New API to Retrieve Random Number from the TPM

A new programming interface allows us to obtain random numbers
from the TPM more easily (i.e. in a more high-level way).

Change-Id: Ibd3d3b320411bea146d6eab4d1a59ca760bc726c
RTC:191000
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/57802
Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

2 files changed, 33 insertions, 2 deletions

diff --git a/src/include/usr/secureboot/trustedboot_reasoncodes.H b/src/include/usr/secureboot/trustedboot_reasoncodes.H
index 82647766a..0020ab20a 100644
--- a/src/include/usr/secureboot/trustedboot_reasoncodes.H
+++ b/src/include/usr/secureboot/trustedboot_reasoncodes.H
@@ -58,7 +58,6 @@ namespace TRUSTEDBOOT
         MOD_TPM_SYNCRESPONSE                = 0x0C,
         MOD_TPM_SEPARATOR                   = 0x0D,
         MOD_TPM_CMD_GETCAPNVINDEX           = 0x0E,
-
         MOD_TPMLOGMGR_INITIALIZE            = 0x10,
         MOD_TPMLOGMGR_ADDEVENT              = 0x11,
         MOD_TPMLOGMGR_INITIALIZEEXISTLOG    = 0x12,
@@ -66,7 +65,9 @@ namespace TRUSTEDBOOT
         MOD_TPM_MARK_FAILED                 = 0x14,
         MOD_INIT_BACKUP_TPM                 = 0x15,
         MOD_DO_INIT_BACKUP_TPM              = 0x16,
-        MOD_TEST_CMP_PRIMARY_AND_BACKUP_TPM = 0x17
+        MOD_TEST_CMP_PRIMARY_AND_BACKUP_TPM = 0x17,
+        MOD_TPM_GETRANDOM                   = 0x18,
+        MOD_VALIDATE_TPM_HANDLE             = 0x19,
    };
 
     enum TRUSTEDReasonCode
@@ -97,6 +98,9 @@ namespace TRUSTEDBOOT
         RC_TPM_NVINDEX_VALIDATE_FAIL     = TRBOOT_COMP_ID | 0xB5,
         RC_TPMLOGMGR_INITIALIZE_FAIL     = TRBOOT_COMP_ID | 0xB6,
         RC_BACKUP_TPM_TEST_FAIL          = TRBOOT_COMP_ID | 0xB7,
+        RC_INVALID_TPM_HANDLE            = TRBOOT_COMP_ID | 0xB8,
+        RC_NON_FUNCTIONAL_TPM_HANDLE     = TRBOOT_COMP_ID | 0xB9,
+        RC_UNREACHABLE_TPM               = TRBOOT_COMP_ID | 0xBA,
     };
 #ifdef __cplusplus
 }
diff --git a/src/include/usr/secureboot/trustedbootif.H b/src/include/usr/secureboot/trustedbootif.H
index 5ab461cb1..f8af75fb5 100644
--- a/src/include/usr/secureboot/trustedbootif.H
+++ b/src/include/usr/secureboot/trustedbootif.H
@@ -41,6 +41,7 @@
 #include <secureboot/containerheader.H>
 #include <targeting/common/commontargeting.H>
 #include <targeting/common/utilFilter.H>
+#include <config.h>
 
 namespace TRUSTEDBOOT
 {
@@ -233,6 +234,32 @@ namespace TRUSTEDBOOT
               uint64_t   i_xscomAddr,
               uint32_t   i_i2cMasterOffset);
 
+    #ifdef CONFIG_TPMDD
+    /**
+     *  @brief Generate random numbers via TPM hardware.
+     *
+     *  @parm[in] i_pTpm Pointer to TPM target. In order to succeed, it cannot
+     *            be null and must be a TPM target pointer. The TPM target must
+     *            be functional. All of these conditions must be met or an error
+     *            log will result.
+     *
+     *  @parm[out] o_randNum A uint64_t reference to be filled with random bits.
+     *
+     *  @return errlHndl_t nullptr on success or an error log pointer on failure
+     */
+    errlHndl_t GetRandom(const TpmTarget* i_pTpm, uint64_t& o_randNum);
+    #endif
+
+    /**
+     *  @brief Helper function for validating TPM handles. Returns an error log
+     *         if the supplied TPM is null, not a TPM target, or not functional.
+     *
+     *  @parm[in] i_pTpm Pointer to the TPM target to be checked.
+     *
+     *  @return errlHndl_t nullptr if valid or error log otherwise.
+     */
+    errlHndl_t validateTpmHandle(const TpmTarget* i_pTpm);
+
     /**
      * @brief Checks whether the node has a present and functioning primary TPM.
      * @retval true if a present and functional primary TPM is available;