diff options
| author | Chris Engel <cjengel@us.ibm.com> | 2015-09-18 09:17:23 -0500 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2016-06-08 22:45:27 -0400 |
| commit | c4119b881e8a6e3746ac4553dee024351d97226f (patch) | |
| tree | aa1148f790629526cb2367dff0c5ce162e4b051d /src/usr | |
| parent | 02db181b01ad44a7c18d929f9541336d050dbae2 (diff) | |
| download | talos-hostboot-c4119b881e8a6e3746ac4553dee024351d97226f.tar.gz talos-hostboot-c4119b881e8a6e3746ac4553dee024351d97226f.zip | |
Trustedboot add TPM and associated i2c master to the devtree
Change-Id: Ic2edee549d23669f046a6e78f0cfae838faaec2d
RTC: 125287
ForwardPort: yes
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/25470
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Tested-by: Jenkins Server
Tested-by: FSP CI Jenkins
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr')
| -rw-r--r-- | src/usr/devtree/bld_devtree.C | 297 | ||||
| -rwxr-xr-x | src/usr/i2c/test/tpmddtest.H | 7 | ||||
| -rwxr-xr-x | src/usr/i2c/tpmdd.C | 39 | ||||
| -rw-r--r-- | src/usr/secureboot/base/securerom.C | 16 | ||||
| -rw-r--r-- | src/usr/secureboot/base/securerom.H | 8 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/base/tpmLogMgr.C | 56 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/base/tpmLogMgr.H | 35 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/trustedboot.C | 85 |
8 files changed, 529 insertions, 14 deletions
diff --git a/src/usr/devtree/bld_devtree.C b/src/usr/devtree/bld_devtree.C index 33b8a6a87..698a525a6 100644 --- a/src/usr/devtree/bld_devtree.C +++ b/src/usr/devtree/bld_devtree.C @@ -48,7 +48,9 @@ #include <i2c/i2cif.H> #include <i2c/eepromif.H> #include <intr/interrupt.H> - +#include <i2c/tpmddif.H> +#include <secureboot/trustedbootif.H> +#include <secureboot/service.H> #include <ipmi/ipmisensor.H> //@TODO RTC:143092 @@ -217,7 +219,8 @@ homerAddr_t getHomerPhysAddr(const TARGETING::Target * i_pProc) void add_i2c_info( const TARGETING::Target* i_targ, devTree* i_dt, - dtOffset_t i_node ) + dtOffset_t i_node, + uint64_t i_xscomAddr) { TRACFCOMP(g_trac_devtree,"add_i2c_info(%X)",TARGETING::get_huid(i_targ)); @@ -229,6 +232,14 @@ void add_i2c_info( const TARGETING::Target* i_targ, std::list<EEPROM::EepromInfo_t> l_eepromInfo; EEPROM::getEEPROMs( l_eepromInfo ); +#ifdef CONFIG_TPMDD + TPMDD::tpm_info_t tpmInfo; + errlHndl_t err = NULL; + //find all TPMs + std::list<TRUSTEDBOOT::TpmTarget> l_tpmTarget; + TRUSTEDBOOT::getTPMs(l_tpmTarget); +#endif + //add any other i2c devices here as needed, e.g. TPM, etc //figure out what kind of chip we're talking about @@ -466,11 +477,123 @@ void add_i2c_info( const TARGETING::Target* i_targ, // now remove the device we added so we don't add it again eep2 = l_eepromInfo.erase(eep2); } - } - } + } // end eeprom iter + + +#ifdef CONFIG_TPMDD + std::list<TRUSTEDBOOT::TpmTarget>::iterator tpm = l_tpmTarget.begin(); + while( tpm != l_tpmTarget.end() ) + { + + // Lookup i2c info for the TPM + tpmInfo.chip = tpm->chip; + err = TPMDD::tpmReadAttributes(tpm->nodeTarget, tpmInfo); + if (NULL != err) + { + // Unable to get info we skip this guy + delete err; + tpm = l_tpmTarget.erase(tpm); + continue; + } + + // ignore the devices that aren't on the current target + if( tpmInfo.i2cTarget != i_targ ) + { + tpm = l_tpmTarget.erase(tpm); + continue; + } + // skip the devices that are on a different engine + else if( tpmInfo.engine != i2cm->engine ) + { + ++tpm; + continue; + } + /* + i2c-bus@0 { + reg = <0x0>; + bus-frequency = <0x61a80>; + compatible = "ibm,power8-i2c-port", << Opal fills in + "ibm,opal-i2c"; << Opal fills in + ibm,opal-id = <0x1>; << Opal fills in + ibm,port-name = "p8_00000000_e1p0"; << chip_chipid_eng_port + #address-cells = <0x1>; + phandle = <0x10000063>; << auto-filled + #size-cells = <0x0>; + linux,phandle = <0x10000063>; + } + */ + dtOffset_t l_busNode = i_dt->addNode( l_i2cNode, + "i2c-bus", tpmInfo.port); + i_dt->addPropertyCell32(l_busNode, "reg", tpmInfo.port); + i_dt->addPropertyCell32(l_busNode, "bus-frequency", + tpmInfo.busFreq); + i_dt->addPropertyCell32(l_busNode, "#address-cells", 1); + i_dt->addPropertyCell32(l_busNode, "#size-cells", 0); + char portname[20]; + sprintf( portname, "%s_%.8X_e%dp%d", + l_chipname, + l_chipid, + tpmInfo.engine, + tpmInfo.port ); + i_dt->addPropertyString(l_busNode, + "ibm,port-name", + portname); + + + /* + tpm@50 { + reg = <0x50>; << right-justified 7-bit addr + label = "tpm"; << arbitrary name + compatible = "nuvoton,npct650"; << from i2c driver + status = "ok"; << Opal fills in + phandle = <0x10000065>; << auto-filled + linux,phandle = <0x10000065>; << Opal fills in + sml-get-allocated-size = <size of buffer allocated for event log> + sml-handover = <ptr to event log> + } + */ + dtOffset_t l_tpmNode = i_dt->addNode( l_busNode, + "tpm", + tpmInfo.devAddr >> 1 ); + TRACFCOMP( g_trac_devtree, "TPM NODE %X", l_tpmNode ); + + i_dt->addPropertyCell32(l_tpmNode, "reg", + tpmInfo.devAddr >> 1); + char l_label[30]; + switch (tpm->chip) + { + case TPMDD::TPM_PRIMARY: + sprintf( l_label, "tpm" ); + break; + case TPMDD::TPM_BACKUP: + sprintf( l_label, "tpm-backup" ); + break; + default: + break; + } + i_dt->addPropertyString(l_tpmNode, "label", l_label); + + // fill in nuvoton compatible + const char* l_compat = "nuvoton,npct650"; + i_dt->addPropertyString(l_tpmNode, "compatible", l_compat); + + // Placeholders for the tpm log which will be filled in later + // We store info away so we can look up this devtree node later + TRUSTEDBOOT::setTpmDevtreeInfo(*tpm, i_xscomAddr, i2cm->scomAddr); + i_dt->addPropertyCell32(l_tpmNode, "sml-get-allocated-size", 0); + i_dt->addPropertyCell64(l_tpmNode, "sml-handover", 0); + + // now remove the device we added so we don't add it again + tpm = l_tpmTarget.erase(tpm); + } // end TPM iter +#endif + + + } // end i2cm iter } + void bld_getSideInfo(PNOR::SideId i_side, uint32_t o_TOCaddress[2], uint8_t & o_count, @@ -722,7 +845,7 @@ void bld_xscom_node(devTree * i_dt, dtOffset_t & i_parentNode, } /*I2C Masters*/ - add_i2c_info( i_pProc, i_dt, xscomNode ); + add_i2c_info( i_pProc, i_dt, xscomNode, l_xscomAddr ); } @@ -1152,6 +1275,93 @@ void load_hbrt_image(uint64_t& io_address) } } +void load_tpmlog(devTree * i_dt, uint64_t& io_address) +{ + + do + { +#ifdef CONFIG_TPMDD + errlHndl_t l_errl = NULL; + + // TPM log + std::list<TRUSTEDBOOT::TpmTarget> l_tpmTarget; + TRUSTEDBOOT::getTPMs(l_tpmTarget); + std::list<TRUSTEDBOOT::TpmTarget>::iterator l_tpm = l_tpmTarget.begin(); + size_t l_allocatedSize = 0; + uint32_t* l_propAllocSize = NULL; + uint64_t* l_propAddr = NULL; + TPMDD::tpm_info_t l_tpmInfo; + uint64_t l_scomAddr = 0; + uint32_t l_masterOffset = 0; + uint8_t l_i2cBus = 0; + uint8_t l_tpmAddr = 0; + char l_nodePath[100]; + dtOffset_t l_tpmNode; + + while( l_tpm != l_tpmTarget.end() ) + { + + l_errl = TRUSTEDBOOT::getTpmLogDevtreeInfo(*l_tpm, + io_address, + l_allocatedSize, + l_scomAddr, + l_masterOffset); + + if (l_errl) + { + errlCommit(l_errl, DEVTREE_COMP_ID); + ++ l_tpm; + continue; + } + + // We need to build the devtree path to find this TPM node + // Lookup i2c info for the TPM + l_tpmInfo.chip = l_tpm->chip; + l_errl = TPMDD::tpmReadAttributes(l_tpm->nodeTarget, l_tpmInfo); + if (l_errl) + { + errlCommit(l_errl, DEVTREE_COMP_ID); + ++ l_tpm; + continue; + } + + l_i2cBus = l_tpmInfo.port; + l_tpmAddr = l_tpmInfo.devAddr >> 1; + + sprintf(l_nodePath, "/xscom@%lx/i2cm@%x/i2c-bus@%x/tpm@%x", + l_scomAddr, l_masterOffset, l_i2cBus, l_tpmAddr); + + TRACFCOMP(g_trac_devtree,"Searching for TPM Node %s", + l_nodePath); + l_tpmNode = i_dt->findNode(l_nodePath); + + l_propAllocSize = reinterpret_cast<uint32_t*>( + i_dt->findProperty(l_tpmNode, + "sml-get-allocated-size")); + l_propAddr = reinterpret_cast<uint64_t*>( + i_dt->findProperty(l_tpmNode, + "sml-handover")); + + if (NULL == l_propAllocSize || + NULL == l_propAddr) + { + TRACFCOMP(g_trac_devtree,ERR_MRK" Unable to find " + "sml TPM properties"); + ++ l_tpm; + continue; + } + + // Store the values in the devtree nodes + *l_propAllocSize = l_allocatedSize; + *l_propAddr = io_address; + + ++l_tpm; + } +#endif + + } while (0); + +} errlHndl_t bld_fdt_system(devTree * i_dt, bool i_smallTree) { @@ -1461,14 +1671,34 @@ errlHndl_t bld_fdt_reserved_mem(devTree * i_dt, uint64_t l_hbrt_addr = l_targ_addr; load_hbrt_image(l_hbrt_addr); - uint64_t l_extra_addrs[] = { l_vpd_addr, l_targ_addr, l_hbrt_addr }; +#ifdef CONFIG_TPMDD + // TPM log + uint64_t l_tpmlog_addr = l_hbrt_addr; + uint64_t l_tpmlog_size = 0; + load_tpmlog(i_dt, l_tpmlog_addr); + l_tpmlog_size = l_hbrt_addr - l_tpmlog_addr; +#endif + + uint64_t l_extra_addrs[] = { l_vpd_addr, l_targ_addr, l_hbrt_addr +#ifdef CONFIG_TPMDD + ,l_tpmlog_addr +#endif + }; uint64_t l_extra_sizes[] = { VMM_RT_VPD_SIZE, l_vpd_addr - l_targ_addr, - l_targ_addr - l_hbrt_addr}; + l_targ_addr - l_hbrt_addr +#ifdef CONFIG_TPMDD + ,l_tpmlog_size +#endif + }; const char* l_extra_addrs_str[] = { "ibm,hbrt-vpd-image" , "ibm,hbrt-target-image", - "ibm,hbrt-code-image" }; + "ibm,hbrt-code-image" +#ifdef CONFIG_TPMDD + ,"ibm,tpmlog" +#endif + }; size_t l_extra_addr_cnt = sizeof(l_extra_addrs) / sizeof(uint64_t); //Add in reserved memory for HOMER images and HBRT sections. @@ -1659,7 +1889,7 @@ errlHndl_t bld_fdt_mem(devTree * i_dt, bool i_smallTree) cmfsiCells, 2); //Add any I2C devices hanging off this chip - add_i2c_info( l_pMemB, i_dt, membNode ); + add_i2c_info( l_pMemB, i_dt, membNode, l_ibscomBase); // Add membuf ECIDs ATTR_ECID_type ecid; @@ -2044,6 +2274,48 @@ errlHndl_t bld_fdt_vpd(devTree * i_dt, bool i_smallTree) return errhdl; } +errlHndl_t bld_fdt_secureboot(devTree * i_dt, bool i_smallTree) +{ + // Nothing to do for small trees currently. + if (i_smallTree) { return NULL; } + + errlHndl_t errhdl = NULL; + + do + { + /* Find the / node and add a secureboot node under it. */ + dtOffset_t rootNode = i_dt->findNode("/"); + + dtOffset_t secBootNode = i_dt->addNode(rootNode, "ibm,secureboot"); + sha2_hash_t hw_key_hash; + SECUREBOOT::getHwHashKeys(hw_key_hash); + + i_dt->addPropertyBytes(secBootNode, "hw-key-hash", + reinterpret_cast<uint8_t*>(hw_key_hash), + sizeof(hw_key_hash)); + + i_dt->addPropertyString(secBootNode, "hash-algo", "sha512"); + + /* compatibility strings -- currently only one */ + const char* compatStr[] = {"ibm,power-secureboot-v1", NULL}; + i_dt->addPropertyStrings(secBootNode, "compatible", compatStr); + + if (SECUREBOOT::enabled()) + { + i_dt->addProperty(secBootNode, "secure-enabled"); + } +#ifdef CONFIG_TPMDD + if (TRUSTEDBOOT::enabled()) + { + i_dt->addProperty(secBootNode, "trusted-enabled"); + } +#endif + + } while(0); + + return errhdl; +} + errlHndl_t build_flatdevtree( uint64_t i_dtAddr, size_t i_dtSize, bool i_smallTree ) { @@ -2107,6 +2379,13 @@ errlHndl_t build_flatdevtree( uint64_t i_dtAddr, size_t i_dtSize, { break; } + + TRACFCOMP( g_trac_devtree, "---devtree secureboot ---" ); + errhdl = bld_fdt_secureboot(dt, i_smallTree); + if(errhdl) + { + break; + } }while(0); return errhdl; diff --git a/src/usr/i2c/test/tpmddtest.H b/src/usr/i2c/test/tpmddtest.H index 4053245a6..14c22d6c4 100755 --- a/src/usr/i2c/test/tpmddtest.H +++ b/src/usr/i2c/test/tpmddtest.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015 */ +/* Contributors Listed Below - COPYRIGHT 2015,2016 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -38,7 +38,7 @@ #include <devicefw/driverif.H> #include <i2c/tpmddreasoncodes.H> #include <targeting/common/commontargeting.H> -#include "secureboot/trustedbootif.H" +#include <secureboot/trustedbootif.H> #include "i2ctest.H" #include "../tpmdd.H" #include "../../secureboot/trusted/trustedTypes.H" @@ -381,7 +381,8 @@ class TPMDDTest: public CxxTest::TestSuite 0) ); if( NULL == err || - err->reasonCode() != TPM_DEVICE_NOT_AVAILABLE) + (err->reasonCode() != TPM_DEVICE_NOT_AVAILABLE && + err->reasonCode() != TPM_BUS_SPEED_LOOKUP_FAIL)) { fails++; TS_FAIL( "testTPMInvalidChip - TpmBackup : Error " diff --git a/src/usr/i2c/tpmdd.C b/src/usr/i2c/tpmdd.C index 24a49552b..d2b777cb0 100755 --- a/src/usr/i2c/tpmdd.C +++ b/src/usr/i2c/tpmdd.C @@ -1260,6 +1260,45 @@ errlHndl_t tpmReadAttributes ( TARGETING::Target * i_target, } + // Lookup bus speed + TARGETING::ATTR_I2C_BUS_SPEED_ARRAY_type speeds; + if( io_tpmInfo.i2cTarget-> + tryGetAttr<TARGETING::ATTR_I2C_BUS_SPEED_ARRAY>(speeds) && + (io_tpmInfo.engine < I2C_BUS_MAX_ENGINE(speeds)) && + (io_tpmInfo.port < I2C_BUS_MAX_PORT(speeds)) ) + { + io_tpmInfo.busFreq = speeds[io_tpmInfo.engine][io_tpmInfo.port]; + io_tpmInfo.busFreq *= 1000; //convert KHz->Hz + } + else + { + TRACFCOMP( g_trac_tpmdd, + ERR_MRK"tpmReadAttributes() - BUS SPEED LOOKUP FAIL"); + + /*@ + * @errortype + * @reasoncode TPM_BUS_SPEED_LOOKUP_FAIL + * @severity ERRORLOG::ERRL_SEV_UNRECOVERABLE + * @moduleid TPMDD_READATTRIBUTES + * @userdata1 HUID of target + * @userdata2 Address Offset Size + * @devdesc Invalid address offset size + */ + err = new ERRORLOG::ErrlEntry( + ERRORLOG::ERRL_SEV_UNRECOVERABLE, + TPMDD_READATTRIBUTES, + TPM_BUS_SPEED_LOOKUP_FAIL, + TARGETING::get_huid(i_target), + tpmData.byteAddrOffset, + true /*Add HB SW Callout*/ ); + + err->collectTrace( TPMDD_COMP_NAME ); + + break; + + } + + } while( 0 ); TRACUCOMP(g_trac_tpmdd,"tpmReadAttributes() tgt=0x%X, %d/%d/0x%X " diff --git a/src/usr/secureboot/base/securerom.C b/src/usr/secureboot/base/securerom.C index 48b4255cd..82a72c185 100644 --- a/src/usr/secureboot/base/securerom.C +++ b/src/usr/secureboot/base/securerom.C @@ -84,6 +84,14 @@ errlHndl_t hashBlob(void * i_blob, size_t i_size, SHA512_t io_buf) } +/* + * @brief Externally available hardware hash key function + */ +void getHwHashKeys(sha2_hash_t o_hash) +{ + return Singleton<SecureROM>::instance().getHwHashKeys(o_hash); +} + }; //end SECUREBOOT namespace @@ -546,6 +554,14 @@ errlHndl_t SecureROM::getHwHashKeys() } /** + * @brief Retrieve the internal hardware hash key from secure ROM object. + */ +void SecureROM::getHwHashKeys(sha2_hash_t o_hash) +{ + memcpy(o_hash, iv_hash_key, sizeof(sha2_hash_t)); +} + +/** * @brief Static instance function for testcase only */ SecureROM& SecureROM::getInstance() diff --git a/src/usr/secureboot/base/securerom.H b/src/usr/secureboot/base/securerom.H index ad12a5a8a..cd5688cc4 100644 --- a/src/usr/secureboot/base/securerom.H +++ b/src/usr/secureboot/base/securerom.H @@ -157,6 +157,14 @@ class SecureROM */ errlHndl_t hashBlob(void * i_blob, size_t i_size, SHA512_t io_buf); + /** + * @brief Retrieve the internal hardware hash key from secure ROM + * object. + * + * @param[out] o_hash Reference to the sha2_hash_t array to copy the + * hash to. + */ + void getHwHashKeys(sha2_hash_t o_hash); protected: diff --git a/src/usr/secureboot/trusted/base/tpmLogMgr.C b/src/usr/secureboot/trusted/base/tpmLogMgr.C index 18e677192..d129bbaa1 100644 --- a/src/usr/secureboot/trusted/base/tpmLogMgr.C +++ b/src/usr/secureboot/trusted/base/tpmLogMgr.C @@ -38,6 +38,8 @@ #include <string.h> #include "tpmLogMgr.H" #ifdef __HOSTBOOT_MODULE +#include <sys/mm.h> +#include <util/align.H> #include <secureboot/trustedboot_reasoncodes.H> #include "../trustedbootUtils.H" #include "../trustedboot.H" @@ -251,7 +253,6 @@ namespace TRUSTEDBOOT break; } - val->newEventPtr = TCG_PCR_EVENT2_logMarshal(logEvent, val->newEventPtr); @@ -490,6 +491,59 @@ namespace TRUSTEDBOOT #endif } +#ifdef __HOSTBOOT_MODULE + errlHndl_t TpmLogMgr_getDevtreeInfo(TpmLogMgr* val, + uint64_t & io_logAddr, + size_t & o_allocationSize, + uint64_t & o_xscomAddr, + uint32_t & o_i2cMasterOffset) + { + errlHndl_t err = NULL; + + mutex_lock( &val->logMutex ); + + assert(io_logAddr != 0, "Invalid starting log address"); + assert(val->eventLogInMem == NULL, + "getDevtreeInfo can only be called once"); + + io_logAddr -= ALIGN_PAGE(TPMLOG_DEVTREE_SIZE); + // Align to 64KB for Opal + io_logAddr = ALIGN_DOWN_X(io_logAddr,64*KILOBYTE); + + val->inMemlogBaseAddr = io_logAddr; + o_allocationSize = TPMLOG_DEVTREE_SIZE; + o_xscomAddr = val->devtreeXscomAddr; + o_i2cMasterOffset = val->devtreeI2cMasterOffset; + + // Copy image. + val->eventLogInMem = (uint8_t*)(mm_block_map( + (void*)(io_logAddr), + ALIGN_PAGE(TPMLOG_DEVTREE_SIZE))); + // Copy log into new location + memset(val->eventLogInMem, 0, TPMLOG_DEVTREE_SIZE); + memcpy(val->eventLogInMem, val->eventLog, val->logSize); + val->newEventPtr = val->eventLogInMem + val->logSize; + + mutex_unlock( &val->logMutex ); + + TRACUCOMP( g_trac_trustedboot, + "<<getDevtreeInfo() Addr:%lX - %s", + io_logAddr, + ((TB_SUCCESS == err) ? "No Error" : "With Error") ); + return err; + } + + + void TpmLogMgr_setTpmDevtreeInfo(TpmLogMgr* val, + uint64_t i_xscomAddr, + uint32_t i_i2cMasterOffset) + { + val->devtreeXscomAddr = i_xscomAddr; + val->devtreeI2cMasterOffset = i_i2cMasterOffset; + } + +#endif + #ifdef __cplusplus } // end TRUSTEDBOOT #endif diff --git a/src/usr/secureboot/trusted/base/tpmLogMgr.H b/src/usr/secureboot/trusted/base/tpmLogMgr.H index b7eed6293..b12f5cb15 100644 --- a/src/usr/secureboot/trusted/base/tpmLogMgr.H +++ b/src/usr/secureboot/trusted/base/tpmLogMgr.H @@ -81,6 +81,7 @@ namespace TRUSTEDBOOT enum { TPMLOG_BUFFER_SIZE = 1024, ///< Size of event log buffer in bytes + TPMLOG_DEVTREE_SIZE = 64*1024, ///< Size to allocate for OPAL }; struct _TpmLogMgr @@ -90,6 +91,9 @@ namespace TRUSTEDBOOT uint8_t* newEventPtr; ///< Pointer to location to add new event uint8_t* eventLogInMem; ///< Event log allocated from memory #ifdef __HOSTBOOT_MODULE + uint64_t inMemlogBaseAddr; ///< Base address of log for dev tree + uint64_t devtreeXscomAddr; ///< Devtree Xscom Address + uint32_t devtreeI2cMasterOffset; ///< Devtree I2c Master Offset uint8_t eventLog[TPMLOG_BUFFER_SIZE]; ///< EventLog Buffer #endif mutex_t logMutex; ///< Log mutex @@ -134,6 +138,37 @@ namespace TRUSTEDBOOT */ uint32_t TpmLogMgr_getLogSize(TpmLogMgr* val); +#ifdef __HOSTBOOT_MODULE + /** + * @brief Retrieve devtree information + * @param[in] val TpmLogMgr structure + * @param[in/out] io_logAddr TPM Log address + * @param[out] o_allocationSize Total memory allocated for log + * @param[out] o_xscomAddr Chip Xscom Address + * @param[out] o_i2cMasterOffset I2c Master Offset + * @return errlHndl_t NULL if successful, otherwise a pointer to the + * error log. + * Function will allocate a new region in memory to store log + * for passing to opal + */ + errlHndl_t TpmLogMgr_getDevtreeInfo(TpmLogMgr* val, + uint64_t & io_logAddr, + size_t & o_allocationSize, + uint64_t & o_xscomAddr, + uint32_t & o_i2cMasterOffset); + + /** + * @brief Store TPM devtree node information + * @param[in] val TpmLogMgr structure + * @param[in] i_xscomAddr Chip Xscom Address + * @param[in] i_i2cMasterOffset i2c Master Offset + */ + void TpmLogMgr_setTpmDevtreeInfo(TpmLogMgr* val, + uint64_t i_xscomAddr, + uint32_t i_i2cMasterOffset); +#endif + + /** * @brief Calculate the log size in bytes by walking the log * @param[in] val TpmLogMgr structure diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C index a934b592c..936217226 100644 --- a/src/usr/secureboot/trusted/trustedboot.C +++ b/src/usr/secureboot/trusted/trustedboot.C @@ -55,6 +55,89 @@ namespace TRUSTEDBOOT extern SystemTpms systemTpms; +void getTPMs( std::list<TpmTarget>& o_info ) +{ + TRACUCOMP(g_trac_trustedboot,ENTER_MRK"getTPMs()"); + + for (size_t idx = 0; idx < MAX_SYSTEM_TPMS; idx ++) + { + if (systemTpms.tpm[idx].available && !systemTpms.tpm[idx].failed) + { + + o_info.push_back(systemTpms.tpm[idx]); + } + } + + TRACUCOMP(g_trac_trustedboot,EXIT_MRK"getTPMs() : Size:%d", o_info.size()); + +} + +errlHndl_t getTpmLogDevtreeInfo(TpmTarget & i_target, + uint64_t & io_logAddr, + size_t & o_allocationSize, + uint64_t & o_xscomAddr, + uint32_t & o_i2cMasterOffset) +{ + errlHndl_t err = NULL; + TRACUCOMP( g_trac_trustedboot, + ENTER_MRK"getTpmLogDevtreeInfo() Chip:%d Addr:%lX %lX", + i_target.chip, io_logAddr + ,(uint64_t)(i_target.logMgr)); + + o_allocationSize = 0; + + if (NULL != i_target.logMgr && + i_target.available) + { + err = TpmLogMgr_getDevtreeInfo(i_target.logMgr, + io_logAddr, + o_allocationSize, + o_xscomAddr, + o_i2cMasterOffset); + } + TRACUCOMP( g_trac_trustedboot, + EXIT_MRK"getTpmLogDevtreeInfo() Addr:%lX",io_logAddr); + return err; +} + +void setTpmDevtreeInfo(TpmTarget & i_target, + uint64_t i_xscomAddr, + uint32_t i_i2cMasterOffset) +{ + TRACUCOMP( g_trac_trustedboot, + ENTER_MRK"setTpmLogDevtreeOffset() Chip:%d " + "Xscom:%lX Master:%X", + i_target.chip, i_xscomAddr, i_i2cMasterOffset); + + if (NULL != i_target.logMgr) + { + TpmLogMgr_setTpmDevtreeInfo(i_target.logMgr, + i_xscomAddr, i_i2cMasterOffset); + } +} + +bool enabled() +{ + bool ret = false; +#ifdef CONFIG_TPMDD + bool foundFunctional = false; + + for (size_t idx = 0; idx < MAX_SYSTEM_TPMS; idx ++) + { + if ((!systemTpms.tpm[idx].failed && + systemTpms.tpm[idx].available) || + !systemTpms.tpm[idx].initAttempted) + { + foundFunctional = true; + break; + } + } + // If we have a functional TPM we are enabled + ret = foundFunctional; +#endif + return ret; +} + void* host_update_master_tpm( void *io_pArgs ) { errlHndl_t err = NULL; @@ -293,7 +376,7 @@ void tpmReplayLog(TRUSTEDBOOT::TpmTarget & io_target) } // Extend to tpm - if (l_eventLog.eventType == EV_ACTION) + if (EV_ACTION == l_eventLog.eventType) { TRACUBIN(g_trac_trustedboot, "tpmReplayLog: Extending event:", &l_eventLog, sizeof(TCG_PCR_EVENT2)); |
