diff options
| author | Jaymes Wilks <mjwilks@us.ibm.com> | 2018-05-01 15:33:32 -0500 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2018-05-23 17:55:09 -0400 |
| commit | e9eacec8bad1e2dade70ebed0fc3d00b5ab59232 (patch) | |
| tree | bc1a5a5e462e4816159338930f994538adb1f9da /src/include/usr/secureboot | |
| parent | 11b5f7d2b616da7ba3ac2cacb52bd2b762872b9c (diff) | |
| download | talos-hostboot-e9eacec8bad1e2dade70ebed0fc3d00b5ab59232.tar.gz talos-hostboot-e9eacec8bad1e2dade70ebed0fc3d00b5ab59232.zip | |
Support TPM PCR Poisoning
To support Fleetwood secure inter-node communication, we need to
“poison” the PCRs of all still functional non-master node TPMs
just prior to transferring control to PHyp, and report that
poisoned state to HDAT.
Change-Id: Ic104ef2e44fc98895b9b435fdf8ba4c5e4972818
RTC:191001
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/58244
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/include/usr/secureboot')
| -rw-r--r-- | src/include/usr/secureboot/trustedbootif.H | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/src/include/usr/secureboot/trustedbootif.H b/src/include/usr/secureboot/trustedbootif.H index f8af75fb5..63655964a 100644 --- a/src/include/usr/secureboot/trustedbootif.H +++ b/src/include/usr/secureboot/trustedbootif.H @@ -135,13 +135,18 @@ namespace TRUSTEDBOOT void* host_update_master_tpm( void *io_pArgs ); /** - * @brief Extend a measurement into the TPMs and log atomically + * @brief Extend a measurement into the TPM(s) and log atomically * @param[in] i_pcr PCR to write to * @param[in] i_eventType Event type to log * @param[in] i_digest Digest value to write to PCR * @param[in] i_digestSize Byte size of i_digest data * @param[in] i_logMsg Null terminated log message, truncated at 128 chars * @param[in] i_sendAsync Perform extension asynchronously, default true + * @param[in] i_pTpm A specific TPM to singly extend a measurement into, + default is nullptr, which indicates all of the TPMs will be + extended. + * @param[in] i_mirrorToLog After extending the measurement, mirror to log. + * default is true. Typically, false is used to poison the TPM. * @return errlHndl_t NULL if successful, otherwise a pointer to the * error log. * Digest will be right padded with zeros or truncated to match TPM digest @@ -152,7 +157,9 @@ namespace TRUSTEDBOOT const uint8_t* i_digest, size_t i_digestSize, const char* i_logMsg, - bool i_sendAsync = true); + bool i_sendAsync = true, + const TpmTarget* i_pTpm = nullptr, + bool i_mirrorToLog = true); /** * @brief Extend a separator into the TPMs and log atomically @@ -251,6 +258,22 @@ namespace TRUSTEDBOOT #endif /** + * @brief Poison a TPM. Poisoning a TPM's PCR means extending a random + * number measurement to the TPM, but not to the corresponding log + * entry. This includes extending random numbers to every bank/PCR + * combo in use by the firmware (sha1/sha256 banks of PCR 0-7). The + * random number along with the absent log entry makes remote + * attestation impossible with that TPM for that boot. + * + * @parm[in] i_pTpm Pointer to the TPM target to be poisoned. Must be a TPM + * and must not be nullptr + * + * @return errlHndl_t nullptr if successful or error log otherwise. Failure + * to poison a TPM will result in deconfiguring the TPM. + */ + errlHndl_t poisonTpm(const TpmTarget* i_pTpm); + + /** * @brief Helper function for validating TPM handles. Returns an error log * if the supplied TPM is null, not a TPM target, or not functional. * |
