Marked Failed TPMs Unusable For Alignment Check

Set the TPM_UNUSABLE attribute for TPMs that failed. This attribute will be used by FSP during alignment check, so it is important to reflect the current TPM availability situation. Note that backup TPM is marked as unusable in istep 6.8, and then re-checked in istep 10.14. Change-Id: I32347c542cb4cd09c04bea7f8a9275881d204dfb RTC: 191163 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/58529 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
author: Ilya Smirnov <ismirno@us.ibm.com> 2018-05-08 16:01:25 -0500
committer: Daniel M. Crowell <dcrowell@us.ibm.com> 2018-05-22 12:28:07 -0400
commit: d55d64a79ca44280e0e6415893bab44fcaafa34f (patch)
tree: 48f43b89dcfbc679a05ce301cb4f2936560d56e2 /src/usr
parent: 70e337a2fe7679b2f2b4ed099949e5a7dc1f2a24 (diff)
download: talos-hostboot-d55d64a79ca44280e0e6415893bab44fcaafa34f.tar.gz
talos-hostboot-d55d64a79ca44280e0e6415893bab44fcaafa34f.zip
1 files changed, 18 insertions, 6 deletions
diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C
index de4222e41..f4262bcf1 100644
--- a/src/usr/secureboot/trusted/trustedboot.C
+++ b/src/usr/secureboot/trusted/trustedboot.C
@@ -193,8 +193,8 @@ bool functionalPrimaryTpmExists()
         [&presentAndFunctional, &initialized, &isPrimaryTpm](
             const TARGETING::Target* const i_pTpm)
         {
-            return (isPrimaryTpm(i_pTpm) && (presentAndFunctional(i_pTpm)
-                    || !initialized(i_pTpm)));
+            return (isPrimaryTpm(i_pTpm) &&
+                    (presentAndFunctional(i_pTpm) || !initialized(i_pTpm)));
         });
 
     exists = (itr!=tpmList.end()) ? true : false;
@@ -324,6 +324,7 @@ void* host_update_master_tpm( void *io_pArgs )
                 !primaryHwasState.present)
             {
                 primaryTpmAvail = false;
+                pPrimaryTpm->setAttr<TARGETING::ATTR_TPM_UNUSABLE>(true);
             }
         }
 
@@ -414,13 +415,15 @@ void* host_update_master_tpm( void *io_pArgs )
     {
         TRACUCOMP( g_trac_trustedboot,
                    "host_update_master_tpm() - "
-                   "Primary TPM Present:%d Functional:%d Init Attempted:%d",
+                   "Primary TPM Present:%d Functional:%d Init Attempted:%d"
+                   " Usable:%d",
                    pPrimaryTpm->getAttr<TARGETING::ATTR_HWAS_STATE>().
                        present,
                    pPrimaryTpm->getAttr<TARGETING::ATTR_HWAS_STATE>().
                        functional,
                    pPrimaryTpm->getAttr<
-                       TARGETING::ATTR_HB_TPM_INIT_ATTEMPTED>());
+                       TARGETING::ATTR_HB_TPM_INIT_ATTEMPTED>(),
+                   !(pPrimaryTpm->getAttr<TARGETING::ATTR_TPM_UNUSABLE>()));
     }
 
     TARGETING::Target* pBackupTpm = nullptr;
@@ -429,14 +432,16 @@ void* host_update_master_tpm( void *io_pArgs )
     {
         TRACUCOMP( g_trac_trustedboot,
                    "host_update_master_tpm() - "
-                   "Backup TPM Present:%d Functional:%d Init Attempted:%d. "
+                   "Backup TPM Present:%d Functional:%d Init Attempted:%d "
+                   "Usable: %d. "
                    "Backup TPM initialization is deferred to istep 10.14.",
                    pBackupTpm->getAttr<TARGETING::ATTR_HWAS_STATE>().
                        present,
                    pBackupTpm->getAttr<TARGETING::ATTR_HWAS_STATE>().
                        functional,
                    pBackupTpm->getAttr<
-                       TARGETING::ATTR_HB_TPM_INIT_ATTEMPTED>());
+                       TARGETING::ATTR_HB_TPM_INIT_ATTEMPTED>(),
+                   !(pPrimaryTpm->getAttr<TARGETING::ATTR_TPM_UNUSABLE>()));
     }
 
     TRACDCOMP( g_trac_trustedboot,
@@ -998,6 +1003,9 @@ void tpmMarkFailed(TpmTarget* const i_pTpm,
     i_pTpm->setAttr<
         TARGETING::ATTR_HWAS_STATE>(hwasState);
 
+    // Mark the TPM as unusable so that FSP can perform alignment check
+    i_pTpm->setAttr<TARGETING::ATTR_TPM_UNUSABLE>(true);
+
     #ifdef CONFIG_SECUREBOOT
     TARGETING::Target* l_tpm = i_pTpm;
 
@@ -1374,6 +1382,10 @@ void doInitBackupTpm()
     if(l_backupTpm)
     {
         l_backupTpm->setAttr<TARGETING::ATTR_HB_TPM_INIT_ATTEMPTED>(true);
+        auto l_backupHwasState = l_backupTpm->getAttr<
+                                                  TARGETING::ATTR_HWAS_STATE>();
+        l_backupTpm->setAttr<TARGETING::ATTR_TPM_UNUSABLE>(
+                  !(l_backupHwasState.present && l_backupHwasState.functional));
     }
 }
author	Ilya Smirnov <ismirno@us.ibm.com>	2018-05-08 16:01:25 -0500
committer	Daniel M. Crowell <dcrowell@us.ibm.com>	2018-05-22 12:28:07 -0400
commit	d55d64a79ca44280e0e6415893bab44fcaafa34f (patch)
tree	48f43b89dcfbc679a05ce301cb4f2936560d56e2 /src/usr
parent	70e337a2fe7679b2f2b4ed099949e5a7dc1f2a24 (diff)
download	talos-hostboot-d55d64a79ca44280e0e6415893bab44fcaafa34f.tar.gz talos-hostboot-d55d64a79ca44280e0e6415893bab44fcaafa34f.zip