diff options
| author | Chris Engel <cjengel@us.ibm.com> | 2015-09-18 09:17:23 -0500 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2016-06-08 22:45:27 -0400 |
| commit | c4119b881e8a6e3746ac4553dee024351d97226f (patch) | |
| tree | aa1148f790629526cb2367dff0c5ce162e4b051d /src/usr/secureboot | |
| parent | 02db181b01ad44a7c18d929f9541336d050dbae2 (diff) | |
| download | talos-hostboot-c4119b881e8a6e3746ac4553dee024351d97226f.tar.gz talos-hostboot-c4119b881e8a6e3746ac4553dee024351d97226f.zip | |
Trustedboot add TPM and associated i2c master to the devtree
Change-Id: Ic2edee549d23669f046a6e78f0cfae838faaec2d
RTC: 125287
ForwardPort: yes
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/25470
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Tested-by: Jenkins Server
Tested-by: FSP CI Jenkins
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot')
| -rw-r--r-- | src/usr/secureboot/base/securerom.C | 16 | ||||
| -rw-r--r-- | src/usr/secureboot/base/securerom.H | 8 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/base/tpmLogMgr.C | 56 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/base/tpmLogMgr.H | 35 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/trustedboot.C | 85 |
5 files changed, 198 insertions, 2 deletions
diff --git a/src/usr/secureboot/base/securerom.C b/src/usr/secureboot/base/securerom.C index 48b4255cd..82a72c185 100644 --- a/src/usr/secureboot/base/securerom.C +++ b/src/usr/secureboot/base/securerom.C @@ -84,6 +84,14 @@ errlHndl_t hashBlob(void * i_blob, size_t i_size, SHA512_t io_buf) } +/* + * @brief Externally available hardware hash key function + */ +void getHwHashKeys(sha2_hash_t o_hash) +{ + return Singleton<SecureROM>::instance().getHwHashKeys(o_hash); +} + }; //end SECUREBOOT namespace @@ -546,6 +554,14 @@ errlHndl_t SecureROM::getHwHashKeys() } /** + * @brief Retrieve the internal hardware hash key from secure ROM object. + */ +void SecureROM::getHwHashKeys(sha2_hash_t o_hash) +{ + memcpy(o_hash, iv_hash_key, sizeof(sha2_hash_t)); +} + +/** * @brief Static instance function for testcase only */ SecureROM& SecureROM::getInstance() diff --git a/src/usr/secureboot/base/securerom.H b/src/usr/secureboot/base/securerom.H index ad12a5a8a..cd5688cc4 100644 --- a/src/usr/secureboot/base/securerom.H +++ b/src/usr/secureboot/base/securerom.H @@ -157,6 +157,14 @@ class SecureROM */ errlHndl_t hashBlob(void * i_blob, size_t i_size, SHA512_t io_buf); + /** + * @brief Retrieve the internal hardware hash key from secure ROM + * object. + * + * @param[out] o_hash Reference to the sha2_hash_t array to copy the + * hash to. + */ + void getHwHashKeys(sha2_hash_t o_hash); protected: diff --git a/src/usr/secureboot/trusted/base/tpmLogMgr.C b/src/usr/secureboot/trusted/base/tpmLogMgr.C index 18e677192..d129bbaa1 100644 --- a/src/usr/secureboot/trusted/base/tpmLogMgr.C +++ b/src/usr/secureboot/trusted/base/tpmLogMgr.C @@ -38,6 +38,8 @@ #include <string.h> #include "tpmLogMgr.H" #ifdef __HOSTBOOT_MODULE +#include <sys/mm.h> +#include <util/align.H> #include <secureboot/trustedboot_reasoncodes.H> #include "../trustedbootUtils.H" #include "../trustedboot.H" @@ -251,7 +253,6 @@ namespace TRUSTEDBOOT break; } - val->newEventPtr = TCG_PCR_EVENT2_logMarshal(logEvent, val->newEventPtr); @@ -490,6 +491,59 @@ namespace TRUSTEDBOOT #endif } +#ifdef __HOSTBOOT_MODULE + errlHndl_t TpmLogMgr_getDevtreeInfo(TpmLogMgr* val, + uint64_t & io_logAddr, + size_t & o_allocationSize, + uint64_t & o_xscomAddr, + uint32_t & o_i2cMasterOffset) + { + errlHndl_t err = NULL; + + mutex_lock( &val->logMutex ); + + assert(io_logAddr != 0, "Invalid starting log address"); + assert(val->eventLogInMem == NULL, + "getDevtreeInfo can only be called once"); + + io_logAddr -= ALIGN_PAGE(TPMLOG_DEVTREE_SIZE); + // Align to 64KB for Opal + io_logAddr = ALIGN_DOWN_X(io_logAddr,64*KILOBYTE); + + val->inMemlogBaseAddr = io_logAddr; + o_allocationSize = TPMLOG_DEVTREE_SIZE; + o_xscomAddr = val->devtreeXscomAddr; + o_i2cMasterOffset = val->devtreeI2cMasterOffset; + + // Copy image. + val->eventLogInMem = (uint8_t*)(mm_block_map( + (void*)(io_logAddr), + ALIGN_PAGE(TPMLOG_DEVTREE_SIZE))); + // Copy log into new location + memset(val->eventLogInMem, 0, TPMLOG_DEVTREE_SIZE); + memcpy(val->eventLogInMem, val->eventLog, val->logSize); + val->newEventPtr = val->eventLogInMem + val->logSize; + + mutex_unlock( &val->logMutex ); + + TRACUCOMP( g_trac_trustedboot, + "<<getDevtreeInfo() Addr:%lX - %s", + io_logAddr, + ((TB_SUCCESS == err) ? "No Error" : "With Error") ); + return err; + } + + + void TpmLogMgr_setTpmDevtreeInfo(TpmLogMgr* val, + uint64_t i_xscomAddr, + uint32_t i_i2cMasterOffset) + { + val->devtreeXscomAddr = i_xscomAddr; + val->devtreeI2cMasterOffset = i_i2cMasterOffset; + } + +#endif + #ifdef __cplusplus } // end TRUSTEDBOOT #endif diff --git a/src/usr/secureboot/trusted/base/tpmLogMgr.H b/src/usr/secureboot/trusted/base/tpmLogMgr.H index b7eed6293..b12f5cb15 100644 --- a/src/usr/secureboot/trusted/base/tpmLogMgr.H +++ b/src/usr/secureboot/trusted/base/tpmLogMgr.H @@ -81,6 +81,7 @@ namespace TRUSTEDBOOT enum { TPMLOG_BUFFER_SIZE = 1024, ///< Size of event log buffer in bytes + TPMLOG_DEVTREE_SIZE = 64*1024, ///< Size to allocate for OPAL }; struct _TpmLogMgr @@ -90,6 +91,9 @@ namespace TRUSTEDBOOT uint8_t* newEventPtr; ///< Pointer to location to add new event uint8_t* eventLogInMem; ///< Event log allocated from memory #ifdef __HOSTBOOT_MODULE + uint64_t inMemlogBaseAddr; ///< Base address of log for dev tree + uint64_t devtreeXscomAddr; ///< Devtree Xscom Address + uint32_t devtreeI2cMasterOffset; ///< Devtree I2c Master Offset uint8_t eventLog[TPMLOG_BUFFER_SIZE]; ///< EventLog Buffer #endif mutex_t logMutex; ///< Log mutex @@ -134,6 +138,37 @@ namespace TRUSTEDBOOT */ uint32_t TpmLogMgr_getLogSize(TpmLogMgr* val); +#ifdef __HOSTBOOT_MODULE + /** + * @brief Retrieve devtree information + * @param[in] val TpmLogMgr structure + * @param[in/out] io_logAddr TPM Log address + * @param[out] o_allocationSize Total memory allocated for log + * @param[out] o_xscomAddr Chip Xscom Address + * @param[out] o_i2cMasterOffset I2c Master Offset + * @return errlHndl_t NULL if successful, otherwise a pointer to the + * error log. + * Function will allocate a new region in memory to store log + * for passing to opal + */ + errlHndl_t TpmLogMgr_getDevtreeInfo(TpmLogMgr* val, + uint64_t & io_logAddr, + size_t & o_allocationSize, + uint64_t & o_xscomAddr, + uint32_t & o_i2cMasterOffset); + + /** + * @brief Store TPM devtree node information + * @param[in] val TpmLogMgr structure + * @param[in] i_xscomAddr Chip Xscom Address + * @param[in] i_i2cMasterOffset i2c Master Offset + */ + void TpmLogMgr_setTpmDevtreeInfo(TpmLogMgr* val, + uint64_t i_xscomAddr, + uint32_t i_i2cMasterOffset); +#endif + + /** * @brief Calculate the log size in bytes by walking the log * @param[in] val TpmLogMgr structure diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C index a934b592c..936217226 100644 --- a/src/usr/secureboot/trusted/trustedboot.C +++ b/src/usr/secureboot/trusted/trustedboot.C @@ -55,6 +55,89 @@ namespace TRUSTEDBOOT extern SystemTpms systemTpms; +void getTPMs( std::list<TpmTarget>& o_info ) +{ + TRACUCOMP(g_trac_trustedboot,ENTER_MRK"getTPMs()"); + + for (size_t idx = 0; idx < MAX_SYSTEM_TPMS; idx ++) + { + if (systemTpms.tpm[idx].available && !systemTpms.tpm[idx].failed) + { + + o_info.push_back(systemTpms.tpm[idx]); + } + } + + TRACUCOMP(g_trac_trustedboot,EXIT_MRK"getTPMs() : Size:%d", o_info.size()); + +} + +errlHndl_t getTpmLogDevtreeInfo(TpmTarget & i_target, + uint64_t & io_logAddr, + size_t & o_allocationSize, + uint64_t & o_xscomAddr, + uint32_t & o_i2cMasterOffset) +{ + errlHndl_t err = NULL; + TRACUCOMP( g_trac_trustedboot, + ENTER_MRK"getTpmLogDevtreeInfo() Chip:%d Addr:%lX %lX", + i_target.chip, io_logAddr + ,(uint64_t)(i_target.logMgr)); + + o_allocationSize = 0; + + if (NULL != i_target.logMgr && + i_target.available) + { + err = TpmLogMgr_getDevtreeInfo(i_target.logMgr, + io_logAddr, + o_allocationSize, + o_xscomAddr, + o_i2cMasterOffset); + } + TRACUCOMP( g_trac_trustedboot, + EXIT_MRK"getTpmLogDevtreeInfo() Addr:%lX",io_logAddr); + return err; +} + +void setTpmDevtreeInfo(TpmTarget & i_target, + uint64_t i_xscomAddr, + uint32_t i_i2cMasterOffset) +{ + TRACUCOMP( g_trac_trustedboot, + ENTER_MRK"setTpmLogDevtreeOffset() Chip:%d " + "Xscom:%lX Master:%X", + i_target.chip, i_xscomAddr, i_i2cMasterOffset); + + if (NULL != i_target.logMgr) + { + TpmLogMgr_setTpmDevtreeInfo(i_target.logMgr, + i_xscomAddr, i_i2cMasterOffset); + } +} + +bool enabled() +{ + bool ret = false; +#ifdef CONFIG_TPMDD + bool foundFunctional = false; + + for (size_t idx = 0; idx < MAX_SYSTEM_TPMS; idx ++) + { + if ((!systemTpms.tpm[idx].failed && + systemTpms.tpm[idx].available) || + !systemTpms.tpm[idx].initAttempted) + { + foundFunctional = true; + break; + } + } + // If we have a functional TPM we are enabled + ret = foundFunctional; +#endif + return ret; +} + void* host_update_master_tpm( void *io_pArgs ) { errlHndl_t err = NULL; @@ -293,7 +376,7 @@ void tpmReplayLog(TRUSTEDBOOT::TpmTarget & io_target) } // Extend to tpm - if (l_eventLog.eventType == EV_ACTION) + if (EV_ACTION == l_eventLog.eventType) { TRACUBIN(g_trac_trustedboot, "tpmReplayLog: Extending event:", &l_eventLog, sizeof(TCG_PCR_EVENT2)); |
