diff options
author | Jaymes Wilks <mjwilks@us.ibm.com> | 2018-04-24 10:01:59 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2018-05-10 21:49:40 -0400 |
commit | 98bee5bbab00b1fcb8c6b6255ac07e62e2800b60 (patch) | |
tree | 35359cf4fc59989468425e54a9c8b8a510ff87e6 /src/include/usr | |
parent | 7145f5c28a5b4a8fe689d3250fa95acbdfc0c43f (diff) | |
download | talos-hostboot-98bee5bbab00b1fcb8c6b6255ac07e62e2800b60.tar.gz talos-hostboot-98bee5bbab00b1fcb8c6b6255ac07e62e2800b60.zip |
New API to Retrieve Random Number from the TPM
A new programming interface allows us to obtain random numbers
from the TPM more easily (i.e. in a more high-level way).
Change-Id: Ibd3d3b320411bea146d6eab4d1a59ca760bc726c
RTC:191000
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/57802
Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/include/usr')
-rw-r--r-- | src/include/usr/secureboot/trustedboot_reasoncodes.H | 8 | ||||
-rw-r--r-- | src/include/usr/secureboot/trustedbootif.H | 27 |
2 files changed, 33 insertions, 2 deletions
diff --git a/src/include/usr/secureboot/trustedboot_reasoncodes.H b/src/include/usr/secureboot/trustedboot_reasoncodes.H index 82647766a..0020ab20a 100644 --- a/src/include/usr/secureboot/trustedboot_reasoncodes.H +++ b/src/include/usr/secureboot/trustedboot_reasoncodes.H @@ -58,7 +58,6 @@ namespace TRUSTEDBOOT MOD_TPM_SYNCRESPONSE = 0x0C, MOD_TPM_SEPARATOR = 0x0D, MOD_TPM_CMD_GETCAPNVINDEX = 0x0E, - MOD_TPMLOGMGR_INITIALIZE = 0x10, MOD_TPMLOGMGR_ADDEVENT = 0x11, MOD_TPMLOGMGR_INITIALIZEEXISTLOG = 0x12, @@ -66,7 +65,9 @@ namespace TRUSTEDBOOT MOD_TPM_MARK_FAILED = 0x14, MOD_INIT_BACKUP_TPM = 0x15, MOD_DO_INIT_BACKUP_TPM = 0x16, - MOD_TEST_CMP_PRIMARY_AND_BACKUP_TPM = 0x17 + MOD_TEST_CMP_PRIMARY_AND_BACKUP_TPM = 0x17, + MOD_TPM_GETRANDOM = 0x18, + MOD_VALIDATE_TPM_HANDLE = 0x19, }; enum TRUSTEDReasonCode @@ -97,6 +98,9 @@ namespace TRUSTEDBOOT RC_TPM_NVINDEX_VALIDATE_FAIL = TRBOOT_COMP_ID | 0xB5, RC_TPMLOGMGR_INITIALIZE_FAIL = TRBOOT_COMP_ID | 0xB6, RC_BACKUP_TPM_TEST_FAIL = TRBOOT_COMP_ID | 0xB7, + RC_INVALID_TPM_HANDLE = TRBOOT_COMP_ID | 0xB8, + RC_NON_FUNCTIONAL_TPM_HANDLE = TRBOOT_COMP_ID | 0xB9, + RC_UNREACHABLE_TPM = TRBOOT_COMP_ID | 0xBA, }; #ifdef __cplusplus } diff --git a/src/include/usr/secureboot/trustedbootif.H b/src/include/usr/secureboot/trustedbootif.H index 5ab461cb1..f8af75fb5 100644 --- a/src/include/usr/secureboot/trustedbootif.H +++ b/src/include/usr/secureboot/trustedbootif.H @@ -41,6 +41,7 @@ #include <secureboot/containerheader.H> #include <targeting/common/commontargeting.H> #include <targeting/common/utilFilter.H> +#include <config.h> namespace TRUSTEDBOOT { @@ -233,6 +234,32 @@ namespace TRUSTEDBOOT uint64_t i_xscomAddr, uint32_t i_i2cMasterOffset); + #ifdef CONFIG_TPMDD + /** + * @brief Generate random numbers via TPM hardware. + * + * @parm[in] i_pTpm Pointer to TPM target. In order to succeed, it cannot + * be null and must be a TPM target pointer. The TPM target must + * be functional. All of these conditions must be met or an error + * log will result. + * + * @parm[out] o_randNum A uint64_t reference to be filled with random bits. + * + * @return errlHndl_t nullptr on success or an error log pointer on failure + */ + errlHndl_t GetRandom(const TpmTarget* i_pTpm, uint64_t& o_randNum); + #endif + + /** + * @brief Helper function for validating TPM handles. Returns an error log + * if the supplied TPM is null, not a TPM target, or not functional. + * + * @parm[in] i_pTpm Pointer to the TPM target to be checked. + * + * @return errlHndl_t nullptr if valid or error log otherwise. + */ + errlHndl_t validateTpmHandle(const TpmTarget* i_pTpm); + /** * @brief Checks whether the node has a present and functioning primary TPM. * @retval true if a present and functional primary TPM is available; |