diff options
author | Corey Swenson <cswenson@us.ibm.com> | 2019-04-17 15:57:46 -0500 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2019-05-11 19:44:57 -0500 |
commit | 06d0a08aa27fa9e28cc300fbd2814fd9b84d59cf (patch) | |
tree | 71c1ca09bb7b2896d1d01aeb65d0a91a0285f548 /src/usr/targeting/common/xmltohb/attribute_types.xml | |
parent | fa1b266a6293e69f6a67d392d272f90623c28111 (diff) | |
download | talos-hostboot-06d0a08aa27fa9e28cc300fbd2814fd9b84d59cf.tar.gz talos-hostboot-06d0a08aa27fa9e28cc300fbd2814fd9b84d59cf.zip |
Add NVDIMM key attributes and generate keys
3 keys, 32 bytes each, random numbers generated by TPM hardware.
2 attributes for keys, 1 stored in FW 1 stored in anchor card.
1 attribute for enable/disable encryption.
Change-Id: Ie3c258f06204e68c2d65b8d5fea294da5264d597
RTC:208342
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/76126
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Matt Derksen <mderkse1@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/targeting/common/xmltohb/attribute_types.xml')
-rw-r--r-- | src/usr/targeting/common/xmltohb/attribute_types.xml | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/src/usr/targeting/common/xmltohb/attribute_types.xml b/src/usr/targeting/common/xmltohb/attribute_types.xml index 2378f270e..0101d2f16 100644 --- a/src/usr/targeting/common/xmltohb/attribute_types.xml +++ b/src/usr/targeting/common/xmltohb/attribute_types.xml @@ -5111,6 +5111,72 @@ </attribute> <attribute> + <id>NVDIMM_ENCRYPTION_ENABLE</id> + <description> + 0 - Encryption is not enabled on all NVDIMMS in the system + 1 - Encryption is enabled on all NVDIMMS in the system + </description> + <simpleType> + <uint8_t> + <default>1</default> + </uint8_t> + </simpleType> + <persistency>non-volatile</persistency> + <readable/> + <writeable/> + </attribute> + + <attribute> + <id>NVDIMM_ENCRYPTION_KEYS_ANCHOR</id> + <description> + NVDIMM Encryption keys + Bytes 0..31 Random String (RS) + Bytes 32..63 Erase Key (EK) + Bytes 64..95 Access Key (AK) + Set by HWSV, stored in anchor card + Should match NVDIMM_ENCRYPTION_KEYS_FW + </description> + <simpleType> + <array>96</array> + <uint8_t> + <default> + 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, + 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, + 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 + </default> + </uint8_t> + </simpleType> + <persistency>non-volatile</persistency> + <readable/> + <writeable/> + </attribute> + + <attribute> + <id>NVDIMM_ENCRYPTION_KEYS_FW</id> + <description> + NVDIMM Encryption keys + Bytes 0..31 Random String (RS) + Bytes 32..63 Erase Key (EK) + Bytes 64..95 Access Key (AK) + Set by Hostboot, stored in FSP flash + Should match NVDIMM_ENCRYPTION_KEYS_ANCHOR + </description> + <simpleType> + <array>96</array> + <uint8_t> + <default> + 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, + 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, + 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 + </default> + </uint8_t> + </simpleType> + <persistency>non-volatile</persistency> + <readable/> + <writeable/> + </attribute> + + <attribute> <id>NV_OPS_TIMEOUT_MSEC</id> <description> NVDIMM timeout value for 6 main operations |