diff options
| author | Chris Engel <cjengel@us.ibm.com> | 2016-08-01 13:07:00 -0500 |
|---|---|---|
| committer | William G. Hoffa <wghoffa@us.ibm.com> | 2016-08-23 13:16:49 -0400 |
| commit | 0993e4dc866fa42c5fd4c7f1646d2ea9e1e5daf5 (patch) | |
| tree | e9452b028bc7ba0d17cc730e1764710ad7a4fb6a /src/usr/secureboot | |
| parent | bcb3d79c3389ce0119accf0925a21c8b64c7ea2c (diff) | |
| download | talos-hostboot-0993e4dc866fa42c5fd4c7f1646d2ea9e1e5daf5.tar.gz talos-hostboot-0993e4dc866fa42c5fd4c7f1646d2ea9e1e5daf5.zip | |
Updates to handling of missing TPMs in trustedboot mode
Change-Id: I610b6c62a325b45e7989abf09f55173ca863a4a4
ForwardPort: yes
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/27953
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Timothy R. Block <block@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/28623
Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot')
| -rw-r--r-- | src/usr/secureboot/trusted/tpmLogMgr.H | 2 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/trustedboot.C | 88 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/trustedboot.H | 16 |
3 files changed, 57 insertions, 49 deletions
diff --git a/src/usr/secureboot/trusted/tpmLogMgr.H b/src/usr/secureboot/trusted/tpmLogMgr.H index 90cab6515..5a44b9d48 100644 --- a/src/usr/secureboot/trusted/tpmLogMgr.H +++ b/src/usr/secureboot/trusted/tpmLogMgr.H @@ -77,7 +77,7 @@ namespace TRUSTEDBOOT uint32_t TCG_EfiSpecIdEventStruct_size(TCG_EfiSpecIdEventStruct* val); enum { - TPMLOG_BUFFER_SIZE = 2048, ///< Size of event log buffer in bytes + TPMLOG_BUFFER_SIZE = 3584, ///< Size of event log buffer for HB TPMLOG_DEVTREE_SIZE = 64*1024, ///< Size to allocate for OPAL }; diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C index 618fb81cc..e3e0d6c10 100644 --- a/src/usr/secureboot/trusted/trustedboot.C +++ b/src/usr/secureboot/trusted/trustedboot.C @@ -255,6 +255,8 @@ void* host_update_master_tpm( void *io_pArgs ) systemTpms.tpm[TPM_MASTER_INDEX].logMgr); if (NULL != err) { + systemTpms.tpm[TPM_MASTER_INDEX].initAttempted = true; + systemTpms.tpm[TPM_MASTER_INDEX].failed = true; break; } } @@ -269,28 +271,6 @@ void* host_update_master_tpm( void *io_pArgs ) TRACFCOMP( g_trac_trustedboot, "Master TPM Existence Fail"); - systemTpms.failedTpmsPosted = true; - if (isTpmRequired()) - { - /*@ - * @errortype - * @reasoncode RC_TPM_EXISTENCE_FAIL - * @severity ERRL_SEV_UNRECOVERABLE - * @moduleid MOD_HOST_UPDATE_MASTER_TPM - * @userdata1 0 - * @userdata2 0 - * @devdesc No TPMs found in system. - */ - err = new ERRORLOG::ErrlEntry( ERRORLOG::ERRL_SEV_UNRECOVERABLE, - MOD_HOST_UPDATE_MASTER_TPM, - RC_TPM_EXISTENCE_FAIL, - 0, - 0, - true /*Add HB SW Callout*/ ); - - err->collectTrace( SECURE_COMP_NAME ); - } - } // Lastly we will check on the backup TPM and see if it is enabled @@ -335,6 +315,10 @@ void* host_update_master_tpm( void *io_pArgs ) mutex_unlock(&(systemTpms.tpm[TPM_BACKUP_INDEX].tpmMutex)); } + // Make sure we are in a state + // where we have a functional TPM + TRUSTEDBOOT::tpmVerifyFunctionalTpmExists(); + if (NULL == err) { // Start the task to start to handle the message queue/extends @@ -691,14 +675,15 @@ void tpmMarkFailed(TpmTarget * io_target) } -errlHndl_t tpmVerifyFunctionalTpmExists() +void tpmVerifyFunctionalTpmExists() { errlHndl_t err = NULL; bool foundFunctional = false; for (size_t idx = 0; idx < MAX_SYSTEM_TPMS; idx ++) { - if ((!systemTpms.tpm[idx].failed && systemTpms.tpm[idx].available) || + if ((!systemTpms.tpm[idx].failed && + systemTpms.tpm[idx].available) || !systemTpms.tpm[idx].initAttempted) { foundFunctional = true; @@ -711,7 +696,9 @@ errlHndl_t tpmVerifyFunctionalTpmExists() systemTpms.failedTpmsPosted = true; TRACFCOMP( g_trac_trustedboot, "NO FUNCTIONAL TPM FOUND"); - if (isTpmRequired()) + + // Check to ensure jumper indicates we are running secure + if (SECUREBOOT::getJumperState()) { /*@ * @errortype @@ -729,16 +716,43 @@ errlHndl_t tpmVerifyFunctionalTpmExists() true /*Add HB SW Callout*/ ); err->collectTrace( SECURE_COMP_NAME ); + uint32_t errPlid = err->plid(); + + // Log this failure here + errlCommit(err, SECURE_COMP_ID); +#if 0 + // Code for early release + // Only terminate in manufacturing mode + // Get manufacturing mode flags + TARGETING::Target* pTopLevel = NULL; + TARGETING::targetService().getTopLevelTarget(pTopLevel); + TARGETING::ATTR_MNFG_FLAGS_type mnfgFlags = + pTopLevel->getAttr<TARGETING::ATTR_MNFG_FLAGS>(); + if (mnfgFlags & TARGETING::MNFG_FLAG_SRC_TERM) +#else + if (isTpmRequired()) +#endif + + { + // terminating the IPL with this fail + // Terminate IPL immediately + INITSERVICE::doShutdown(errPlid); + } + else + { + TRACUCOMP( g_trac_trustedboot, + "No functional TPM's found but TPM not Required"); + } } else { TRACUCOMP( g_trac_trustedboot, - "No functional TPM's found but TPM not Required"); + "No functional TPM's found but not running secure"); } } - return err; + return; } void* tpmDaemon(void* unused) @@ -806,15 +820,9 @@ void* tpmDaemon(void* unused) msgData->mLogMsg); } - if (TRUSTEDBOOT::MSG_MODE_SYNC == tb_msg->iv_mode) - { - // Lastly make sure we are in a state - // where we have a functional TPM - // Only do for sync messages that will actually - // get the error log back - tb_msg->iv_errl = - TRUSTEDBOOT::tpmVerifyFunctionalTpmExists(); - } + // Lastly make sure we are in a state + // where we have a functional TPM + TRUSTEDBOOT::tpmVerifyFunctionalTpmExists(); } break; @@ -873,16 +881,20 @@ void* tpmDaemon(void* unused) bool isTpmRequired() { + bool retVal = false; TARGETING::Target* pTopLevel = NULL; + (void)TARGETING::targetService().getTopLevelTarget(pTopLevel); assert(pTopLevel != NULL, "Unable to get top level target"); TARGETING::ATTR_TPM_REQUIRED_type tpmRequired = pTopLevel->getAttr<TARGETING::ATTR_TPM_REQUIRED>(); + retVal = tpmRequired; + TRACFCOMP( g_trac_trustedboot, - "Tpm Required: %s",(tpmRequired ? "Yes" : "No")); + "Tpm Required: %s",(retVal ? "Yes" : "No")); - return tpmRequired; + return retVal; } diff --git a/src/usr/secureboot/trusted/trustedboot.H b/src/usr/secureboot/trusted/trustedboot.H index e3d987231..70e257406 100644 --- a/src/usr/secureboot/trusted/trustedboot.H +++ b/src/usr/secureboot/trusted/trustedboot.H @@ -88,10 +88,13 @@ void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target); /** * @brief Verify a functional TPM still exists in the system - * @return errlHndl_t NULL if TPM available, otherwise a pointer to the - * error log. + * + * If no functional TPMs are found in the system : + * If the system is running in secure mode an error log will be committed + * and if the TPMRequired attribute is true a system shutdown will be + * initiated */ -errlHndl_t tpmVerifyFunctionalTpmExists(); +void tpmVerifyFunctionalTpmExists(); /** * @brief Replay the entries that exist in the log into the TPM as needed @@ -111,13 +114,6 @@ errlHndl_t tpmLogConfigEntries(TRUSTEDBOOT::TpmTarget & io_target); /** - * @brief Verify a functional TPM still exists in the system - * @return errlHndl_t NULL if TPM available, otherwise a pointer to the - * error log. -*/ -errlHndl_t tpmVerifyFunctionalTpmExists(); - -/** * @brief Extend a measurement into a TPM and log * @param[in/out] io_target Current TPM target structure * @param[in] i_pcr PCR to write to |
