diff options
author | Mike Baiocchi <mbaiocch@us.ibm.com> | 2019-02-19 10:55:19 -0600 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2019-03-05 08:53:09 -0600 |
commit | d74d3932d989bca5b533c48024ac135ec9991d64 (patch) | |
tree | c6ef9e1e29a5d6a5397eef5f4c9b1586d3d24379 /src/usr/secureboot/trusted | |
parent | eeb5732a169d35955e96236f6389e95a29a22af8 (diff) | |
download | talos-hostboot-d74d3932d989bca5b533c48024ac135ec9991d64.tar.gz talos-hostboot-d74d3932d989bca5b533c48024ac135ec9991d64.zip |
Secureboot: Enhance Error Callouts For New Multinode Trustedboot Transfer
This commit adds many checks to callout potential issues with the new
multinode trustedboot transfer protocol. It also improves some
TPM-related traces.
Change-Id: Ice3f8be0668cc63321eeb2562bb8ffe610284b6a
RTC:203642
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72363
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Ilya Smirnov <ismirno@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot/trusted')
-rw-r--r-- | src/usr/secureboot/trusted/trustedboot.C | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C index 9c075dc7d..66c3a8664 100644 --- a/src/usr/secureboot/trusted/trustedboot.C +++ b/src/usr/secureboot/trusted/trustedboot.C @@ -1330,6 +1330,12 @@ void tpmVerifyFunctionalPrimaryTpmExists( MOD_TPM_VERIFYFUNCTIONAL, RC_TPM_NOFUNCTIONALTPM_FAIL); + TRACFCOMP(g_trac_trustedboot, ERR_MRK + "tpmVerifyFunctionalPrimaryTpmExists: Shutting down " + "system because no Functional Primary TPM was found " + "but system policy required it. errl EID 0x%08X", + err->eid()); + // Add low priority HB SW callout err->addProcedureCallout(HWAS::EPUB_PRC_HB_CODE, HWAS::SRCI_PRIORITY_LOW); @@ -1362,8 +1368,9 @@ void tpmVerifyFunctionalPrimaryTpmExists( err = TARGETING::AttrRP::syncAllAttributesToFsp(); if(err) { - TRACFCOMP(g_trac_trustedboot, ERR_MRK"Could not sync" - " attributes to FSP; errl EID 0x%08X", + TRACFCOMP(g_trac_trustedboot, ERR_MRK + "tpmVerifyFunctionalPrimaryTpmExists: Could " + "not sync attributes to FSP; errl EID 0x%08X", err->eid()); errlCommit(err, TRBOOT_COMP_ID); } @@ -1376,13 +1383,13 @@ void tpmVerifyFunctionalPrimaryTpmExists( else { TRACUCOMP(g_trac_trustedboot, - "No functional primary TPM found but" - "TPM not Required"); + "tpmVerifyFunctionalPrimaryTpmExists: No functional " + "primary TPM found but TPM not Required"); } } else { - TRACUCOMP(g_trac_trustedboot, + TRACUCOMP(g_trac_trustedboot,"tpmVerifyFunctionalPrimaryTpmExists: " "No functional primary TPM found but not running secure"); } @@ -2117,6 +2124,11 @@ bool getTpmRequiredSensorValue(bool& o_isTpmRequired) "not available: retVal=%d (sensorNum=0x%X)", retVal, sensorNum ); } + + TRACFCOMP( g_trac_trustedboot, + "getTpmRequiredSensorValue: isAvail=%s, o_isTpmRequired=%s", + (retVal ? "Yes" : "No"), + (o_isTpmRequired ? "Yes" : "No") ); #else // IPMI support not there, so consider sensor not available retVal = false; @@ -2125,12 +2137,6 @@ bool getTpmRequiredSensorValue(bool& o_isTpmRequired) retVal ); #endif - - TRACFCOMP( g_trac_trustedboot, - "getTpmRequiredSensorValue: isAvail=%s, o_isTpmRequired=%s", - (retVal ? "Yes" : "No"), - (o_isTpmRequired ? "Yes" : "No") ); - return retVal; } |