diff options
author | Ilya Smirnov <ismirno@us.ibm.com> | 2018-12-06 15:22:10 -0600 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2019-01-18 16:44:58 -0600 |
commit | 868b68df85eb7aeed7eba3392303fa3be854e2a6 (patch) | |
tree | ea6ef1afe17ebc0c39baa4ad0e926be77f36e501 /src/usr/secureboot/trusted/base/trustedbootMsg.H | |
parent | 6a5388bbc8b066a9547e1e1268e8c3a7e9f33291 (diff) | |
download | talos-hostboot-868b68df85eb7aeed7eba3392303fa3be854e2a6.tar.gz talos-hostboot-868b68df85eb7aeed7eba3392303fa3be854e2a6.zip |
Secureboot: Add New TPM Commands For Nodecomm
This commit adds four new TPM commands, and APIs thereto,
for enhanced secure multinode communication protocol. The
TPM commands are the base for the new protocol and will be
used as part of it.
Change-Id: I080ff87cd6001b5d2e13ae350a379cbc2c92bfcf
RTC: 202364
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/69725
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot/trusted/base/trustedbootMsg.H')
-rw-r--r-- | src/usr/secureboot/trusted/base/trustedbootMsg.H | 48 |
1 files changed, 47 insertions, 1 deletions
diff --git a/src/usr/secureboot/trusted/base/trustedbootMsg.H b/src/usr/secureboot/trusted/base/trustedbootMsg.H index 95a52a6e4..9789c4fed 100644 --- a/src/usr/secureboot/trusted/base/trustedbootMsg.H +++ b/src/usr/secureboot/trusted/base/trustedbootMsg.H @@ -36,6 +36,7 @@ #include <errl/errlentry.H> #include <sys/msg.h> #include "../trustedTypes.H" +#include <secureboot/trustedbootif.H> namespace TRUSTEDBOOT { @@ -57,7 +58,11 @@ namespace TRUSTEDBOOT MSG_TYPE_SHUTDOWN, MSG_TYPE_INIT_BACKUP_TPM, MSG_TYPE_GETRANDOM, - MSG_TYPE_LAST = MSG_TYPE_GETRANDOM, + MSG_TYPE_CREATE_ATT_KEYS, + MSG_TYPE_READ_AK_CERT, + MSG_TYPE_GEN_QUOTE, + MSG_TYPE_FLUSH_CONTEXT, + MSG_TYPE_LAST = MSG_TYPE_FLUSH_CONTEXT, }; /// PCREXTEND message data @@ -80,6 +85,47 @@ namespace TRUSTEDBOOT uint8_t* o_randNum; // the random data is populated here }; + // Pure Target* cannot be sent as extra_data through a synchronous message + // because the act of deleting the sync mesage attempts to delete the ptr + // to the target as well, which causes hostboot crashes. This struct is + // a simple wrapper around the Target* for the messages requiring just the + // TPM target to be passed. + struct TpmTargetData + { + TpmTarget* tpm; + TpmTargetData(TpmTarget* i_tpm) : + tpm(i_tpm) + { + } + }; + + // The struct used to read the AK ceritificate from TPM's NVRAM + struct ReadAKCertData + { + TpmTarget* tpm; + AKCertificate_t* data; // The output of NVRAM read + ReadAKCertData(TpmTarget* i_tpm, AKCertificate_t* i_data) : + tpm(i_tpm), data(i_data) + { + } + }; + + // The struct used to generate TPM quote + struct GenQuoteData + { + TpmTarget* tpm; + MasterTpmNonce_t* masterNonce; // 32-byte nonce value + QuoteDataOut* data; // Output - the quote and signature fields + GenQuoteData(TpmTarget* i_tpm, + MasterTpmNonce_t* i_masterNonce, + QuoteDataOut* o_data) : + tpm(i_tpm), + masterNonce(i_masterNonce), + data(o_data) + { + } + }; + // Trustedboot message class class Message { |