diff options
author | Ilya Smirnov <ismirno@us.ibm.com> | 2018-05-08 16:01:25 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2018-05-22 12:28:07 -0400 |
commit | d55d64a79ca44280e0e6415893bab44fcaafa34f (patch) | |
tree | 48f43b89dcfbc679a05ce301cb4f2936560d56e2 /src/usr/secureboot/trusted | |
parent | 70e337a2fe7679b2f2b4ed099949e5a7dc1f2a24 (diff) | |
download | talos-hostboot-d55d64a79ca44280e0e6415893bab44fcaafa34f.tar.gz talos-hostboot-d55d64a79ca44280e0e6415893bab44fcaafa34f.zip |
Marked Failed TPMs Unusable For Alignment Check
Set the TPM_UNUSABLE attribute for TPMs that failed. This attribute
will be used by FSP during alignment check, so it is important
to reflect the current TPM availability situation. Note that backup
TPM is marked as unusable in istep 6.8, and then re-checked in
istep 10.14.
Change-Id: I32347c542cb4cd09c04bea7f8a9275881d204dfb
RTC: 191163
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/58529
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot/trusted')
-rw-r--r-- | src/usr/secureboot/trusted/trustedboot.C | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C index de4222e41..f4262bcf1 100644 --- a/src/usr/secureboot/trusted/trustedboot.C +++ b/src/usr/secureboot/trusted/trustedboot.C @@ -193,8 +193,8 @@ bool functionalPrimaryTpmExists() [&presentAndFunctional, &initialized, &isPrimaryTpm]( const TARGETING::Target* const i_pTpm) { - return (isPrimaryTpm(i_pTpm) && (presentAndFunctional(i_pTpm) - || !initialized(i_pTpm))); + return (isPrimaryTpm(i_pTpm) && + (presentAndFunctional(i_pTpm) || !initialized(i_pTpm))); }); exists = (itr!=tpmList.end()) ? true : false; @@ -324,6 +324,7 @@ void* host_update_master_tpm( void *io_pArgs ) !primaryHwasState.present) { primaryTpmAvail = false; + pPrimaryTpm->setAttr<TARGETING::ATTR_TPM_UNUSABLE>(true); } } @@ -414,13 +415,15 @@ void* host_update_master_tpm( void *io_pArgs ) { TRACUCOMP( g_trac_trustedboot, "host_update_master_tpm() - " - "Primary TPM Present:%d Functional:%d Init Attempted:%d", + "Primary TPM Present:%d Functional:%d Init Attempted:%d" + " Usable:%d", pPrimaryTpm->getAttr<TARGETING::ATTR_HWAS_STATE>(). present, pPrimaryTpm->getAttr<TARGETING::ATTR_HWAS_STATE>(). functional, pPrimaryTpm->getAttr< - TARGETING::ATTR_HB_TPM_INIT_ATTEMPTED>()); + TARGETING::ATTR_HB_TPM_INIT_ATTEMPTED>(), + !(pPrimaryTpm->getAttr<TARGETING::ATTR_TPM_UNUSABLE>())); } TARGETING::Target* pBackupTpm = nullptr; @@ -429,14 +432,16 @@ void* host_update_master_tpm( void *io_pArgs ) { TRACUCOMP( g_trac_trustedboot, "host_update_master_tpm() - " - "Backup TPM Present:%d Functional:%d Init Attempted:%d. " + "Backup TPM Present:%d Functional:%d Init Attempted:%d " + "Usable: %d. " "Backup TPM initialization is deferred to istep 10.14.", pBackupTpm->getAttr<TARGETING::ATTR_HWAS_STATE>(). present, pBackupTpm->getAttr<TARGETING::ATTR_HWAS_STATE>(). functional, pBackupTpm->getAttr< - TARGETING::ATTR_HB_TPM_INIT_ATTEMPTED>()); + TARGETING::ATTR_HB_TPM_INIT_ATTEMPTED>(), + !(pPrimaryTpm->getAttr<TARGETING::ATTR_TPM_UNUSABLE>())); } TRACDCOMP( g_trac_trustedboot, @@ -998,6 +1003,9 @@ void tpmMarkFailed(TpmTarget* const i_pTpm, i_pTpm->setAttr< TARGETING::ATTR_HWAS_STATE>(hwasState); + // Mark the TPM as unusable so that FSP can perform alignment check + i_pTpm->setAttr<TARGETING::ATTR_TPM_UNUSABLE>(true); + #ifdef CONFIG_SECUREBOOT TARGETING::Target* l_tpm = i_pTpm; @@ -1374,6 +1382,10 @@ void doInitBackupTpm() if(l_backupTpm) { l_backupTpm->setAttr<TARGETING::ATTR_HB_TPM_INIT_ATTEMPTED>(true); + auto l_backupHwasState = l_backupTpm->getAttr< + TARGETING::ATTR_HWAS_STATE>(); + l_backupTpm->setAttr<TARGETING::ATTR_TPM_UNUSABLE>( + !(l_backupHwasState.present && l_backupHwasState.functional)); } } |