diff options
| author | Ilya Smirnov <ismirno@us.ibm.com> | 2018-04-25 13:18:24 -0500 |
|---|---|---|
| committer | William G. Hoffa <wghoffa@us.ibm.com> | 2018-05-03 16:02:25 -0400 |
| commit | 43c4502d3b0b87020665a65ad2843e0ddc319063 (patch) | |
| tree | 42709bcc94bc6fc08dd913b7d15af9c1d81a8861 /src | |
| parent | 8c59cf14daba53057e5ae9c3279cd295a89d534b (diff) | |
| download | talos-hostboot-43c4502d3b0b87020665a65ad2843e0ddc319063.tar.gz talos-hostboot-43c4502d3b0b87020665a65ad2843e0ddc319063.zip | |
Primary TPM Required Policy
Change the "TPM Required" policy to "Primary TPM Required," wherein
only the presence and functionality of the primary TPM (attached to
the acting master proc) will be considered when evaluating the
TPM required condition. The presence and functionality of the backup
TPM will not play a role in this policy.
Change-Id: Id968123d0fc399c531da7429fdb8efabfa66c53c
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/57843
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/usr/secureboot/trustedbootif.H | 7 | ||||
| -rw-r--r-- | src/usr/runtime/populate_hbruntime.C | 2 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/trustedboot.C | 77 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/trustedboot.H | 11 |
4 files changed, 54 insertions, 43 deletions
diff --git a/src/include/usr/secureboot/trustedbootif.H b/src/include/usr/secureboot/trustedbootif.H index 45321be6c..5ab461cb1 100644 --- a/src/include/usr/secureboot/trustedbootif.H +++ b/src/include/usr/secureboot/trustedbootif.H @@ -234,10 +234,11 @@ namespace TRUSTEDBOOT uint32_t i_i2cMasterOffset); /** - * @brief Is trustedboot enabled and functional - * @retval true if trustboot enabled and functional TPM's are available + * @brief Checks whether the node has a present and functioning primary TPM. + * @retval true if a present and functional primary TPM is available; + * false otherwise */ - bool enabled(); + bool functionalPrimaryTpmExists(); /** * @brief Wrapper around pcrExtend for measuring PNOR sections diff --git a/src/usr/runtime/populate_hbruntime.C b/src/usr/runtime/populate_hbruntime.C index aa077ca5c..de2ddb439 100644 --- a/src/usr/runtime/populate_hbruntime.C +++ b/src/usr/runtime/populate_hbruntime.C @@ -1447,7 +1447,7 @@ errlHndl_t populate_hbSecurebootData ( void ) // populate secure setting for trusted boot bool trusted = false; #ifdef CONFIG_TPMDD - trusted = TRUSTEDBOOT::enabled(); + trusted = TRUSTEDBOOT::functionalPrimaryTpmExists(); #endif l_sysSecSets->trustedboot = trusted? 1: 0; diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C index 75f7208a5..00935f68a 100644 --- a/src/usr/secureboot/trusted/trustedboot.C +++ b/src/usr/secureboot/trusted/trustedboot.C @@ -171,9 +171,9 @@ void getBackupTpm(TARGETING::Target*& o_pBackupTpm) o_pBackupTpm); } -bool enabled() +bool functionalPrimaryTpmExists() { - bool enabled = false; + bool exists = false; #ifdef CONFIG_TPMDD TARGETING::TargetHandleList tpmList; getTPMs(tpmList,TPM_FILTER::ALL_IN_BLUEPRINT); @@ -185,17 +185,21 @@ bool enabled() TARGETING::PredicateAttrVal<TARGETING::ATTR_HB_TPM_INIT_ATTEMPTED> initialized(true); + // Only look for primary TPM + TARGETING::PredicateAttrVal<TARGETING::ATTR_TPM_ROLE> + isPrimaryTpm(TARGETING::TPM_ROLE_TPM_PRIMARY); + auto itr = std::find_if(tpmList.begin(),tpmList.end(), - [&presentAndFunctional,&initialized]( + [&presentAndFunctional, &initialized, &isPrimaryTpm]( const TARGETING::Target* const i_pTpm) { - return ( presentAndFunctional(i_pTpm) - || !initialized(i_pTpm)); + return (isPrimaryTpm(i_pTpm) && (presentAndFunctional(i_pTpm) + || !initialized(i_pTpm))); }); - enabled = (itr!=tpmList.end()) ? true : false; + exists = (itr!=tpmList.end()) ? true : false; #endif - return enabled; + return exists; } void* host_update_master_tpm( void *io_pArgs ) @@ -386,7 +390,7 @@ void* host_update_master_tpm( void *io_pArgs ) // Make sure we are in a state // where we have a functional TPM - TRUSTEDBOOT::tpmVerifyFunctionalTpmExists(); + TRUSTEDBOOT::tpmVerifyFunctionalPrimaryTpmExists(); if (nullptr == err) { @@ -1171,11 +1175,11 @@ void tpmMarkFailed(TpmTarget* const i_pTpm, } -void tpmVerifyFunctionalTpmExists( +void tpmVerifyFunctionalPrimaryTpmExists( const NoTpmShutdownPolicy i_noTpmShutdownPolicy) { errlHndl_t err = nullptr; - bool foundFunctional = enabled(); + bool foundFunctional = functionalPrimaryTpmExists(); const bool isBackgroundShutdown = (i_noTpmShutdownPolicy == NoTpmShutdownPolicy::BACKGROUND_SHUTDOWN); @@ -1183,7 +1187,7 @@ void tpmVerifyFunctionalTpmExists( { systemData.failedTpmsPosted = true; TRACFCOMP( g_trac_trustedboot, - "NO FUNCTIONAL TPM FOUND"); + "NO FUNCTIONAL PRIMARY TPM FOUND ON THE NODE"); // Check to ensure jumper indicates we are running secure SECUREBOOT::SecureJumperState l_state @@ -1208,19 +1212,23 @@ void tpmVerifyFunctionalTpmExists( * @moduleid MOD_TPM_VERIFYFUNCTIONAL * @userdata1 0 * @userdata2 0 - * @devdesc The system is configured in the hardware - * (via processor secure jumpers) to enable - * Secure Boot, and the system's "TPM required" - * policy is configured to require at least one - * functional TPM in order to boot with Secure - * Boot enabled. Therefore, the system will - * terminate due to lack of functional TPMs. + * @devdesc The system (or node, if multi-node system) + * is configured in the hardware (via processor + * secure jumpers) to enable Secure Boot, and + * the system's/node's "TPM required" policy is + * configured to require at least one + * functional boot processor TPM in order to + * boot with Trusted Boot enabled. Therefore, + * the system (or node, if multi-node system) + * will terminate due to lack of functional + * boot processor TPM. * @custdesc The system is configured for Secure Boot and - * trusted platform module required mode; at - * least one functional trusted platform module - * is required to boot the system, but none are - * available. Therefore, the system will - * terminate. + * trusted platform module required mode; a + * functional boot processor trusted platform + * module is required to boot the system (or + * node, if multi-node system), but none are + * available. Therefore, the system (or node, + * if multi-node system) will terminate. * Trusted platform module required mode may be * disabled via the appropriate systems * management interface to allow platform boot @@ -1245,12 +1253,12 @@ void tpmVerifyFunctionalTpmExists( // Add Security Registers to the error log SECUREBOOT::addSecurityRegistersToErrlog(err); - // HW callout TPMs - TARGETING::TargetHandleList l_tpmList; - TRUSTEDBOOT::getTPMs(l_tpmList, TPM_FILTER::ALL_IN_BLUEPRINT); - for(const auto &tpm : l_tpmList) + // HW callout TPM + TARGETING::Target* l_primaryTpm = nullptr; + getPrimaryTpm(l_primaryTpm); + if(l_primaryTpm) { - err->addHwCallout(tpm, + err->addHwCallout(l_primaryTpm, HWAS::SRCI_PRIORITY_HIGH, HWAS::NO_DECONFIG, HWAS::GARD_NULL); @@ -1262,14 +1270,15 @@ void tpmVerifyFunctionalTpmExists( } else { - TRACUCOMP( g_trac_trustedboot, - "No functional TPM's found but TPM not Required"); + TRACUCOMP(g_trac_trustedboot, + "No functional primary TPM found but" + "TPM not Required"); } } else { - TRACUCOMP( g_trac_trustedboot, - "No functional TPM's found but not running secure"); + TRACUCOMP(g_trac_trustedboot, + "No functional primary TPM found but not running secure"); } } @@ -1437,7 +1446,7 @@ void* tpmDaemon(void* unused) // Lastly make sure we are in a state // where we have a functional TPM - TRUSTEDBOOT::tpmVerifyFunctionalTpmExists( + TRUSTEDBOOT::tpmVerifyFunctionalPrimaryTpmExists( NoTpmShutdownPolicy::BACKGROUND_SHUTDOWN); } break; @@ -1458,7 +1467,7 @@ void* tpmDaemon(void* unused) // Lastly make sure we are in a state // where we have a functional TPM - TRUSTEDBOOT::tpmVerifyFunctionalTpmExists( + TRUSTEDBOOT::tpmVerifyFunctionalPrimaryTpmExists( NoTpmShutdownPolicy::BACKGROUND_SHUTDOWN); } break; diff --git a/src/usr/secureboot/trusted/trustedboot.H b/src/usr/secureboot/trusted/trustedboot.H index d35c8a63e..155bbf696 100644 --- a/src/usr/secureboot/trusted/trustedboot.H +++ b/src/usr/secureboot/trusted/trustedboot.H @@ -99,18 +99,19 @@ enum class NoTpmShutdownPolicy }; /** - * @brief Verify a functional TPM still exists in the system + * @brief Verify a functional primary TPM still exists in the system * - * If no functional TPMs are found in the system : + * If no functional primary TPM is found in the system : * If the system is running in secure mode an error log will be committed * and if the TPMRequired attribute is true a system shutdown will be * initiated * * @param[in] i_noTpmShutdownPolicy Shutdown policy to invoke if a functional - * TPM is required to boot the system (TPM required policy is "required") - * -and- no functional TPMs are available (or other critical error occurred) + * primary TPM is required to boot the system (TPM required policy is + * "required") -and- no functional primary TPM is available + * (or other critical error occurred) */ -void tpmVerifyFunctionalTpmExists( +void tpmVerifyFunctionalPrimaryTpmExists( NoTpmShutdownPolicy i_noTpmShutdownPolicy = NoTpmShutdownPolicy::SYNC_SHUTDOWN); |
