diff options
author | Stephen Cprek <smcprek@us.ibm.com> | 2017-05-19 16:05:21 -0500 |
---|---|---|
committer | William G. Hoffa <wghoffa@us.ibm.com> | 2017-05-26 10:10:34 -0400 |
commit | f2a33cb5c91b97e209f9c15078d4e6568df7f3d2 (patch) | |
tree | a11f46734197d3dcc7579d1dfccb72a635cec440 /src/usr/secureboot/trusted | |
parent | c6d4548dc21871d346d125f810574f1f9545aa2d (diff) | |
download | talos-hostboot-f2a33cb5c91b97e209f9c15078d4e6568df7f3d2.tar.gz talos-hostboot-f2a33cb5c91b97e209f9c15078d4e6568df7f3d2.zip |
HW callout for TPM not present when required
RTC:170678
Change-Id: Ic0338b49a9e05a8ccff5dc28b3ed3b00bd851d7c
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/40777
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot/trusted')
-rw-r--r-- | src/usr/secureboot/trusted/trustedboot.C | 52 |
1 files changed, 30 insertions, 22 deletions
diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C index 83db64a86..20a099adb 100644 --- a/src/usr/secureboot/trusted/trustedboot.C +++ b/src/usr/secureboot/trusted/trustedboot.C @@ -1112,30 +1112,38 @@ void tpmVerifyFunctionalTpmExists() } else if (l_state == SECUREBOOT::SecureJumperState::SECURITY_ASSERTED) { - /*@ - * @errortype - * @reasoncode RC_TPM_NOFUNCTIONALTPM_FAIL - * @severity ERRL_SEV_UNRECOVERABLE - * @moduleid MOD_TPM_VERIFYFUNCTIONAL - * @userdata1 0 - * @userdata2 0 - * @devdesc No functional TPMs exist in the system - */ - err = new ERRORLOG::ErrlEntry( ERRORLOG::ERRL_SEV_UNRECOVERABLE, - MOD_TPM_VERIFYFUNCTIONAL, - RC_TPM_NOFUNCTIONALTPM_FAIL, - 0, 0, - true /*Add HB SW Callout*/ ); - - err->collectTrace( SECURE_COMP_NAME ); - uint32_t errPlid = err->plid(); - - // Log this failure here - errlCommit(err, SECURE_COMP_ID); - if (isTpmRequired()) - { + /*@ + * @errortype + * @reasoncode RC_TPM_NOFUNCTIONALTPM_FAIL + * @severity ERRL_SEV_UNRECOVERABLE + * @moduleid MOD_TPM_VERIFYFUNCTIONAL + * @userdata1 0 + * @userdata2 0 + * @devdesc No functional TPMs exist in the system + */ + err = new ERRORLOG::ErrlEntry(ERRORLOG::ERRL_SEV_UNRECOVERABLE, + MOD_TPM_VERIFYFUNCTIONAL, + RC_TPM_NOFUNCTIONALTPM_FAIL); + + // Add low priority HB SW callout + err->addProcedureCallout(HWAS::EPUB_PRC_HB_CODE, + HWAS::SRCI_PRIORITY_LOW); + err->collectTrace( SECURE_COMP_NAME ); + uint32_t errPlid = err->plid(); + + // HW callout TPMs + TARGETING::TargetHandleList l_tpmList; + TRUSTEDBOOT::getTPMs(l_tpmList, TPM_FILTER::ALL_IN_BLUEPRINT); + for(const auto &tpm : l_tpmList) + { + err->addHwCallout(tpm, + HWAS::SRCI_PRIORITY_HIGH, + HWAS::NO_DECONFIG, + HWAS::GARD_NULL); + } + errlCommit(err, SECURE_COMP_ID); // terminating the IPL with this fail // Terminate IPL immediately INITSERVICE::doShutdown(errPlid); |