include/usr/hbotcompid.H +++ b/src/include/usr/hbotcompid.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2011,2016 */ +/* Contributors Listed Below - COPYRIGHT 2011,2017 */ /* [+] Google Inc. */ /* [+] International Business Machines Corp. */ /* */ @@ -380,6 +380,14 @@ const compId_t OCCC_COMP_ID = 0x2A00; const char OCCC_COMP_NAME[] = "occc"; //@} +/** @name TRBOOT + * Trusted Boot Support component + */ +//@{ +const compId_t TRBOOT_COMP_ID = 0x2B00; +const char TRBOOT_COMP_NAME[] = "trboot"; +//@} + /** @name RESERVED * Reserved component ID. x3100 is the component ID * of FipS ERRL component. Due to our use of diff --git a/src/include/usr/secureboot/trustedboot_reasoncodes.H b/src/include/usr/secureboot/trustedboot_reasoncodes.H index 5663ba318..846d9c664 100644 --- a/src/include/usr/secureboot/trustedboot_reasoncodes.H +++ b/src/include/usr/secureboot/trustedboot_reasoncodes.H @@ -33,7 +33,7 @@ #ifdef __HOSTBOOT_MODULE #include <hbotcompid.H> #else -#define SECURE_COMP_ID 0x1E00 +#define TRBOOT_COMP_ID 0x2B00 #endif #ifdef __cplusplus @@ -70,28 +70,28 @@ namespace TRUSTEDBOOT { // Reason codes 0x00 - 0x9F reserved for secure_reasoncodes.H - RC_TPM_START_FAIL = SECURE_COMP_ID | 0xA0, - RC_TPM_EXISTENCE_FAIL = SECURE_COMP_ID | 0xA1, - RC_TPM_GETCAP_FAIL = SECURE_COMP_ID | 0xA2, - RC_TPM_GETCAP_FW_INVALID_RESP = SECURE_COMP_ID | 0xA3, - RC_TPM_GETCAP2_FAIL = SECURE_COMP_ID | 0xA4, - RC_TPM_GETCAP2_FW_INVALID_RESP = SECURE_COMP_ID | 0xA5, - RC_TPM_MARSHAL_INVALID_CMD = SECURE_COMP_ID | 0xA6, - RC_TPM_MARSHALING_FAIL = SECURE_COMP_ID | 0xA7, - RC_TPM_UNMARSHAL_INVALID_CMD = SECURE_COMP_ID | 0xA8, - RC_TPM_UNMARSHALING_FAIL = SECURE_COMP_ID | 0xA9, - RC_TPMLOGMGR_ADDEVENT_FAIL = SECURE_COMP_ID | 0xAA, - RC_TPMLOGMGR_ADDEVENTMARSH_FAIL = SECURE_COMP_ID | 0xAB, - RC_TPMLOGMGR_INIT_FAIL = SECURE_COMP_ID | 0xAC, - RC_TPM_NOFUNCTIONALTPM_FAIL = SECURE_COMP_ID | 0xAD, - RC_TPM_COMMAND_FAIL = SECURE_COMP_ID | 0xAE, - RC_TPM_INVALID_ARGS = SECURE_COMP_ID | 0xAF, - RC_TPMLOGMGR_LOGWALKFAIL = SECURE_COMP_ID | 0xB0, - RC_SENDRECV_FAIL = SECURE_COMP_ID | 0xB1, - RC_SEND_FAIL = SECURE_COMP_ID | 0xB2, - RC_MSGRESPOND_FAIL = SECURE_COMP_ID | 0xB3, - RC_UPDATE_SECURITY_CTRL_HWP_FAIL = SECURE_COMP_ID | 0xB4, - RC_TPM_NVINDEX_VALIDATE_FAIL = SECURE_COMP_ID | 0xB5, + RC_TPM_START_FAIL = TRBOOT_COMP_ID | 0xA0, + RC_TPM_EXISTENCE_FAIL = TRBOOT_COMP_ID | 0xA1, + RC_TPM_GETCAP_FAIL = TRBOOT_COMP_ID | 0xA2, + RC_TPM_GETCAP_FW_INVALID_RESP = TRBOOT_COMP_ID | 0xA3, + RC_TPM_GETCAP2_FAIL = TRBOOT_COMP_ID | 0xA4, + RC_TPM_GETCAP2_FW_INVALID_RESP = TRBOOT_COMP_ID | 0xA5, + RC_TPM_MARSHAL_INVALID_CMD = TRBOOT_COMP_ID | 0xA6, + RC_TPM_MARSHALING_FAIL = TRBOOT_COMP_ID | 0xA7, + RC_TPM_UNMARSHAL_INVALID_CMD = TRBOOT_COMP_ID | 0xA8, + RC_TPM_UNMARSHALING_FAIL = TRBOOT_COMP_ID | 0xA9, + RC_TPMLOGMGR_ADDEVENT_FAIL = TRBOOT_COMP_ID | 0xAA, + RC_TPMLOGMGR_ADDEVENTMARSH_FAIL = TRBOOT_COMP_ID | 0xAB, + RC_TPMLOGMGR_INIT_FAIL = TRBOOT_COMP_ID | 0xAC, + RC_TPM_NOFUNCTIONALTPM_FAIL = TRBOOT_COMP_ID | 0xAD, + RC_TPM_COMMAND_FAIL = TRBOOT_COMP_ID | 0xAE, + RC_TPM_INVALID_ARGS = TRBOOT_COMP_ID | 0xAF, + RC_TPMLOGMGR_LOGWALKFAIL = TRBOOT_COMP_ID | 0xB0, + RC_SENDRECV_FAIL = TRBOOT_COMP_ID | 0xB1, + RC_SEND_FAIL = TRBOOT_COMP_ID | 0xB2, + RC_MSGRESPOND_FAIL = TRBOOT_COMP_ID | 0xB3, + RC_UPDATE_SECURITY_CTRL_HWP_FAIL = TRBOOT_COMP_ID | 0xB4, + RC_TPM_NVINDEX_VALIDATE_FAIL = TRBOOT_COMP_ID | 0xB5, }; #ifdef __cplusplus } diff --git a/src/usr/isteps/istep06/call_host_update_master_tpm.C b/src/usr/isteps/istep06/call_host_update_master_tpm.C index b08ca5bce..604f7cab0 100644 --- a/src/usr/isteps/istep06/call_host_update_master_tpm.C +++ b/src/usr/isteps/istep06/call_host_update_master_tpm.C @@ -50,7 +50,7 @@ void* call_host_update_master_tpm( void *io_pArgs ) if (l_err) { l_stepError.addErrorDetails(l_err); - ERRORLOG::errlCommit( l_err, SECURE_COMP_ID ); + ERRORLOG::errlCommit( l_err, TRBOOT_COMP_ID ); } #endif diff --git a/src/usr/secureboot/base/service.C b/src/usr/secureboot/base/service.C index 97e482aaf..f7a165f86 100644 --- a/src/usr/secureboot/base/service.C +++ b/src/usr/secureboot/base/service.C @@ -200,6 +200,7 @@ void handleSecurebootFailure(errlHndl_t &io_err, bool i_waitForShutdown) addSecureUserDetailsToErrolog(io_err); io_err->collectTrace(SECURE_COMP_NAME,MAX_ERROR_TRACE_SIZE); + io_err->collectTrace(TRBOOT_COMP_NAME,MAX_ERROR_TRACE_SIZE); errlCommit(io_err, SECURE_COMP_ID); diff --git a/src/usr/secureboot/common/containerheader.C b/src/usr/secureboot/common/containerheader.C index cec5f8cce..47ccfebea 100644 --- a/src/usr/secureboot/common/containerheader.C +++ b/src/usr/secureboot/common/containerheader.C @@ -76,6 +76,7 @@ errlHndl_t ContainerHeader::parse_header() true/*SW Error*/); l_errl->collectTrace(SECURE_COMP_NAME); l_errl->collectTrace(PNOR_COMP_NAME); + l_errl->collectTrace(TRBOOT_COMP_NAME); break; } @@ -375,6 +376,7 @@ errlHndl_t ContainerHeader::validate() true/*SW Error*/); l_errl->collectTrace(SECURE_COMP_NAME); l_errl->collectTrace(PNOR_COMP_NAME); + l_errl->collectTrace(TRBOOT_COMP_NAME); } return l_errl; @@ -415,6 +417,7 @@ errlHndl_t ContainerHeader::safeMemCpyAndInc(void* i_dest, const uint8_t* &io_hd true/*SW Error*/); l_errl->collectTrace(SECURE_COMP_NAME); l_errl->collectTrace(PNOR_COMP_NAME); + l_errl->collectTrace(TRBOOT_COMP_NAME); break; } diff --git a/src/usr/secureboot/trusted/base/trustedbootMsg.C b/src/usr/secureboot/trusted/base/trustedbootMsg.C index 9b5b2b847..ce9d8f9b6 100644 --- a/src/usr/secureboot/trusted/base/trustedbootMsg.C +++ b/src/usr/secureboot/trusted/base/trustedbootMsg.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2016 */ +/* Contributors Listed Below - COPYRIGHT 2016,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -82,9 +82,10 @@ namespace TRUSTEDBOOT 0, true); err->collectTrace(SECURE_COMP_NAME); + err->collectTrace(TRBOOT_COMP_NAME); // Log this failure here since we can't reply to caller - errlCommit(err, SECURE_COMP_ID); + errlCommit(err, TRBOOT_COMP_ID); } } @@ -102,7 +103,7 @@ namespace TRUSTEDBOOT TRACFCOMP(g_trac_trustedboot, ERR_MRK "AsyncMessage::respond with error log"); // Since we can't pass back to the caller we will commit the log - errlCommit(iv_errl, SECURE_COMP_ID); + errlCommit(iv_errl, TRBOOT_COMP_ID); delete iv_errl; iv_errl = NULL; diff --git a/src/usr/secureboot/trusted/base/trustedboot_base.C b/src/usr/secureboot/trusted/base/trustedboot_base.C index b94484bb8..2ec67ef81 100644 --- a/src/usr/secureboot/trusted/base/trustedboot_base.C +++ b/src/usr/secureboot/trusted/base/trustedboot_base.C @@ -57,7 +57,7 @@ // ---------------------------------------------- trace_desc_t* g_trac_trustedboot = nullptr; -TRAC_INIT( & g_trac_trustedboot, "TRBOOT", KILOBYTE ); +TRAC_INIT( & g_trac_trustedboot, TRBOOT_COMP_NAME, KILOBYTE ); namespace TRUSTEDBOOT { @@ -156,6 +156,7 @@ errlHndl_t pcrExtendSeparator(bool i_sendAsync) 0, true); err->collectTrace(SECURE_COMP_NAME); + err->collectTrace(TRBOOT_COMP_NAME); } delete msg; msg = NULL; @@ -180,6 +181,7 @@ errlHndl_t pcrExtendSeparator(bool i_sendAsync) 0, true); err->collectTrace(SECURE_COMP_NAME); + err->collectTrace(TRBOOT_COMP_NAME); } } @@ -264,6 +266,7 @@ errlHndl_t pcrExtend(TPM_Pcr i_pcr, 0, true); err->collectTrace(SECURE_COMP_NAME); + err->collectTrace(TRBOOT_COMP_NAME); } delete msg; msg = NULL; @@ -288,6 +291,7 @@ errlHndl_t pcrExtend(TPM_Pcr i_pcr, 0, true); err->collectTrace(SECURE_COMP_NAME); + err->collectTrace(TRBOOT_COMP_NAME); } } diff --git a/src/usr/secureboot/trusted/test/tpmLogMgrTest.H b/src/usr/secureboot/trusted/test/tpmLogMgrTest.H index 988103928..0e67056a8 100755 --- a/src/usr/secureboot/trusted/test/tpmLogMgrTest.H +++ b/src/usr/secureboot/trusted/test/tpmLogMgrTest.H @@ -56,7 +56,7 @@ class TPMLogMgrTest: public CxxTest::TestSuite if( NULL != err ) { TS_FAIL( "getTestLogMgr - Error detected" ); - errlCommit( err, SECURE_COMP_ID ); + errlCommit( err, TRBOOT_COMP_ID ); delete err; err = NULL; } @@ -157,7 +157,7 @@ class TPMLogMgrTest: public CxxTest::TestSuite TS_FAIL( "testTPMLogMgrAllocate(%d) - " "Error detected adding event", idx); errlCommit( err, - SECURE_COMP_ID ); + TRBOOT_COMP_ID ); delete err; err = NULL; break; @@ -223,7 +223,7 @@ class TPMLogMgrTest: public CxxTest::TestSuite { TS_FAIL("addTestLogEvent - Failed to addEvent with message = %s", i_logMsg); - errlCommit( err, SECURE_COMP_ID ); + errlCommit( err, TRBOOT_COMP_ID ); delete err; err = NULL; } diff --git a/src/usr/secureboot/trusted/test/trustedbootTest.H b/src/usr/secureboot/trusted/test/trustedbootTest.H index c092675a4..0a8e181ca 100755 --- a/src/usr/secureboot/trusted/test/trustedbootTest.H +++ b/src/usr/secureboot/trusted/test/trustedbootTest.H @@ -865,7 +865,7 @@ class TrustedBootTest: public CxxTest::TestSuite fails++; TS_FAIL( "testReadPCR: Error detected" ); errlCommit( err, - SECURE_COMP_ID ); + TRBOOT_COMP_ID ); delete err; err = nullptr; break; diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C index 93ba27ed8..b135d0513 100644 --- a/src/usr/secureboot/trusted/trustedboot.C +++ b/src/usr/secureboot/trusted/trustedboot.C @@ -535,7 +535,7 @@ void tpmInitialize(TRUSTEDBOOT::TpmTarget* const i_pTpm) { tpmMarkFailed(i_pTpm); // Log this failure - errlCommit(err, SECURE_COMP_ID); + errlCommit(err, TRBOOT_COMP_ID); } TRACDCOMP( g_trac_trustedboot, @@ -585,6 +585,7 @@ void tpmReplayLog(TRUSTEDBOOT::TpmTarget* const i_pTpm) true /*Add HB SW Callout*/ ); err->collectTrace( SECURE_COMP_NAME ); + err->collectTrace(TRBOOT_COMP_NAME); break; } @@ -619,7 +620,7 @@ void tpmReplayLog(TRUSTEDBOOT::TpmTarget* const i_pTpm) if (err) { tpmMarkFailed(i_pTpm); - errlCommit(err, SECURE_COMP_ID); + errlCommit(err, TRBOOT_COMP_ID); delete err; err = nullptr; } @@ -829,7 +830,7 @@ void pcrExtendSingleTpm(TpmTarget* const i_pTpm, tpmMarkFailed(i_pTpm); // Log this failure - errlCommit(err, SECURE_COMP_ID); + errlCommit(err, TRBOOT_COMP_ID); } if (unlock) @@ -951,7 +952,7 @@ void pcrExtendSeparator(TpmTarget* const i_pTpm) tpmMarkFailed(i_pTpm); // Log this failure - errlCommit(err, SECURE_COMP_ID); + errlCommit(err, TRBOOT_COMP_ID); } if (unlock) @@ -1071,7 +1072,7 @@ void tpmMarkFailed(TpmTarget* const i_pTpm) ERRORLOG::ErrlUserDetailsTarget(l_proc).addToLog(l_err); // commit this error log first before creating the new one - errlCommit(l_err, SECURE_COMP_ID); + errlCommit(l_err, TRBOOT_COMP_ID); /*@ * @errortype @@ -1097,13 +1098,14 @@ void tpmMarkFailed(TpmTarget* const i_pTpm) HWAS::GARD_NULL); l_err->collectTrace(SECURE_COMP_NAME); + l_err->collectTrace(TRBOOT_COMP_NAME); // pass on the plid from the previous error log to the new one l_err->plid(plid); ERRORLOG::ErrlUserDetailsTarget(l_proc).addToLog(l_err); - ERRORLOG::errlCommit(l_err, SECURE_COMP_ID); + ERRORLOG::errlCommit(l_err, TRBOOT_COMP_ID); } #endif } @@ -1125,7 +1127,7 @@ void tpmVerifyFunctionalTpmExists() err = SECUREBOOT::getJumperState(l_state); if (err) { - errlCommit(err, SECURE_COMP_ID); + errlCommit(err, TRBOOT_COMP_ID); auto errPlid = err->plid(); @@ -1153,6 +1155,7 @@ void tpmVerifyFunctionalTpmExists() err->addProcedureCallout(HWAS::EPUB_PRC_HB_CODE, HWAS::SRCI_PRIORITY_LOW); err->collectTrace( SECURE_COMP_NAME ); + err->collectTrace(TRBOOT_COMP_NAME); uint32_t errPlid = err->plid(); // HW callout TPMs @@ -1165,7 +1168,7 @@ void tpmVerifyFunctionalTpmExists() HWAS::NO_DECONFIG, HWAS::GARD_NULL); } - errlCommit(err, SECURE_COMP_ID); + errlCommit(err, TRBOOT_COMP_ID); // terminating the IPL with this fail // Terminate IPL immediately INITSERVICE::doShutdown(errPlid); @@ -1314,9 +1317,10 @@ void* tpmDaemon(void* unused) 0, true); err->collectTrace(SECURE_COMP_NAME); + err->collectTrace(TRBOOT_COMP_NAME); // Log this failure here since we can't reply to caller - errlCommit(err, SECURE_COMP_ID); + errlCommit(err, TRBOOT_COMP_ID); } } diff --git a/src/usr/secureboot/trusted/trustedbootUtils.C b/src/usr/secureboot/trusted/trustedbootUtils.C index 6ba0d6c19..62f1c8d74 100644 --- a/src/usr/secureboot/trusted/trustedbootUtils.C +++ b/src/usr/secureboot/trusted/trustedbootUtils.C @@ -93,6 +93,7 @@ errlHndl_t tpmCreateErrorLog(const uint8_t i_modId, i_user2, true /*Add HB SW Callout*/ ); err->collectTrace( SECURE_COMP_NAME ); + err->collectTrace(TRBOOT_COMP_NAME); return err; } |