Secure Boot: Remove cyclic dependency in TPM daemon shutdown path

Change-Id: Id2bd6597e930015dfad0ae4196aa326948bdee8e
Backport: release-fips910
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/52095
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Timothy R. Block <block@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

2 files changed, 30 insertions, 8 deletions

diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C
index 8c9f7fff3..4a4120a8b 100644
--- a/src/usr/secureboot/trusted/trustedboot.C
+++ b/src/usr/secureboot/trusted/trustedboot.C
@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2015,2017                        */
+/* Contributors Listed Below - COPYRIGHT 2015,2018                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -1110,10 +1110,13 @@ void tpmMarkFailed(TpmTarget* const i_pTpm)
     #endif
 }
 
-void tpmVerifyFunctionalTpmExists()
+void tpmVerifyFunctionalTpmExists(
+    const NoTpmShutdownPolicy i_noTpmShutdownPolicy)
 {
     errlHndl_t err = nullptr;
     bool foundFunctional = enabled();
+    const bool isBackgroundShutdown =
+        (i_noTpmShutdownPolicy == NoTpmShutdownPolicy::BACKGROUND_SHUTDOWN);
 
     if (!foundFunctional && !systemData.failedTpmsPosted)
     {
@@ -1132,7 +1135,7 @@ void tpmVerifyFunctionalTpmExists()
             auto errPlid = err->plid();
 
             // we should not continue if we could not read the jumper state
-            INITSERVICE::doShutdown(errPlid);
+            INITSERVICE::doShutdown(errPlid,isBackgroundShutdown);
         }
         else if (l_state == SECUREBOOT::SecureJumperState::SECURITY_ASSERTED)
         {
@@ -1173,7 +1176,7 @@ void tpmVerifyFunctionalTpmExists()
                 errlCommit(err, TRBOOT_COMP_ID);
                 // terminating the IPL with this fail
                 // Terminate IPL immediately
-                INITSERVICE::doShutdown(errPlid);
+                INITSERVICE::doShutdown(errPlid,isBackgroundShutdown);
             }
             else
             {
@@ -1261,7 +1264,8 @@ void* tpmDaemon(void* unused)
 
                   // Lastly make sure we are in a state
                   //  where we have a functional TPM
-                  TRUSTEDBOOT::tpmVerifyFunctionalTpmExists();
+                  TRUSTEDBOOT::tpmVerifyFunctionalTpmExists(
+                      NoTpmShutdownPolicy::BACKGROUND_SHUTDOWN);
               }
               break;
           case TRUSTEDBOOT::MSG_TYPE_SEPARATOR:
@@ -1281,7 +1285,8 @@ void* tpmDaemon(void* unused)
 
                   // Lastly make sure we are in a state
                   //  where we have a functional TPM
-                  TRUSTEDBOOT::tpmVerifyFunctionalTpmExists();
+                  TRUSTEDBOOT::tpmVerifyFunctionalTpmExists(
+                      NoTpmShutdownPolicy::BACKGROUND_SHUTDOWN);
               }
               break;
 
diff --git a/src/usr/secureboot/trusted/trustedboot.H b/src/usr/secureboot/trusted/trustedboot.H
index 660bf92de..220f9f599 100644
--- a/src/usr/secureboot/trusted/trustedboot.H
+++ b/src/usr/secureboot/trusted/trustedboot.H
@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2015,2017                        */
+/* Contributors Listed Below - COPYRIGHT 2015,2018                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -87,6 +87,17 @@ public:
  */
 void tpmInitialize(TRUSTEDBOOT::TpmTarget* i_pTpm);
 
+
+
+/**
+ *  @brief Shutdown policy to invoke when system has no usable TPMs
+ */
+enum class NoTpmShutdownPolicy
+{
+    BACKGROUND_SHUTDOWN, // Shutdown Hostboot in background
+    SYNC_SHUTDOWN,       // Block waiting for Hostboot to shutdown
+};
+
 /**
  * @brief Verify a functional TPM still exists in the system
  *
@@ -94,8 +105,14 @@ void tpmInitialize(TRUSTEDBOOT::TpmTarget* i_pTpm);
  *   If the system is running in secure mode an error log will be committed
  *   and if the TPMRequired attribute is true a system shutdown will be
  *   initiated
+ *
+ * @param[in] i_noTpmShutdownPolicy Shutdown policy to invoke if a functional
+ *     TPM is required to boot the system (TPM required policy is "required")
+ *     -and- no functional TPMs are available (or other critical error occurred)
 */
-void tpmVerifyFunctionalTpmExists();
+void tpmVerifyFunctionalTpmExists(
+    NoTpmShutdownPolicy i_noTpmShutdownPolicy =
+        NoTpmShutdownPolicy::SYNC_SHUTDOWN);
 
 /**
  *  @brief Replay the entries that exist in the log into the TPM as needed