summaryrefslogtreecommitdiffstats
path: root/src/usr
diff options
context:
space:
mode:
authorChris Engel <cjengel@us.ibm.com>2017-02-03 15:41:11 -0600
committerDaniel M. Crowell <dcrowell@us.ibm.com>2017-03-08 09:42:10 -0500
commit3dbcf1450853dc138e136b7db1f46e19f2e3ed3c (patch)
tree96dcfe3cfa5822685e166e4e9d8c4507f254c20f /src/usr
parent6f2a36c73cfbc18d0d6bf86a45c63014fe12fd1d (diff)
downloadtalos-hostboot-3dbcf1450853dc138e136b7db1f46e19f2e3ed3c.tar.gz
talos-hostboot-3dbcf1450853dc138e136b7db1f46e19f2e3ed3c.zip
Add TPM device driver support for DRTM PCR reset sequence
Change-Id: Ief02e10fc85d09b837e20dfb529186e2da4269fd Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35935 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr')
-rwxr-xr-xsrc/usr/i2c/tpmdd.C91
-rwxr-xr-xsrc/usr/i2c/tpmdd.H49
-rw-r--r--src/usr/secureboot/trusted/trustedboot.C32
-rw-r--r--src/usr/secureboot/trusted/trustedboot.H10
4 files changed, 150 insertions, 32 deletions
diff --git a/src/usr/i2c/tpmdd.C b/src/usr/i2c/tpmdd.C
index fc67ff59c..95d4b692a 100755
--- a/src/usr/i2c/tpmdd.C
+++ b/src/usr/i2c/tpmdd.C
@@ -242,6 +242,24 @@ errlHndl_t tpmPerformOp( DeviceFW::OperationType i_opType,
break;
}
+
+#ifdef CONFIG_DRTM
+ // TPM_OP_DRTMRESET
+ }
+ else if (TPMDD::TPM_OP_DRTMRESET == tpmInfo.operation )
+ {
+
+ assert(locality == TPM_LOCALITY_4,
+ "DRTMReset only available from locality 4, actual %d",
+ locality);
+ err = tpmDrtmReset(tpmInfo);
+
+ if ( err )
+ {
+ break;
+ }
+
+#endif
}
else
{
@@ -504,7 +522,7 @@ errlHndl_t tpmPresenceDetect(DeviceFW::OperationType i_opType,
// ------------------------------------------------------------------
errlHndl_t tpmRead ( void * o_buffer,
size_t i_buflen,
- tpm_info_t i_tpmInfo,
+ const tpm_info_t & i_tpmInfo,
bool i_silent)
{
errlHndl_t err = NULL;
@@ -741,7 +759,7 @@ errlHndl_t tpmRead ( void * o_buffer,
// ------------------------------------------------------------------
errlHndl_t tpmWrite ( void * i_buffer,
size_t i_buflen,
- tpm_info_t i_tpmInfo )
+ const tpm_info_t & i_tpmInfo )
{
errlHndl_t err = NULL;
errlHndl_t err_NACK = NULL;
@@ -976,7 +994,7 @@ errlHndl_t tpmWrite ( void * i_buffer,
errlHndl_t tpmTransmit ( void * io_buffer,
size_t & io_buflen,
size_t i_commandlen,
- tpm_info_t i_tpmInfo )
+ const tpm_info_t & i_tpmInfo )
{
errlHndl_t err = NULL;
bool isReady = false;
@@ -1056,13 +1074,56 @@ errlHndl_t tpmTransmit ( void * io_buffer,
} // end tpmTransmit
+#ifdef CONFIG_DRTM
+// ------------------------------------------------------------------
+// tpmDrtmReset
+// ------------------------------------------------------------------
+errlHndl_t tpmDrtmReset (tpm_info_t i_tpmInfo)
+{
+ errlHndl_t err = nullptr;
+ uint8_t regData = 0;
+
+ TRACDCOMP( g_trac_tpmdd,
+ ENTER_MRK"tpmDrtmReset()" );
+ do
+ {
+ i_tpmInfo.offset = I2C_REG_TPM_HASH;
+
+ regData = TPM_HASH_START;
+ err = tpmWrite ( &regData,
+ sizeof(regData),
+ i_tpmInfo );
+ if (err)
+ {
+ break;
+ }
+
+ regData = TPM_HASH_END;
+ err = tpmWrite ( &regData,
+ sizeof(regData),
+ i_tpmInfo );
+ if (err)
+ {
+ break;
+ }
+
+
+ } while( 0 );
+
+ TRACDCOMP( g_trac_tpmdd,
+ EXIT_MRK"tpmDrtmReset()" );
+ return err;
+
+} // end tpmDrtmReset
+#endif
+
// ------------------------------------------------------------------
// tpmPrepareAddress
// ------------------------------------------------------------------
errlHndl_t tpmPrepareAddress ( void * io_buffer,
size_t & o_bufSize,
- tpm_info_t i_tpmInfo )
+ const tpm_info_t & i_tpmInfo )
{
errlHndl_t err = NULL;
@@ -1540,7 +1601,7 @@ errlHndl_t tpmReadSTSRegValid ( tpm_info_t i_tpmInfo,
} // end tpmReadSTSRegValid
-errlHndl_t tpmIsCommandReady( tpm_info_t i_tpmInfo,
+errlHndl_t tpmIsCommandReady( const tpm_info_t & i_tpmInfo,
bool & o_isReady)
{
tpm_sts_reg_t stsReg;
@@ -1556,7 +1617,7 @@ errlHndl_t tpmIsCommandReady( tpm_info_t i_tpmInfo,
} // end tpmIsCommandReady
-errlHndl_t tpmPollForCommandReady( tpm_info_t i_tpmInfo)
+errlHndl_t tpmPollForCommandReady( const tpm_info_t & i_tpmInfo)
{
tpm_sts_reg_t stsReg;
errlHndl_t err = NULL;
@@ -1643,7 +1704,7 @@ errlHndl_t tpmPollForCommandReady( tpm_info_t i_tpmInfo)
} // end tpmPollForCommandReady
-errlHndl_t tpmIsExpecting( tpm_info_t i_tpmInfo,
+errlHndl_t tpmIsExpecting( const tpm_info_t & i_tpmInfo,
bool & o_isExpecting)
{
tpm_sts_reg_t stsReg;
@@ -1659,7 +1720,7 @@ errlHndl_t tpmIsExpecting( tpm_info_t i_tpmInfo,
} // end tpmIsExpecting
-errlHndl_t tpmIsDataAvail( tpm_info_t i_tpmInfo,
+errlHndl_t tpmIsDataAvail( const tpm_info_t & i_tpmInfo,
bool & o_isDataAvail)
{
tpm_sts_reg_t stsReg;
@@ -1675,7 +1736,7 @@ errlHndl_t tpmIsDataAvail( tpm_info_t i_tpmInfo,
} // end tpmIsDataAvail
-errlHndl_t tpmPollForDataAvail( tpm_info_t i_tpmInfo)
+errlHndl_t tpmPollForDataAvail( const tpm_info_t & i_tpmInfo)
{
tpm_sts_reg_t stsReg;
errlHndl_t err = NULL;
@@ -1735,7 +1796,7 @@ errlHndl_t tpmPollForDataAvail( tpm_info_t i_tpmInfo)
} // end tpmPollForDataAvail
-errlHndl_t tpmReadBurstCount( tpm_info_t i_tpmInfo,
+errlHndl_t tpmReadBurstCount( const tpm_info_t & i_tpmInfo,
uint16_t & o_burstCount)
{
errlHndl_t err = NULL;
@@ -1767,7 +1828,7 @@ errlHndl_t tpmReadBurstCount( tpm_info_t i_tpmInfo,
-errlHndl_t tpmWriteCommandReady( tpm_info_t i_tpmInfo)
+errlHndl_t tpmWriteCommandReady( const tpm_info_t & i_tpmInfo)
{
tpm_sts_reg_t stsReg;
stsReg.value = 0;
@@ -1780,7 +1841,7 @@ errlHndl_t tpmWriteCommandReady( tpm_info_t i_tpmInfo)
} // end tpmWriteCommandReady
-errlHndl_t tpmWriteTpmGo( tpm_info_t i_tpmInfo)
+errlHndl_t tpmWriteTpmGo( const tpm_info_t & i_tpmInfo)
{
tpm_sts_reg_t stsReg;
stsReg.value = 0;
@@ -1793,7 +1854,7 @@ errlHndl_t tpmWriteTpmGo( tpm_info_t i_tpmInfo)
} // end tpmWriteTpmGo
-errlHndl_t tpmWriteResponseRetry( tpm_info_t i_tpmInfo)
+errlHndl_t tpmWriteResponseRetry( const tpm_info_t & i_tpmInfo)
{
tpm_sts_reg_t stsReg;
stsReg.value = 0;
@@ -1807,7 +1868,7 @@ errlHndl_t tpmWriteResponseRetry( tpm_info_t i_tpmInfo)
} // end tpmWriteResponseRetry
-errlHndl_t tpmWriteFifo( tpm_info_t i_tpmInfo,
+errlHndl_t tpmWriteFifo( const tpm_info_t & i_tpmInfo,
void * i_buffer,
size_t i_buflen)
{
@@ -2031,7 +2092,7 @@ errlHndl_t tpmWriteFifo( tpm_info_t i_tpmInfo,
} // end tpmWriteFifo
-errlHndl_t tpmReadFifo( tpm_info_t i_tpmInfo,
+errlHndl_t tpmReadFifo( const tpm_info_t & i_tpmInfo,
void * o_buffer,
size_t & io_buflen)
{
diff --git a/src/usr/i2c/tpmdd.H b/src/usr/i2c/tpmdd.H
index 2529288d7..b48d73aab 100755
--- a/src/usr/i2c/tpmdd.H
+++ b/src/usr/i2c/tpmdd.H
@@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
-/* Contributors Listed Below - COPYRIGHT 2015,2016 */
+/* Contributors Listed Below - COPYRIGHT 2015,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
@@ -71,6 +71,7 @@ enum nuvo_20_defs_t
I2C_REG_BURSTCOUNT = 0x1,
I2C_REG_BURSTCOUNT_HIGH = 0x2,
I2C_REG_FAMILYID = 0x3,
+ I2C_REG_TPM_HASH = 0x4,
I2C_REG_WR_FIFO = 0x20,
I2C_REG_RD_FIFO = 0x40,
I2C_REG_VENDOR = 0x60,
@@ -80,6 +81,8 @@ enum nuvo_20_defs_t
TPM_MAXBURSTSIZE = 0xFFFF,
TPM_FAMILYID = 0x04,
TPM_FAMILYID_MASK = 0x0C,
+ TPM_HASH_START = 0x01,
+ TPM_HASH_END = 0x02,
};
@@ -165,7 +168,7 @@ errlHndl_t tpmPerformOp( DeviceFW::OperationType i_opType,
*/
errlHndl_t tpmRead ( void * o_buffer,
size_t i_buflen,
- tpm_info_t i_tpmInfo,
+ const tpm_info_t & i_tpmInfo,
bool i_silent = false);
/**
@@ -185,7 +188,7 @@ errlHndl_t tpmRead ( void * o_buffer,
*/
errlHndl_t tpmWrite ( void * i_buffer,
size_t i_buflen,
- tpm_info_t i_tpmInfo );
+ const tpm_info_t & i_tpmInfo );
/**
* @brief This function peforms the sequencing to do a transmit of the
@@ -210,7 +213,21 @@ errlHndl_t tpmWrite ( void * i_buffer,
errlHndl_t tpmTransmit ( void * io_buffer,
size_t & io_buflen,
size_t i_commandlen,
- tpm_info_t i_tpmInfo );
+ const tpm_info_t & i_tpmInfo );
+
+#ifdef CONFIG_DRTM
+/**
+ * @brief This function peforms the sequencing to do a reset of the
+ * dynamic PCRs 17-22
+ *
+ * @param[in] i_tpmInfo Structure of I2C parameters needed to execute
+ * the command to the I2C device driver.
+ *
+ * @return errlHndl_t nullptr if successful, otherwise a pointer to the
+ * error log.
+ */
+errlHndl_t tpmDrtmReset (tpm_info_t i_tpmInfo);
+#endif
/**
* @brief This function prepares the I2C byte address for adding to the
@@ -230,7 +247,7 @@ errlHndl_t tpmTransmit ( void * io_buffer,
*/
errlHndl_t tpmPrepareAddress ( void * io_buffer,
size_t & o_bufSize,
- tpm_info_t i_tpmInfo );
+ const tpm_info_t & i_tpmInfo );
/**
* @brief This function decides whether or not the target passed into the
@@ -330,7 +347,7 @@ errlHndl_t tpmReadSTSRegValid ( tpm_info_t i_tpmInfo,
* @return errlHndl_t NULL if successful, otherwise a pointer to the
* error log.
*/
-errlHndl_t tpmIsCommandReady( tpm_info_t i_tpmInfo,
+errlHndl_t tpmIsCommandReady( const tpm_info_t & i_tpmInfo,
bool & o_isReady);
/**
@@ -342,7 +359,7 @@ errlHndl_t tpmIsCommandReady( tpm_info_t i_tpmInfo,
* @return errlHndl_t NULL if successful, otherwise a pointer to the
* error log.
*/
-errlHndl_t tpmPollForCommandReady( tpm_info_t i_tpmInfo);
+errlHndl_t tpmPollForCommandReady( const tpm_info_t & i_tpmInfo);
/**
* @brief Check for expecting state in TPM STS Register
@@ -355,7 +372,7 @@ errlHndl_t tpmPollForCommandReady( tpm_info_t i_tpmInfo);
* @return errlHndl_t NULL if successful, otherwise a pointer to the
* error log.
*/
-errlHndl_t tpmIsExpecting( tpm_info_t i_tpmInfo,
+errlHndl_t tpmIsExpecting( const tpm_info_t & i_tpmInfo,
bool & o_isExpecting);
/**
@@ -369,7 +386,7 @@ errlHndl_t tpmIsExpecting( tpm_info_t i_tpmInfo,
* @return errlHndl_t NULL if successful, otherwise a pointer to the
* error log.
*/
-errlHndl_t tpmIsDataAvail( tpm_info_t i_tpmInfo,
+errlHndl_t tpmIsDataAvail( const tpm_info_t & i_tpmInfo,
bool & o_isDataAvail);
/**
@@ -381,7 +398,7 @@ errlHndl_t tpmIsDataAvail( tpm_info_t i_tpmInfo,
* @return errlHndl_t NULL if successful, otherwise a pointer to the
* error log.
*/
-errlHndl_t tpmPollForDataAvail( tpm_info_t i_tpmInfo);
+errlHndl_t tpmPollForDataAvail( const tpm_info_t & i_tpmInfo);
/**
* @brief Read the current burst count value
@@ -394,7 +411,7 @@ errlHndl_t tpmPollForDataAvail( tpm_info_t i_tpmInfo);
* @return errlHndl_t NULL if successful, otherwise a pointer to the
* error log.
*/
-errlHndl_t tpmReadBurstCount( tpm_info_t i_tpmInfo,
+errlHndl_t tpmReadBurstCount( const tpm_info_t & i_tpmInfo,
uint16_t & o_burstCount);
/**
@@ -406,7 +423,7 @@ errlHndl_t tpmReadBurstCount( tpm_info_t i_tpmInfo,
* @return errlHndl_t NULL if successful, otherwise a pointer to the
* error log.
*/
-errlHndl_t tpmWriteCommandReady( tpm_info_t i_tpmInfo);
+errlHndl_t tpmWriteCommandReady( const tpm_info_t & i_tpmInfo);
/**
* @brief Write the TpmGo bit in the STS register
@@ -417,7 +434,7 @@ errlHndl_t tpmWriteCommandReady( tpm_info_t i_tpmInfo);
* @return errlHndl_t NULL if successful, otherwise a pointer to the
* error log.
*/
-errlHndl_t tpmWriteTpmGo( tpm_info_t i_tpmInfo);
+errlHndl_t tpmWriteTpmGo( const tpm_info_t & i_tpmInfo);
/**
* @brief Write the response retry bit in the Tpm STS register
@@ -428,7 +445,7 @@ errlHndl_t tpmWriteTpmGo( tpm_info_t i_tpmInfo);
* @return errlHndl_t NULL if successful, otherwise a pointer to the
* error log.
*/
-errlHndl_t tpmWriteResponseRetry( tpm_info_t i_tpmInfo);
+errlHndl_t tpmWriteResponseRetry( const tpm_info_t & i_tpmInfo);
/**
@@ -444,7 +461,7 @@ errlHndl_t tpmWriteResponseRetry( tpm_info_t i_tpmInfo);
* @return errlHndl_t NULL if successful, otherwise a pointer to the
* error log.
*/
-errlHndl_t tpmWriteFifo( tpm_info_t i_tpmInfo,
+errlHndl_t tpmWriteFifo( const tpm_info_t & i_tpmInfo,
void * i_buffer,
size_t i_buflen);
@@ -463,7 +480,7 @@ errlHndl_t tpmWriteFifo( tpm_info_t i_tpmInfo,
* @return errlHndl_t NULL if successful, otherwise a pointer to the
* error log.
*/
-errlHndl_t tpmReadFifo( tpm_info_t i_tpmInfo,
+errlHndl_t tpmReadFifo( const tpm_info_t & i_tpmInfo,
void * o_buffer,
size_t & io_buflen);
/**
diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C
index dba6e1ba1..b12654748 100644
--- a/src/usr/secureboot/trusted/trustedboot.C
+++ b/src/usr/secureboot/trusted/trustedboot.C
@@ -48,6 +48,7 @@
#include <initservice/initserviceif.H>
#include <ipmi/ipmisensor.H>
#include <config.h>
+#include <devicefw/driverif.H>
#include <i2c/tpmddif.H>
#include "trustedboot.H"
#include "trustedTypes.H"
@@ -261,6 +262,8 @@ void* host_update_master_tpm( void *io_pArgs )
systemTpms.tpm[TPM_MASTER_INDEX].available &&
NULL == systemTpms.tpm[TPM_MASTER_INDEX].logMgr)
{
+ /// @todo RTC:145689 For DRTM we locate the previous SRTM log and reuse
+ /// And we must allocate a DRTM log to be used
systemTpms.tpm[TPM_MASTER_INDEX].logMgr = new TpmLogMgr;
err = TpmLogMgr_initialize(
systemTpms.tpm[TPM_MASTER_INDEX].logMgr);
@@ -413,7 +416,11 @@ void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target)
// For a DRTM we need to reset PCRs 17-22
if (drtmMpipl)
{
- /// @TODO RTC 167667 Implement PCR reset
+ err = tpmDrtmReset(io_target);
+ if (NULL != err)
+ {
+ break;
+ }
}
#endif
@@ -1241,4 +1248,27 @@ bool isTpmRequired()
}
+#ifdef CONFIG_DRTM
+errlHndl_t tpmDrtmReset(TpmTarget& io_target)
+{
+ errlHndl_t err = nullptr;
+
+ // Send to the TPM
+ size_t len = 0;
+ err = deviceRead(io_target.tpmTarget,
+ nullptr,
+ len,
+ DEVICE_TPM_ADDRESS(TPMDD::TPM_OP_DRTMRESET,
+ 0,
+ TPM_LOCALITY_4));
+
+ if (NULL == err)
+ {
+ /// @todo RTC: 145689 reset the dynamic tpm log
+ }
+
+ return err;
+}
+#endif
+
} // end TRUSTEDBOOT
diff --git a/src/usr/secureboot/trusted/trustedboot.H b/src/usr/secureboot/trusted/trustedboot.H
index 14cbe8b93..bb434a260 100644
--- a/src/usr/secureboot/trusted/trustedboot.H
+++ b/src/usr/secureboot/trusted/trustedboot.H
@@ -150,5 +150,15 @@ bool isTpmRequired();
*/
void* tpmDaemon(void* unused);
+#ifdef CONFIG_DRTM
+/**
+ * @brief Initiate a DRTM PCR reset
+ * @param[in/out] io_target Current TPM target structure
+ * @return errlHndl_t NULL if successful, otherwise a pointer to the
+ * error log.
+ */
+errlHndl_t tpmDrtmReset(TpmTarget & io_target);
+#endif
+
} // end TRUSTEDBOOT namespace
#endif
OpenPOWER on IntegriCloud