diff options
Diffstat (limited to 'src/usr/secureboot')
-rw-r--r-- | src/usr/secureboot/trusted/trustedbootCmds.C | 49 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/trustedbootUtils.C | 34 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/trustedbootUtils.H | 25 |
3 files changed, 68 insertions, 40 deletions
diff --git a/src/usr/secureboot/trusted/trustedbootCmds.C b/src/usr/secureboot/trusted/trustedbootCmds.C index 9a73a7052..db1dca51e 100644 --- a/src/usr/secureboot/trusted/trustedbootCmds.C +++ b/src/usr/secureboot/trusted/trustedbootCmds.C @@ -887,24 +887,39 @@ errlHndl_t tpmCmdGetCapNvIndexValidate(TpmTarget* io_target) /*@ * @errortype - * @reasoncode RC_TPM_NVINDEX_VALIDATE_FAIL - * @severity ERRL_SEV_UNRECOVERABLE - * @moduleid MOD_TPM_CMD_GETCAPNVINDEX - * @userdata1[0:3] foundRSAEKCert - * @userdata1[4:7] foundECCEKCert - * @userdata1[8:11] foundPlatCert - * @userdata1[12:31] 0 - * @userdata2[0:3] moreData - * @userdata2[4:31] 0 - * @devdesc Command failure reading TPM NV indexes. - * @custdesc Failure detected in security subsystem + * @reasoncode RC_TPM_NVINDEX_VALIDATE_FAIL + * @severity ERRL_SEV_UNRECOVERABLE + * @moduleid MOD_TPM_CMD_GETCAPNVINDEX + * @userdata1[0:7] foundRSAEKCert + * @userdata1[7:15] foundECCEKCert + * @userdata1[16:23] foundPlatCert + * @userdata1[24:31] moreData + * @userdata1[32:63] 0 + * @devdesc Command failure reading TPM NV indexes. + * TPM is likely provisioned incorrectly. + * @custdesc Failure detected in security subsystem. */ - err = tpmCreateErrorLog(MOD_TPM_CMD_GETCAPNVINDEX, - RC_TPM_NVINDEX_VALIDATE_FAIL, - (uint32_t)foundRSAEKCert << 28 | - (uint32_t)foundECCEKCert << 14 | - (uint32_t)foundPlatCert << 20, - (uint32_t)moreData << 28); + err = tpmCreateErrorLog( + MOD_TPM_CMD_GETCAPNVINDEX, + RC_TPM_NVINDEX_VALIDATE_FAIL, + TWO_UINT32_TO_UINT64( + FOUR_UINT8_TO_UINT32( + foundRSAEKCert,foundECCEKCert, + foundPlatCert,moreData), + 0), + 0, + ERRORLOG::ErrlEntry::NO_SW_CALLOUT); + + // Likely a TPM provisioning issue + err->addHwCallout(io_target, + HWAS::SRCI_PRIORITY_HIGH, + HWAS::NO_DECONFIG, + HWAS::GARD_NULL); + + // Small chance HB code failed to check the provisoning + // correctly + err->addProcedureCallout(HWAS::EPUB_PRC_HB_CODE, + HWAS::SRCI_PRIORITY_LOW); } TRACDCOMP( g_trac_trustedboot, diff --git a/src/usr/secureboot/trusted/trustedbootUtils.C b/src/usr/secureboot/trusted/trustedbootUtils.C index 62f1c8d74..1fbe394a2 100644 --- a/src/usr/secureboot/trusted/trustedbootUtils.C +++ b/src/usr/secureboot/trusted/trustedbootUtils.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015,2017 */ +/* Contributors Listed Below - COPYRIGHT 2015,2018 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -81,20 +81,26 @@ errlHndl_t tpmTransmit(TpmTarget * io_target, return err; } -errlHndl_t tpmCreateErrorLog(const uint8_t i_modId, - const uint16_t i_reasonCode, - const uint64_t i_user1, - const uint64_t i_user2) +errlHndl_t tpmCreateErrorLog( + const uint8_t i_modId, + const uint16_t i_reasonCode, + const uint64_t i_user1, + const uint64_t i_user2, + const bool i_addSwCallout) { - errlHndl_t err = new ERRORLOG::ErrlEntry( ERRORLOG::ERRL_SEV_UNRECOVERABLE, - i_modId, - i_reasonCode, - i_user1, - i_user2, - true /*Add HB SW Callout*/ ); - err->collectTrace( SECURE_COMP_NAME ); - err->collectTrace(TRBOOT_COMP_NAME); - return err; + errlHndl_t pError = + new ERRORLOG::ErrlEntry( + ERRORLOG::ERRL_SEV_UNRECOVERABLE, + i_modId, + i_reasonCode, + i_user1, + i_user2, + i_addSwCallout); + + pError->collectTrace(SECURE_COMP_NAME); + pError->collectTrace(TRBOOT_COMP_NAME); + + return pError; } } // end TRUSTEDBOOT diff --git a/src/usr/secureboot/trusted/trustedbootUtils.H b/src/usr/secureboot/trusted/trustedbootUtils.H index 887aaf70f..112556223 100644 --- a/src/usr/secureboot/trusted/trustedbootUtils.H +++ b/src/usr/secureboot/trusted/trustedbootUtils.H @@ -67,16 +67,23 @@ errlHndl_t tpmTransmit(TpmTarget * io_target, tpm_locality_t i_locality); /** - * @brief Create an error log entry for potential logging - * @param[in] i_modId Code Module ID - * @param[in] i_reasonCode Error Reason Code - * @param[in] i_user1 User data 1 - * @param[in] i_user2 User data 2 + * @brief Create an error log entry for potential logging + * + * @param[in] i_modId Code Module ID + * @param[in] i_reasonCode Error Reason Code + * @param[in] i_user1 User data 1 + * @param[in] i_user2 User data 2 + * @param[in] i_addSwCallout Whether to add a high priority Hostboot software + * callout to the error log or not (default: true) + * + * @return errlHndl_t Handle to newly created error log */ -errlHndl_t tpmCreateErrorLog(const uint8_t i_modId, - const uint16_t i_reasonCode, - const uint64_t i_user1, - const uint64_t i_user2); +errlHndl_t tpmCreateErrorLog( + uint8_t i_modId, + uint16_t i_reasonCode, + uint64_t i_user1, + uint64_t i_user2, + bool i_addSwCallout = ERRORLOG::ErrlEntry::ADD_SW_CALLOUT); /** * @brief Mark the TPM as non-functional and take required steps |