diff options
author | Chris Engel <cjengel@us.ibm.com> | 2017-01-23 14:00:25 -0600 |
---|---|---|
committer | William G. Hoffa <wghoffa@us.ibm.com> | 2017-01-27 16:41:57 -0500 |
commit | 5784da25300866c71551f1f0411d469eb3a3c922 (patch) | |
tree | 5916d1a64353257d72ac19371581aadad9f96bb3 /src | |
parent | 0446c85a500a07e1e81fe49cf91af207b88a753f (diff) | |
download | talos-hostboot-5784da25300866c71551f1f0411d469eb3a3c922.tar.gz talos-hostboot-5784da25300866c71551f1f0411d469eb3a3c922.zip |
Add TPM4 locality support
Change-Id: I9f16fe77ee18f3d8839d0a06f9322ca1b1e47d93
RTC: 134415
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35271
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Timothy R. Block <block@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/include/usr/devicefw/userif.H | 9 | ||||
-rw-r--r-- | src/include/usr/i2c/tpmddif.H | 16 | ||||
-rw-r--r-- | src/include/usr/secureboot/trustedbootif.H | 8 | ||||
-rw-r--r-- | src/usr/devtree/bld_devtree.C | 8 | ||||
-rwxr-xr-x | src/usr/i2c/test/tpmddtest.H | 23 | ||||
-rwxr-xr-x | src/usr/i2c/tpmdd.C | 35 | ||||
-rwxr-xr-x | src/usr/secureboot/trusted/test/trustedbootTest.H | 5 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/trustedboot.C | 28 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/trustedbootCmds.C | 56 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/trustedbootCmds.H | 8 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/trustedbootUtils.C | 8 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/trustedbootUtils.H | 10 |
12 files changed, 154 insertions, 60 deletions
diff --git a/src/include/usr/devicefw/userif.H b/src/include/usr/devicefw/userif.H index 50a6aa2e9..5f42ff8f4 100644 --- a/src/include/usr/devicefw/userif.H +++ b/src/include/usr/devicefw/userif.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2011,2016 */ +/* Contributors Listed Below - COPYRIGHT 2011,2017 */ /* [+] Google Inc. */ /* [+] International Business Machines Corp. */ /* */ @@ -326,11 +326,14 @@ namespace DeviceFW * tpm_op_types_t in tpmddif.H * @param[in] i_command_len Command length to write during transmit * operations + * @param[in] i_locality The TPM locality to use. See tpm_locality_t + * in tpmddif.H */ - #define DEVICE_TPM_ADDRESS( i_tpm_op, i_command_len )\ + #define DEVICE_TPM_ADDRESS( i_tpm_op, i_command_len, i_locality ) \ DeviceFW::TPM,\ static_cast<uint64_t>(( i_tpm_op )),\ - static_cast<uint64_t>(( i_command_len )) + static_cast<uint64_t>(( i_command_len )),\ + static_cast<uint64_t>(( i_locality )) /** * Construct the device addressing parameters for the GPIO port extender ops diff --git a/src/include/usr/i2c/tpmddif.H b/src/include/usr/i2c/tpmddif.H index 67602c2be..9691450d6 100644 --- a/src/include/usr/i2c/tpmddif.H +++ b/src/include/usr/i2c/tpmddif.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ +/* Contributors Listed Below - COPYRIGHT 2015,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -50,6 +50,15 @@ enum tpm_addr_size_t }; /** + * @brief TPM Locality to address for operation + */ +enum tpm_locality_t +{ + TPM_LOCALITY_0 = 0, + TPM_LOCALITY_4 = 4, +}; + +/** * @brief Structure of common parameters needed by different parts of * the code. */ @@ -92,11 +101,14 @@ bool tpmPresence ( TARGETING::Target * i_target); * @param[in/out] io_tpmInfo The structure that will contain the attribute data * read from the target device. Chip field must be set * + * @param[in] i_locality TPM locality to address + * * @return errlHndl_t NULL if successful, otherwise a pointer to the * error log. */ errlHndl_t tpmReadAttributes ( TARGETING::Target * i_target, - tpm_info_t & io_tpmInfo ); + tpm_info_t & io_tpmInfo, + tpm_locality_t i_locality); }; // end namespace TPMDD diff --git a/src/include/usr/secureboot/trustedbootif.H b/src/include/usr/secureboot/trustedbootif.H index eaef78a74..3a849aed2 100644 --- a/src/include/usr/secureboot/trustedbootif.H +++ b/src/include/usr/secureboot/trustedbootif.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ +/* Contributors Listed Below - COPYRIGHT 2015,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -80,6 +80,12 @@ namespace TRUSTEDBOOT PCR_6 = 6, PCR_7 = 7, PCR_DEBUG = 16, + PCR_DRTM_17 = 17, + PCR_DRTM_18 = 18, + PCR_DRTM_19 = 19, + PCR_DRTM_20 = 20, + PCR_DRTM_21 = 21, + PCR_DRTM_22 = 22, PLATFORM_PCR = 24, ///< The number of PCR required by the platform spec IMPLEMENTATION_PCR = 24, ///< The number of PCRs implemented by TPM } TPM_Pcr; diff --git a/src/usr/devtree/bld_devtree.C b/src/usr/devtree/bld_devtree.C index ca4e2b60f..791e9a79a 100644 --- a/src/usr/devtree/bld_devtree.C +++ b/src/usr/devtree/bld_devtree.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2013,2016 */ +/* Contributors Listed Below - COPYRIGHT 2013,2017 */ /* [+] Google Inc. */ /* [+] International Business Machines Corp. */ /* */ @@ -486,7 +486,8 @@ void add_i2c_info( const TARGETING::Target* i_targ, { // Lookup i2c info for the TPM - err = TPMDD::tpmReadAttributes(tpm->tpmTarget, tpmInfo); + err = TPMDD::tpmReadAttributes(tpm->tpmTarget, tpmInfo, + TPMDD::TPM_LOCALITY_0); if (NULL != err) { // Unable to get info we skip this guy @@ -1302,7 +1303,8 @@ void load_tpmlog(devTree * i_dt, uint64_t& io_address) // We need to build the devtree path to find this TPM node // Lookup i2c info for the TPM - l_errl = TPMDD::tpmReadAttributes(l_tpm->tpmTarget, l_tpmInfo); + l_errl = TPMDD::tpmReadAttributes(l_tpm->tpmTarget, l_tpmInfo, + TPMDD::TPM_LOCALITY_0); if (l_errl) { errlCommit(l_errl, DEVTREE_COMP_ID); diff --git a/src/usr/i2c/test/tpmddtest.H b/src/usr/i2c/test/tpmddtest.H index b2e58eca6..fe1c0f703 100755 --- a/src/usr/i2c/test/tpmddtest.H +++ b/src/usr/i2c/test/tpmddtest.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ +/* Contributors Listed Below - COPYRIGHT 2015,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -76,7 +76,8 @@ class TPMDDTest: public CxxTest::TestSuite // Let's see if the requested chip is functional tpm_info_t tpmInfo; memset(&tpmInfo, 0, sizeof(tpm_info_t)); - errlHndl_t err = tpmReadAttributes (testTarget, tpmInfo); + errlHndl_t err = tpmReadAttributes (testTarget, tpmInfo, + TPM_LOCALITY_0); if (NULL != err) { @@ -127,7 +128,8 @@ class TPMDDTest: public CxxTest::TestSuite &data, dataSize, DEVICE_TPM_ADDRESS( TPM_OP_READVENDORID, - 0) ); + 0, + TPM_LOCALITY_0) ); if( NULL != err ) { @@ -191,7 +193,8 @@ class TPMDDTest: public CxxTest::TestSuite &data, dataSize, DEVICE_TPM_ADDRESS( TPM_OP_LASTOP, - 0) ); + 0, + TPM_LOCALITY_0) ); if( NULL == err ) { @@ -216,7 +219,8 @@ class TPMDDTest: public CxxTest::TestSuite &data, dataSize, DEVICE_TPM_ADDRESS( TPM_OP_READVENDORID, - 0) ); + 0, + TPM_LOCALITY_0) ); if( NULL == err ) { @@ -273,7 +277,8 @@ class TPMDDTest: public CxxTest::TestSuite &data, dataSize, DEVICE_TPM_ADDRESS( TPM_OP_READVENDORID, - 0) ); + 0, + TPM_LOCALITY_0) ); if( NULL == err || err->reasonCode() != TPM_OVERFLOW_ERROR) @@ -423,7 +428,8 @@ class TPMDDTest: public CxxTest::TestSuite &data, dataSize, DEVICE_TPM_ADDRESS( TPM_OP_TRANSMIT, - cmdSize) ); + cmdSize, + TPM_LOCALITY_0) ); TRUSTEDBOOT::TPM2_BaseOut* resp = reinterpret_cast<TRUSTEDBOOT::TPM2_BaseOut*>(data); @@ -511,7 +517,8 @@ class TPMDDTest: public CxxTest::TestSuite &data, dataSize, DEVICE_TPM_ADDRESS(TPM_OP_TRANSMIT, - cmdSize) ); + cmdSize, + TPM_LOCALITY_0) ); if( NULL == err || err->reasonCode() != TPM_OVERFLOW_ERROR) diff --git a/src/usr/i2c/tpmdd.C b/src/usr/i2c/tpmdd.C index 4581d0265..fe7c42fc2 100755 --- a/src/usr/i2c/tpmdd.C +++ b/src/usr/i2c/tpmdd.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2011,2016 */ +/* Contributors Listed Below - COPYRIGHT 2011,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -102,23 +102,28 @@ errlHndl_t tpmPerformOp( DeviceFW::OperationType i_opType, tpm_info_t tpmInfo; uint64_t commandSize = 0; bool unlock = false; + tpm_locality_t locality = TPM_LOCALITY_0; - tpmInfo.operation = ((TPMDD::tpm_op_types_t)va_arg( i_args, uint64_t )); + tpmInfo.operation = static_cast<TPMDD::tpm_op_types_t> + (va_arg( i_args, uint64_t )); commandSize = va_arg( i_args, uint64_t ); + locality = static_cast<TPMDD::tpm_locality_t>(va_arg( i_args, uint64_t )); TRACDCOMP( g_trac_tpmdd, ENTER_MRK"tpmPerformOp()" ); TRACUCOMP (g_trac_tpmdd, ENTER_MRK"tpmPerformOp(): " - "i_opType=%d, operation=%d, buflen=%d, cmdlen=%d", - (uint64_t) i_opType, tpmInfo.operation, io_buflen, + "i_opType=%d, operation=%d, loc=%d, buflen=%d, cmdlen=%d", + (uint64_t) i_opType, tpmInfo.operation, + locality, io_buflen, commandSize); do { // Read Attributes needed to complete the operation err = tpmReadAttributes( i_target, - tpmInfo ); + tpmInfo, + locality); if( err ) { @@ -306,7 +311,8 @@ bool tpmPresence ( TARGETING::Target * i_target) // Read Attributes needed to complete the operation err = tpmReadAttributes( i_target, - tpmInfo ); + tpmInfo, + TPM_LOCALITY_0); if( err ) { @@ -1125,7 +1131,8 @@ errlHndl_t tpmPrepareAddress ( void * io_buffer, // tpmReadAttributes // ------------------------------------------------------------------ errlHndl_t tpmReadAttributes ( TARGETING::Target * i_target, - tpm_info_t & io_tpmInfo ) + tpm_info_t & io_tpmInfo, + tpm_locality_t i_locality ) { errlHndl_t err = NULL; @@ -1177,8 +1184,18 @@ errlHndl_t tpmReadAttributes ( TARGETING::Target * i_target, // Successful reading of Attribute, so extract the data io_tpmInfo.port = tpmData.port; - io_tpmInfo.devAddr = tpmData.devAddrLocality0; - /// @TODO RTC: 134415 Need to handle locality4 + if (TPM_LOCALITY_0 == i_locality) + { + io_tpmInfo.devAddr = tpmData.devAddrLocality0; + } + else if (TPM_LOCALITY_4 == i_locality) + { + io_tpmInfo.devAddr = tpmData.devAddrLocality4; + } + else + { + assert(false, "Unsupported locality"); + } io_tpmInfo.engine = tpmData.engine; io_tpmInfo.i2cMasterPath = tpmData.i2cMasterPath; io_tpmInfo.tpmEnabled = tpmData.tpmEnabled; diff --git a/src/usr/secureboot/trusted/test/trustedbootTest.H b/src/usr/secureboot/trusted/test/trustedbootTest.H index 635e695ca..e4cd3e7bd 100755 --- a/src/usr/secureboot/trusted/test/trustedbootTest.H +++ b/src/usr/secureboot/trusted/test/trustedbootTest.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ +/* Contributors Listed Below - COPYRIGHT 2015,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -716,7 +716,8 @@ class TrustedBootTest: public CxxTest::TestSuite // Let's see if the requested chip is functional target.role = TPM_PRIMARY; errlHndl_t err = tpmReadAttributes (target.tpmTarget, - tpmInfo); + tpmInfo, + TPM_LOCALITY_0); if (NULL != err) { diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C index a8d1f8adf..7de63e1d7 100644 --- a/src/usr/secureboot/trusted/trustedboot.C +++ b/src/usr/secureboot/trusted/trustedboot.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ +/* Contributors Listed Below - COPYRIGHT 2015,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -48,6 +48,7 @@ #include <initservice/initserviceif.H> #include <ipmi/ipmisensor.H> #include <config.h> +#include <i2c/tpmddif.H> #include "trustedboot.H" #include "trustedTypes.H" #include "trustedbootCmds.H" @@ -203,7 +204,8 @@ void* host_update_master_tpm( void *io_pArgs ) { memset(&tpmData, 0, sizeof(tpmData)); errlHndl_t readErr = tpmReadAttributes(tpmList[tpmNum], - tpmData); + tpmData, + TPM_LOCALITY_0); if (NULL != readErr) { // We are just looking for configured TPMs here @@ -293,7 +295,8 @@ void* host_update_master_tpm( void *io_pArgs ) memset(&tpmInfo, 0, sizeof(tpmInfo)); errlHndl_t tmpErr = TPMDD::tpmReadAttributes( systemTpms.tpm[TPM_BACKUP_INDEX].tpmTarget, - tpmInfo); + tpmInfo, + TPM_LOCALITY_0); if (NULL != tmpErr || !tpmInfo.tpmEnabled) { TRACUCOMP( g_trac_trustedboot, @@ -372,11 +375,17 @@ void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target) io_target.initAttempted = true; io_target.failed = false; - // TPM_STARTUP - err = tpmCmdStartup(&io_target); - if (NULL != err) + bool drtm = false; + /// @todo #157140 Add ability to check for DRTM + // Don't run STARTUP during DRTM + if (!drtm) { - break; + // TPM_STARTUP + err = tpmCmdStartup(&io_target); + if (NULL != err) + { + break; + } } // TPM_GETCAPABILITY to read FW Version @@ -386,6 +395,11 @@ void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target) break; } + // For a DRTM we need to reset PCRs 17-22 + if (drtm) + { + /// @todo Implement PCR reset + } } while ( 0 ); diff --git a/src/usr/secureboot/trusted/trustedbootCmds.C b/src/usr/secureboot/trusted/trustedbootCmds.C index f454aca73..9e5875933 100644 --- a/src/usr/secureboot/trusted/trustedbootCmds.C +++ b/src/usr/secureboot/trusted/trustedbootCmds.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ +/* Contributors Listed Below - COPYRIGHT 2015,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -54,7 +54,8 @@ namespace TRUSTEDBOOT errlHndl_t tpmTransmitCommand(TpmTarget * io_target, uint8_t* io_buffer, - size_t i_bufsize ) + size_t i_bufsize, + tpm_locality_t i_locality) { errlHndl_t err = TB_SUCCESS; uint8_t* transmitBuf = NULL; @@ -87,7 +88,8 @@ errlHndl_t tpmTransmitCommand(TpmTarget * io_target, err = tpmTransmit(io_target, transmitBuf, cmdSize, - dataSize); + dataSize, + i_locality); if (TB_SUCCESS != err) { @@ -244,6 +246,7 @@ errlHndl_t tpmMarshalCommandData(TPM2_BaseIn* i_cmd, * @userdata1 Command Code * @userdata2 0 * @devdesc Unsupported command code during marshal + * @custdesc Failure detected in security subsystem */ err = tpmCreateErrorLog(MOD_TPM_MARSHALCMDDATA, RC_TPM_MARSHAL_INVALID_CMD, @@ -284,6 +287,7 @@ errlHndl_t tpmMarshalCommandData(TPM2_BaseIn* i_cmd, * @userdata1 stage * @userdata2 0 * @devdesc Marshaling error detected + * @custdesc Failure detected in security subsystem */ err = tpmCreateErrorLog(MOD_TPM_MARSHALCMDDATA, RC_TPM_MARSHALING_FAIL, @@ -391,6 +395,7 @@ errlHndl_t tpmUnmarshalResponseData(uint32_t i_commandCode, * @userdata1 commandcode * @userdata2 stage * @devdesc Unsupported command code during unmarshal + * @custdesc Failure detected in security subsystem */ err = tpmCreateErrorLog(MOD_TPM_UNMARSHALRESPDATA, RC_TPM_UNMARSHAL_INVALID_CMD, @@ -415,6 +420,7 @@ errlHndl_t tpmUnmarshalResponseData(uint32_t i_commandCode, * @userdata1 Stage * @userdata2 Remaining response buffer size * @devdesc Unmarshaling error detected + * @custdesc Failure detected in security subsystem */ err = tpmCreateErrorLog(MOD_TPM_UNMARSHALRESPDATA, RC_TPM_UNMARSHALING_FAIL, @@ -462,7 +468,8 @@ errlHndl_t tpmCmdStartup(TpmTarget* io_target) err = tpmTransmitCommand(io_target, dataBuf, - sizeof(dataBuf)); + sizeof(dataBuf), + TPM_LOCALITY_0); if (TB_SUCCESS != err) { @@ -474,7 +481,7 @@ errlHndl_t tpmCmdStartup(TpmTarget* io_target) else if (TPM_SUCCESS != resp->responseCode) { TRACFCOMP( g_trac_trustedboot, - "TPM STARTUP OP Fail %X : ", + "TPM STARTUP OP Fail Ret(0x%X) : ", resp->responseCode); /*@ @@ -484,7 +491,8 @@ errlHndl_t tpmCmdStartup(TpmTarget* io_target) * @moduleid MOD_TPM_CMD_STARTUP * @userdata1 responseCode * @userdata2 0 - * @devdesc Invalid operation type. + * @devdesc TPM_Startup operation failure. + * @custdesc Failure detected in security subsystem */ err = tpmCreateErrorLog(MOD_TPM_CMD_STARTUP, RC_TPM_START_FAIL, @@ -533,7 +541,8 @@ errlHndl_t tpmCmdGetCapFwVersion(TpmTarget* io_target) err = tpmTransmitCommand(io_target, dataBuf, - sizeof(dataBuf)); + sizeof(dataBuf), + TPM_LOCALITY_0); if (TB_SUCCESS != err) { @@ -546,7 +555,7 @@ errlHndl_t tpmCmdGetCapFwVersion(TpmTarget* io_target) if (TPM_SUCCESS != resp->base.responseCode) { TRACFCOMP( g_trac_trustedboot, - "TPM GETCAP OP Fail %X Size(%d) ", + "TPM GETCAP OP Fail Ret(0x%X) Size(%d) ", resp->base.responseCode, (int)dataSize); @@ -558,6 +567,7 @@ errlHndl_t tpmCmdGetCapFwVersion(TpmTarget* io_target) * @userdata1 responseCode * @userdata2 0 * @devdesc Command failure reading TPM FW version. + * @custdesc Failure detected in security subsystem */ err = tpmCreateErrorLog(MOD_TPM_CMD_GETCAPFWVERSION, RC_TPM_GETCAP_FAIL, @@ -591,6 +601,7 @@ errlHndl_t tpmCmdGetCapFwVersion(TpmTarget* io_target) * @userdata1 capability * @userdata2 property * @devdesc Command failure reading TPM FW version. + * @custdesc Failure detected in security subsystem */ err = tpmCreateErrorLog(MOD_TPM_CMD_GETCAPFWVERSION, RC_TPM_GETCAP_FW_INVALID_RESP, @@ -625,7 +636,8 @@ errlHndl_t tpmCmdGetCapFwVersion(TpmTarget* io_target) err = tpmTransmitCommand(io_target, dataBuf, - sizeof(dataBuf)); + sizeof(dataBuf), + TPM_LOCALITY_0); if (TB_SUCCESS != err) { @@ -639,7 +651,7 @@ errlHndl_t tpmCmdGetCapFwVersion(TpmTarget* io_target) (TPM_SUCCESS != resp->base.responseCode)) { TRACFCOMP( g_trac_trustedboot, - "TPM GETCAP2 OP Fail %X Size(%d) ", + "TPM GETCAP2 OP Fail Ret(0x%X) Size(%d) ", resp->base.responseCode, (int)dataSize); @@ -651,6 +663,7 @@ errlHndl_t tpmCmdGetCapFwVersion(TpmTarget* io_target) * @userdata1 responseCode * @userdata2 0 * @devdesc Command failure reading TPM FW version. + * @custdesc Failure detected in security subsystem */ err = tpmCreateErrorLog(MOD_TPM_CMD_GETCAPFWVERSION, RC_TPM_GETCAP2_FAIL, @@ -684,6 +697,7 @@ errlHndl_t tpmCmdGetCapFwVersion(TpmTarget* io_target) * @userdata1 capability * @userdata2 property * @devdesc Command failure reading TPM FW version. + * @custdesc Failure detected in security subsystem */ err = tpmCreateErrorLog(MOD_TPM_CMD_GETCAPFWVERSION, RC_TPM_GETCAP2_FW_INVALID_RESP, @@ -797,7 +811,8 @@ errlHndl_t tpmCmdPcrExtend2Hash(TpmTarget * io_target, * @userdata2[0:15] Full Digest Size 1 * @userdata2[16:31] Full Digest Size 2 * @userdata2[32:63] PCR - * @devdesc Unmarshaling error detected + * @devdesc PCR Extend invalid arguments detected + * @custdesc Failure detected in security subsystem */ err = tpmCreateErrorLog(MOD_TPM_CMD_PCREXTEND, RC_TPM_INVALID_ARGS, @@ -831,7 +846,8 @@ errlHndl_t tpmCmdPcrExtend2Hash(TpmTarget * io_target, err = tpmTransmitCommand(io_target, dataBuf, - sizeof(dataBuf)); + sizeof(dataBuf), + TPM_LOCALITY_0); if (TB_SUCCESS != err) { @@ -844,7 +860,7 @@ errlHndl_t tpmCmdPcrExtend2Hash(TpmTarget * io_target, || (TPM_SUCCESS != resp->responseCode)) { TRACFCOMP( g_trac_trustedboot, - "TPM PCRExtend OP Fail Ret(%X) ExSize(%d) Size(%d) ", + "TPM PCRExtend OP Fail Ret(0x%X) ExSize(%d) Size(%d) ", resp->responseCode, (int)sizeof(TPM2_BaseOut), (int)dataSize); @@ -856,7 +872,8 @@ errlHndl_t tpmCmdPcrExtend2Hash(TpmTarget * io_target, * @moduleid MOD_TPM_CMD_PCREXTEND * @userdata1 responseCode * @userdata2 dataSize - * @devdesc Command failure reading TPM FW version. + * @devdesc Command failure performing PCR extend. + * @custdesc Failure detected in security subsystem */ err = tpmCreateErrorLog(MOD_TPM_CMD_PCREXTEND, RC_TPM_COMMAND_FAIL, @@ -921,7 +938,8 @@ errlHndl_t tpmCmdPcrRead(TpmTarget* io_target, * @userdata1 Digest Ptr * @userdata2[0:31] Full Digest Size * @userdata2[32:63] PCR - * @devdesc Unmarshaling error detected + * @devdesc pcr read invalid arguments + * @custdesc Failure detected in security subsystem */ err = tpmCreateErrorLog(MOD_TPM_CMD_PCRREAD, RC_TPM_INVALID_ARGS, @@ -944,7 +962,8 @@ errlHndl_t tpmCmdPcrRead(TpmTarget* io_target, err = tpmTransmitCommand(io_target, dataBuf, - sizeof(dataBuf)); + sizeof(dataBuf), + TPM_LOCALITY_0); if (TB_SUCCESS != err) { @@ -959,7 +978,7 @@ errlHndl_t tpmCmdPcrRead(TpmTarget* io_target, (resp->pcrValues.digests[0].size != fullDigestSize)) { TRACFCOMP( g_trac_trustedboot, - "TPM PCRRead OP Fail Ret(%X) ExSize(%d) " + "TPM PCRRead OP Fail Ret(0x%X) ExSize(%d) " "Size(%d) Cnt(%d) DSize(%d)", resp->base.responseCode, (int)sizeof(TPM2_BaseOut), @@ -974,7 +993,8 @@ errlHndl_t tpmCmdPcrRead(TpmTarget* io_target, * @moduleid MOD_TPM_CMD_PCRREAD * @userdata1 responseCode * @userdata2 dataSize - * @devdesc Command failure reading TPM FW version. + * @devdesc Command failure performing PCR read. + * @custdesc Failure detected in security subsystem */ err = tpmCreateErrorLog(MOD_TPM_CMD_PCRREAD, RC_TPM_COMMAND_FAIL, diff --git a/src/usr/secureboot/trusted/trustedbootCmds.H b/src/usr/secureboot/trusted/trustedbootCmds.H index 1f03eeb0e..b1c1ef0dd 100644 --- a/src/usr/secureboot/trusted/trustedbootCmds.H +++ b/src/usr/secureboot/trusted/trustedbootCmds.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ +/* Contributors Listed Below - COPYRIGHT 2015,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -39,6 +39,8 @@ // ----------------------------------------------- #ifdef __HOSTBOOT_MODULE #include <secureboot/trustedbootif.H> +#include <i2c/tpmddif.H> +using namespace TPMDD; #endif #include "trustedboot.H" #include "trustedTypes.H" @@ -59,12 +61,14 @@ enum * @param[in/out] io_target Current TPM target structure * @param[in/out] io_buffer Input the command buffer to send, response on exit * @param[in] i_bufsize Size of io_buffer in bytes + * @param[in] i_locality TPM locality to use * @return errlHndl_t NULL if successful, otherwise a pointer to the * error log. */ errlHndl_t tpmTransmitCommand(TpmTarget* io_target, uint8_t* io_buffer, - size_t i_bufsize ); + size_t i_bufsize, + tpm_locality_t i_locality); /** * @brief Take structure pointed to by cmd and format for input into TPM diff --git a/src/usr/secureboot/trusted/trustedbootUtils.C b/src/usr/secureboot/trusted/trustedbootUtils.C index 90915030d..0e29468ac 100644 --- a/src/usr/secureboot/trusted/trustedbootUtils.C +++ b/src/usr/secureboot/trusted/trustedbootUtils.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ +/* Contributors Listed Below - COPYRIGHT 2015,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -56,7 +56,8 @@ namespace TRUSTEDBOOT errlHndl_t tpmTransmit(TpmTarget * io_target, uint8_t* io_buffer, size_t i_cmdSize, - size_t i_bufsize ) + size_t i_bufsize, + tpm_locality_t i_locality) { errlHndl_t err = NULL; @@ -67,7 +68,8 @@ errlHndl_t tpmTransmit(TpmTarget * io_target, io_buffer, i_bufsize, DEVICE_TPM_ADDRESS(TPMDD::TPM_OP_TRANSMIT, - i_cmdSize)); + i_cmdSize, + i_locality)); if (NULL != err) { break; diff --git a/src/usr/secureboot/trusted/trustedbootUtils.H b/src/usr/secureboot/trusted/trustedbootUtils.H index 73bc38743..78ae7e053 100644 --- a/src/usr/secureboot/trusted/trustedbootUtils.H +++ b/src/usr/secureboot/trusted/trustedbootUtils.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ +/* Contributors Listed Below - COPYRIGHT 2015,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -39,6 +39,10 @@ // ----------------------------------------------- // Includes // ----------------------------------------------- +#ifdef __HOSTBOOT_MODULE +#include <i2c/tpmddif.H> +using namespace TPMDD; +#endif #include "trustedTypes.H" #ifdef __cplusplus @@ -52,13 +56,15 @@ namespace TRUSTEDBOOT * @param[in/out] io_buffer Input the command buffer to send, response on exit * @param[in] i_cmdSize Size of provided command in bytes * @param[in] i_bufsize Size of io_buffer in bytes + * @param[in] i_locality TPM locality to use * @return errlHndl_t NULL if successful, otherwise a pointer to the * error log. */ errlHndl_t tpmTransmit(TpmTarget * io_target, uint8_t* io_buffer, size_t i_cmdSize, - size_t i_bufsize ); + size_t i_bufsize, + tpm_locality_t i_locality); /** * @brief Create an error log entry for potential logging |