diff options
author | Ilya Smirnov <ismirno@us.ibm.com> | 2019-02-19 09:19:35 -0600 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2019-03-01 15:06:57 -0600 |
commit | b1c1b2cc5e78267fadb9001587f66566cf19159e (patch) | |
tree | e40435fd16338b995a5b6c3b0c3bd132ce3d159f /src/usr/targeting/common/xmltohb/attribute_types.xml | |
parent | 7364f2447d187b1b7dfff42403db051c4fc7e4e4 (diff) | |
download | talos-hostboot-b1c1b2cc5e78267fadb9001587f66566cf19159e.tar.gz talos-hostboot-b1c1b2cc5e78267fadb9001587f66566cf19159e.zip |
Secureboot: Enhanced Multinode Comm: TPM_POISONED
This commit introduces a new attribute TPM_POISONED used
to indicate that a certain TPM was poisoned during the boot.
This attribute is also used to adjust the trustedboot flag
in HDAT: if the primary TPM was poisoned during the IPL,
the trustedboot setting is turned off in HDAT.
Change-Id: I32ff6e79ebba0e38c0e8b4b9bd4aa0f52a250d9a
RTC: 203645
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72129
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/targeting/common/xmltohb/attribute_types.xml')
-rw-r--r-- | src/usr/targeting/common/xmltohb/attribute_types.xml | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/src/usr/targeting/common/xmltohb/attribute_types.xml b/src/usr/targeting/common/xmltohb/attribute_types.xml index 065c65307..0a51d45b8 100644 --- a/src/usr/targeting/common/xmltohb/attribute_types.xml +++ b/src/usr/targeting/common/xmltohb/attribute_types.xml @@ -7618,6 +7618,29 @@ </attribute> <attribute> + <id>TPM_POISONED</id> + <description> + A flag indicating whether the TPM has been poisoned. A poisoned TPM + has a random number extended into its PCR but not mirrorred to its + log. That creates a disconnection between the TPM and its log, which + in turn makes it impossible to perform remote attestation on the TPM. + </description> + <range> + <min>0</min> + <max>1</max> + </range> + <simpleType> + <uint8_t> + <default>0</default> + </uint8_t> + </simpleType> + <persistency>volatile-zeroed</persistency> + <readable/> + <writeable/> + <no_export/> + </attribute> + + <attribute> <description> Setting to require(0x1) or not require(0x0) a functional TPM to boot the system. |