Secureboot: Enhanced Multinode Comm: TPM_POISONED

This commit introduces a new attribute TPM_POISONED used
to indicate that a certain TPM was poisoned during the boot.
This attribute is also used to adjust the trustedboot flag
in HDAT: if the primary TPM was poisoned during the IPL,
the trustedboot setting is turned off in HDAT.

Change-Id: I32ff6e79ebba0e38c0e8b4b9bd4aa0f52a250d9a
RTC: 203645
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72129
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

1 files changed, 23 insertions, 0 deletions

diff --git a/src/usr/targeting/common/xmltohb/attribute_types.xml b/src/usr/targeting/common/xmltohb/attribute_types.xml
index 065c65307..0a51d45b8 100644
--- a/src/usr/targeting/common/xmltohb/attribute_types.xml
+++ b/src/usr/targeting/common/xmltohb/attribute_types.xml
@@ -7618,6 +7618,29 @@
   </attribute>
 
   <attribute>
+    <id>TPM_POISONED</id>
+    <description>
+        A flag indicating whether the TPM has been poisoned. A poisoned TPM
+        has a random number extended into its PCR but not mirrorred to its
+        log. That creates a disconnection between the TPM and its log, which
+        in turn makes it impossible to perform remote attestation on the TPM.
+    </description>
+    <range>
+      <min>0</min>
+      <max>1</max>
+    </range>
+    <simpleType>
+      <uint8_t>
+        <default>0</default>
+      </uint8_t>
+    </simpleType>
+    <persistency>volatile-zeroed</persistency>
+    <readable/>
+    <writeable/>
+    <no_export/>
+  </attribute>
+
+  <attribute>
     <description>
         Setting to require(0x1) or not require(0x0) a functional TPM to
         boot the system.