diff options
| author | Jaymes Wilks <mjwilks@us.ibm.com> | 2016-11-11 14:58:58 -0600 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-01-30 12:17:06 -0500 |
| commit | 8363cdd8fff56e20f25a6ffee5b43c887c6049c4 (patch) | |
| tree | 64cc9d93e04066d51ee6decdcbbe6d2d0708a575 /src/usr/secureboot/trusted | |
| parent | 89c55d65e62b74221262652c02c4afef0590e127 (diff) | |
| download | talos-hostboot-8363cdd8fff56e20f25a6ffee5b43c887c6049c4.tar.gz talos-hostboot-8363cdd8fff56e20f25a6ffee5b43c887c6049c4.zip | |
Generalize secure boot settings for all processors
Adds the ability to specify which processor target user code is
interested in when querying secure boot settings.
Change-Id: I0375af03ce8f4e33029736ff2e2d60416629a295
RTC:161916
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/32556
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot/trusted')
| -rw-r--r-- | src/usr/secureboot/trusted/trustedboot.C | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C index 7de63e1d7..a7b7f8c56 100644 --- a/src/usr/secureboot/trusted/trustedboot.C +++ b/src/usr/secureboot/trusted/trustedboot.C @@ -55,7 +55,7 @@ #include "trustedbootUtils.H" #include "tpmLogMgr.H" #include "base/trustedbootMsg.H" -#include "../settings.H" +#include <secureboot/settings.H> namespace TRUSTEDBOOT { @@ -506,8 +506,13 @@ errlHndl_t tpmLogConfigEntries(TRUSTEDBOOT::TpmTarget & io_target) memset(l_digest, 0, sizeof(uint64_t)); // Security switches - uint64_t l_securitySwitchValue = Singleton<SECUREBOOT::Settings>:: - instance().getSecuritySwitch(); + uint64_t l_securitySwitchValue = 0; + l_err = SECUREBOOT::getSecuritySwitch(l_securitySwitchValue, + TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL); + if (l_err) + { + break; + } TRACFCOMP(g_trac_trustedboot, "security switch value = 0x%X", l_securitySwitchValue); // Extend to TPM - PCR_1 @@ -774,8 +779,19 @@ void tpmVerifyFunctionalTpmExists() "NO FUNCTIONAL TPM FOUND"); // Check to ensure jumper indicates we are running secure - if (false) /// @todo Story 161916 Change to call getJumperState - // if (SECUREBOOT::getJumperState()) + SECUREBOOT::SecureJumperState l_state + = SECUREBOOT::SecureJumperState::SECURITY_DEASSERTED; + err = SECUREBOOT::getJumperState(l_state); + if (err) + { + errlCommit(err, SECURE_COMP_ID); + + auto errPlid = err->plid(); + + // we should not continue if we could not read the jumper state + INITSERVICE::doShutdown(errPlid); + } + else if (l_state == SECUREBOOT::SecureJumperState::SECURITY_ASSERTED) { /*@ * @errortype |
