diff options
author | Chris Engel <cjengel@us.ibm.com> | 2017-02-03 15:41:11 -0600 |
---|---|---|
committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-03-08 09:42:10 -0500 |
commit | 3dbcf1450853dc138e136b7db1f46e19f2e3ed3c (patch) | |
tree | 96dcfe3cfa5822685e166e4e9d8c4507f254c20f /src/usr | |
parent | 6f2a36c73cfbc18d0d6bf86a45c63014fe12fd1d (diff) | |
download | talos-hostboot-3dbcf1450853dc138e136b7db1f46e19f2e3ed3c.tar.gz talos-hostboot-3dbcf1450853dc138e136b7db1f46e19f2e3ed3c.zip |
Add TPM device driver support for DRTM PCR reset sequence
Change-Id: Ief02e10fc85d09b837e20dfb529186e2da4269fd
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35935
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr')
-rwxr-xr-x | src/usr/i2c/tpmdd.C | 91 | ||||
-rwxr-xr-x | src/usr/i2c/tpmdd.H | 49 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/trustedboot.C | 32 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/trustedboot.H | 10 |
4 files changed, 150 insertions, 32 deletions
diff --git a/src/usr/i2c/tpmdd.C b/src/usr/i2c/tpmdd.C index fc67ff59c..95d4b692a 100755 --- a/src/usr/i2c/tpmdd.C +++ b/src/usr/i2c/tpmdd.C @@ -242,6 +242,24 @@ errlHndl_t tpmPerformOp( DeviceFW::OperationType i_opType, break; } + +#ifdef CONFIG_DRTM + // TPM_OP_DRTMRESET + } + else if (TPMDD::TPM_OP_DRTMRESET == tpmInfo.operation ) + { + + assert(locality == TPM_LOCALITY_4, + "DRTMReset only available from locality 4, actual %d", + locality); + err = tpmDrtmReset(tpmInfo); + + if ( err ) + { + break; + } + +#endif } else { @@ -504,7 +522,7 @@ errlHndl_t tpmPresenceDetect(DeviceFW::OperationType i_opType, // ------------------------------------------------------------------ errlHndl_t tpmRead ( void * o_buffer, size_t i_buflen, - tpm_info_t i_tpmInfo, + const tpm_info_t & i_tpmInfo, bool i_silent) { errlHndl_t err = NULL; @@ -741,7 +759,7 @@ errlHndl_t tpmRead ( void * o_buffer, // ------------------------------------------------------------------ errlHndl_t tpmWrite ( void * i_buffer, size_t i_buflen, - tpm_info_t i_tpmInfo ) + const tpm_info_t & i_tpmInfo ) { errlHndl_t err = NULL; errlHndl_t err_NACK = NULL; @@ -976,7 +994,7 @@ errlHndl_t tpmWrite ( void * i_buffer, errlHndl_t tpmTransmit ( void * io_buffer, size_t & io_buflen, size_t i_commandlen, - tpm_info_t i_tpmInfo ) + const tpm_info_t & i_tpmInfo ) { errlHndl_t err = NULL; bool isReady = false; @@ -1056,13 +1074,56 @@ errlHndl_t tpmTransmit ( void * io_buffer, } // end tpmTransmit +#ifdef CONFIG_DRTM +// ------------------------------------------------------------------ +// tpmDrtmReset +// ------------------------------------------------------------------ +errlHndl_t tpmDrtmReset (tpm_info_t i_tpmInfo) +{ + errlHndl_t err = nullptr; + uint8_t regData = 0; + + TRACDCOMP( g_trac_tpmdd, + ENTER_MRK"tpmDrtmReset()" ); + do + { + i_tpmInfo.offset = I2C_REG_TPM_HASH; + + regData = TPM_HASH_START; + err = tpmWrite ( ®Data, + sizeof(regData), + i_tpmInfo ); + if (err) + { + break; + } + + regData = TPM_HASH_END; + err = tpmWrite ( ®Data, + sizeof(regData), + i_tpmInfo ); + if (err) + { + break; + } + + + } while( 0 ); + + TRACDCOMP( g_trac_tpmdd, + EXIT_MRK"tpmDrtmReset()" ); + return err; + +} // end tpmDrtmReset +#endif + // ------------------------------------------------------------------ // tpmPrepareAddress // ------------------------------------------------------------------ errlHndl_t tpmPrepareAddress ( void * io_buffer, size_t & o_bufSize, - tpm_info_t i_tpmInfo ) + const tpm_info_t & i_tpmInfo ) { errlHndl_t err = NULL; @@ -1540,7 +1601,7 @@ errlHndl_t tpmReadSTSRegValid ( tpm_info_t i_tpmInfo, } // end tpmReadSTSRegValid -errlHndl_t tpmIsCommandReady( tpm_info_t i_tpmInfo, +errlHndl_t tpmIsCommandReady( const tpm_info_t & i_tpmInfo, bool & o_isReady) { tpm_sts_reg_t stsReg; @@ -1556,7 +1617,7 @@ errlHndl_t tpmIsCommandReady( tpm_info_t i_tpmInfo, } // end tpmIsCommandReady -errlHndl_t tpmPollForCommandReady( tpm_info_t i_tpmInfo) +errlHndl_t tpmPollForCommandReady( const tpm_info_t & i_tpmInfo) { tpm_sts_reg_t stsReg; errlHndl_t err = NULL; @@ -1643,7 +1704,7 @@ errlHndl_t tpmPollForCommandReady( tpm_info_t i_tpmInfo) } // end tpmPollForCommandReady -errlHndl_t tpmIsExpecting( tpm_info_t i_tpmInfo, +errlHndl_t tpmIsExpecting( const tpm_info_t & i_tpmInfo, bool & o_isExpecting) { tpm_sts_reg_t stsReg; @@ -1659,7 +1720,7 @@ errlHndl_t tpmIsExpecting( tpm_info_t i_tpmInfo, } // end tpmIsExpecting -errlHndl_t tpmIsDataAvail( tpm_info_t i_tpmInfo, +errlHndl_t tpmIsDataAvail( const tpm_info_t & i_tpmInfo, bool & o_isDataAvail) { tpm_sts_reg_t stsReg; @@ -1675,7 +1736,7 @@ errlHndl_t tpmIsDataAvail( tpm_info_t i_tpmInfo, } // end tpmIsDataAvail -errlHndl_t tpmPollForDataAvail( tpm_info_t i_tpmInfo) +errlHndl_t tpmPollForDataAvail( const tpm_info_t & i_tpmInfo) { tpm_sts_reg_t stsReg; errlHndl_t err = NULL; @@ -1735,7 +1796,7 @@ errlHndl_t tpmPollForDataAvail( tpm_info_t i_tpmInfo) } // end tpmPollForDataAvail -errlHndl_t tpmReadBurstCount( tpm_info_t i_tpmInfo, +errlHndl_t tpmReadBurstCount( const tpm_info_t & i_tpmInfo, uint16_t & o_burstCount) { errlHndl_t err = NULL; @@ -1767,7 +1828,7 @@ errlHndl_t tpmReadBurstCount( tpm_info_t i_tpmInfo, -errlHndl_t tpmWriteCommandReady( tpm_info_t i_tpmInfo) +errlHndl_t tpmWriteCommandReady( const tpm_info_t & i_tpmInfo) { tpm_sts_reg_t stsReg; stsReg.value = 0; @@ -1780,7 +1841,7 @@ errlHndl_t tpmWriteCommandReady( tpm_info_t i_tpmInfo) } // end tpmWriteCommandReady -errlHndl_t tpmWriteTpmGo( tpm_info_t i_tpmInfo) +errlHndl_t tpmWriteTpmGo( const tpm_info_t & i_tpmInfo) { tpm_sts_reg_t stsReg; stsReg.value = 0; @@ -1793,7 +1854,7 @@ errlHndl_t tpmWriteTpmGo( tpm_info_t i_tpmInfo) } // end tpmWriteTpmGo -errlHndl_t tpmWriteResponseRetry( tpm_info_t i_tpmInfo) +errlHndl_t tpmWriteResponseRetry( const tpm_info_t & i_tpmInfo) { tpm_sts_reg_t stsReg; stsReg.value = 0; @@ -1807,7 +1868,7 @@ errlHndl_t tpmWriteResponseRetry( tpm_info_t i_tpmInfo) } // end tpmWriteResponseRetry -errlHndl_t tpmWriteFifo( tpm_info_t i_tpmInfo, +errlHndl_t tpmWriteFifo( const tpm_info_t & i_tpmInfo, void * i_buffer, size_t i_buflen) { @@ -2031,7 +2092,7 @@ errlHndl_t tpmWriteFifo( tpm_info_t i_tpmInfo, } // end tpmWriteFifo -errlHndl_t tpmReadFifo( tpm_info_t i_tpmInfo, +errlHndl_t tpmReadFifo( const tpm_info_t & i_tpmInfo, void * o_buffer, size_t & io_buflen) { diff --git a/src/usr/i2c/tpmdd.H b/src/usr/i2c/tpmdd.H index 2529288d7..b48d73aab 100755 --- a/src/usr/i2c/tpmdd.H +++ b/src/usr/i2c/tpmdd.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ +/* Contributors Listed Below - COPYRIGHT 2015,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -71,6 +71,7 @@ enum nuvo_20_defs_t I2C_REG_BURSTCOUNT = 0x1, I2C_REG_BURSTCOUNT_HIGH = 0x2, I2C_REG_FAMILYID = 0x3, + I2C_REG_TPM_HASH = 0x4, I2C_REG_WR_FIFO = 0x20, I2C_REG_RD_FIFO = 0x40, I2C_REG_VENDOR = 0x60, @@ -80,6 +81,8 @@ enum nuvo_20_defs_t TPM_MAXBURSTSIZE = 0xFFFF, TPM_FAMILYID = 0x04, TPM_FAMILYID_MASK = 0x0C, + TPM_HASH_START = 0x01, + TPM_HASH_END = 0x02, }; @@ -165,7 +168,7 @@ errlHndl_t tpmPerformOp( DeviceFW::OperationType i_opType, */ errlHndl_t tpmRead ( void * o_buffer, size_t i_buflen, - tpm_info_t i_tpmInfo, + const tpm_info_t & i_tpmInfo, bool i_silent = false); /** @@ -185,7 +188,7 @@ errlHndl_t tpmRead ( void * o_buffer, */ errlHndl_t tpmWrite ( void * i_buffer, size_t i_buflen, - tpm_info_t i_tpmInfo ); + const tpm_info_t & i_tpmInfo ); /** * @brief This function peforms the sequencing to do a transmit of the @@ -210,7 +213,21 @@ errlHndl_t tpmWrite ( void * i_buffer, errlHndl_t tpmTransmit ( void * io_buffer, size_t & io_buflen, size_t i_commandlen, - tpm_info_t i_tpmInfo ); + const tpm_info_t & i_tpmInfo ); + +#ifdef CONFIG_DRTM +/** + * @brief This function peforms the sequencing to do a reset of the + * dynamic PCRs 17-22 + * + * @param[in] i_tpmInfo Structure of I2C parameters needed to execute + * the command to the I2C device driver. + * + * @return errlHndl_t nullptr if successful, otherwise a pointer to the + * error log. + */ +errlHndl_t tpmDrtmReset (tpm_info_t i_tpmInfo); +#endif /** * @brief This function prepares the I2C byte address for adding to the @@ -230,7 +247,7 @@ errlHndl_t tpmTransmit ( void * io_buffer, */ errlHndl_t tpmPrepareAddress ( void * io_buffer, size_t & o_bufSize, - tpm_info_t i_tpmInfo ); + const tpm_info_t & i_tpmInfo ); /** * @brief This function decides whether or not the target passed into the @@ -330,7 +347,7 @@ errlHndl_t tpmReadSTSRegValid ( tpm_info_t i_tpmInfo, * @return errlHndl_t NULL if successful, otherwise a pointer to the * error log. */ -errlHndl_t tpmIsCommandReady( tpm_info_t i_tpmInfo, +errlHndl_t tpmIsCommandReady( const tpm_info_t & i_tpmInfo, bool & o_isReady); /** @@ -342,7 +359,7 @@ errlHndl_t tpmIsCommandReady( tpm_info_t i_tpmInfo, * @return errlHndl_t NULL if successful, otherwise a pointer to the * error log. */ -errlHndl_t tpmPollForCommandReady( tpm_info_t i_tpmInfo); +errlHndl_t tpmPollForCommandReady( const tpm_info_t & i_tpmInfo); /** * @brief Check for expecting state in TPM STS Register @@ -355,7 +372,7 @@ errlHndl_t tpmPollForCommandReady( tpm_info_t i_tpmInfo); * @return errlHndl_t NULL if successful, otherwise a pointer to the * error log. */ -errlHndl_t tpmIsExpecting( tpm_info_t i_tpmInfo, +errlHndl_t tpmIsExpecting( const tpm_info_t & i_tpmInfo, bool & o_isExpecting); /** @@ -369,7 +386,7 @@ errlHndl_t tpmIsExpecting( tpm_info_t i_tpmInfo, * @return errlHndl_t NULL if successful, otherwise a pointer to the * error log. */ -errlHndl_t tpmIsDataAvail( tpm_info_t i_tpmInfo, +errlHndl_t tpmIsDataAvail( const tpm_info_t & i_tpmInfo, bool & o_isDataAvail); /** @@ -381,7 +398,7 @@ errlHndl_t tpmIsDataAvail( tpm_info_t i_tpmInfo, * @return errlHndl_t NULL if successful, otherwise a pointer to the * error log. */ -errlHndl_t tpmPollForDataAvail( tpm_info_t i_tpmInfo); +errlHndl_t tpmPollForDataAvail( const tpm_info_t & i_tpmInfo); /** * @brief Read the current burst count value @@ -394,7 +411,7 @@ errlHndl_t tpmPollForDataAvail( tpm_info_t i_tpmInfo); * @return errlHndl_t NULL if successful, otherwise a pointer to the * error log. */ -errlHndl_t tpmReadBurstCount( tpm_info_t i_tpmInfo, +errlHndl_t tpmReadBurstCount( const tpm_info_t & i_tpmInfo, uint16_t & o_burstCount); /** @@ -406,7 +423,7 @@ errlHndl_t tpmReadBurstCount( tpm_info_t i_tpmInfo, * @return errlHndl_t NULL if successful, otherwise a pointer to the * error log. */ -errlHndl_t tpmWriteCommandReady( tpm_info_t i_tpmInfo); +errlHndl_t tpmWriteCommandReady( const tpm_info_t & i_tpmInfo); /** * @brief Write the TpmGo bit in the STS register @@ -417,7 +434,7 @@ errlHndl_t tpmWriteCommandReady( tpm_info_t i_tpmInfo); * @return errlHndl_t NULL if successful, otherwise a pointer to the * error log. */ -errlHndl_t tpmWriteTpmGo( tpm_info_t i_tpmInfo); +errlHndl_t tpmWriteTpmGo( const tpm_info_t & i_tpmInfo); /** * @brief Write the response retry bit in the Tpm STS register @@ -428,7 +445,7 @@ errlHndl_t tpmWriteTpmGo( tpm_info_t i_tpmInfo); * @return errlHndl_t NULL if successful, otherwise a pointer to the * error log. */ -errlHndl_t tpmWriteResponseRetry( tpm_info_t i_tpmInfo); +errlHndl_t tpmWriteResponseRetry( const tpm_info_t & i_tpmInfo); /** @@ -444,7 +461,7 @@ errlHndl_t tpmWriteResponseRetry( tpm_info_t i_tpmInfo); * @return errlHndl_t NULL if successful, otherwise a pointer to the * error log. */ -errlHndl_t tpmWriteFifo( tpm_info_t i_tpmInfo, +errlHndl_t tpmWriteFifo( const tpm_info_t & i_tpmInfo, void * i_buffer, size_t i_buflen); @@ -463,7 +480,7 @@ errlHndl_t tpmWriteFifo( tpm_info_t i_tpmInfo, * @return errlHndl_t NULL if successful, otherwise a pointer to the * error log. */ -errlHndl_t tpmReadFifo( tpm_info_t i_tpmInfo, +errlHndl_t tpmReadFifo( const tpm_info_t & i_tpmInfo, void * o_buffer, size_t & io_buflen); /** diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C index dba6e1ba1..b12654748 100644 --- a/src/usr/secureboot/trusted/trustedboot.C +++ b/src/usr/secureboot/trusted/trustedboot.C @@ -48,6 +48,7 @@ #include <initservice/initserviceif.H> #include <ipmi/ipmisensor.H> #include <config.h> +#include <devicefw/driverif.H> #include <i2c/tpmddif.H> #include "trustedboot.H" #include "trustedTypes.H" @@ -261,6 +262,8 @@ void* host_update_master_tpm( void *io_pArgs ) systemTpms.tpm[TPM_MASTER_INDEX].available && NULL == systemTpms.tpm[TPM_MASTER_INDEX].logMgr) { + /// @todo RTC:145689 For DRTM we locate the previous SRTM log and reuse + /// And we must allocate a DRTM log to be used systemTpms.tpm[TPM_MASTER_INDEX].logMgr = new TpmLogMgr; err = TpmLogMgr_initialize( systemTpms.tpm[TPM_MASTER_INDEX].logMgr); @@ -413,7 +416,11 @@ void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target) // For a DRTM we need to reset PCRs 17-22 if (drtmMpipl) { - /// @TODO RTC 167667 Implement PCR reset + err = tpmDrtmReset(io_target); + if (NULL != err) + { + break; + } } #endif @@ -1241,4 +1248,27 @@ bool isTpmRequired() } +#ifdef CONFIG_DRTM +errlHndl_t tpmDrtmReset(TpmTarget& io_target) +{ + errlHndl_t err = nullptr; + + // Send to the TPM + size_t len = 0; + err = deviceRead(io_target.tpmTarget, + nullptr, + len, + DEVICE_TPM_ADDRESS(TPMDD::TPM_OP_DRTMRESET, + 0, + TPM_LOCALITY_4)); + + if (NULL == err) + { + /// @todo RTC: 145689 reset the dynamic tpm log + } + + return err; +} +#endif + } // end TRUSTEDBOOT diff --git a/src/usr/secureboot/trusted/trustedboot.H b/src/usr/secureboot/trusted/trustedboot.H index 14cbe8b93..bb434a260 100644 --- a/src/usr/secureboot/trusted/trustedboot.H +++ b/src/usr/secureboot/trusted/trustedboot.H @@ -150,5 +150,15 @@ bool isTpmRequired(); */ void* tpmDaemon(void* unused); +#ifdef CONFIG_DRTM +/** + * @brief Initiate a DRTM PCR reset + * @param[in/out] io_target Current TPM target structure + * @return errlHndl_t NULL if successful, otherwise a pointer to the + * error log. + */ +errlHndl_t tpmDrtmReset(TpmTarget & io_target); +#endif + } // end TRUSTEDBOOT namespace #endif |