diff options
-rw-r--r-- | src/include/usr/isteps/istep_reasoncodes.H | 2 | ||||
-rw-r--r-- | src/include/usr/secureboot/trustedboot_reasoncodes.H | 80 | ||||
-rw-r--r-- | src/usr/isteps/istep10/call_host_update_redundant_tpm.C | 147 | ||||
-rw-r--r-- | src/usr/isteps/istep10/makefile | 7 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/makefile | 18 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/trustedboot.C | 132 | ||||
-rw-r--r-- | src/usr/targeting/common/xmltohb/attribute_types.xml | 1 |
7 files changed, 339 insertions, 48 deletions
diff --git a/src/include/usr/isteps/istep_reasoncodes.H b/src/include/usr/isteps/istep_reasoncodes.H index 6241c9466..254793a85 100644 --- a/src/include/usr/isteps/istep_reasoncodes.H +++ b/src/include/usr/isteps/istep_reasoncodes.H @@ -54,6 +54,7 @@ namespace ISTEP MOD_PM_LOAD_HOST_DATA_TO_SRAM = 0x12, MOD_VOLTAGE_CONFIG = 0x13, MOD_PM_VERIFY_OCC_CHKPT = 0x14, + MOD_UPDATE_REDUNDANT_TPM = 0x15, }; /** @@ -90,6 +91,7 @@ namespace ISTEP RC_NO_PRESENT_EQS = ISTEP_COMP_ID | 0x1A, RC_NOMINAL_FREQ_MISMATCH = ISTEP_COMP_ID | 0x1B, RC_PM_OCC_CHKPT_TIMEOUT = ISTEP_COMP_ID | 0x1C, + RC_UPDATE_SECURITY_CTRL_HWP_FAIL = ISTEP_COMP_ID | 0x1D, }; }; diff --git a/src/include/usr/secureboot/trustedboot_reasoncodes.H b/src/include/usr/secureboot/trustedboot_reasoncodes.H index 134dea900..bdabee5c2 100644 --- a/src/include/usr/secureboot/trustedboot_reasoncodes.H +++ b/src/include/usr/secureboot/trustedboot_reasoncodes.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ +/* Contributors Listed Below - COPYRIGHT 2015,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -43,51 +43,53 @@ namespace TRUSTEDBOOT enum TRUSTEDModuleId { - MOD_HOST_UPDATE_MASTER_TPM = 0x00, - MOD_TPM_INITIALIZE = 0x01, - MOD_TPM_CMD_STARTUP = 0x02, - MOD_TPM_CMD_GETCAPFWVERSION = 0x03, - MOD_TPM_MARSHALCMDDATA = 0x04, - MOD_TPM_UNMARSHALRESPDATA = 0x05, - MOD_TPM_VERIFYFUNCTIONAL = 0x06, - MOD_TPM_CMD_PCREXTEND = 0x07, - MOD_TPM_CMD_PCRREAD = 0x08, - MOD_TPM_REPLAY_LOG = 0x09, - MOD_TPM_PCREXTEND = 0x0A, - MOD_TPM_TPMDAEMON = 0x0B, - MOD_TPM_SYNCRESPONSE = 0x0C, - MOD_TPM_SEPARATOR = 0x0D, + MOD_HOST_UPDATE_MASTER_TPM = 0x00, + MOD_TPM_INITIALIZE = 0x01, + MOD_TPM_CMD_STARTUP = 0x02, + MOD_TPM_CMD_GETCAPFWVERSION = 0x03, + MOD_TPM_MARSHALCMDDATA = 0x04, + MOD_TPM_UNMARSHALRESPDATA = 0x05, + MOD_TPM_VERIFYFUNCTIONAL = 0x06, + MOD_TPM_CMD_PCREXTEND = 0x07, + MOD_TPM_CMD_PCRREAD = 0x08, + MOD_TPM_REPLAY_LOG = 0x09, + MOD_TPM_PCREXTEND = 0x0A, + MOD_TPM_TPMDAEMON = 0x0B, + MOD_TPM_SYNCRESPONSE = 0x0C, + MOD_TPM_SEPARATOR = 0x0D, - MOD_TPMLOGMGR_INITIALIZE = 0x10, - MOD_TPMLOGMGR_ADDEVENT = 0x11, - MOD_TPMLOGMGR_INITIALIZEEXISTLOG = 0x012, - MOD_TPMLOGMGR_GETDEVTREEINFO = 0x13, + MOD_TPMLOGMGR_INITIALIZE = 0x10, + MOD_TPMLOGMGR_ADDEVENT = 0x11, + MOD_TPMLOGMGR_INITIALIZEEXISTLOG = 0x12, + MOD_TPMLOGMGR_GETDEVTREEINFO = 0x13, + MOD_TPM_MARK_FAILED = 0x14, }; enum TRUSTEDReasonCode { // Reason codes 0x00 - 0x9F reserved for secure_reasoncodes.H - RC_TPM_START_FAIL = SECURE_COMP_ID | 0xA0, - RC_TPM_EXISTENCE_FAIL = SECURE_COMP_ID | 0xA1, - RC_TPM_GETCAP_FAIL = SECURE_COMP_ID | 0xA2, - RC_TPM_GETCAP_FW_INVALID_RESP = SECURE_COMP_ID | 0xA3, - RC_TPM_GETCAP2_FAIL = SECURE_COMP_ID | 0xA4, - RC_TPM_GETCAP2_FW_INVALID_RESP = SECURE_COMP_ID | 0xA5, - RC_TPM_MARSHAL_INVALID_CMD = SECURE_COMP_ID | 0xA6, - RC_TPM_MARSHALING_FAIL = SECURE_COMP_ID | 0xA7, - RC_TPM_UNMARSHAL_INVALID_CMD = SECURE_COMP_ID | 0xA8, - RC_TPM_UNMARSHALING_FAIL = SECURE_COMP_ID | 0xA9, - RC_TPMLOGMGR_ADDEVENT_FAIL = SECURE_COMP_ID | 0xAA, - RC_TPMLOGMGR_ADDEVENTMARSH_FAIL = SECURE_COMP_ID | 0xAB, - RC_TPMLOGMGR_INIT_FAIL = SECURE_COMP_ID | 0xAC, - RC_TPM_NOFUNCTIONALTPM_FAIL = SECURE_COMP_ID | 0xAD, - RC_TPM_COMMAND_FAIL = SECURE_COMP_ID | 0xAE, - RC_TPM_INVALID_ARGS = SECURE_COMP_ID | 0xAF, - RC_TPMLOGMGR_LOGWALKFAIL = SECURE_COMP_ID | 0xB0, - RC_SENDRECV_FAIL = SECURE_COMP_ID | 0xB1, - RC_SEND_FAIL = SECURE_COMP_ID | 0xB2, - RC_MSGRESPOND_FAIL = SECURE_COMP_ID | 0xB3, + RC_TPM_START_FAIL = SECURE_COMP_ID | 0xA0, + RC_TPM_EXISTENCE_FAIL = SECURE_COMP_ID | 0xA1, + RC_TPM_GETCAP_FAIL = SECURE_COMP_ID | 0xA2, + RC_TPM_GETCAP_FW_INVALID_RESP = SECURE_COMP_ID | 0xA3, + RC_TPM_GETCAP2_FAIL = SECURE_COMP_ID | 0xA4, + RC_TPM_GETCAP2_FW_INVALID_RESP = SECURE_COMP_ID | 0xA5, + RC_TPM_MARSHAL_INVALID_CMD = SECURE_COMP_ID | 0xA6, + RC_TPM_MARSHALING_FAIL = SECURE_COMP_ID | 0xA7, + RC_TPM_UNMARSHAL_INVALID_CMD = SECURE_COMP_ID | 0xA8, + RC_TPM_UNMARSHALING_FAIL = SECURE_COMP_ID | 0xA9, + RC_TPMLOGMGR_ADDEVENT_FAIL = SECURE_COMP_ID | 0xAA, + RC_TPMLOGMGR_ADDEVENTMARSH_FAIL = SECURE_COMP_ID | 0xAB, + RC_TPMLOGMGR_INIT_FAIL = SECURE_COMP_ID | 0xAC, + RC_TPM_NOFUNCTIONALTPM_FAIL = SECURE_COMP_ID | 0xAD, + RC_TPM_COMMAND_FAIL = SECURE_COMP_ID | 0xAE, + RC_TPM_INVALID_ARGS = SECURE_COMP_ID | 0xAF, + RC_TPMLOGMGR_LOGWALKFAIL = SECURE_COMP_ID | 0xB0, + RC_SENDRECV_FAIL = SECURE_COMP_ID | 0xB1, + RC_SEND_FAIL = SECURE_COMP_ID | 0xB2, + RC_MSGRESPOND_FAIL = SECURE_COMP_ID | 0xB3, + RC_UPDATE_SECURITY_CTRL_HWP_FAIL = SECURE_COMP_ID | 0xB4, }; #ifdef __cplusplus } diff --git a/src/usr/isteps/istep10/call_host_update_redundant_tpm.C b/src/usr/isteps/istep10/call_host_update_redundant_tpm.C index a101621e5..2d9a8a8cd 100644 --- a/src/usr/isteps/istep10/call_host_update_redundant_tpm.C +++ b/src/usr/isteps/istep10/call_host_update_redundant_tpm.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ +/* Contributors Listed Below - COPYRIGHT 2015,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -23,14 +23,153 @@ /* */ /* IBM_PROLOG_END_TAG */ #include <errl/errlentry.H> +#include <errl/errlmanager.H> +#include <isteps/istep_reasoncodes.H> + +// targeting support +#include <targeting/common/target.H> +#include <targeting/common/commontargeting.H> +#include <targeting/common/utilFilter.H> +#include <errl/errludtarget.H> +#include <attributetraits.H> + +#include <config.h> +#include <util/align.H> +#include <util/algorithm.H> + +// Fapi Support +#include <fapi2.H> +#include <target_types.H> +#include <plat_hwp_invoker.H> +#include <attributeenums.H> +#include <istepHelperFuncs.H> + +// HWP +#include <p9_update_security_ctrl.H> + +// secure boot +#include <secureboot/service.H> + namespace ISTEP_10 { void* call_host_update_redundant_tpm (void *io_pArgs) { - errlHndl_t l_err = NULL; - //@TODO RTC:153891 call p9_update_security_ctrl.C HWP - return l_err; + #ifdef CONFIG_SECUREBOOT + do { + + bool l_force = false; + + if (!SECUREBOOT::enabled() && !l_force) + { + break; + } + + // call p9_update_security_ctrl.C HWP + TARGETING::TargetHandleList l_procList; + getAllChips(l_procList,TARGETING::TYPE_PROC,true); + + TARGETING::TargetHandleList l_tpmList; + getAllChips(l_tpmList,TARGETING::TYPE_TPM,false); + + // for each processor in list + for(auto pProc : l_procList) + { + bool l_notInMrw = true; + TARGETING::Target* l_tpm = nullptr; + + // check if processor has a TPM according to the mrw + + // for each TPM in the list compare i2c master path with + // the path of the current processor + for (auto itpm : l_tpmList) + { + auto l_physPath = pProc->getAttr<TARGETING::ATTR_PHYS_PATH>(); + + auto l_tpmInfo = itpm->getAttr<TARGETING::ATTR_TPM_INFO>(); + + if (l_tpmInfo.i2cMasterPath == l_physPath) + { + l_notInMrw = false; + l_tpm = itpm; + break; + } + } + + if (l_notInMrw) + { + uint8_t l_protectTpm = 1; + pProc->setAttr<TARGETING::ATTR_SECUREBOOT_PROTECT_DECONFIGURED_TPM + >(l_protectTpm); + } + + errlHndl_t err = nullptr; + + const fapi2::Target<fapi2::TARGET_TYPE_PROC_CHIP> l_fapiTarg(pProc); + + FAPI_INVOKE_HWP(err, p9_update_security_ctrl, l_fapiTarg); + + if (err) + { + TRACFCOMP(ISTEPS_TRACE::g_trac_isteps_trace, + ERR_MRK"call_host_update_redundant_tpm - " + "p9_update_security_ctrl failed for processor tgt=0x%X, " + "TPM tgt=0x%X. Deconfiguring processor because future " + "security cannot be guaranteed.", + TARGETING::get_huid(pProc), + TARGETING::get_huid(l_tpm)); + + // save the plid from the error before commiting + auto plid = err->plid(); + + ERRORLOG::ErrlUserDetailsTarget(pProc).addToLog(err); + + // commit this error log first before creating the new one + ERRORLOG::errlCommit(err, ISTEP_COMP_ID); + + /*@ + * @errortype + * @reasoncode ISTEP::RC_UPDATE_SECURITY_CTRL_HWP_FAIL + * @moduleid ISTEP::MOD_UPDATE_REDUNDANT_TPM + * @severity ERRL_SEV_UNRECOVERABLE + * @userdata1 Processor Target + * @userdata2 TPM Target + * @devdesc Failed to set SEEPROM lock and/or TPM deconfig + * protection for this processor, so we cannot + * guarrantee platform secuirty for this processor + * @custdesc Platform security problem detected + */ + err = new ERRORLOG::ErrlEntry(ERRORLOG::ERRL_SEV_UNRECOVERABLE, + ISTEP::MOD_UPDATE_REDUNDANT_TPM, + ISTEP::RC_UPDATE_SECURITY_CTRL_HWP_FAIL, + TARGETING::get_huid(pProc), + TARGETING::get_huid(l_tpm), + true); + + err->addHwCallout(pProc, + HWAS::SRCI_PRIORITY_LOW, + HWAS::DELAYED_DECONFIG, + HWAS::GARD_NULL); + + err->collectTrace(ISTEP_COMP_NAME); + + // pass on the plid from the previous error log to the new one + err->plid(plid); + + ERRORLOG::ErrlUserDetailsTarget(pProc).addToLog(err); + + ERRORLOG::errlCommit(err, ISTEP_COMP_ID); + + // we don't break here. we need to continue on to the next + // processor and run the HWP on that one + } + } + + } while(0); + + #endif // CONFIG_SECUREBOOT + + return nullptr; } }; diff --git a/src/usr/isteps/istep10/makefile b/src/usr/isteps/istep10/makefile index 12616aed1..c5d4e88d1 100644 --- a/src/usr/isteps/istep10/makefile +++ b/src/usr/isteps/istep10/makefile @@ -5,7 +5,7 @@ # # OpenPOWER HostBoot Project # -# Contributors Listed Below - COPYRIGHT 2015,2016 +# Contributors Listed Below - COPYRIGHT 2015,2017 # [+] International Business Machines Corp. # # @@ -27,7 +27,7 @@ MODULE = istep10 NEST_HWP_PATH += ${ROOTPATH}/src/import/chips/p9/procedures/hwp/nest INITFILES_HWP_PATH += ${ROOTPATH}/src/import/chips/p9/procedures/hwp/initfiles - +PERV_HWP_PATH += ${ROOTPATH}/src/import/chips/p9/procedures/hwp/perv EXTRAINCDIR += ${ROOTPATH}/src/usr/isteps/ EXTRAINCDIR += ${ROOTPATH}/src/include/usr/fapi2/ @@ -36,6 +36,7 @@ EXTRAINCDIR += ${ROOTPATH}/src/import/chips/p9/utils/imageProcs/ EXTRAINCDIR += ${ROOTPATH}/src/import/chips/p9/common/include/ EXTRAINCDIR += ${NEST_HWP_PATH} EXTRAINCDIR += ${INITFILES_HWP_PATH} +EXTRAINCDIR += ${PERV_HWP_PATH} OBJS += call_proc_build_smp.o OBJS += call_host_slave_sbe_update.o @@ -43,6 +44,7 @@ OBJS += call_host_update_redundant_tpm.o VPATH += ${NEST_HWP_PATH} VPATH += ${INITFILES_HWP_PATH} +VPATH += ${PERV_HWP_PATH} #Required include before all the procedure.mk are included include ${ROOTPATH}/procedure.rules.mk @@ -51,5 +53,6 @@ include ${ROOTPATH}/procedure.rules.mk include $(NEST_HWP_PATH)/p9_build_smp.mk include ${INITFILES_HWP_PATH}/p9_fbc_ab_hp_scom.mk include ${INITFILES_HWP_PATH}/p9_fbc_cd_hp_scom.mk +include ${PERV_HWP_PATH}/p9_update_security_ctrl.mk include ${ROOTPATH}/config.mk diff --git a/src/usr/secureboot/trusted/makefile b/src/usr/secureboot/trusted/makefile index b3da5a509..7ccb04ac2 100644 --- a/src/usr/secureboot/trusted/makefile +++ b/src/usr/secureboot/trusted/makefile @@ -5,7 +5,7 @@ # # OpenPOWER HostBoot Project # -# Contributors Listed Below - COPYRIGHT 2015,2016 +# Contributors Listed Below - COPYRIGHT 2015,2017 # [+] International Business Machines Corp. # # @@ -24,15 +24,31 @@ # IBM_PROLOG_END_TAG ROOTPATH = ../../../.. MODULE = secureboot_trusted +PERV_HWP_PATH += ${ROOTPATH}/src/import/chips/p9/procedures/hwp/perv +#Hardware procedure includes +EXTRAINCDIR += ${PERV_HWP_PATH} +EXTRAINCDIR += ${ROOTPATH}/src/include/usr/fapi2/ +EXTRAINCDIR += ${ROOTPATH}/src/import/hwpf/fapi2/include/ +EXTRAINCDIR += ${ROOTPATH}/src/import/chips/p9/utils/imageProcs/ +EXTRAINCDIR += ${ROOTPATH}/src/import/chips/p9/common/include/ + +#Trustedboot compilation units OBJS += $(if $(CONFIG_TPMDD),trustedboot.o,) OBJS += $(if $(CONFIG_TPMDD),trustedbootCmds.o,) OBJS += $(if $(CONFIG_TPMDD),trustedTypes.o,) OBJS += $(if $(CONFIG_TPMDD),tpmLogMgr.o,) OBJS += $(if $(CONFIG_TPMDD),trustedbootUtils.o,) +#Handle the hardware procedure link dependency +VPATH += ${PERV_HWP_PATH} + SUBDIRS += $(if $(CONFIG_TPMDD),test.d,) CFLAGS += -iquote ../ +#Include HWP procedure makefiles +include ${ROOTPATH}/procedure.rules.mk +include ${PERV_HWP_PATH}/p9_update_security_ctrl.mk + include ${ROOTPATH}/config.mk diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C index 2009ab07a..dba6e1ba1 100644 --- a/src/usr/secureboot/trusted/trustedboot.C +++ b/src/usr/secureboot/trusted/trustedboot.C @@ -59,6 +59,9 @@ #ifdef CONFIG_DRTM #include <secureboot/drtm.H> #endif +#include <fapi2.H> +#include <plat_hwp_invoker.H> +#include <p9_update_security_ctrl.H> namespace TRUSTEDBOOT { @@ -812,15 +815,140 @@ void pcrExtendSeparator(TpmTarget & io_target) void tpmMarkFailed(TpmTarget * io_target) { - TRACFCOMP( g_trac_trustedboot, ENTER_MRK"tpmMarkFailed() Marking TPM as failed : " "tgt=0x%X", TARGETING::get_huid(io_target->tpmTarget)); io_target->failed = true; - /// @todo RTC:125287 Add fail marker to TPM log and disable TPM access + #ifdef CONFIG_SECUREBOOT + TARGETING::Target* l_tpm = io_target->tpmTarget; + + errlHndl_t l_err = nullptr; + TARGETING::Target* l_proc = nullptr; + + do { + + if (!SECUREBOOT::enabled()) + { + break; + } + + // for the given tpm target, find the processor target + TARGETING::TargetHandleList l_procList; + getAllChips(l_procList,TARGETING::TYPE_PROC,false); + + auto l_tpmInfo = l_tpm->getAttr<TARGETING::ATTR_TPM_INFO>(); + + for(auto it : l_procList) + { + auto l_physPath = it->getAttr<TARGETING::ATTR_PHYS_PATH>(); + if (l_tpmInfo.i2cMasterPath == l_physPath) + { + // found processor to deconfigure + l_proc = it; + break; + } + } + if (l_proc == nullptr) + { + assert(false,"tpmMarkFailed - TPM with non-existent processor indicates" + " a bad MRW. TPM tgt=0x%X", TARGETING::get_huid(l_tpm)); + } + + // set ATTR_SECUREBOOT_PROTECT_DECONFIGURED_TPM for the processor + uint8_t l_protectTpm = 1; + l_proc->setAttr<TARGETING::ATTR_SECUREBOOT_PROTECT_DECONFIGURED_TPM>( + l_protectTpm); + + // do not deconfigure the processor if it already deconfigured + TARGETING::PredicateHwas isNonFunctional; + isNonFunctional.functional(false); + if (isNonFunctional(l_proc)) + { + // Note: at this point l_err is nullptr so + // no error log is created on break + break; + } + + uint64_t l_regValue = 0; + l_err = SECUREBOOT::getSecuritySwitch(l_regValue, l_proc); + if (l_err) + { + TRACFCOMP(g_trac_trustedboot, + ERR_MRK"tpmMarkFailed - call to getSecuritySwitch failed"); + break; + } + // if the SBE lock bit is not set, it means that istep 10.3 hasn't executed + // yet, so we will let istep 10.3 call p9_update_security_control HWP + // if the SBE lock bit is set, then we will call the HWP here + if (!(l_regValue & static_cast<uint64_t>(SECUREBOOT::ProcSecurity::SULBit))) + { + break; + } + + const fapi2::Target<fapi2::TARGET_TYPE_PROC_CHIP> l_fapiTarg(l_proc); + + FAPI_INVOKE_HWP(l_err, p9_update_security_ctrl, l_fapiTarg); + + if (l_err) + { + TRACFCOMP(g_trac_trustedboot, + ERR_MRK"tpmMarkFailed - call to p9_update_security_ctrl failed "); + } + + } while(0); + + if (l_err) + { + TRACFCOMP(g_trac_trustedboot, + ERR_MRK "Processor tgt=0x%X TPM tgt=0x&X. Deconfiguring processor " + "because future security cannot be guaranteed.", + TARGETING::get_huid(l_proc), + TARGETING::get_huid(l_tpm)); + + // save the plid from the error before commiting + auto plid = l_err->plid(); + + ERRORLOG::ErrlUserDetailsTarget(l_proc).addToLog(l_err); + + // commit this error log first before creating the new one + errlCommit(l_err, SECURE_COMP_ID); + + /*@ + * @errortype + * @reasoncode TRUSTEDBOOT::RC_UPDATE_SECURITY_CTRL_HWP_FAIL + * @moduleid TRUSTEDBOOT::MOD_TPM_MARK_FAILED + * @severity ERRL_SEV_UNRECOVERABLE + * @userdata1 Processor Target + * @userdata2 TPM Target + * @devdesc Failed to set SEEPROM lock and/or TPM deconfig + * protection for this processor, so we cannot + * guarrantee platform secuirty for this processor + * @custdesc Platform security problem detected + */ + l_err = new ERRORLOG::ErrlEntry(ERRORLOG::ERRL_SEV_UNRECOVERABLE, + TRUSTEDBOOT::MOD_TPM_MARK_FAILED, + TRUSTEDBOOT::RC_UPDATE_SECURITY_CTRL_HWP_FAIL, + TARGETING::get_huid(l_proc), + TARGETING::get_huid(l_tpm)); + + l_err->addHwCallout(l_proc, + HWAS::SRCI_PRIORITY_LOW, + HWAS::DELAYED_DECONFIG, + HWAS::GARD_NULL); + + l_err->collectTrace(SECURE_COMP_NAME); + + // pass on the plid from the previous error log to the new one + l_err->plid(plid); + + ERRORLOG::ErrlUserDetailsTarget(l_proc).addToLog(l_err); + + ERRORLOG::errlCommit(l_err, SECURE_COMP_ID); + } + #endif } void tpmVerifyFunctionalTpmExists() diff --git a/src/usr/targeting/common/xmltohb/attribute_types.xml b/src/usr/targeting/common/xmltohb/attribute_types.xml index 48499b8ed..67fd8d82c 100644 --- a/src/usr/targeting/common/xmltohb/attribute_types.xml +++ b/src/usr/targeting/common/xmltohb/attribute_types.xml @@ -32286,6 +32286,7 @@ Measured in GB</description> </simpleType> <persistency>volatile-zeroed</persistency> <readable/> + <writeable/> <hwpfToHbAttrMap> <id>ATTR_SECUREBOOT_PROTECT_DECONFIGURED_TPM</id> <macro>DIRECT</macro> |