Trustedboot: Move data to Hostboot base and add pcrExtend stub function

Change-Id: Id488af88c7f1796606434a062a9001f31f413ac0
RTC: 125288
Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/21475
Tested-by: Jenkins Server
Reviewed-by: Timothy R. Block <block@us.ibm.com>
Tested-by: Jenkins OP Build CI
Tested-by: Jenkins OP HW
Tested-by: FSP CI Jenkins
Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>

3 files changed, 130 insertions, 28 deletions

diff --git a/src/usr/secureboot/trusted/base/trustedboot_base.C b/src/usr/secureboot/trusted/base/trustedboot_base.C
new file mode 100644
index 000000000..95a55fdc2
--- /dev/null
+++ b/src/usr/secureboot/trusted/base/trustedboot_base.C
@@ -0,0 +1,84 @@
+/* IBM_PROLOG_BEGIN_TAG                                                   */
+/* This is an automatically generated prolog.                             */
+/*                                                                        */
+/* $Source: src/usr/secureboot/trusted/base/trustedboot_base.C $          */
+/*                                                                        */
+/* OpenPOWER HostBoot Project                                             */
+/*                                                                        */
+/* Contributors Listed Below - COPYRIGHT 2015                             */
+/* [+] International Business Machines Corp.                              */
+/*                                                                        */
+/*                                                                        */
+/* Licensed under the Apache License, Version 2.0 (the "License");        */
+/* you may not use this file except in compliance with the License.       */
+/* You may obtain a copy of the License at                                */
+/*                                                                        */
+/*     http://www.apache.org/licenses/LICENSE-2.0                         */
+/*                                                                        */
+/* Unless required by applicable law or agreed to in writing, software    */
+/* distributed under the License is distributed on an "AS IS" BASIS,      */
+/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or        */
+/* implied. See the License for the specific language governing           */
+/* permissions and limitations under the License.                         */
+/*                                                                        */
+/* IBM_PROLOG_END_TAG                                                     */
+/**
+ * @file trustedboot_base.C
+ *
+ * @brief Trusted boot base interfaces
+ */
+
+// ----------------------------------------------
+// Includes
+// ----------------------------------------------
+#include <string.h>
+#include <sys/time.h>
+#include <trace/interface.H>
+#include <errl/errlentry.H>
+#include <errl/errlmanager.H>
+#include <errl/errludtarget.H>
+#include <errl/errludstring.H>
+#include <secureboot/trustedbootif.H>
+#include "../trustedboot.H"
+#include <secureboot/trustedboot_reasoncodes.H>
+
+// ----------------------------------------------
+// Trace definitions
+// ----------------------------------------------
+trace_desc_t* g_trac_trustedboot = NULL;
+TRAC_INIT( & g_trac_trustedboot, "TRBOOT", KILOBYTE );
+
+// Easy macro replace for unit testing
+//#define TRACUCOMP(args...)  TRACFCOMP(args)
+#define TRACUCOMP(args...)
+
+namespace TRUSTEDBOOT
+{
+
+/// Global object to store TPM status
+SystemTpms systemTpms;
+
+SystemTpms::SystemTpms()
+{
+}
+
+TpmTarget::TpmTarget()
+{
+    memset(this, 0, sizeof(TpmTarget));
+    mutex_init(&tpmMutex);
+}
+
+errlHndl_t pcrExtend(TPM_Pcr i_pcr,
+                     uint8_t* i_digest,
+                     size_t  i_digestSize,
+                     const char* i_logMsg)
+{
+    errlHndl_t err = NULL;
+#ifdef CONFIG_TPMDD
+    /// @todo RTC:125288 Add call to extend the PCR
+
+#endif
+    return err;
+}
+
+} // end TRUSTEDBOOT
diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C
index ed8ce7ac6..a80272be3 100644
--- a/src/usr/secureboot/trusted/trustedboot.C
+++ b/src/usr/secureboot/trusted/trustedboot.C
@@ -49,8 +49,7 @@
 // ----------------------------------------------
 // Trace definitions
 // ----------------------------------------------
-trace_desc_t* g_trac_trustedboot = NULL;
-TRAC_INIT( & g_trac_trustedboot, "TRBOOT", KILOBYTE );
+extern trace_desc_t* g_trac_trustedboot;
 
 // Easy macro replace for unit testing
 //#define TRACUCOMP(args...)  TRACFCOMP(args)
@@ -59,9 +58,13 @@ TRAC_INIT( & g_trac_trustedboot, "TRBOOT", KILOBYTE );
 namespace TRUSTEDBOOT
 {
 
+extern SystemTpms systemTpms;
+
 void* host_update_master_tpm( void *io_pArgs )
 {
     errlHndl_t err = NULL;
+    bool unlock = false;
+
     TRACDCOMP( g_trac_trustedboot,
                ENTER_MRK"host_update_master_tpm()" );
     TRACUCOMP( g_trac_trustedboot,
@@ -70,11 +73,6 @@ void* host_update_master_tpm( void *io_pArgs )
     do
     {
 
-        // First time here so we need to clean out our data structure
-        memset(&tpmTargets, 0,
-               sizeof(TpmTarget) * TRUSTEDBOOT::MAX_SYSTEM_TPMS);
-
-
         // Get a node Target
         TARGETING::TargetService& tS = TARGETING::targetService();
         TARGETING::Target* nodeTarget = NULL;
@@ -90,21 +88,23 @@ void* host_update_master_tpm( void *io_pArgs )
             continue;
         }
 
-        if (TPMDD::tpmPresence(nodeTarget, TPMDD::TPM_PRIMARY))
-        {
-            tpmTargets[TPM_MASTER_INDEX].nodeTarget = nodeTarget;
-            tpmTargets[TPM_MASTER_INDEX].chip = TPMDD::TPM_PRIMARY;
-            tpmTargets[TPM_MASTER_INDEX].functional = true;
+        mutex_lock( &(systemTpms.tpm[TPM_MASTER_INDEX].tpmMutex) );
+        unlock = true;
 
+        if (!systemTpms.tpm[TPM_MASTER_INDEX].failed &&
+            TPMDD::tpmPresence(nodeTarget, TPMDD::TPM_PRIMARY))
+        {
             // Initialize the TPM, this will mark it as non-functional on fail
-            tpmInitialize(tpmTargets[TPM_MASTER_INDEX]);
+            tpmInitialize(systemTpms.tpm[TPM_MASTER_INDEX],
+                          nodeTarget,
+                          TPMDD::TPM_PRIMARY);
 
         }
 
-        if (!tpmTargets[TPM_MASTER_INDEX].functional)
+        if (systemTpms.tpm[TPM_MASTER_INDEX].failed)
         {
 
-            /// @todo RTC:134913 Switch to redundant chip if redundant TPM avail
+            /// @todo RTC:134913 Switch to backup chip if backup TPM avail
 
             // Master TPM not available
             TRACFCOMP( g_trac_trustedboot,
@@ -133,6 +133,12 @@ void* host_update_master_tpm( void *io_pArgs )
 
     } while ( 0 );
 
+    if( unlock )
+    {
+        mutex_unlock(&(systemTpms.tpm[TPM_MASTER_INDEX].tpmMutex));
+    }
+
+
     TRACDCOMP( g_trac_trustedboot,
                EXIT_MRK"host_update_master_tpm() - %s",
                ((NULL == err) ? "No Error" : "With Error") );
@@ -140,7 +146,9 @@ void* host_update_master_tpm( void *io_pArgs )
 }
 
 
-void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target)
+void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target,
+                   TARGETING::Target* i_nodeTarget,
+                   TPMDD::tpm_chip_types_t i_chip)
 {
     errlHndl_t err = NULL;
     uint8_t dataBuf[BUFSIZE];
@@ -158,6 +166,11 @@ void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target)
     {
         // TPM Initialization sequence
 
+        io_target.nodeTarget = i_nodeTarget;
+        io_target.chip = i_chip;
+        io_target.initAttempted = true;
+        io_target.failed = false;
+
         // Send the TPM startup command
         // Build our command block for a startup
         memset(dataBuf, 0, sizeof(dataBuf));
@@ -233,12 +246,11 @@ void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target)
     // If the TPM failed we will mark it not functional
     if (NULL != err)
     {
-        io_target.functional = false;
+        io_target.failed = true;
         // Log this failure
         errlCommit(err, SECURE_COMP_ID);
     }
 
-
     TRACDCOMP( g_trac_trustedboot,
                EXIT_MRK"tpmInitialize() - %s",
                ((NULL == err) ? "No Error" : "With Error") );
diff --git a/src/usr/secureboot/trusted/trustedboot.H b/src/usr/secureboot/trusted/trustedboot.H
index 5c1c87e15..fa5e085fe 100644
--- a/src/usr/secureboot/trusted/trustedboot.H
+++ b/src/usr/secureboot/trusted/trustedboot.H
@@ -33,6 +33,7 @@
 // -----------------------------------------------
 // Includes
 // -----------------------------------------------
+#include <secureboot/trustedbootif.H>
 
 namespace TRUSTEDBOOT
 {
@@ -42,23 +43,28 @@ enum
     MAX_SYSTEM_TPMS = 2,
     BUFSIZE         = 256,
     TPM_MASTER_INDEX = 0,     ///< Index into tpmTargets array for master chip
-    TPM_REDUNDANT_INDEX = 1,  ///< Index for redundant chip TPM
+    TPM_BACKUP_INDEX = 1,     ///< Index for backup chip TPM
 };
 
-/// Track system TPM status
-struct TpmTarget
-{
-    TARGETING::Target*        nodeTarget;
-    TPMDD::tpm_chip_types_t   chip;         ///< Chip Pri vs Backup
-    uint8_t                   functional:1; ///< Is TPM currently functional
-} tpmTargets[MAX_SYSTEM_TPMS];
 
 /**
  * @brief Initialize the targetted TPM
- * @param[in/out] target Current TPM target structure
+ * @param[in/out] io_target Current TPM target structure
+ * @param[in] i_nodeTarget Node Target
+ * @param[in] i_chip Chip to initialize
 */
-void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target);
+    void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target,
+                       TARGETING::Target* i_nodeTarget,
+                       TPMDD::tpm_chip_types_t i_chip);
+
+/// Class object to store system TPM information
+class SystemTpms
+{
+public:
+    SystemTpms();
 
+    TpmTarget tpm[MAX_SYSTEM_TPMS];
+};
 
 // Command structures taken from TPM Main - Part3 commands v 1.2 rev116