Primary TPM Required Policy

Change the "TPM Required" policy to "Primary TPM Required," wherein
only the presence and functionality of the primary TPM (attached to
the acting master proc) will be considered when evaluating the
TPM required condition. The presence and functionality of the backup
TPM will not play a role in this policy.

Change-Id: Id968123d0fc399c531da7429fdb8efabfa66c53c
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/57843
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>

1 files changed, 4 insertions, 3 deletions

diff --git a/src/include/usr/secureboot/trustedbootif.H b/src/include/usr/secureboot/trustedbootif.H
index 45321be6c..5ab461cb1 100644
--- a/src/include/usr/secureboot/trustedbootif.H
+++ b/src/include/usr/secureboot/trustedbootif.H
@@ -234,10 +234,11 @@ namespace TRUSTEDBOOT
               uint32_t   i_i2cMasterOffset);
 
     /**
-     * @brief Is trustedboot enabled and functional
-     * @retval true if trustboot enabled and functional TPM's are available
+     * @brief Checks whether the node has a present and functioning primary TPM.
+     * @retval true if a present and functional primary TPM is available;
+     *         false otherwise
      */
-    bool enabled();
+    bool functionalPrimaryTpmExists();
 
     /**
      * @brief Wrapper around pcrExtend for measuring PNOR sections