Secure Boot: Set trusted boot enabled in HDAT considering all nodes

This change implements reporting of trusted boot status
to HDAT considering all nodes of the system. To avoid
inter-node communication, the check is done after the
HDAT TPM info is populated for all nodes. The logic goes
through all TPM Info HDAT records (for each node) and checks
whether the master TPM on each node is present and functional.
The result is aggregated into the trusted boot enabled bit on
the master node. The check is done after the separators have
been extended into TPM; this allows each primary TPM more
chances to fail before we say that it's functional.

Trusted boot enabled bit is reported as 1 if ALL primary
TPMs on ALL booting nodes are present and functional. It is
reported as 0 if at least one primary is not present or
not functional.

Change-Id: I926532efe85b33e95e50d84b0b5e4554852f0601
RTC: 191194
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/59279
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

5 files changed, 135 insertions, 13 deletions

diff --git a/src/usr/isteps/istep21/call_host_start_payload.C b/src/usr/isteps/istep21/call_host_start_payload.C
index 9b80ae8a3..8d7e8c3eb 100644
--- a/src/usr/isteps/istep21/call_host_start_payload.C
+++ b/src/usr/isteps/istep21/call_host_start_payload.C
@@ -39,6 +39,7 @@
 #include <hbotcompid.H>
 #include <sys/misc.h>
 #include <targeting/common/util.H>
+#include <targeting/targplatutil.H>
 #include <pnor/pnorif.H>
 #include <kernel/console.H>
 #include <util/misc.H>
@@ -59,6 +60,8 @@
 #include <sbeio/sbeioif.H>
 #include <runtime/runtime.H>
 #include <p9_stop_api.H>
+#include "../hdat/hdattpmdata.H"
+#include "hdatstructs.H"
 
 #ifdef CONFIG_DRTM_TRIGGERING
 #include <secureboot/drtm.H>
@@ -187,6 +190,104 @@ void* msg_handler(msg_q_t i_msgQ)
     return nullptr;
 }
 
+/**
+* Function to align the trustedboot status on all nodes
+*/
+errlHndl_t calcTrustedBootState()
+{
+    errlHndl_t l_errl = nullptr;
+
+    do {
+
+    TARGETING::Target* l_sys = nullptr;
+    TARGETING::targetService().getTopLevelTarget(l_sys);
+    assert(l_sys != nullptr, "Could not get sys target!");
+    auto l_hbInstanceMap = l_sys->getAttr<TARGETING::ATTR_HB_EXISTING_IMAGE>();
+    const size_t l_hbInstanceCount = __builtin_popcount(l_hbInstanceMap);
+    if((l_hbInstanceCount < 2) ||
+       (!TARGETING::UTIL::isCurrentMasterNode()))
+    {
+        break; // No-op on single node systems and non-master nodes.
+    }
+
+    uint32_t l_instance = 0;
+    uint64_t l_hdatBaseAddr = 0;
+    uint64_t l_dataSizeMax = 0; //unused
+    uint64_t l_hdatInstanceCount = 0;
+    uint64_t l_hbrtDataAddr = 0;
+
+    l_errl = RUNTIME::get_host_data_section(RUNTIME::IPLPARMS_SYSTEM,
+                                            l_instance, // instance 0
+                                            l_hbrtDataAddr,
+                                            l_dataSizeMax);
+    if(l_errl)
+    {
+        break;
+    }
+
+    hdatSysParms_t* const l_hdatSysParms =
+                             reinterpret_cast<hdatSysParms_t*>(l_hbrtDataAddr);
+
+    SysSecSets* const l_sysSecuritySettings =
+         reinterpret_cast<SysSecSets*>(&l_hdatSysParms->hdatSysSecuritySetting);
+
+    l_errl = RUNTIME::get_instance_count(RUNTIME::NODE_TPM_RELATED,
+                                         l_hdatInstanceCount);
+    if(l_errl)
+    {
+        break;
+    }
+
+    assert(l_hdatInstanceCount == l_hbInstanceCount,
+           "Inconsistent number of functional nodes reported");
+
+    for(l_instance = 0; l_instance < l_hdatInstanceCount; ++l_instance)
+    {
+        l_errl = RUNTIME::get_host_data_section(RUNTIME::NODE_TPM_RELATED,
+                                                l_instance,
+                                                l_hdatBaseAddr,
+                                                l_dataSizeMax);
+        if(l_errl)
+        {
+            break;
+        }
+
+        auto const l_hdatTpmData = reinterpret_cast<HDAT::hdatTpmData_t*>
+                                                               (l_hdatBaseAddr);
+        auto const l_hdatTpmInfo =
+                     reinterpret_cast<HDAT::hdatHDIFDataArray_t*>
+                     (reinterpret_cast<uint64_t>(l_hdatTpmData) +
+                      l_hdatTpmData->hdatSbTpmInfo.hdatOffset);
+        auto const l_hdatTpmInstInfo =
+                                   reinterpret_cast<HDAT::hdatSbTpmInstInfo_t*>(
+                                     reinterpret_cast<uint64_t>(l_hdatTpmInfo) +
+                                     sizeof(*l_hdatTpmInfo));
+        TRACFBIN(ISTEPS_TRACE::g_trac_isteps_trace,
+                 "calcTrustedBootState: l_hdatTpmInstInfo:",
+                 l_hdatTpmInstInfo, sizeof(*l_hdatTpmInstInfo));
+        TRACFCOMP(ISTEPS_TRACE::g_trac_isteps_trace,
+                  "calcTrustedBootState: Primary TPM's functional status ="
+                  " %d", l_hdatTpmInstInfo->hdatFunctionalStatus);
+
+        if(l_hdatTpmInstInfo->hdatFunctionalStatus ==
+           HDAT::TpmPresentAndFunctional)
+        {
+            l_sysSecuritySettings->trustedboot &= 1;
+        }
+        else
+        {
+            l_sysSecuritySettings->trustedboot &= 0;
+        }
+    }
+
+    TRACFCOMP(ISTEPS_TRACE::g_trac_isteps_trace,
+             "calcTrustedBootState: final trusted boot enabled status = %d",
+              l_sysSecuritySettings->trustedboot);
+
+    } while(0);
+
+    return l_errl;
+}
 
 void* call_host_start_payload (void *io_pArgs)
 {
@@ -210,6 +311,12 @@ void* call_host_start_payload (void *io_pArgs)
             break;
         }
 
+        l_errl = calcTrustedBootState();
+        if(l_errl)
+        {
+            break;
+        }
+
         msg_q_t l_msgQ = msg_q_create();
 
         // Register event to be called on shutdown
diff --git a/src/usr/isteps/istep21/makefile b/src/usr/isteps/istep21/makefile
index c0ec1114d..eedcb8cf5 100644
--- a/src/usr/isteps/istep21/makefile
+++ b/src/usr/isteps/istep21/makefile
@@ -36,6 +36,7 @@ EXTRAINCDIR += ${ROOTPATH}/src/import/chips/common/utils/imageProcs/
 EXTRAINCDIR += ${ROOTPATH}/src/import/hwpf/fapi2/include/
 EXTRAINCDIR += ${ROOTPATH}/src/include/usr/fapi2/
 EXTRAINCDIR += ${ROOTPATH}/src/usr/isteps/
+EXTRAINCDIR += ${ROOTPATH}/src/usr/runtime/
 
 OBJS += call_host_runtime_setup.o
 OBJS += freqAttrData.o
diff --git a/src/usr/runtime/hdatservice.C b/src/usr/runtime/hdatservice.C
index 47f7a500c..f77165d8d 100644
--- a/src/usr/runtime/hdatservice.C
+++ b/src/usr/runtime/hdatservice.C
@@ -1450,6 +1450,7 @@ errlHndl_t hdatService::getInstanceCount(const SectionId i_section,
     switch(i_section)
     {
         case RUNTIME::PCRD:
+        case RUNTIME::NODE_TPM_RELATED:
         {
             hdat5Tuple_t* tuple = nullptr;
             errhdl = getAndCheckTuple(i_section, tuple);
diff --git a/src/usr/runtime/hdatstructs.H b/src/usr/runtime/hdatstructs.H
index 29f23eac8..2f05a2a70 100644
--- a/src/usr/runtime/hdatstructs.H
+++ b/src/usr/runtime/hdatstructs.H
@@ -438,4 +438,21 @@ struct hdatCpuCtrlInfo_t
     hdatCpuCtrlPair_t servRoutineData;   // Service Routines Data Area
 }  __attribute__ ((packed));
 
+/**
+ * @brief Structure to reflect the security settings on a system.
+ */
+typedef struct sysSecSets
+{
+    // bit 0: Code Container Digital Signature Checking
+    uint16_t secureboot : 1;
+    // bit 1: Primary TPM is present and functional if single-node system;
+    // All primary TPMs are present and functional if multi-node system.
+    uint16_t trustedboot : 1;
+    // bit 2: SBE Security Backdoor bit.
+    // NOTE: This bit is labeled "Platform Security Overrides Allowed"
+    // in the section 6.1.1 of HDAT spec.
+    uint16_t sbeSecBackdoor : 1;
+    uint16_t reserved : 13;
+} SysSecSets;
+
 #endif
diff --git a/src/usr/runtime/populate_hbruntime.C b/src/usr/runtime/populate_hbruntime.C
index db26d87be..129068941 100644
--- a/src/usr/runtime/populate_hbruntime.C
+++ b/src/usr/runtime/populate_hbruntime.C
@@ -1461,19 +1461,6 @@ errlHndl_t populate_hbSecurebootData ( void )
         hdatSysParms_t* const l_sysParmsPtr
             = reinterpret_cast<hdatSysParms_t*>(l_hbrtDataAddr);
 
-        typedef struct sysSecSets
-        {
-            // bit 0: Code Container Digital Signature Checking
-            uint16_t secureboot : 1;
-            // bit 1: Measurements Extended to Secure Boot TPM
-            uint16_t trustedboot : 1;
-            // bit 2: SBE Security Backdoor bit.
-            // NOTE: This bit is labeled "Platform Security Overrides Allowed"
-            // in the section 6.1.1 of HDAT spec.
-            uint16_t sbeSecBackdoor : 1;
-            uint16_t reserved : 13;
-        } SysSecSets;
-
         // populate system security settings in hdat
         SysSecSets* const l_sysSecSets =
             reinterpret_cast<SysSecSets*>(&l_sysParmsPtr->hdatSysSecuritySetting);
@@ -1703,6 +1690,15 @@ errlHndl_t populate_TpmInfoByNode(const uint64_t i_instance)
     TARGETING::TargetHandleList tpmList;
     TRUSTEDBOOT::getTPMs(tpmList, TRUSTEDBOOT::TPM_FILTER::ALL_IN_BLUEPRINT);
 
+    // Put the primary TPM first in the list of TPMs to simplify alignment of
+    // trusted boot enabled bits across the nodes.
+    std::sort(tpmList.begin(), tpmList.end(),
+              [](TARGETING::TargetHandle_t lhs, TARGETING::TargetHandle_t rhs)
+              {
+                return (lhs->getAttr<TARGETING::ATTR_TPM_ROLE>() ==
+                        TARGETING::TPM_ROLE_TPM_PRIMARY);
+              });
+
     TARGETING::TargetHandleList l_procList;
 
     getAllChips(l_procList,TARGETING::TYPE_PROC,false);