diff options
Diffstat (limited to 'src/usr/runtime/populate_hbruntime.C')
-rw-r--r-- | src/usr/runtime/populate_hbruntime.C | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/src/usr/runtime/populate_hbruntime.C b/src/usr/runtime/populate_hbruntime.C index db26d87be..129068941 100644 --- a/src/usr/runtime/populate_hbruntime.C +++ b/src/usr/runtime/populate_hbruntime.C @@ -1461,19 +1461,6 @@ errlHndl_t populate_hbSecurebootData ( void ) hdatSysParms_t* const l_sysParmsPtr = reinterpret_cast<hdatSysParms_t*>(l_hbrtDataAddr); - typedef struct sysSecSets - { - // bit 0: Code Container Digital Signature Checking - uint16_t secureboot : 1; - // bit 1: Measurements Extended to Secure Boot TPM - uint16_t trustedboot : 1; - // bit 2: SBE Security Backdoor bit. - // NOTE: This bit is labeled "Platform Security Overrides Allowed" - // in the section 6.1.1 of HDAT spec. - uint16_t sbeSecBackdoor : 1; - uint16_t reserved : 13; - } SysSecSets; - // populate system security settings in hdat SysSecSets* const l_sysSecSets = reinterpret_cast<SysSecSets*>(&l_sysParmsPtr->hdatSysSecuritySetting); @@ -1703,6 +1690,15 @@ errlHndl_t populate_TpmInfoByNode(const uint64_t i_instance) TARGETING::TargetHandleList tpmList; TRUSTEDBOOT::getTPMs(tpmList, TRUSTEDBOOT::TPM_FILTER::ALL_IN_BLUEPRINT); + // Put the primary TPM first in the list of TPMs to simplify alignment of + // trusted boot enabled bits across the nodes. + std::sort(tpmList.begin(), tpmList.end(), + [](TARGETING::TargetHandle_t lhs, TARGETING::TargetHandle_t rhs) + { + return (lhs->getAttr<TARGETING::ATTR_TPM_ROLE>() == + TARGETING::TPM_ROLE_TPM_PRIMARY); + }); + TARGETING::TargetHandleList l_procList; getAllChips(l_procList,TARGETING::TYPE_PROC,false); |