summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/include/usr/secureboot/trustedbootif.H39
-rwxr-xr-xsrc/usr/i2c/tpmdd.C11
-rw-r--r--src/usr/secureboot/base/makefile8
-rw-r--r--src/usr/secureboot/trusted/base/trustedboot_base.C84
-rw-r--r--src/usr/secureboot/trusted/trustedboot.C48
-rw-r--r--src/usr/secureboot/trusted/trustedboot.H26
6 files changed, 176 insertions, 40 deletions
diff --git a/src/include/usr/secureboot/trustedbootif.H b/src/include/usr/secureboot/trustedbootif.H
index d73220f7f..d59cd1e14 100644
--- a/src/include/usr/secureboot/trustedbootif.H
+++ b/src/include/usr/secureboot/trustedbootif.H
@@ -33,10 +33,34 @@
// -----------------------------------------------
// Includes
// -----------------------------------------------
+#include <i2c/tpmddif.H>
+#include <errl/errlentry.H>
namespace TRUSTEDBOOT
{
+ /// Track system TPM status
+ struct TpmTarget
+ {
+ TARGETING::Target* nodeTarget; ///< Node target ptr
+ TPMDD::tpm_chip_types_t chip; ///< Chip Pri vs Backup
+ uint8_t initAttempted:1;///< Has TPM init been run
+ uint8_t failed:1; ///< Is TPM currently failed
+ mutex_t tpmMutex; ///< TPM Mutex
+
+ TpmTarget();
+ };
+
+ /// TPM PCR designations
+ enum TPM_Pcr
+ {
+ PCR_0 = 0,
+ PCR_1 = 1,
+ PCR_4 = 4,
+ PCR_DEBUG = 16,
+ PCR_MAX = 16,
+ };
+
/**
* @brief Initialize trusted boot/TPM components for the master TPM
@@ -48,6 +72,21 @@ namespace TRUSTEDBOOT
*/
void* host_update_master_tpm( void *io_pArgs );
+ /**
+ * @brief Extend a measurement into the TPMs and log
+ * @param[in] i_pcr PCR to write to
+ * @param[in] i_digest Digest value to write to PCR
+ * @param[in] i_digestSize Byte size of i_digest data
+ * @param[in] i_logMsg Null terminated log message, truncated at 128 chars
+ * @return errlHndl_t NULL if successful, otherwise a pointer to the
+ * error log.
+ * Digest will be right padded with zeros or truncated to match TPM digest
+ * size being used
+ */
+ errlHndl_t pcrExtend(TPM_Pcr i_pcr,
+ uint8_t* i_digest,
+ size_t i_digestSize,
+ const char* i_logMsg);
} // end TRUSTEDBOOT namespace
diff --git a/src/usr/i2c/tpmdd.C b/src/usr/i2c/tpmdd.C
index ec25c511c..baf1c956f 100755
--- a/src/usr/i2c/tpmdd.C
+++ b/src/usr/i2c/tpmdd.C
@@ -275,17 +275,6 @@ errlHndl_t tpmPerformOp( DeviceFW::OperationType i_opType,
} while( 0 );
-#if 0
- // If there is an error, add parameter info to log
- if ( err != NULL )
- {
- TPMDD::UdEepromParms( i_opType,
- i_target,
- io_buflen,
- tpmInfo )
- .addToLog(err);
- }
-#endif
if( unlock )
{
mutex_unlock( & g_tpmMutex );
diff --git a/src/usr/secureboot/base/makefile b/src/usr/secureboot/base/makefile
index dc8382520..9dd92e7b1 100644
--- a/src/usr/secureboot/base/makefile
+++ b/src/usr/secureboot/base/makefile
@@ -5,7 +5,9 @@
#
# OpenPOWER HostBoot Project
#
-# COPYRIGHT International Business Machines Corp. 2013,2014
+# Contributors Listed Below - COPYRIGHT 2013,2015
+# [+] International Business Machines Corp.
+#
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -30,6 +32,10 @@ OBJS += header.o
OBJS += purge.o
OBJS += securerom.o
OBJS += rom_entry.o
+OBJS += trustedboot_base.o
+
+EXTRAINCDIR += ${ROOTPATH}/src/usr/secureboot/trusted/base
+VPATH += ${ROOTPATH}/src/usr/secureboot/trusted/base
CFLAGS += -iquote ../
include ${ROOTPATH}/config.mk
diff --git a/src/usr/secureboot/trusted/base/trustedboot_base.C b/src/usr/secureboot/trusted/base/trustedboot_base.C
new file mode 100644
index 000000000..95a55fdc2
--- /dev/null
+++ b/src/usr/secureboot/trusted/base/trustedboot_base.C
@@ -0,0 +1,84 @@
+/* IBM_PROLOG_BEGIN_TAG */
+/* This is an automatically generated prolog. */
+/* */
+/* $Source: src/usr/secureboot/trusted/base/trustedboot_base.C $ */
+/* */
+/* OpenPOWER HostBoot Project */
+/* */
+/* Contributors Listed Below - COPYRIGHT 2015 */
+/* [+] International Business Machines Corp. */
+/* */
+/* */
+/* Licensed under the Apache License, Version 2.0 (the "License"); */
+/* you may not use this file except in compliance with the License. */
+/* You may obtain a copy of the License at */
+/* */
+/* http://www.apache.org/licenses/LICENSE-2.0 */
+/* */
+/* Unless required by applicable law or agreed to in writing, software */
+/* distributed under the License is distributed on an "AS IS" BASIS, */
+/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */
+/* implied. See the License for the specific language governing */
+/* permissions and limitations under the License. */
+/* */
+/* IBM_PROLOG_END_TAG */
+/**
+ * @file trustedboot_base.C
+ *
+ * @brief Trusted boot base interfaces
+ */
+
+// ----------------------------------------------
+// Includes
+// ----------------------------------------------
+#include <string.h>
+#include <sys/time.h>
+#include <trace/interface.H>
+#include <errl/errlentry.H>
+#include <errl/errlmanager.H>
+#include <errl/errludtarget.H>
+#include <errl/errludstring.H>
+#include <secureboot/trustedbootif.H>
+#include "../trustedboot.H"
+#include <secureboot/trustedboot_reasoncodes.H>
+
+// ----------------------------------------------
+// Trace definitions
+// ----------------------------------------------
+trace_desc_t* g_trac_trustedboot = NULL;
+TRAC_INIT( & g_trac_trustedboot, "TRBOOT", KILOBYTE );
+
+// Easy macro replace for unit testing
+//#define TRACUCOMP(args...) TRACFCOMP(args)
+#define TRACUCOMP(args...)
+
+namespace TRUSTEDBOOT
+{
+
+/// Global object to store TPM status
+SystemTpms systemTpms;
+
+SystemTpms::SystemTpms()
+{
+}
+
+TpmTarget::TpmTarget()
+{
+ memset(this, 0, sizeof(TpmTarget));
+ mutex_init(&tpmMutex);
+}
+
+errlHndl_t pcrExtend(TPM_Pcr i_pcr,
+ uint8_t* i_digest,
+ size_t i_digestSize,
+ const char* i_logMsg)
+{
+ errlHndl_t err = NULL;
+#ifdef CONFIG_TPMDD
+ /// @todo RTC:125288 Add call to extend the PCR
+
+#endif
+ return err;
+}
+
+} // end TRUSTEDBOOT
diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C
index ed8ce7ac6..a80272be3 100644
--- a/src/usr/secureboot/trusted/trustedboot.C
+++ b/src/usr/secureboot/trusted/trustedboot.C
@@ -49,8 +49,7 @@
// ----------------------------------------------
// Trace definitions
// ----------------------------------------------
-trace_desc_t* g_trac_trustedboot = NULL;
-TRAC_INIT( & g_trac_trustedboot, "TRBOOT", KILOBYTE );
+extern trace_desc_t* g_trac_trustedboot;
// Easy macro replace for unit testing
//#define TRACUCOMP(args...) TRACFCOMP(args)
@@ -59,9 +58,13 @@ TRAC_INIT( & g_trac_trustedboot, "TRBOOT", KILOBYTE );
namespace TRUSTEDBOOT
{
+extern SystemTpms systemTpms;
+
void* host_update_master_tpm( void *io_pArgs )
{
errlHndl_t err = NULL;
+ bool unlock = false;
+
TRACDCOMP( g_trac_trustedboot,
ENTER_MRK"host_update_master_tpm()" );
TRACUCOMP( g_trac_trustedboot,
@@ -70,11 +73,6 @@ void* host_update_master_tpm( void *io_pArgs )
do
{
- // First time here so we need to clean out our data structure
- memset(&tpmTargets, 0,
- sizeof(TpmTarget) * TRUSTEDBOOT::MAX_SYSTEM_TPMS);
-
-
// Get a node Target
TARGETING::TargetService& tS = TARGETING::targetService();
TARGETING::Target* nodeTarget = NULL;
@@ -90,21 +88,23 @@ void* host_update_master_tpm( void *io_pArgs )
continue;
}
- if (TPMDD::tpmPresence(nodeTarget, TPMDD::TPM_PRIMARY))
- {
- tpmTargets[TPM_MASTER_INDEX].nodeTarget = nodeTarget;
- tpmTargets[TPM_MASTER_INDEX].chip = TPMDD::TPM_PRIMARY;
- tpmTargets[TPM_MASTER_INDEX].functional = true;
+ mutex_lock( &(systemTpms.tpm[TPM_MASTER_INDEX].tpmMutex) );
+ unlock = true;
+ if (!systemTpms.tpm[TPM_MASTER_INDEX].failed &&
+ TPMDD::tpmPresence(nodeTarget, TPMDD::TPM_PRIMARY))
+ {
// Initialize the TPM, this will mark it as non-functional on fail
- tpmInitialize(tpmTargets[TPM_MASTER_INDEX]);
+ tpmInitialize(systemTpms.tpm[TPM_MASTER_INDEX],
+ nodeTarget,
+ TPMDD::TPM_PRIMARY);
}
- if (!tpmTargets[TPM_MASTER_INDEX].functional)
+ if (systemTpms.tpm[TPM_MASTER_INDEX].failed)
{
- /// @todo RTC:134913 Switch to redundant chip if redundant TPM avail
+ /// @todo RTC:134913 Switch to backup chip if backup TPM avail
// Master TPM not available
TRACFCOMP( g_trac_trustedboot,
@@ -133,6 +133,12 @@ void* host_update_master_tpm( void *io_pArgs )
} while ( 0 );
+ if( unlock )
+ {
+ mutex_unlock(&(systemTpms.tpm[TPM_MASTER_INDEX].tpmMutex));
+ }
+
+
TRACDCOMP( g_trac_trustedboot,
EXIT_MRK"host_update_master_tpm() - %s",
((NULL == err) ? "No Error" : "With Error") );
@@ -140,7 +146,9 @@ void* host_update_master_tpm( void *io_pArgs )
}
-void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target)
+void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target,
+ TARGETING::Target* i_nodeTarget,
+ TPMDD::tpm_chip_types_t i_chip)
{
errlHndl_t err = NULL;
uint8_t dataBuf[BUFSIZE];
@@ -158,6 +166,11 @@ void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target)
{
// TPM Initialization sequence
+ io_target.nodeTarget = i_nodeTarget;
+ io_target.chip = i_chip;
+ io_target.initAttempted = true;
+ io_target.failed = false;
+
// Send the TPM startup command
// Build our command block for a startup
memset(dataBuf, 0, sizeof(dataBuf));
@@ -233,12 +246,11 @@ void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target)
// If the TPM failed we will mark it not functional
if (NULL != err)
{
- io_target.functional = false;
+ io_target.failed = true;
// Log this failure
errlCommit(err, SECURE_COMP_ID);
}
-
TRACDCOMP( g_trac_trustedboot,
EXIT_MRK"tpmInitialize() - %s",
((NULL == err) ? "No Error" : "With Error") );
diff --git a/src/usr/secureboot/trusted/trustedboot.H b/src/usr/secureboot/trusted/trustedboot.H
index 5c1c87e15..fa5e085fe 100644
--- a/src/usr/secureboot/trusted/trustedboot.H
+++ b/src/usr/secureboot/trusted/trustedboot.H
@@ -33,6 +33,7 @@
// -----------------------------------------------
// Includes
// -----------------------------------------------
+#include <secureboot/trustedbootif.H>
namespace TRUSTEDBOOT
{
@@ -42,23 +43,28 @@ enum
MAX_SYSTEM_TPMS = 2,
BUFSIZE = 256,
TPM_MASTER_INDEX = 0, ///< Index into tpmTargets array for master chip
- TPM_REDUNDANT_INDEX = 1, ///< Index for redundant chip TPM
+ TPM_BACKUP_INDEX = 1, ///< Index for backup chip TPM
};
-/// Track system TPM status
-struct TpmTarget
-{
- TARGETING::Target* nodeTarget;
- TPMDD::tpm_chip_types_t chip; ///< Chip Pri vs Backup
- uint8_t functional:1; ///< Is TPM currently functional
-} tpmTargets[MAX_SYSTEM_TPMS];
/**
* @brief Initialize the targetted TPM
- * @param[in/out] target Current TPM target structure
+ * @param[in/out] io_target Current TPM target structure
+ * @param[in] i_nodeTarget Node Target
+ * @param[in] i_chip Chip to initialize
*/
-void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target);
+ void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target,
+ TARGETING::Target* i_nodeTarget,
+ TPMDD::tpm_chip_types_t i_chip);
+
+/// Class object to store system TPM information
+class SystemTpms
+{
+public:
+ SystemTpms();
+ TpmTarget tpm[MAX_SYSTEM_TPMS];
+};
// Command structures taken from TPM Main - Part3 commands v 1.2 rev116
OpenPOWER on IntegriCloud