diff options
| author | Chris Engel <cjengel@us.ibm.com> | 2016-02-19 10:19:17 -0600 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2016-05-11 17:13:59 -0400 |
| commit | 2846d635adc08c844d68d68f7a7e2ff885c4fad5 (patch) | |
| tree | 326a64051d3868799c74df55affc252a6a9861f9 /src/usr/secureboot/trusted/trustedboot.C | |
| parent | 483342c80d5431cd5866ee64464d62b32bf33b56 (diff) | |
| download | talos-hostboot-2846d635adc08c844d68d68f7a7e2ff885c4fad5.tar.gz talos-hostboot-2846d635adc08c844d68d68f7a7e2ff885c4fad5.zip | |
Send hash of pnor sections to TPM
Replay log events to TPM after initialization
Change-Id: Ibab5e28790324c28a7cd9fb2805041d7a896376a
RTC:125290
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/23898
Tested-by: Jenkins Server
Reviewed-by: Timothy R. Block <block@us.ibm.com>
Tested-by: FSP CI Jenkins
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot/trusted/trustedboot.C')
| -rw-r--r-- | src/usr/secureboot/trusted/trustedboot.C | 84 |
1 files changed, 77 insertions, 7 deletions
diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C index d51c9e031..03d957b9e 100644 --- a/src/usr/secureboot/trusted/trustedboot.C +++ b/src/usr/secureboot/trusted/trustedboot.C @@ -113,7 +113,11 @@ void* host_update_master_tpm( void *io_pArgs ) } // Now we need to replay any existing entries in the log into the TPM - tpmReplayLog(systemTpms.tpm[TPM_MASTER_INDEX]); + if (!systemTpms.tpm[TPM_MASTER_INDEX].failed && + systemTpms.tpm[TPM_MASTER_INDEX].available) + { + tpmReplayLog(systemTpms.tpm[TPM_MASTER_INDEX]); + } if (systemTpms.tpm[TPM_MASTER_INDEX].failed || !systemTpms.tpm[TPM_MASTER_INDEX].available) @@ -244,12 +248,78 @@ void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target, void tpmReplayLog(TRUSTEDBOOT::TpmTarget & io_target) { - ///@todo RTC:125288 Implement replay - // Function will walk existing entries in the TPM log and call - // tpmCmdPcrExtend as required - // This function must commit any errors and call tpmMarkFailed if errors - // are found -} + TRACUCOMP(g_trac_trustedboot, ENTER_MRK"tpmReplayLog()"); + errlHndl_t err = NULL; + bool unMarshalError = false; + // Create EVENT2 structure to be populated by getNextEvent() + TCG_PCR_EVENT2 l_eventLog; + // Move past header event to get a pointer to the first event + // If there are no events besides the header, l_eventHndl = NULL + const uint8_t* l_eventHndl = TpmLogMgr_getFirstEvent(io_target.logMgr); + while ( l_eventHndl != NULL ) + { + // Get next event + l_eventHndl = TpmLogMgr_getNextEvent(io_target.logMgr, + l_eventHndl, &l_eventLog, + &unMarshalError); + if (unMarshalError) + { + /*@ + * @errortype + * @reasoncode RC_TPM_UNMARSHALING_FAIL + * @severity ERRL_SEV_UNRECOVERABLE + * @moduleid MOD_TPM_REPLAY_LOG + * @userdata1 Starting address of event that caused error + * @userdata2 0 + * @devdesc Unmarshal error while replaying tpm log. + */ + err = new ERRORLOG::ErrlEntry( ERRORLOG::ERRL_SEV_UNRECOVERABLE, + MOD_TPM_REPLAY_LOG, + RC_TPM_UNMARSHALING_FAIL, + reinterpret_cast<uint64_t>(l_eventHndl), + 0, + true /*Add HB SW Callout*/ ); + + err->collectTrace( SECURE_COMP_NAME ); + break; + } + + // Extend to tpm + if (l_eventLog.eventType == EV_ACTION) + { + TRACUBIN(g_trac_trustedboot, "tpmReplayLog: Extending event:", + &l_eventLog, sizeof(TCG_PCR_EVENT2)); + for (size_t i = 0; i < l_eventLog.digests.count; i++) + { + + TPM_Alg_Id l_algId = (TPM_Alg_Id)l_eventLog.digests.digests[i] + .algorithmId; + err = tpmCmdPcrExtend(&io_target, + (TPM_Pcr)l_eventLog.pcrIndex, + l_algId, + l_eventLog.digests.digests[i].digest.bytes, + getDigestSize(l_algId)); + if (err) + { + break; + } + } + if (err) + { + break; + } + } + } + // If the TPM failed we will mark it not functional and commit errl + if (err) + { + tpmMarkFailed(&io_target); + errlCommit(err, SECURE_COMP_ID); + delete err; + err = NULL; + } +} + } // end TRUSTEDBOOT |
