diff options
author | Chris Engel <cjengel@us.ibm.com> | 2015-10-16 13:21:21 -0500 |
---|---|---|
committer | A. Patrick Williams III <iawillia@us.ibm.com> | 2015-11-18 12:32:46 -0600 |
commit | 37ad6f7b1a53aaaf063c0cca2baf42da92571139 (patch) | |
tree | 1a5fe9fdfebe4a876cd70447ea94e22ea34519f4 /src/usr/secureboot | |
parent | f5bf9deb1368c6cddc69ca2d20db98939570350c (diff) | |
download | talos-hostboot-37ad6f7b1a53aaaf063c0cca2baf42da92571139.tar.gz talos-hostboot-37ad6f7b1a53aaaf063c0cca2baf42da92571139.zip |
Trustedboot: Move data to Hostboot base and add pcrExtend stub function
Change-Id: Id488af88c7f1796606434a062a9001f31f413ac0
RTC: 125288
Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/21475
Tested-by: Jenkins Server
Reviewed-by: Timothy R. Block <block@us.ibm.com>
Tested-by: Jenkins OP Build CI
Tested-by: Jenkins OP HW
Tested-by: FSP CI Jenkins
Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot')
-rw-r--r-- | src/usr/secureboot/base/makefile | 8 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/base/trustedboot_base.C | 84 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/trustedboot.C | 48 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/trustedboot.H | 26 |
4 files changed, 137 insertions, 29 deletions
diff --git a/src/usr/secureboot/base/makefile b/src/usr/secureboot/base/makefile index dc8382520..9dd92e7b1 100644 --- a/src/usr/secureboot/base/makefile +++ b/src/usr/secureboot/base/makefile @@ -5,7 +5,9 @@ # # OpenPOWER HostBoot Project # -# COPYRIGHT International Business Machines Corp. 2013,2014 +# Contributors Listed Below - COPYRIGHT 2013,2015 +# [+] International Business Machines Corp. +# # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,6 +32,10 @@ OBJS += header.o OBJS += purge.o OBJS += securerom.o OBJS += rom_entry.o +OBJS += trustedboot_base.o + +EXTRAINCDIR += ${ROOTPATH}/src/usr/secureboot/trusted/base +VPATH += ${ROOTPATH}/src/usr/secureboot/trusted/base CFLAGS += -iquote ../ include ${ROOTPATH}/config.mk diff --git a/src/usr/secureboot/trusted/base/trustedboot_base.C b/src/usr/secureboot/trusted/base/trustedboot_base.C new file mode 100644 index 000000000..95a55fdc2 --- /dev/null +++ b/src/usr/secureboot/trusted/base/trustedboot_base.C @@ -0,0 +1,84 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/usr/secureboot/trusted/base/trustedboot_base.C $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2015 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ +/** + * @file trustedboot_base.C + * + * @brief Trusted boot base interfaces + */ + +// ---------------------------------------------- +// Includes +// ---------------------------------------------- +#include <string.h> +#include <sys/time.h> +#include <trace/interface.H> +#include <errl/errlentry.H> +#include <errl/errlmanager.H> +#include <errl/errludtarget.H> +#include <errl/errludstring.H> +#include <secureboot/trustedbootif.H> +#include "../trustedboot.H" +#include <secureboot/trustedboot_reasoncodes.H> + +// ---------------------------------------------- +// Trace definitions +// ---------------------------------------------- +trace_desc_t* g_trac_trustedboot = NULL; +TRAC_INIT( & g_trac_trustedboot, "TRBOOT", KILOBYTE ); + +// Easy macro replace for unit testing +//#define TRACUCOMP(args...) TRACFCOMP(args) +#define TRACUCOMP(args...) + +namespace TRUSTEDBOOT +{ + +/// Global object to store TPM status +SystemTpms systemTpms; + +SystemTpms::SystemTpms() +{ +} + +TpmTarget::TpmTarget() +{ + memset(this, 0, sizeof(TpmTarget)); + mutex_init(&tpmMutex); +} + +errlHndl_t pcrExtend(TPM_Pcr i_pcr, + uint8_t* i_digest, + size_t i_digestSize, + const char* i_logMsg) +{ + errlHndl_t err = NULL; +#ifdef CONFIG_TPMDD + /// @todo RTC:125288 Add call to extend the PCR + +#endif + return err; +} + +} // end TRUSTEDBOOT diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C index ed8ce7ac6..a80272be3 100644 --- a/src/usr/secureboot/trusted/trustedboot.C +++ b/src/usr/secureboot/trusted/trustedboot.C @@ -49,8 +49,7 @@ // ---------------------------------------------- // Trace definitions // ---------------------------------------------- -trace_desc_t* g_trac_trustedboot = NULL; -TRAC_INIT( & g_trac_trustedboot, "TRBOOT", KILOBYTE ); +extern trace_desc_t* g_trac_trustedboot; // Easy macro replace for unit testing //#define TRACUCOMP(args...) TRACFCOMP(args) @@ -59,9 +58,13 @@ TRAC_INIT( & g_trac_trustedboot, "TRBOOT", KILOBYTE ); namespace TRUSTEDBOOT { +extern SystemTpms systemTpms; + void* host_update_master_tpm( void *io_pArgs ) { errlHndl_t err = NULL; + bool unlock = false; + TRACDCOMP( g_trac_trustedboot, ENTER_MRK"host_update_master_tpm()" ); TRACUCOMP( g_trac_trustedboot, @@ -70,11 +73,6 @@ void* host_update_master_tpm( void *io_pArgs ) do { - // First time here so we need to clean out our data structure - memset(&tpmTargets, 0, - sizeof(TpmTarget) * TRUSTEDBOOT::MAX_SYSTEM_TPMS); - - // Get a node Target TARGETING::TargetService& tS = TARGETING::targetService(); TARGETING::Target* nodeTarget = NULL; @@ -90,21 +88,23 @@ void* host_update_master_tpm( void *io_pArgs ) continue; } - if (TPMDD::tpmPresence(nodeTarget, TPMDD::TPM_PRIMARY)) - { - tpmTargets[TPM_MASTER_INDEX].nodeTarget = nodeTarget; - tpmTargets[TPM_MASTER_INDEX].chip = TPMDD::TPM_PRIMARY; - tpmTargets[TPM_MASTER_INDEX].functional = true; + mutex_lock( &(systemTpms.tpm[TPM_MASTER_INDEX].tpmMutex) ); + unlock = true; + if (!systemTpms.tpm[TPM_MASTER_INDEX].failed && + TPMDD::tpmPresence(nodeTarget, TPMDD::TPM_PRIMARY)) + { // Initialize the TPM, this will mark it as non-functional on fail - tpmInitialize(tpmTargets[TPM_MASTER_INDEX]); + tpmInitialize(systemTpms.tpm[TPM_MASTER_INDEX], + nodeTarget, + TPMDD::TPM_PRIMARY); } - if (!tpmTargets[TPM_MASTER_INDEX].functional) + if (systemTpms.tpm[TPM_MASTER_INDEX].failed) { - /// @todo RTC:134913 Switch to redundant chip if redundant TPM avail + /// @todo RTC:134913 Switch to backup chip if backup TPM avail // Master TPM not available TRACFCOMP( g_trac_trustedboot, @@ -133,6 +133,12 @@ void* host_update_master_tpm( void *io_pArgs ) } while ( 0 ); + if( unlock ) + { + mutex_unlock(&(systemTpms.tpm[TPM_MASTER_INDEX].tpmMutex)); + } + + TRACDCOMP( g_trac_trustedboot, EXIT_MRK"host_update_master_tpm() - %s", ((NULL == err) ? "No Error" : "With Error") ); @@ -140,7 +146,9 @@ void* host_update_master_tpm( void *io_pArgs ) } -void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target) +void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target, + TARGETING::Target* i_nodeTarget, + TPMDD::tpm_chip_types_t i_chip) { errlHndl_t err = NULL; uint8_t dataBuf[BUFSIZE]; @@ -158,6 +166,11 @@ void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target) { // TPM Initialization sequence + io_target.nodeTarget = i_nodeTarget; + io_target.chip = i_chip; + io_target.initAttempted = true; + io_target.failed = false; + // Send the TPM startup command // Build our command block for a startup memset(dataBuf, 0, sizeof(dataBuf)); @@ -233,12 +246,11 @@ void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target) // If the TPM failed we will mark it not functional if (NULL != err) { - io_target.functional = false; + io_target.failed = true; // Log this failure errlCommit(err, SECURE_COMP_ID); } - TRACDCOMP( g_trac_trustedboot, EXIT_MRK"tpmInitialize() - %s", ((NULL == err) ? "No Error" : "With Error") ); diff --git a/src/usr/secureboot/trusted/trustedboot.H b/src/usr/secureboot/trusted/trustedboot.H index 5c1c87e15..fa5e085fe 100644 --- a/src/usr/secureboot/trusted/trustedboot.H +++ b/src/usr/secureboot/trusted/trustedboot.H @@ -33,6 +33,7 @@ // ----------------------------------------------- // Includes // ----------------------------------------------- +#include <secureboot/trustedbootif.H> namespace TRUSTEDBOOT { @@ -42,23 +43,28 @@ enum MAX_SYSTEM_TPMS = 2, BUFSIZE = 256, TPM_MASTER_INDEX = 0, ///< Index into tpmTargets array for master chip - TPM_REDUNDANT_INDEX = 1, ///< Index for redundant chip TPM + TPM_BACKUP_INDEX = 1, ///< Index for backup chip TPM }; -/// Track system TPM status -struct TpmTarget -{ - TARGETING::Target* nodeTarget; - TPMDD::tpm_chip_types_t chip; ///< Chip Pri vs Backup - uint8_t functional:1; ///< Is TPM currently functional -} tpmTargets[MAX_SYSTEM_TPMS]; /** * @brief Initialize the targetted TPM - * @param[in/out] target Current TPM target structure + * @param[in/out] io_target Current TPM target structure + * @param[in] i_nodeTarget Node Target + * @param[in] i_chip Chip to initialize */ -void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target); + void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target, + TARGETING::Target* i_nodeTarget, + TPMDD::tpm_chip_types_t i_chip); + +/// Class object to store system TPM information +class SystemTpms +{ +public: + SystemTpms(); + TpmTarget tpm[MAX_SYSTEM_TPMS]; +}; // Command structures taken from TPM Main - Part3 commands v 1.2 rev116 |