summaryrefslogtreecommitdiffstats
path: root/src/usr/secureboot/node_comm
diff options
context:
space:
mode:
Diffstat (limited to 'src/usr/secureboot/node_comm')
-rw-r--r--src/usr/secureboot/node_comm/README.md97
-rw-r--r--src/usr/secureboot/node_comm/node_comm.H5
-rw-r--r--src/usr/secureboot/node_comm/node_comm_dd.H3
-rw-r--r--src/usr/secureboot/node_comm/node_comm_exchange.C117
-rw-r--r--src/usr/secureboot/node_comm/node_comm_transfer.C5
-rw-r--r--src/usr/secureboot/node_comm/node_comm_transfer.H1
6 files changed, 179 insertions, 49 deletions
diff --git a/src/usr/secureboot/node_comm/README.md b/src/usr/secureboot/node_comm/README.md
new file mode 100644
index 000000000..0def94860
--- /dev/null
+++ b/src/usr/secureboot/node_comm/README.md
@@ -0,0 +1,97 @@
+# **'node\_comm'** Secureboot Services in Hostboot
+This directory implements the Hostboot functions necessary to create a
+ secure channel between nodes using a series of a-bus mailbox registers
+ enabled after a-bus training but before the iovalid drop.
+This secure channel is used in a multi-node evironment for nodes to exchange
+ cryptographic material that can later be used for internode authentication
+ higher up the firmware stack.
+
+## Key Points
+* This code implements device driver-like functionality to send messages
+ across the a-bus connection from one node to another
+ * This functionality is based on a-bus mailbox registers which are used to
+ detect incoming messages, retrieve data, and send data messages to/from
+ specific nodes
+* This code establishes a master node which then starts the process of exchanging
+ information with each of the other slave nodes
+* The files are built into libnode_comm.so
+* This module implements the interfaces defined in
+ [nodecommif.H](../../../include/usr/secureboot/nodecommif.H)
+* NOTE: The P9 code references "OBUS" a lot which is the specific processor
+ chiplet that the a-bus messaging system runs through.
+
+## Algorithm
+* First, each node does the following:
+ * Determine the nodes in the system
+ * Determine the master processor of this node
+ * Determine the a-bus connection to its master processor peers on the
+ other nodes
+
+* ***The Master Processor on Master Node*** does the following
+ (see node_comm_exchange.C's nodeCommAbusExchangeMaster()):
+ * **Loop 1:** Exchange SBID/nonces between Master and each of the Slave Nodes
+ * Generate SBID/nonce and send to slave node
+ * Look for return SBID/nonce from the slave
+ * **Loop 2:** Master Node requests quotes from each Slave Node
+ * Generate and send Quote Request to a slave
+ * Look for Quote Response from the slave node
+ * Process the Quote Response that was returned from the slave node
+ * NOTE:
+ * Nonces are encoded 64-bytes of data: part random number, part node ID
+ * Quotes are a form of attestation between two TPMs on the system. See
+ TrustedComputingGroup.org's Trusted Platform Module Library Specification,
+ Family "2.0" for more details.
+
+* ***The Master Processor on each Slave Node*** does the following
+ (see node_comm_exchange.C's nodeCommAbusExchangeSlave()):
+
+ * Wait for SBID/nonce from the master node
+ * Send a SBID/nonce back to the master node
+ * Wait for Quote Request from master node
+ * Generate the Quote Response
+ * Send the Quote Response to the master node
+
+
+* NOTE: Generating the SBID/Nonces, Quote Requests, and Quote Responses above
+ all require interacting with the TPMs on the different nodes in specific
+ ways
+ * The devil is truly in the details, and the details can be found in the
+ supporting functions of node_comm_exchange.C
+* NOTE: In the event that one node fails in this process there will be an
+ attempt to poison the TPMs on that node and move on in most cases. This is
+ to prevent an entire system from failing to boot with one bad node.
+
+## Files
+
+* __makefile__
+ * Standard Hostboot makefile
+
+* __node_comm.C, node_comm.H__
+ * The majority of the sub-functions used to implement the algorithm are
+ defined and implemented here, including the a-bus mapping details between
+ the nodes
+
+* __node_comm_dd.C, node_comm_dd.H__
+ * Defines and implements the "NODECOMM" device driver that interacts directly
+ with the a-bus mailbox registers
+
+* __node_comm_exchange.C__
+ * The core of this module - the primary function nodeCommAbusExchange()
+ is implemented here and shows the high-level data flow between the nodes
+ * The procedure for the master node is defined in nodeCommAbusExchangeMaster()
+ * The procedure for the slave nodes is defiend in nodeCommAbusExchangeSlave()
+ * The interactions with the TPM - generating and logging SBID/Nonces, Quote
+ Requests, Quote Responses - are all in this file
+
+* __node_comm_test.C__
+ * Implements the proof-of-concept "nodeCommXbus2ProcTest" test to transfer
+ data across the x-bus between processors using a similar method to the a-bus
+ mechanism
+
+* __node_comm_transfer.C, node_comm_transfer.H__
+ * Defines and implements the different types of messages that can be sent
+ between the nodes, including the actual send and receive functions
+
+* __[README.md](./README.md)__
+ * This file
+
diff --git a/src/usr/secureboot/node_comm/node_comm.H b/src/usr/secureboot/node_comm/node_comm.H
index e44893683..227d53ac2 100644
--- a/src/usr/secureboot/node_comm/node_comm.H
+++ b/src/usr/secureboot/node_comm/node_comm.H
@@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
-/* Contributors Listed Below - COPYRIGHT 2018 */
+/* Contributors Listed Below - COPYRIGHT 2018,2020 */
/* [+] International Business Machines Corp. */
/* */
/* */
@@ -28,11 +28,10 @@
// ----------------------------------------------
// Includes
// ----------------------------------------------
-#include <config.h>
#include <time.h>
#include <devicefw/userif.H>
#include <trace/interface.H>
-#include <scom/centaurScomCache.H> // for TRACE_ERR_FMT, TRACE_ERR_ARGS
+#include <errl/errlentry.H> // for TRACE_ERR_FMT, TRACE_ERR_ARGS
#include <secureboot/nodecommif.H>
#include "../trusted/trustedboot.H"
#include <secureboot/trustedbootif.H>
diff --git a/src/usr/secureboot/node_comm/node_comm_dd.H b/src/usr/secureboot/node_comm/node_comm_dd.H
index 212ab24df..f8b057bcd 100644
--- a/src/usr/secureboot/node_comm/node_comm_dd.H
+++ b/src/usr/secureboot/node_comm/node_comm_dd.H
@@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
-/* Contributors Listed Below - COPYRIGHT 2018 */
+/* Contributors Listed Below - COPYRIGHT 2018,2019 */
/* [+] International Business Machines Corp. */
/* */
/* */
@@ -28,7 +28,6 @@
// ----------------------------------------------
// Includes
// ----------------------------------------------
-#include <config.h>
#include <devicefw/userif.H>
#include <secureboot/nodecommif.H>
diff --git a/src/usr/secureboot/node_comm/node_comm_exchange.C b/src/usr/secureboot/node_comm/node_comm_exchange.C
index ff8ff8a31..ccbd973d3 100644
--- a/src/usr/secureboot/node_comm/node_comm_exchange.C
+++ b/src/usr/secureboot/node_comm/node_comm_exchange.C
@@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
-/* Contributors Listed Below - COPYRIGHT 2018 */
+/* Contributors Listed Below - COPYRIGHT 2018,2019 */
/* [+] International Business Machines Corp. */
/* */
/* */
@@ -51,7 +51,6 @@
#include <targeting/targplatutil.H>
#include <sys/internode.h>
#include <util/misc.H>
-#include <config.h>
#include "node_comm.H"
#include "node_comm_transfer.H"
@@ -133,6 +132,7 @@ errlHndl_t nodeCommAbusGetRandom(uint64_t & o_nonce)
{
errlHndl_t err = nullptr;
o_nonce = NODE_COMM_DEFAULT_NONCE;
+#ifdef CONFIG_TPMDD
Target* tpm_tgt = nullptr;
TRACUCOMP(g_trac_nc,ENTER_MRK"nodeCommAbusGetRandom:");
@@ -144,9 +144,7 @@ errlHndl_t nodeCommAbusGetRandom(uint64_t & o_nonce)
// This function call requires the CONFIG check for compilation purposes,
// but no extra error handling is needed as it should not have gotten this
// far if CONFIG_TPMDD wasn't set
-#ifdef CONFIG_TPMDD
TRUSTEDBOOT::getPrimaryTpm(tpm_tgt);
-#endif
HwasState hwasState{};
if(tpm_tgt)
{
@@ -192,11 +190,9 @@ errlHndl_t nodeCommAbusGetRandom(uint64_t & o_nonce)
// This function call requires the CONFIG check for compilation purposes,
// but no extra error handling is needed as it should not have gotten this
// far if CONFIG_TPMDD wasn't set
-#ifdef CONFIG_TPMDD
err = TRUSTEDBOOT::GetRandom(tpm_tgt,
sizeof(o_nonce),
reinterpret_cast<uint8_t*>(&o_nonce));
-#endif
if (err)
{
// Reset just to make sure above call didn't change it
@@ -208,18 +204,30 @@ errlHndl_t nodeCommAbusGetRandom(uint64_t & o_nonce)
get_huid(tpm_tgt),
TRACE_ERR_ARGS(err),
o_nonce);
- // err commited outside of do-while loop below
-
// break to be safe in case code gets added later
break;
}
} while( 0 );
- if (err)
+ if(err)
{
- err->collectTrace(TRBOOT_COMP_NAME);
- err->collectTrace(NODECOMM_TRACE_NAME);
+ if(!TRUSTEDBOOT::isTpmRequired())
+ {
+ TRACFCOMP(g_trac_nc,ERR_MRK"nodeCommAbusGetRandom: Error occurred; "
+ "RC: 0x%.04X; PLID: 0x%.08X. TPM Required policy is off; "
+ "deleting the error and trying to continue.",
+ err->reasonCode(),
+ err->plid());
+ // TPM is not required - do not return the error
+ delete err;
+ err = nullptr;
+ }
+ else
+ {
+ err->collectTrace(TRBOOT_COMP_NAME);
+ err->collectTrace(NODECOMM_TRACE_NAME);
+ }
}
TRACFCOMP(g_trac_nc,EXIT_MRK"nodeCommAbusGetRandom: "
@@ -228,6 +236,7 @@ errlHndl_t nodeCommAbusGetRandom(uint64_t & o_nonce)
o_nonce, get_huid(tpm_tgt),
TRACE_ERR_ARGS(err));
+#endif
return err;
} // end of nodeCommAbusGetRandom
@@ -618,17 +627,19 @@ errlHndl_t nodeCommGenSlaveQuoteResponse(const MasterQuoteRequestBlob* const i_r
{
l_poisonTpmErr->plid(l_errl->plid());
}
- errlCommit(l_poisonTpmErr, SECURE_COMP_ID);
- }
- }
-
- if(l_errl)
- {
- if(!l_tpmRequired)
- {
- // TPM is not required, so no need to propagate the error up and
- // fail the boot.
- errlCommit(l_errl, SECURE_COMP_ID);
+ if(l_tpmRequired)
+ {
+ errlCommit(l_poisonTpmErr, SECURE_COMP_ID);
+ }
+ else
+ {
+ TRACFCOMP(g_trac_nc,ERR_MRK"nodeCommGenSlaveQuoteResponse: "
+ "Could not poison TPMs. Errl PLID: 0x%.08X "
+ "Deleting the error log and continuing anyway.",
+ l_poisonTpmErr->plid());
+ delete l_poisonTpmErr;
+ l_poisonTpmErr = nullptr;
+ }
}
}
@@ -721,14 +732,19 @@ errlHndl_t nodeCommGenMasterQuoteRequest(MasterQuoteRequestBlob* const o_request
{
l_poisonTpmErr->plid(l_errl->plid());
}
- errlCommit(l_poisonTpmErr, SECURE_COMP_ID);
- }
-
- if(!l_tpmRequired)
- {
- // TPM is not required, so no need to propagate the error up and
- // fail the boot.
- errlCommit(l_errl, SECURE_COMP_ID);
+ if(l_tpmRequired)
+ {
+ errlCommit(l_poisonTpmErr, SECURE_COMP_ID);
+ }
+ else
+ {
+ TRACFCOMP(g_trac_nc,ERR_MRK"nodeCommGenMasterQuoteRequest: "
+ "Could not poison TPMs. Errl PLID: 0x%.08X. "
+ "Deleting the error log and continuing anyway.",
+ l_poisonTpmErr->plid());
+ delete l_poisonTpmErr;
+ l_poisonTpmErr = nullptr;
+ }
}
}
@@ -814,13 +830,19 @@ errlHndl_t nodeCommProcessSlaveQuote(uint8_t* const i_slaveQuote,
{
l_poisonTpmErr->plid(l_errl->plid());
}
- errlCommit(l_poisonTpmErr, SECURE_COMP_ID);
- }
-
- if(!TRUSTEDBOOT::isTpmRequired())
- {
- // TPM is not required - do not propagate the error
- errlCommit(l_errl, SECURE_COMP_ID);
+ if(TRUSTEDBOOT::isTpmRequired())
+ {
+ errlCommit(l_poisonTpmErr, SECURE_COMP_ID);
+ }
+ else
+ {
+ TRACFCOMP(g_trac_nc, ERR_MRK"nodeCommProcessSlaveQuote: "
+ "Could not poison TPMs. Errl PLID: 0x%.08X. "
+ "Deleting the error log and continuing.",
+ l_poisonTpmErr->plid());
+ delete l_poisonTpmErr;
+ l_poisonTpmErr = nullptr;
+ }
}
}
@@ -1738,9 +1760,24 @@ errlHndl_t nodeCommAbusExchange(void)
if (err)
{
- err->collectTrace(SECURE_COMP_NAME);
- err->collectTrace(NODECOMM_TRACE_NAME);
- err->collectTrace(TRBOOT_COMP_NAME);
+ if(!TRUSTEDBOOT::isTpmRequired())
+ {
+ TRACFCOMP(g_trac_nc,EXIT_MRK"nodeCommAbusExchange:An error occurred"
+ " during secure node communication, but the TPM required "
+ "policy is not set, so the error will not be propagated."
+ " Original error RC: 0x%.04X; PLID: 0x%.08X."
+ " Deleting the error log and continuing.",
+ err->reasonCode(),
+ err->plid());
+ delete err;
+ err = nullptr;
+ }
+ else
+ {
+ err->collectTrace(SECURE_COMP_NAME);
+ err->collectTrace(NODECOMM_TRACE_NAME);
+ err->collectTrace(TRBOOT_COMP_NAME);
+ }
}
if (l_phys_path_str != nullptr)
diff --git a/src/usr/secureboot/node_comm/node_comm_transfer.C b/src/usr/secureboot/node_comm/node_comm_transfer.C
index b7afb02ef..4b82688f0 100644
--- a/src/usr/secureboot/node_comm/node_comm_transfer.C
+++ b/src/usr/secureboot/node_comm/node_comm_transfer.C
@@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
-/* Contributors Listed Below - COPYRIGHT 2019 */
+/* Contributors Listed Below - COPYRIGHT 2019,2020 */
/* [+] International Business Machines Corp. */
/* */
/* */
@@ -26,11 +26,10 @@
// ----------------------------------------------
// Includes
// ----------------------------------------------
-#include <config.h>
#include <time.h>
#include <devicefw/userif.H>
#include <trace/interface.H>
-#include <scom/centaurScomCache.H> // for TRACE_ERR_FMT, TRACE_ERR_ARGS
+#include <errl/errlentry.H> // for TRACE_ERR_FMT, TRACE_ERR_ARGS
#include <targeting/targplatutil.H>
#include <secureboot/nodecommif.H>
#include <secureboot/secure_reasoncodes.H>
diff --git a/src/usr/secureboot/node_comm/node_comm_transfer.H b/src/usr/secureboot/node_comm/node_comm_transfer.H
index 201661447..93f45a512 100644
--- a/src/usr/secureboot/node_comm/node_comm_transfer.H
+++ b/src/usr/secureboot/node_comm/node_comm_transfer.H
@@ -28,7 +28,6 @@
// ----------------------------------------------
// Includes
// ----------------------------------------------
-#include <config.h>
#include "node_comm.H"
#include <map>
OpenPOWER on IntegriCloud