Secure Boot: Support Phyp debug flag in HDAT

PHYP needs a way to know if SBE security backdoor is enabled
for debug purposes. This change creates a flag in TPM instance
data structure to indicate whether the backdoor is enabled. This
flag is passed by SBE to the hb bootloader; also added the flag
to indicate whether PCR is poisoned (default of 0).
The population of this flag will be implemented on Fleetwood.

Change-Id: I22305dbc9651134ba7dfe3b0bd3c760fe53c2c85
RTC: 188961
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/56045
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
CI-Ready: Daniel M. Crowell <dcrowell@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

1 files changed, 6 insertions, 0 deletions

diff --git a/src/include/usr/secureboot/service.H b/src/include/usr/secureboot/service.H
index c467c3800..cb2829147 100644
--- a/src/include/usr/secureboot/service.H
+++ b/src/include/usr/secureboot/service.H
@@ -334,6 +334,12 @@ namespace SECUREBOOT
      */
     bool allowAttrOverrides();
 
+   /*
+    * @brief Determines if SBE security backdoor bit is set
+    * @return bool TRUE if SBE security backdoor is enabled; FALSE otherwise
+    */
+    bool getSbeSecurityBackdoor();
+
     /*
      *  @brief Gets the current SBE security mode value from the secureboot
      *         subsystem