diff options
author | Ilya Smirnov <ismirno@us.ibm.com> | 2019-01-29 09:54:24 -0600 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2019-02-20 11:38:57 -0600 |
commit | 3a6180ba355940c952f332ebd514c8eb15ef7c7a (patch) | |
tree | c89a5c02d65ab739065ef0b2369b69c5c3f814e9 /src/include/usr/secureboot | |
parent | 7c42c4cac7170fec81761a8ae35a1e110a38dcc2 (diff) | |
download | talos-hostboot-3a6180ba355940c952f332ebd514c8eb15ef7c7a.tar.gz talos-hostboot-3a6180ba355940c952f332ebd514c8eb15ef7c7a.zip |
Secureboot: Enhanced Multinode Comm: Master Node
This commit introduces the logic to create the master node nodecomm
request to the slave nodes and logic to process the responses from
the slave nodes. The data from the slave nodes (the slave quote) is
hashed and extended into PCR1. The binary quote blob is also included
in the TPM log as a log message.
Additional changes: the logic to relocate the TPM log to increase
its size, and the logic to allow uint8_t* instead of char* as
the TPM log message.
Change-Id: Ide4465f0d4a91aec815c9db5d765cdbde231dcd3
RTC: 203644
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/71407
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/include/usr/secureboot')
-rw-r--r-- | src/include/usr/secureboot/nodecommif.H | 11 | ||||
-rw-r--r-- | src/include/usr/secureboot/secure_reasoncodes.H | 3 | ||||
-rw-r--r-- | src/include/usr/secureboot/trustedboot_reasoncodes.H | 3 | ||||
-rw-r--r-- | src/include/usr/secureboot/trustedbootif.H | 15 |
4 files changed, 19 insertions, 13 deletions
diff --git a/src/include/usr/secureboot/nodecommif.H b/src/include/usr/secureboot/nodecommif.H index 72f137094..cd445d7c9 100644 --- a/src/include/usr/secureboot/nodecommif.H +++ b/src/include/usr/secureboot/nodecommif.H @@ -58,17 +58,6 @@ enum node_comm_link_mbox_info_t NCDD_INVALID_LINK_MBOX = 0xFF, }; -// Each hex number is an encoding of the ascii string -// corresponding to the name given below. -typedef enum : uint64_t -{ - MSTNOTPM = 0x4d53544e4f54504d, - NDNOTPM_ = 0x4e444e4f54504d5f, - MASTERQ_ = 0x4d4153545245515f, - NODEQUOT = 0x4e4f444551554f54, - INVALID_ = 0x494e56414c49445f, -} NCEyeCatcher_t; - /** * @brief Execute a single transmission from one proc to another * over the XBUS Link Mailbox facility diff --git a/src/include/usr/secureboot/secure_reasoncodes.H b/src/include/usr/secureboot/secure_reasoncodes.H index 26607c4ef..51947a7f7 100644 --- a/src/include/usr/secureboot/secure_reasoncodes.H +++ b/src/include/usr/secureboot/secure_reasoncodes.H @@ -66,6 +66,8 @@ namespace SECUREBOOT MOD_NCEX_GET_RANDOM = 0x29, MOD_NC_RECV = 0x2A, MOD_NC_GEN_SLAVE_RESPONSE = 0x2B, + MOD_NC_GEN_MASTER_REQUEST = 0x2C, + MOD_NC_PROCESS_SLAVE_QUOTE = 0x2D, }; enum SECUREReasonCode @@ -112,6 +114,7 @@ namespace SECUREBOOT RC_NC_BAD_MASTER_TPM = SECURE_COMP_ID | 0x2C, RC_NC_NO_PRIMARY_TPM_LOG = SECURE_COMP_ID | 0x2D, RC_NC_BAD_MASTER_EYE_CATCH = SECURE_COMP_ID | 0x2E, + RC_NC_BAD_SLAVE_QUOTE = SECURE_COMP_ID | 0x2F, // Reason codes 0xA0 - 0xEF reserved for trustedboot_reasoncodes.H }; diff --git a/src/include/usr/secureboot/trustedboot_reasoncodes.H b/src/include/usr/secureboot/trustedboot_reasoncodes.H index b4d2dec2b..840f7e198 100644 --- a/src/include/usr/secureboot/trustedboot_reasoncodes.H +++ b/src/include/usr/secureboot/trustedboot_reasoncodes.H @@ -78,6 +78,8 @@ namespace TRUSTEDBOOT MOD_TPM_CMD_FLUSH_CONTEXT = 0x20, MOD_FLUSH_CONTEXT = 0x21, MOD_PCR_READ = 0x22, + MOD_EXPAND_TPM_LOG = 0x23, + MOD_TPM_CMD_EXPAND_TPM_LOG = 0x24, }; enum TRUSTEDReasonCode @@ -114,6 +116,7 @@ namespace TRUSTEDBOOT RC_UNREACHABLE_TPM = TRBOOT_COMP_ID | 0xBA, RC_RAND_NUM_TOO_BIG = TRBOOT_COMP_ID | 0xBB, RC_TPM_BAD_RESP = TRBOOT_COMP_ID | 0xBC, + RC_NO_TPM_LOG_MGR = TRBOOT_COMP_ID | 0xBD, }; #ifdef __cplusplus } diff --git a/src/include/usr/secureboot/trustedbootif.H b/src/include/usr/secureboot/trustedbootif.H index 71e607a52..8b7fe8104 100644 --- a/src/include/usr/secureboot/trustedbootif.H +++ b/src/include/usr/secureboot/trustedbootif.H @@ -183,7 +183,8 @@ namespace TRUSTEDBOOT * @param[in] i_eventType Event type to log * @param[in] i_digest Digest value to write to PCR * @param[in] i_digestSize Byte size of i_digest data - * @param[in] i_logMsg Null terminated log message, truncated at 128 chars + * @param[in] i_logMsg Log message in binary form + * @param[in] i_logMsgSize The size of the log message in bytes * @param[in] i_sendAsync Perform extension asynchronously, default true * @param[in] i_pTpm A specific TPM to singly extend a measurement into, default is nullptr, which indicates all of the TPMs will be @@ -199,7 +200,8 @@ namespace TRUSTEDBOOT EventTypes i_eventType, const uint8_t* i_digest, size_t i_digestSize, - const char* i_logMsg, + const uint8_t* i_logMsg, + size_t i_logMsgSize, bool i_sendAsync = true, const TpmTarget* i_pTpm = nullptr, bool i_mirrorToLog = true); @@ -465,6 +467,15 @@ namespace TRUSTEDBOOT size_t i_digestSize, uint8_t* o_digest); + /** + * @brief Send the synchronous command to the given TPM to expand its log. + * Expanding the log means increasing its size to accomodate larger + * events in multinode communication protocol. + * @param[in] i_target the pointer to the TPM target; must not be nullptr + * @return nullptr on success; non-nullptr on error + */ + errlHndl_t expandTpmLog(TpmTarget* i_target); + } // end TRUSTEDBOOT namespace |