summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorChris Engel <cjengel@us.ibm.com>2017-01-23 14:00:25 -0600
committerWilliam G. Hoffa <wghoffa@us.ibm.com>2017-01-27 16:41:57 -0500
commit5784da25300866c71551f1f0411d469eb3a3c922 (patch)
tree5916d1a64353257d72ac19371581aadad9f96bb3 /src
parent0446c85a500a07e1e81fe49cf91af207b88a753f (diff)
downloadtalos-hostboot-5784da25300866c71551f1f0411d469eb3a3c922.tar.gz
talos-hostboot-5784da25300866c71551f1f0411d469eb3a3c922.zip
Add TPM4 locality support
Change-Id: I9f16fe77ee18f3d8839d0a06f9322ca1b1e47d93 RTC: 134415 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35271 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Diffstat (limited to 'src')
-rw-r--r--src/include/usr/devicefw/userif.H9
-rw-r--r--src/include/usr/i2c/tpmddif.H16
-rw-r--r--src/include/usr/secureboot/trustedbootif.H8
-rw-r--r--src/usr/devtree/bld_devtree.C8
-rwxr-xr-xsrc/usr/i2c/test/tpmddtest.H23
-rwxr-xr-xsrc/usr/i2c/tpmdd.C35
-rwxr-xr-xsrc/usr/secureboot/trusted/test/trustedbootTest.H5
-rw-r--r--src/usr/secureboot/trusted/trustedboot.C28
-rw-r--r--src/usr/secureboot/trusted/trustedbootCmds.C56
-rw-r--r--src/usr/secureboot/trusted/trustedbootCmds.H8
-rw-r--r--src/usr/secureboot/trusted/trustedbootUtils.C8
-rw-r--r--src/usr/secureboot/trusted/trustedbootUtils.H10
12 files changed, 154 insertions, 60 deletions
diff --git a/src/include/usr/devicefw/userif.H b/src/include/usr/devicefw/userif.H
index 50a6aa2e9..5f42ff8f4 100644
--- a/src/include/usr/devicefw/userif.H
+++ b/src/include/usr/devicefw/userif.H
@@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
-/* Contributors Listed Below - COPYRIGHT 2011,2016 */
+/* Contributors Listed Below - COPYRIGHT 2011,2017 */
/* [+] Google Inc. */
/* [+] International Business Machines Corp. */
/* */
@@ -326,11 +326,14 @@ namespace DeviceFW
* tpm_op_types_t in tpmddif.H
* @param[in] i_command_len Command length to write during transmit
* operations
+ * @param[in] i_locality The TPM locality to use. See tpm_locality_t
+ * in tpmddif.H
*/
- #define DEVICE_TPM_ADDRESS( i_tpm_op, i_command_len )\
+ #define DEVICE_TPM_ADDRESS( i_tpm_op, i_command_len, i_locality ) \
DeviceFW::TPM,\
static_cast<uint64_t>(( i_tpm_op )),\
- static_cast<uint64_t>(( i_command_len ))
+ static_cast<uint64_t>(( i_command_len )),\
+ static_cast<uint64_t>(( i_locality ))
/**
* Construct the device addressing parameters for the GPIO port extender ops
diff --git a/src/include/usr/i2c/tpmddif.H b/src/include/usr/i2c/tpmddif.H
index 67602c2be..9691450d6 100644
--- a/src/include/usr/i2c/tpmddif.H
+++ b/src/include/usr/i2c/tpmddif.H
@@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
-/* Contributors Listed Below - COPYRIGHT 2015,2016 */
+/* Contributors Listed Below - COPYRIGHT 2015,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
@@ -50,6 +50,15 @@ enum tpm_addr_size_t
};
/**
+ * @brief TPM Locality to address for operation
+ */
+enum tpm_locality_t
+{
+ TPM_LOCALITY_0 = 0,
+ TPM_LOCALITY_4 = 4,
+};
+
+/**
* @brief Structure of common parameters needed by different parts of
* the code.
*/
@@ -92,11 +101,14 @@ bool tpmPresence ( TARGETING::Target * i_target);
* @param[in/out] io_tpmInfo The structure that will contain the attribute data
* read from the target device. Chip field must be set
*
+ * @param[in] i_locality TPM locality to address
+ *
* @return errlHndl_t NULL if successful, otherwise a pointer to the
* error log.
*/
errlHndl_t tpmReadAttributes ( TARGETING::Target * i_target,
- tpm_info_t & io_tpmInfo );
+ tpm_info_t & io_tpmInfo,
+ tpm_locality_t i_locality);
}; // end namespace TPMDD
diff --git a/src/include/usr/secureboot/trustedbootif.H b/src/include/usr/secureboot/trustedbootif.H
index eaef78a74..3a849aed2 100644
--- a/src/include/usr/secureboot/trustedbootif.H
+++ b/src/include/usr/secureboot/trustedbootif.H
@@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
-/* Contributors Listed Below - COPYRIGHT 2015,2016 */
+/* Contributors Listed Below - COPYRIGHT 2015,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
@@ -80,6 +80,12 @@ namespace TRUSTEDBOOT
PCR_6 = 6,
PCR_7 = 7,
PCR_DEBUG = 16,
+ PCR_DRTM_17 = 17,
+ PCR_DRTM_18 = 18,
+ PCR_DRTM_19 = 19,
+ PCR_DRTM_20 = 20,
+ PCR_DRTM_21 = 21,
+ PCR_DRTM_22 = 22,
PLATFORM_PCR = 24, ///< The number of PCR required by the platform spec
IMPLEMENTATION_PCR = 24, ///< The number of PCRs implemented by TPM
} TPM_Pcr;
diff --git a/src/usr/devtree/bld_devtree.C b/src/usr/devtree/bld_devtree.C
index ca4e2b60f..791e9a79a 100644
--- a/src/usr/devtree/bld_devtree.C
+++ b/src/usr/devtree/bld_devtree.C
@@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
-/* Contributors Listed Below - COPYRIGHT 2013,2016 */
+/* Contributors Listed Below - COPYRIGHT 2013,2017 */
/* [+] Google Inc. */
/* [+] International Business Machines Corp. */
/* */
@@ -486,7 +486,8 @@ void add_i2c_info( const TARGETING::Target* i_targ,
{
// Lookup i2c info for the TPM
- err = TPMDD::tpmReadAttributes(tpm->tpmTarget, tpmInfo);
+ err = TPMDD::tpmReadAttributes(tpm->tpmTarget, tpmInfo,
+ TPMDD::TPM_LOCALITY_0);
if (NULL != err)
{
// Unable to get info we skip this guy
@@ -1302,7 +1303,8 @@ void load_tpmlog(devTree * i_dt, uint64_t& io_address)
// We need to build the devtree path to find this TPM node
// Lookup i2c info for the TPM
- l_errl = TPMDD::tpmReadAttributes(l_tpm->tpmTarget, l_tpmInfo);
+ l_errl = TPMDD::tpmReadAttributes(l_tpm->tpmTarget, l_tpmInfo,
+ TPMDD::TPM_LOCALITY_0);
if (l_errl)
{
errlCommit(l_errl, DEVTREE_COMP_ID);
diff --git a/src/usr/i2c/test/tpmddtest.H b/src/usr/i2c/test/tpmddtest.H
index b2e58eca6..fe1c0f703 100755
--- a/src/usr/i2c/test/tpmddtest.H
+++ b/src/usr/i2c/test/tpmddtest.H
@@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
-/* Contributors Listed Below - COPYRIGHT 2015,2016 */
+/* Contributors Listed Below - COPYRIGHT 2015,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
@@ -76,7 +76,8 @@ class TPMDDTest: public CxxTest::TestSuite
// Let's see if the requested chip is functional
tpm_info_t tpmInfo;
memset(&tpmInfo, 0, sizeof(tpm_info_t));
- errlHndl_t err = tpmReadAttributes (testTarget, tpmInfo);
+ errlHndl_t err = tpmReadAttributes (testTarget, tpmInfo,
+ TPM_LOCALITY_0);
if (NULL != err)
{
@@ -127,7 +128,8 @@ class TPMDDTest: public CxxTest::TestSuite
&data,
dataSize,
DEVICE_TPM_ADDRESS( TPM_OP_READVENDORID,
- 0) );
+ 0,
+ TPM_LOCALITY_0) );
if( NULL != err )
{
@@ -191,7 +193,8 @@ class TPMDDTest: public CxxTest::TestSuite
&data,
dataSize,
DEVICE_TPM_ADDRESS( TPM_OP_LASTOP,
- 0) );
+ 0,
+ TPM_LOCALITY_0) );
if( NULL == err )
{
@@ -216,7 +219,8 @@ class TPMDDTest: public CxxTest::TestSuite
&data,
dataSize,
DEVICE_TPM_ADDRESS( TPM_OP_READVENDORID,
- 0) );
+ 0,
+ TPM_LOCALITY_0) );
if( NULL == err )
{
@@ -273,7 +277,8 @@ class TPMDDTest: public CxxTest::TestSuite
&data,
dataSize,
DEVICE_TPM_ADDRESS( TPM_OP_READVENDORID,
- 0) );
+ 0,
+ TPM_LOCALITY_0) );
if( NULL == err ||
err->reasonCode() != TPM_OVERFLOW_ERROR)
@@ -423,7 +428,8 @@ class TPMDDTest: public CxxTest::TestSuite
&data,
dataSize,
DEVICE_TPM_ADDRESS( TPM_OP_TRANSMIT,
- cmdSize) );
+ cmdSize,
+ TPM_LOCALITY_0) );
TRUSTEDBOOT::TPM2_BaseOut* resp =
reinterpret_cast<TRUSTEDBOOT::TPM2_BaseOut*>(data);
@@ -511,7 +517,8 @@ class TPMDDTest: public CxxTest::TestSuite
&data,
dataSize,
DEVICE_TPM_ADDRESS(TPM_OP_TRANSMIT,
- cmdSize) );
+ cmdSize,
+ TPM_LOCALITY_0) );
if( NULL == err ||
err->reasonCode() != TPM_OVERFLOW_ERROR)
diff --git a/src/usr/i2c/tpmdd.C b/src/usr/i2c/tpmdd.C
index 4581d0265..fe7c42fc2 100755
--- a/src/usr/i2c/tpmdd.C
+++ b/src/usr/i2c/tpmdd.C
@@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
-/* Contributors Listed Below - COPYRIGHT 2011,2016 */
+/* Contributors Listed Below - COPYRIGHT 2011,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
@@ -102,23 +102,28 @@ errlHndl_t tpmPerformOp( DeviceFW::OperationType i_opType,
tpm_info_t tpmInfo;
uint64_t commandSize = 0;
bool unlock = false;
+ tpm_locality_t locality = TPM_LOCALITY_0;
- tpmInfo.operation = ((TPMDD::tpm_op_types_t)va_arg( i_args, uint64_t ));
+ tpmInfo.operation = static_cast<TPMDD::tpm_op_types_t>
+ (va_arg( i_args, uint64_t ));
commandSize = va_arg( i_args, uint64_t );
+ locality = static_cast<TPMDD::tpm_locality_t>(va_arg( i_args, uint64_t ));
TRACDCOMP( g_trac_tpmdd,
ENTER_MRK"tpmPerformOp()" );
TRACUCOMP (g_trac_tpmdd, ENTER_MRK"tpmPerformOp(): "
- "i_opType=%d, operation=%d, buflen=%d, cmdlen=%d",
- (uint64_t) i_opType, tpmInfo.operation, io_buflen,
+ "i_opType=%d, operation=%d, loc=%d, buflen=%d, cmdlen=%d",
+ (uint64_t) i_opType, tpmInfo.operation,
+ locality, io_buflen,
commandSize);
do
{
// Read Attributes needed to complete the operation
err = tpmReadAttributes( i_target,
- tpmInfo );
+ tpmInfo,
+ locality);
if( err )
{
@@ -306,7 +311,8 @@ bool tpmPresence ( TARGETING::Target * i_target)
// Read Attributes needed to complete the operation
err = tpmReadAttributes( i_target,
- tpmInfo );
+ tpmInfo,
+ TPM_LOCALITY_0);
if( err )
{
@@ -1125,7 +1131,8 @@ errlHndl_t tpmPrepareAddress ( void * io_buffer,
// tpmReadAttributes
// ------------------------------------------------------------------
errlHndl_t tpmReadAttributes ( TARGETING::Target * i_target,
- tpm_info_t & io_tpmInfo )
+ tpm_info_t & io_tpmInfo,
+ tpm_locality_t i_locality )
{
errlHndl_t err = NULL;
@@ -1177,8 +1184,18 @@ errlHndl_t tpmReadAttributes ( TARGETING::Target * i_target,
// Successful reading of Attribute, so extract the data
io_tpmInfo.port = tpmData.port;
- io_tpmInfo.devAddr = tpmData.devAddrLocality0;
- /// @TODO RTC: 134415 Need to handle locality4
+ if (TPM_LOCALITY_0 == i_locality)
+ {
+ io_tpmInfo.devAddr = tpmData.devAddrLocality0;
+ }
+ else if (TPM_LOCALITY_4 == i_locality)
+ {
+ io_tpmInfo.devAddr = tpmData.devAddrLocality4;
+ }
+ else
+ {
+ assert(false, "Unsupported locality");
+ }
io_tpmInfo.engine = tpmData.engine;
io_tpmInfo.i2cMasterPath = tpmData.i2cMasterPath;
io_tpmInfo.tpmEnabled = tpmData.tpmEnabled;
diff --git a/src/usr/secureboot/trusted/test/trustedbootTest.H b/src/usr/secureboot/trusted/test/trustedbootTest.H
index 635e695ca..e4cd3e7bd 100755
--- a/src/usr/secureboot/trusted/test/trustedbootTest.H
+++ b/src/usr/secureboot/trusted/test/trustedbootTest.H
@@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
-/* Contributors Listed Below - COPYRIGHT 2015,2016 */
+/* Contributors Listed Below - COPYRIGHT 2015,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
@@ -716,7 +716,8 @@ class TrustedBootTest: public CxxTest::TestSuite
// Let's see if the requested chip is functional
target.role = TPM_PRIMARY;
errlHndl_t err = tpmReadAttributes (target.tpmTarget,
- tpmInfo);
+ tpmInfo,
+ TPM_LOCALITY_0);
if (NULL != err)
{
diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C
index a8d1f8adf..7de63e1d7 100644
--- a/src/usr/secureboot/trusted/trustedboot.C
+++ b/src/usr/secureboot/trusted/trustedboot.C
@@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
-/* Contributors Listed Below - COPYRIGHT 2015,2016 */
+/* Contributors Listed Below - COPYRIGHT 2015,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
@@ -48,6 +48,7 @@
#include <initservice/initserviceif.H>
#include <ipmi/ipmisensor.H>
#include <config.h>
+#include <i2c/tpmddif.H>
#include "trustedboot.H"
#include "trustedTypes.H"
#include "trustedbootCmds.H"
@@ -203,7 +204,8 @@ void* host_update_master_tpm( void *io_pArgs )
{
memset(&tpmData, 0, sizeof(tpmData));
errlHndl_t readErr = tpmReadAttributes(tpmList[tpmNum],
- tpmData);
+ tpmData,
+ TPM_LOCALITY_0);
if (NULL != readErr)
{
// We are just looking for configured TPMs here
@@ -293,7 +295,8 @@ void* host_update_master_tpm( void *io_pArgs )
memset(&tpmInfo, 0, sizeof(tpmInfo));
errlHndl_t tmpErr = TPMDD::tpmReadAttributes(
systemTpms.tpm[TPM_BACKUP_INDEX].tpmTarget,
- tpmInfo);
+ tpmInfo,
+ TPM_LOCALITY_0);
if (NULL != tmpErr || !tpmInfo.tpmEnabled)
{
TRACUCOMP( g_trac_trustedboot,
@@ -372,11 +375,17 @@ void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target)
io_target.initAttempted = true;
io_target.failed = false;
- // TPM_STARTUP
- err = tpmCmdStartup(&io_target);
- if (NULL != err)
+ bool drtm = false;
+ /// @todo #157140 Add ability to check for DRTM
+ // Don't run STARTUP during DRTM
+ if (!drtm)
{
- break;
+ // TPM_STARTUP
+ err = tpmCmdStartup(&io_target);
+ if (NULL != err)
+ {
+ break;
+ }
}
// TPM_GETCAPABILITY to read FW Version
@@ -386,6 +395,11 @@ void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target)
break;
}
+ // For a DRTM we need to reset PCRs 17-22
+ if (drtm)
+ {
+ /// @todo Implement PCR reset
+ }
} while ( 0 );
diff --git a/src/usr/secureboot/trusted/trustedbootCmds.C b/src/usr/secureboot/trusted/trustedbootCmds.C
index f454aca73..9e5875933 100644
--- a/src/usr/secureboot/trusted/trustedbootCmds.C
+++ b/src/usr/secureboot/trusted/trustedbootCmds.C
@@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
-/* Contributors Listed Below - COPYRIGHT 2015,2016 */
+/* Contributors Listed Below - COPYRIGHT 2015,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
@@ -54,7 +54,8 @@ namespace TRUSTEDBOOT
errlHndl_t tpmTransmitCommand(TpmTarget * io_target,
uint8_t* io_buffer,
- size_t i_bufsize )
+ size_t i_bufsize,
+ tpm_locality_t i_locality)
{
errlHndl_t err = TB_SUCCESS;
uint8_t* transmitBuf = NULL;
@@ -87,7 +88,8 @@ errlHndl_t tpmTransmitCommand(TpmTarget * io_target,
err = tpmTransmit(io_target,
transmitBuf,
cmdSize,
- dataSize);
+ dataSize,
+ i_locality);
if (TB_SUCCESS != err)
{
@@ -244,6 +246,7 @@ errlHndl_t tpmMarshalCommandData(TPM2_BaseIn* i_cmd,
* @userdata1 Command Code
* @userdata2 0
* @devdesc Unsupported command code during marshal
+ * @custdesc Failure detected in security subsystem
*/
err = tpmCreateErrorLog(MOD_TPM_MARSHALCMDDATA,
RC_TPM_MARSHAL_INVALID_CMD,
@@ -284,6 +287,7 @@ errlHndl_t tpmMarshalCommandData(TPM2_BaseIn* i_cmd,
* @userdata1 stage
* @userdata2 0
* @devdesc Marshaling error detected
+ * @custdesc Failure detected in security subsystem
*/
err = tpmCreateErrorLog(MOD_TPM_MARSHALCMDDATA,
RC_TPM_MARSHALING_FAIL,
@@ -391,6 +395,7 @@ errlHndl_t tpmUnmarshalResponseData(uint32_t i_commandCode,
* @userdata1 commandcode
* @userdata2 stage
* @devdesc Unsupported command code during unmarshal
+ * @custdesc Failure detected in security subsystem
*/
err = tpmCreateErrorLog(MOD_TPM_UNMARSHALRESPDATA,
RC_TPM_UNMARSHAL_INVALID_CMD,
@@ -415,6 +420,7 @@ errlHndl_t tpmUnmarshalResponseData(uint32_t i_commandCode,
* @userdata1 Stage
* @userdata2 Remaining response buffer size
* @devdesc Unmarshaling error detected
+ * @custdesc Failure detected in security subsystem
*/
err = tpmCreateErrorLog(MOD_TPM_UNMARSHALRESPDATA,
RC_TPM_UNMARSHALING_FAIL,
@@ -462,7 +468,8 @@ errlHndl_t tpmCmdStartup(TpmTarget* io_target)
err = tpmTransmitCommand(io_target,
dataBuf,
- sizeof(dataBuf));
+ sizeof(dataBuf),
+ TPM_LOCALITY_0);
if (TB_SUCCESS != err)
{
@@ -474,7 +481,7 @@ errlHndl_t tpmCmdStartup(TpmTarget* io_target)
else if (TPM_SUCCESS != resp->responseCode)
{
TRACFCOMP( g_trac_trustedboot,
- "TPM STARTUP OP Fail %X : ",
+ "TPM STARTUP OP Fail Ret(0x%X) : ",
resp->responseCode);
/*@
@@ -484,7 +491,8 @@ errlHndl_t tpmCmdStartup(TpmTarget* io_target)
* @moduleid MOD_TPM_CMD_STARTUP
* @userdata1 responseCode
* @userdata2 0
- * @devdesc Invalid operation type.
+ * @devdesc TPM_Startup operation failure.
+ * @custdesc Failure detected in security subsystem
*/
err = tpmCreateErrorLog(MOD_TPM_CMD_STARTUP,
RC_TPM_START_FAIL,
@@ -533,7 +541,8 @@ errlHndl_t tpmCmdGetCapFwVersion(TpmTarget* io_target)
err = tpmTransmitCommand(io_target,
dataBuf,
- sizeof(dataBuf));
+ sizeof(dataBuf),
+ TPM_LOCALITY_0);
if (TB_SUCCESS != err)
{
@@ -546,7 +555,7 @@ errlHndl_t tpmCmdGetCapFwVersion(TpmTarget* io_target)
if (TPM_SUCCESS != resp->base.responseCode)
{
TRACFCOMP( g_trac_trustedboot,
- "TPM GETCAP OP Fail %X Size(%d) ",
+ "TPM GETCAP OP Fail Ret(0x%X) Size(%d) ",
resp->base.responseCode,
(int)dataSize);
@@ -558,6 +567,7 @@ errlHndl_t tpmCmdGetCapFwVersion(TpmTarget* io_target)
* @userdata1 responseCode
* @userdata2 0
* @devdesc Command failure reading TPM FW version.
+ * @custdesc Failure detected in security subsystem
*/
err = tpmCreateErrorLog(MOD_TPM_CMD_GETCAPFWVERSION,
RC_TPM_GETCAP_FAIL,
@@ -591,6 +601,7 @@ errlHndl_t tpmCmdGetCapFwVersion(TpmTarget* io_target)
* @userdata1 capability
* @userdata2 property
* @devdesc Command failure reading TPM FW version.
+ * @custdesc Failure detected in security subsystem
*/
err = tpmCreateErrorLog(MOD_TPM_CMD_GETCAPFWVERSION,
RC_TPM_GETCAP_FW_INVALID_RESP,
@@ -625,7 +636,8 @@ errlHndl_t tpmCmdGetCapFwVersion(TpmTarget* io_target)
err = tpmTransmitCommand(io_target,
dataBuf,
- sizeof(dataBuf));
+ sizeof(dataBuf),
+ TPM_LOCALITY_0);
if (TB_SUCCESS != err)
{
@@ -639,7 +651,7 @@ errlHndl_t tpmCmdGetCapFwVersion(TpmTarget* io_target)
(TPM_SUCCESS != resp->base.responseCode))
{
TRACFCOMP( g_trac_trustedboot,
- "TPM GETCAP2 OP Fail %X Size(%d) ",
+ "TPM GETCAP2 OP Fail Ret(0x%X) Size(%d) ",
resp->base.responseCode,
(int)dataSize);
@@ -651,6 +663,7 @@ errlHndl_t tpmCmdGetCapFwVersion(TpmTarget* io_target)
* @userdata1 responseCode
* @userdata2 0
* @devdesc Command failure reading TPM FW version.
+ * @custdesc Failure detected in security subsystem
*/
err = tpmCreateErrorLog(MOD_TPM_CMD_GETCAPFWVERSION,
RC_TPM_GETCAP2_FAIL,
@@ -684,6 +697,7 @@ errlHndl_t tpmCmdGetCapFwVersion(TpmTarget* io_target)
* @userdata1 capability
* @userdata2 property
* @devdesc Command failure reading TPM FW version.
+ * @custdesc Failure detected in security subsystem
*/
err = tpmCreateErrorLog(MOD_TPM_CMD_GETCAPFWVERSION,
RC_TPM_GETCAP2_FW_INVALID_RESP,
@@ -797,7 +811,8 @@ errlHndl_t tpmCmdPcrExtend2Hash(TpmTarget * io_target,
* @userdata2[0:15] Full Digest Size 1
* @userdata2[16:31] Full Digest Size 2
* @userdata2[32:63] PCR
- * @devdesc Unmarshaling error detected
+ * @devdesc PCR Extend invalid arguments detected
+ * @custdesc Failure detected in security subsystem
*/
err = tpmCreateErrorLog(MOD_TPM_CMD_PCREXTEND,
RC_TPM_INVALID_ARGS,
@@ -831,7 +846,8 @@ errlHndl_t tpmCmdPcrExtend2Hash(TpmTarget * io_target,
err = tpmTransmitCommand(io_target,
dataBuf,
- sizeof(dataBuf));
+ sizeof(dataBuf),
+ TPM_LOCALITY_0);
if (TB_SUCCESS != err)
{
@@ -844,7 +860,7 @@ errlHndl_t tpmCmdPcrExtend2Hash(TpmTarget * io_target,
|| (TPM_SUCCESS != resp->responseCode))
{
TRACFCOMP( g_trac_trustedboot,
- "TPM PCRExtend OP Fail Ret(%X) ExSize(%d) Size(%d) ",
+ "TPM PCRExtend OP Fail Ret(0x%X) ExSize(%d) Size(%d) ",
resp->responseCode,
(int)sizeof(TPM2_BaseOut),
(int)dataSize);
@@ -856,7 +872,8 @@ errlHndl_t tpmCmdPcrExtend2Hash(TpmTarget * io_target,
* @moduleid MOD_TPM_CMD_PCREXTEND
* @userdata1 responseCode
* @userdata2 dataSize
- * @devdesc Command failure reading TPM FW version.
+ * @devdesc Command failure performing PCR extend.
+ * @custdesc Failure detected in security subsystem
*/
err = tpmCreateErrorLog(MOD_TPM_CMD_PCREXTEND,
RC_TPM_COMMAND_FAIL,
@@ -921,7 +938,8 @@ errlHndl_t tpmCmdPcrRead(TpmTarget* io_target,
* @userdata1 Digest Ptr
* @userdata2[0:31] Full Digest Size
* @userdata2[32:63] PCR
- * @devdesc Unmarshaling error detected
+ * @devdesc pcr read invalid arguments
+ * @custdesc Failure detected in security subsystem
*/
err = tpmCreateErrorLog(MOD_TPM_CMD_PCRREAD,
RC_TPM_INVALID_ARGS,
@@ -944,7 +962,8 @@ errlHndl_t tpmCmdPcrRead(TpmTarget* io_target,
err = tpmTransmitCommand(io_target,
dataBuf,
- sizeof(dataBuf));
+ sizeof(dataBuf),
+ TPM_LOCALITY_0);
if (TB_SUCCESS != err)
{
@@ -959,7 +978,7 @@ errlHndl_t tpmCmdPcrRead(TpmTarget* io_target,
(resp->pcrValues.digests[0].size != fullDigestSize))
{
TRACFCOMP( g_trac_trustedboot,
- "TPM PCRRead OP Fail Ret(%X) ExSize(%d) "
+ "TPM PCRRead OP Fail Ret(0x%X) ExSize(%d) "
"Size(%d) Cnt(%d) DSize(%d)",
resp->base.responseCode,
(int)sizeof(TPM2_BaseOut),
@@ -974,7 +993,8 @@ errlHndl_t tpmCmdPcrRead(TpmTarget* io_target,
* @moduleid MOD_TPM_CMD_PCRREAD
* @userdata1 responseCode
* @userdata2 dataSize
- * @devdesc Command failure reading TPM FW version.
+ * @devdesc Command failure performing PCR read.
+ * @custdesc Failure detected in security subsystem
*/
err = tpmCreateErrorLog(MOD_TPM_CMD_PCRREAD,
RC_TPM_COMMAND_FAIL,
diff --git a/src/usr/secureboot/trusted/trustedbootCmds.H b/src/usr/secureboot/trusted/trustedbootCmds.H
index 1f03eeb0e..b1c1ef0dd 100644
--- a/src/usr/secureboot/trusted/trustedbootCmds.H
+++ b/src/usr/secureboot/trusted/trustedbootCmds.H
@@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
-/* Contributors Listed Below - COPYRIGHT 2015,2016 */
+/* Contributors Listed Below - COPYRIGHT 2015,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
@@ -39,6 +39,8 @@
// -----------------------------------------------
#ifdef __HOSTBOOT_MODULE
#include <secureboot/trustedbootif.H>
+#include <i2c/tpmddif.H>
+using namespace TPMDD;
#endif
#include "trustedboot.H"
#include "trustedTypes.H"
@@ -59,12 +61,14 @@ enum
* @param[in/out] io_target Current TPM target structure
* @param[in/out] io_buffer Input the command buffer to send, response on exit
* @param[in] i_bufsize Size of io_buffer in bytes
+ * @param[in] i_locality TPM locality to use
* @return errlHndl_t NULL if successful, otherwise a pointer to the
* error log.
*/
errlHndl_t tpmTransmitCommand(TpmTarget* io_target,
uint8_t* io_buffer,
- size_t i_bufsize );
+ size_t i_bufsize,
+ tpm_locality_t i_locality);
/**
* @brief Take structure pointed to by cmd and format for input into TPM
diff --git a/src/usr/secureboot/trusted/trustedbootUtils.C b/src/usr/secureboot/trusted/trustedbootUtils.C
index 90915030d..0e29468ac 100644
--- a/src/usr/secureboot/trusted/trustedbootUtils.C
+++ b/src/usr/secureboot/trusted/trustedbootUtils.C
@@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
-/* Contributors Listed Below - COPYRIGHT 2015,2016 */
+/* Contributors Listed Below - COPYRIGHT 2015,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
@@ -56,7 +56,8 @@ namespace TRUSTEDBOOT
errlHndl_t tpmTransmit(TpmTarget * io_target,
uint8_t* io_buffer,
size_t i_cmdSize,
- size_t i_bufsize )
+ size_t i_bufsize,
+ tpm_locality_t i_locality)
{
errlHndl_t err = NULL;
@@ -67,7 +68,8 @@ errlHndl_t tpmTransmit(TpmTarget * io_target,
io_buffer,
i_bufsize,
DEVICE_TPM_ADDRESS(TPMDD::TPM_OP_TRANSMIT,
- i_cmdSize));
+ i_cmdSize,
+ i_locality));
if (NULL != err)
{
break;
diff --git a/src/usr/secureboot/trusted/trustedbootUtils.H b/src/usr/secureboot/trusted/trustedbootUtils.H
index 73bc38743..78ae7e053 100644
--- a/src/usr/secureboot/trusted/trustedbootUtils.H
+++ b/src/usr/secureboot/trusted/trustedbootUtils.H
@@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
-/* Contributors Listed Below - COPYRIGHT 2015,2016 */
+/* Contributors Listed Below - COPYRIGHT 2015,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
@@ -39,6 +39,10 @@
// -----------------------------------------------
// Includes
// -----------------------------------------------
+#ifdef __HOSTBOOT_MODULE
+#include <i2c/tpmddif.H>
+using namespace TPMDD;
+#endif
#include "trustedTypes.H"
#ifdef __cplusplus
@@ -52,13 +56,15 @@ namespace TRUSTEDBOOT
* @param[in/out] io_buffer Input the command buffer to send, response on exit
* @param[in] i_cmdSize Size of provided command in bytes
* @param[in] i_bufsize Size of io_buffer in bytes
+ * @param[in] i_locality TPM locality to use
* @return errlHndl_t NULL if successful, otherwise a pointer to the
* error log.
*/
errlHndl_t tpmTransmit(TpmTarget * io_target,
uint8_t* io_buffer,
size_t i_cmdSize,
- size_t i_bufsize );
+ size_t i_bufsize,
+ tpm_locality_t i_locality);
/**
* @brief Create an error log entry for potential logging
OpenPOWER on IntegriCloud