diff options
Diffstat (limited to 'src/include/usr/secureboot')
| -rw-r--r-- | src/include/usr/secureboot/nodecommif.H | 11 | ||||
| -rw-r--r-- | src/include/usr/secureboot/secure_reasoncodes.H | 6 | ||||
| -rw-r--r-- | src/include/usr/secureboot/trustedboot_reasoncodes.H | 1 | ||||
| -rw-r--r-- | src/include/usr/secureboot/trustedbootif.H | 79 |
4 files changed, 78 insertions, 19 deletions
diff --git a/src/include/usr/secureboot/nodecommif.H b/src/include/usr/secureboot/nodecommif.H index cd445d7c9..72f137094 100644 --- a/src/include/usr/secureboot/nodecommif.H +++ b/src/include/usr/secureboot/nodecommif.H @@ -58,6 +58,17 @@ enum node_comm_link_mbox_info_t NCDD_INVALID_LINK_MBOX = 0xFF, }; +// Each hex number is an encoding of the ascii string +// corresponding to the name given below. +typedef enum : uint64_t +{ + MSTNOTPM = 0x4d53544e4f54504d, + NDNOTPM_ = 0x4e444e4f54504d5f, + MASTERQ_ = 0x4d4153545245515f, + NODEQUOT = 0x4e4f444551554f54, + INVALID_ = 0x494e56414c49445f, +} NCEyeCatcher_t; + /** * @brief Execute a single transmission from one proc to another * over the XBUS Link Mailbox facility diff --git a/src/include/usr/secureboot/secure_reasoncodes.H b/src/include/usr/secureboot/secure_reasoncodes.H index acd3b0c5d..26607c4ef 100644 --- a/src/include/usr/secureboot/secure_reasoncodes.H +++ b/src/include/usr/secureboot/secure_reasoncodes.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2013,2018 */ +/* Contributors Listed Below - COPYRIGHT 2013,2019 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -65,6 +65,7 @@ namespace SECUREBOOT MOD_NCEX_SLAVE = 0x28, MOD_NCEX_GET_RANDOM = 0x29, MOD_NC_RECV = 0x2A, + MOD_NC_GEN_SLAVE_RESPONSE = 0x2B, }; enum SECUREReasonCode @@ -108,6 +109,9 @@ namespace SECUREBOOT RC_NCEX_INVALID_PHYS_PATH = SECURE_COMP_ID | 0x29, RC_NCEX_INVALID_INSTANCE_COUNT = SECURE_COMP_ID | 0x2A, RC_NC_WAITING_TIMEOUT = SECURE_COMP_ID | 0x2B, + RC_NC_BAD_MASTER_TPM = SECURE_COMP_ID | 0x2C, + RC_NC_NO_PRIMARY_TPM_LOG = SECURE_COMP_ID | 0x2D, + RC_NC_BAD_MASTER_EYE_CATCH = SECURE_COMP_ID | 0x2E, // Reason codes 0xA0 - 0xEF reserved for trustedboot_reasoncodes.H }; diff --git a/src/include/usr/secureboot/trustedboot_reasoncodes.H b/src/include/usr/secureboot/trustedboot_reasoncodes.H index 60727239e..b4d2dec2b 100644 --- a/src/include/usr/secureboot/trustedboot_reasoncodes.H +++ b/src/include/usr/secureboot/trustedboot_reasoncodes.H @@ -77,6 +77,7 @@ namespace TRUSTEDBOOT MOD_GEN_QUOTE = 0x1F, MOD_TPM_CMD_FLUSH_CONTEXT = 0x20, MOD_FLUSH_CONTEXT = 0x21, + MOD_PCR_READ = 0x22, }; enum TRUSTEDReasonCode diff --git a/src/include/usr/secureboot/trustedbootif.H b/src/include/usr/secureboot/trustedbootif.H index 8be8e6448..71e607a52 100644 --- a/src/include/usr/secureboot/trustedbootif.H +++ b/src/include/usr/secureboot/trustedbootif.H @@ -55,6 +55,9 @@ namespace TRUSTEDBOOT { size_t size; // the size (bytes) of the data pointer uint8_t* data; // the actual quote data + _QuoteDataOut() : size(0), data(nullptr) + { + } } PACKED; typedef struct _QuoteDataOut QuoteDataOut; @@ -90,22 +93,23 @@ namespace TRUSTEDBOOT /// TPM PCR designations typedef enum { - PCR_0 = 0, - PCR_1 = 1, - PCR_2 = 2, - PCR_3 = 3, - PCR_4 = 4, - PCR_5 = 5, - PCR_6 = 6, - PCR_7 = 7, - PCR_DEBUG = 16, - PCR_DRTM_17 = 17, - PCR_DRTM_18 = 18, - PCR_DRTM_19 = 19, - PCR_DRTM_20 = 20, - PCR_DRTM_21 = 21, - PCR_DRTM_22 = 22, - PLATFORM_PCR = 24, ///< The number of PCR required by the platform spec + PCR_0 = 0, + PCR_1 = 1, + PCR_2 = 2, + PCR_3 = 3, + PCR_4 = 4, + PCR_5 = 5, + PCR_6 = 6, + PCR_7 = 7, + FW_USED_PCR_COUNT = 8, + PCR_DEBUG = 16, + PCR_DRTM_17 = 17, + PCR_DRTM_18 = 18, + PCR_DRTM_19 = 19, + PCR_DRTM_20 = 20, + PCR_DRTM_21 = 21, + PCR_DRTM_22 = 22, + PLATFORM_PCR = 24, ///< The number of PCR required by the platform spec IMPLEMENTATION_PCR = 24, ///< The number of PCRs implemented by TPM } TPM_Pcr; @@ -147,6 +151,21 @@ namespace TRUSTEDBOOT TPM_TEST_DIGEST_MISMATCH = 0x05, } BackupTpmTestFailures; + // The structure to hold the Authentication Key certificate and its size + struct _TPM2B_MAX_NV_BUFFER + { + uint16_t size; //size of the buffer + AKCertificate_t buffer; + } PACKED; + typedef struct _TPM2B_MAX_NV_BUFFER TPM2B_MAX_NV_BUFFER; + + /// TPM Algorithm defines + typedef enum + { + TPM_ALG_SHA1 = 0x0004, ///< SHA1 Id + TPM_ALG_SHA256 = 0x000B, ///< SHA256 Id + TPM_ALG_INVALID_ID ///< Used for error checking + } TPM_Alg_Id; /** * @brief Initialize trusted boot/TPM components for the master TPM @@ -304,6 +323,14 @@ namespace TRUSTEDBOOT errlHndl_t poisonTpm(const TpmTarget* i_pTpm); /** + * @brief Poison all functional TPMs on the node. Calls poisonTpm for + * each functional TPM. + * + * @return nullptr on success; non-nullptr on error + */ + errlHndl_t poisonAllTpms(); + + /** * @brief Helper function for validating TPM handles. Returns an error log * if the supplied TPM is null, not a TPM target, or not functional. * @@ -397,7 +424,7 @@ namespace TRUSTEDBOOT * @return nullptr if success; non-nullptr on error */ errlHndl_t readAKCertificate(TpmTarget* i_target, - AKCertificate_t* o_data); + TPM2B_MAX_NV_BUFFER* o_data); /** * @brief Send the command to the given TPM to generate the quote @@ -409,7 +436,7 @@ namespace TRUSTEDBOOT * @return nullptr if success; non-nullptr on error */ errlHndl_t generateQuote(TpmTarget* i_target, - MasterTpmNonce_t* i_masterNonce, + const MasterTpmNonce_t* i_masterNonce, QuoteDataOut* o_data); /** @@ -421,6 +448,22 @@ namespace TRUSTEDBOOT */ errlHndl_t flushContext(TpmTarget* i_target); + /** + * @brief Send the command to the given TPM to read the contents of the + * given bank of the given PCR + * @param[in] i_target the pointer to the TPM target; must not be nullptr + * @param[in] i_pcr the PCR to read + * @param[in] i_algId the PCR bank to read + * @param[in] i_digestSize the size of the digest contained in the PCR + * @param[out] o_digest the data contained in the requested PCR + * + * @return nullptr if success; non-nullptr on error + */ + errlHndl_t pcrRead(TpmTarget* i_target, + TPM_Pcr i_pcr, + TPM_Alg_Id i_algId, + size_t i_digestSize, + uint8_t* o_digest); } // end TRUSTEDBOOT namespace |
