diff options
Diffstat (limited to 'src/usr/secureboot/trusted')
| -rw-r--r-- | src/usr/secureboot/trusted/README.md | 74 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/base/trustedboot_base.C | 3 | ||||
| -rwxr-xr-x | src/usr/secureboot/trusted/test/trustedbootTest.H | 1 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/trustedboot.C | 1 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/trustedbootCmds.C | 1 |
5 files changed, 75 insertions, 5 deletions
diff --git a/src/usr/secureboot/trusted/README.md b/src/usr/secureboot/trusted/README.md new file mode 100644 index 000000000..effe75f44 --- /dev/null +++ b/src/usr/secureboot/trusted/README.md @@ -0,0 +1,74 @@ +# **'trusted'** Secureboot Services in Hostboot +This directory implements the 'trusted' boot functionality that Hostboot + provides. +It primarily does this by measuring and storing firmware images and system + data into the system's TPMs (Trusted Platform Modules). + +## Key Points +* This code measures specific information on the system, including different + firmware images that are loaded onto the system by hostboot +* These mesasurements, along with other system data, are stored in the TPMs + on the system +* This code also determines which TPMs exist on the system, if they are + functional, and initializes them +* To directly talk to the TPMs this code uses the TPM Device Driver, which + is built on top of the I2C Device Driver: + * [src/usr/i2c/tmpdd.C](../../i2c/tpmdd.C) + * [src/usr/i2c/tpmdd.H](../../i2c/tpmdd.H) + +* The **libsecureboot_trusted.so** module created here is available in + Hostboot's extended image +* However, the code in the 'base' sub-directory is built into + libsecureboot_base.so and is available in Hostboot's base image +* This module implements the interfaces defined in + [trustedbootif.H](../../../include/usr/secureboot/trustedbootif.H) + +## Files + +* __makefile__ + * Standard Hostboot makefile + +* __[README.md](./README.md)__ + * This file + +* __tpmLogMgr.C, tpmLogMgr.H__ + * Defines and implements functions around the TPM Event Log, including + adding new events, extending the log to the TPM, and moving the log to + different memory locations + +* __trustedTypes.C, trustedTypes.H__ + * Defines different structures and methods for sending and receiving data + to and from the TPM + +* __trustedboot.C, trustedboot.H__ + * Defines and implements the majority of the functions that interact with the + TPMs + * Implements the majority of the functions that verify and initialize the TPMs + +* __trustedbootCmds.C, trustedbootCmds.H__ + * Defines and implements commands sent to the TPM and then processes (aka + marshall and unmarshall) the data appropriately + +* __trustedbootUtils.C, trustedbootUtils.H__ + * Defines and implements a few utility functions like a wrapper to the TPM + Device Driver and creating trustedboot error logs. + + +## sub-directories +* __base__ + * These files create a message queue to reserve operations that can be + implemented once the full Hostboot extended code, including + libsecureboot_trusted.so, is available to process them + * These files also take the basic operations that the Hostboot base code + needs and sends them to the message queue + * __trustedboot_base.C__ + * Implements early trustedboot/TPM calls be calling into a message + queue so that they can be processed later + + * __trustedbootMsg.C, trustedbootMsg.H__ + * Defines and implements the message queue so that commands can be + processed later when libsecureboot_trusted.so is available + +* __test__ + * Standard Hostboot test directory that implements CXX Unit Tests + diff --git a/src/usr/secureboot/trusted/base/trustedboot_base.C b/src/usr/secureboot/trusted/base/trustedboot_base.C index 2e5182d2f..eb889131c 100644 --- a/src/usr/secureboot/trusted/base/trustedboot_base.C +++ b/src/usr/secureboot/trusted/base/trustedboot_base.C @@ -45,7 +45,6 @@ #include <secureboot/header.H> #include <secureboot/containerheader.H> #include <pnor/pnorif.H> -#include <config.h> #include "../trustedboot.H" #include "../trustedbootCmds.H" #include "../trustedbootUtils.H" @@ -1165,7 +1164,7 @@ errlHndl_t expandTpmLog(TpmTarget* i_target) int l_rc = msg_sendrecv(systemData.msgQ, l_msg->iv_msg); if(l_rc) { - /** + /*@ * @errortype ERRL_SEV_UNRECOVERABLE * @moduleid MOD_EXPAND_TPM_LOG * @reasoncode RC_SENDRECV_FAIL diff --git a/src/usr/secureboot/trusted/test/trustedbootTest.H b/src/usr/secureboot/trusted/test/trustedbootTest.H index cbf221e57..50564f12d 100755 --- a/src/usr/secureboot/trusted/test/trustedbootTest.H +++ b/src/usr/secureboot/trusted/test/trustedbootTest.H @@ -45,7 +45,6 @@ #include "../trustedboot.H" #include "../trustedbootCmds.H" #include "../tpmLogMgr.H" -#include <config.h> using namespace TRUSTEDBOOT; diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C index 6046a76df..d0ec76030 100644 --- a/src/usr/secureboot/trusted/trustedboot.C +++ b/src/usr/secureboot/trusted/trustedboot.C @@ -53,7 +53,6 @@ #ifdef CONFIG_BMC_IPMI #include <ipmi/ipmisensor.H> #endif -#include <config.h> #include <devicefw/driverif.H> #include <i2c/tpmddif.H> #include "trustedboot.H" diff --git a/src/usr/secureboot/trusted/trustedbootCmds.C b/src/usr/secureboot/trusted/trustedbootCmds.C index 604757b7a..fe2956929 100644 --- a/src/usr/secureboot/trusted/trustedbootCmds.C +++ b/src/usr/secureboot/trusted/trustedbootCmds.C @@ -37,7 +37,6 @@ // ---------------------------------------------- #include <string.h> #include <stdlib.h> -#include <config.h> #ifdef __HOSTBOOT_MODULE #include <secureboot/trustedboot_reasoncodes.H> |
