diff options
Diffstat (limited to 'src/usr/secureboot')
28 files changed, 978 insertions, 77 deletions
diff --git a/src/usr/secureboot/HBconfig b/src/usr/secureboot/HBconfig index af987887c..4f1a179b4 100644 --- a/src/usr/secureboot/HBconfig +++ b/src/usr/secureboot/HBconfig @@ -22,3 +22,17 @@ config TPM_NVIDX_VALIDATE depends on TPMDD help Validate TPM MFG NV Index Provisioning during IPL + +config PHYS_PRES_PWR_BUTTON + default n + depends on !PHYS_PRES_JUMPER + help + Support asserting Physical Presence via pushing the Power Button + on the system + +config PHYS_PRES_JUMPER + default n + depends on !PHYS_PRES_PRW_BUTTON + help + Support asserting Physical Presence via a jumper on the TPM Card + Currently not supported. diff --git a/src/usr/secureboot/README.md b/src/usr/secureboot/README.md new file mode 100644 index 000000000..979cada54 --- /dev/null +++ b/src/usr/secureboot/README.md @@ -0,0 +1,64 @@ +# Secureboot Services in Hostboot +Hostboot provides multiple services to help secure the system and + ensure that only 'trusted' code is running on it. The multiple sub-directories + implement the various interfaces defined in the + [src/include/usr/secureboot/](../../include/usr/secureboot/) directory. + +## Directories +* __base__ + * The modules here define the core secureboot support: **defining and + implementing interfaces to retrieve the security state of the system** + * The directory is called 'base' because its contents are included in the + Hostboot Base Image (HBB) partition + * See [base/README.md](base/README.md) for more details + +* __common__ + * The modules here provide common support like tracing, error callouts, + definitions of the secure "container" header, etc, that is used by the + secureboot modules in the peer directories + * See [common/README.md](common/README.md) for more details + +* __ext__ + * The modules here provide some additional secureboot capabilities that are + beyond the core secureboot functionality found in the "base" directory + * This directory is called 'ext' because its contents are included in the + Hostboot Extended Image (HBI) + * Any module here can call into the Hostboot Base Image (ie the 'base' code + in the HBB partition)), but Hostboot Base Image modules cannot call into + these extended image modules + * See [ext/README.md](ext/README.md) for more details + +* __node_comm__ + * The modules here implement a node-to-node communication protocol that is + used on multinode systems to share secureboot data between the nodes + * See [node_comm/README.md](node_comm/README.md) for more details + +* __runtime__ + * The modules here implement a small subset of secureboot code that is used by + Hostboot runtime services. + * See [runtime/README.md](runtime/README.md) for more details + +* __smf__ + * The modules here distribute different amounts of Secure SMF memory between + the available processors on the system based on a user-configurable petitboot + setting + * If we ever supported this on P9 FSP-based systems, the SMF memory amount + would be passed from the FSP to Hostboot using attributes. + * See [smf/README.md](smf/README.md) for more details + +* __trusted__ + * The modules here define the trusted boot support which uses TPMs (Trusted + Platform Modules) to track what code is running on the system + * See [trusted/README.md](trusted/README.md) for more details + +## Other Files +* __HBconfig__ + * Standard HBconfig file that defines secureboot- and trustedboot-related + Hostboot compile variables + +* __makefile__ + * Standard Hostboot makefile + +* __[README.md](./README.md)__ + * This file + diff --git a/src/usr/secureboot/base/README.md b/src/usr/secureboot/base/README.md new file mode 100644 index 000000000..e761c1f2f --- /dev/null +++ b/src/usr/secureboot/base/README.md @@ -0,0 +1,60 @@ +# **'base'** Secureboot Services in Hostboot +This directory implements the core of the secureboot-related functionality + that Hostboot provides. +It is available in the Hostboot Base Image (ie the HBB partition) and all + non-runtime Hostboot code can invoke functions provided by it. + +## Key Points +* The **libsecureboot_base.so** module created here is available in Hostboot's + base image and is used to securely bringup the rest of the Hostboot. +* It implements the functions in these header files: + * [service.H](../../../include/usr/secureboot/service.H) + * [settings.H](../../../include/usr/secureboot/settings.H) +* It is used to tell if security is enabled at the system or processor level +* It is used to determine the state of the secureboot jumper on the different + processors +* It provides the interface into the SecureRom to verify code packages run + on the system + +## Files + +* __header.C__ + * Implements functions related to loading and retrieving the + Hostboot Base header from Hostboot Base (HBB) PNOR partition + +* __makefile__ + * Standard Hostboot makefile + +* __purge.H__ + * Defines a special purge function + +* __[README.md](./README.md)__ + * This file + +* __securerommgr.C, securerommgr.H__ + * Defines and implements the SecureRomManager class and its member functions + * These functions call into the securerom and takes advantage of + its functionality + +* __service.C__ + * Retrieves the secureboot registers on the processors in the system + * These functions are then used to add information to errorlogs and traces + * Initliaizes the SecureRomManager class + * Function to handle special secureboot failures + * Retrieves some global secureboot settings taken from Hostboot's bootloader + * NOTE: Functions in this file call into functions in settings.C when + appropriate + +* __settings.C__ + * Gets and Sets the two primary Secureboot-related SCOM registers: + * ProcSecurity (aka Proc Security Switch) + * ProcCbsControl + * Also applies knowledge of key bits of these two registers, like returning + if a processor is set in 'secureboot enabled mode' and what the state of its + secureboot jumper is + + +## sub-directories +* __test__ + * Standard Hostboot test directory that implements CXX Unit Tests + diff --git a/src/usr/secureboot/base/securerommgr.C b/src/usr/secureboot/base/securerommgr.C index 17becb6b6..c9e6789cd 100644 --- a/src/usr/secureboot/base/securerommgr.C +++ b/src/usr/secureboot/base/securerommgr.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2013,2018 */ +/* Contributors Listed Below - COPYRIGHT 2013,2019 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -39,7 +39,6 @@ #include "securerommgr.H" #include <secureboot/settings.H> -#include <config.h> #include <console/consoleif.H> #include <secureboot/containerheader.H> #include "../common/errlud_secure.H" diff --git a/src/usr/secureboot/base/service.C b/src/usr/secureboot/base/service.C index 4f115c219..ad6ec691c 100644 --- a/src/usr/secureboot/base/service.C +++ b/src/usr/secureboot/base/service.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2013,2018 */ +/* Contributors Listed Below - COPYRIGHT 2013,2019 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -27,7 +27,6 @@ #include <sys/mm.h> #include <util/singleton.H> #include <secureboot/secure_reasoncodes.H> -#include <config.h> #include <devicefw/userif.H> #include <targeting/common/utilFilter.H> #include <targeting/common/targetservice.H> diff --git a/src/usr/secureboot/base/settings.C b/src/usr/secureboot/base/settings.C index 2ecf45b4a..ec873c47c 100644 --- a/src/usr/secureboot/base/settings.C +++ b/src/usr/secureboot/base/settings.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2013,2018 */ +/* Contributors Listed Below - COPYRIGHT 2013,2019 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -31,7 +31,6 @@ #include <targeting/common/target.H> #include <initservice/initserviceif.H> #include <secureboot/settings.H> -#include <config.h> #include <console/consoleif.H> #include <kernel/console.H> diff --git a/src/usr/secureboot/common/README.md b/src/usr/secureboot/common/README.md new file mode 100644 index 000000000..56ff15953 --- /dev/null +++ b/src/usr/secureboot/common/README.md @@ -0,0 +1,33 @@ +# **'common'** Secureboot Services in Hostboot +This directory implements utility functions for tracing and error logging + that other secureboot modules in the peer directories can use. +For example, the secureboot_base, secureboot_rt (runtime), secureboot_trusted, +secureboot_ext, and node_comm modules use these functions. + +## Files + +* __common.mk__ + * Makefile that other makefiles can call to include the generated .o files + +* __containerheader.C__ + * Implements the ContainerHeader class's member functions + * Functions are defined in + [containerheader.H](../../../include/usr/secureboot/containerheader.H) + +* __errlud_secure.C, errlud_secure.H__ + * These files define and implement custom error log user detail sections to + capture security information on the system + +* __[README.md](./README.md)__ + * This file + +* __securetrace.C, securetrace.H__ + * Defines and implements standard Hostboot trace descriptors for the + secureboot component + +## sub-directories +* __plugins__ + * Standard Hostboot 'plugins' directory where the errorlog parser finds the + information to properly parse the custom error log user detail sections + defined in errlud_secure.H + diff --git a/src/usr/secureboot/common/containerheader.C b/src/usr/secureboot/common/containerheader.C index 53baa5afc..28c2c551f 100644 --- a/src/usr/secureboot/common/containerheader.C +++ b/src/usr/secureboot/common/containerheader.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2016,2018 */ +/* Contributors Listed Below - COPYRIGHT 2016,2019 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -514,6 +514,7 @@ void ContainerHeader::parseFlags() & LAB_OVERRIDE_FLAG); iv_sbFlags.hw_key_transition =( iv_headerInfo.hw_prefix_hdr.flags & KEY_TRANSITION_FLAG); + iv_sbFlags.sw_hash = iv_headerInfo.sw_hdr.flags & HASH_PAGE_TABLE_FLAG; } #ifndef __HOSTBOOT_RUNTIME diff --git a/src/usr/secureboot/ext/README.md b/src/usr/secureboot/ext/README.md new file mode 100644 index 000000000..797905b0d --- /dev/null +++ b/src/usr/secureboot/ext/README.md @@ -0,0 +1,24 @@ +# **'ext'** Secureboot Services in Hostboot +This directory implements additional (or 'extended') secureboot functionality + that is not considered part of the 'base' secureboot support. + +## Files + +* __makefile__ + * Standard Hostboot makefile + +* __phys_presence.C__ + * Implements the 'physical presence'-related functions, which are used to + assert that a system owner is physically present at the site of a system. + * This is done by using GPIO devices on the system's power button to + capture that the button was physically pressed. + * Functions are defined in + [phys_presence_if.H](../../../include/usr/secureboot/phys_presence_if.H) + +* __[README.md](./README.md)__ + * This file + +* __service_ext.C__ + * Implements some additional (or 'extended') functionality as defined in + [service_ext.H](../../../include/usr/secureboot/service_ext.H) + diff --git a/src/usr/secureboot/ext/drtm.C b/src/usr/secureboot/ext/drtm.C index bec207b7d..c897f0749 100644 --- a/src/usr/secureboot/ext/drtm.C +++ b/src/usr/secureboot/ext/drtm.C @@ -24,7 +24,6 @@ /* IBM_PROLOG_END_TAG */ #include <stdint.h> -#include <config.h> #include <builtins.h> #include <limits.h> #include <string.h> diff --git a/src/usr/secureboot/ext/makefile b/src/usr/secureboot/ext/makefile index 9b5adeaf7..d573515c6 100644 --- a/src/usr/secureboot/ext/makefile +++ b/src/usr/secureboot/ext/makefile @@ -5,7 +5,7 @@ # # OpenPOWER HostBoot Project # -# Contributors Listed Below - COPYRIGHT 2013,2018 +# Contributors Listed Below - COPYRIGHT 2013,2019 # [+] International Business Machines Corp. # # @@ -30,6 +30,7 @@ PERV_HWP_PATH = $(ROOTPATH)/src/import/chips/p9/procedures/hwp/perv OBJS += $(if $(CONFIG_DRTM),drtm.o) OBJS += $(if $(CONFIG_SECUREBOOT), service_ext.o) +OBJS += $(if $(CONFIG_PHYS_PRES_PWR_BUTTON), phys_presence.o) VPATH += $(PERV_HWP_PATH) diff --git a/src/usr/secureboot/ext/phys_presence.C b/src/usr/secureboot/ext/phys_presence.C new file mode 100644 index 000000000..a9e0231bf --- /dev/null +++ b/src/usr/secureboot/ext/phys_presence.C @@ -0,0 +1,479 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/usr/secureboot/ext/phys_presence.C $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2019 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ +/** + * @file phys_presence.C + * + * @brief Implements Interfaces to Detect and Open Physical Presence Windows + * + */ + +#include <config.h> +#include <targeting/common/util.H> +#include <targeting/common/target.H> +#include <errl/errlentry.H> +#include <errl/errlmanager.H> +#include <errl/errludtarget.H> +#include <devicefw/driverif.H> +#include <console/consoleif.H> +#include <util/misc.H> +#include <initservice/initserviceif.H> +#include <initservice/istepdispatcherif.H> +#include <secureboot/secure_reasoncodes.H> +#include <secureboot/phys_presence_if.H> +#include "../common/securetrace.H" +#include <gpio/gpioif.H> + +using namespace TARGETING; +using namespace GPIO; + +namespace SECUREBOOT +{ + +errlHndl_t detectPhysPresence(void) +{ + errlHndl_t err = nullptr; + + SB_ENTER("detectPhysPresence"); + + // Not supported in simics + if (Util::isSimicsRunning()) + { + SB_ERR("detectPhysPresence: Skipping as not supported in simics"); + + // Normally don't have multiple return statements, but + // this solves having 2 do-while loops + return err; + } + + // Declare local variables here as there might be an operation + // after the do-while() loop + Target * mproc = nullptr; + uint8_t led_data = 0; + ATTR_GPIO_INFO_PHYS_PRES_type gpioInfo = {}; + uint8_t led_window_open = 0; + uint8_t led_phys_pres_asserted = 0; + bool is_window_open = false; + bool is_phys_pres_asserted = false; + + // Get the attributes associated with Physical Presence + TargetService& tS = targetService(); + Target* sys = nullptr; + (void) tS.getTopLevelTarget( sys ); + assert(sys, "detectPhysPresence: system target is nullptr"); + + do + { + uint8_t attr_open_window = + sys->getAttr<ATTR_PHYS_PRES_REQUEST_OPEN_WINDOW>(); + + uint8_t attr_fake_assert = sys->getAttr<ATTR_PHYS_PRES_FAKE_ASSERT>(); + // NOTE: Using attributes to request opening the physical presence window + // and/or fake the assertion of physical presence is only for testing + // purposes. Both attributes will default to 'no' and cannot be changed + // when security is enabled in a production driver since attribute + // overrides are not allowed in that scenario. + SB_INF("detectPhysPresence: attr_open_window=%d (0x%X), " + "attr_fake_assert=%d (0x%X)", + attr_open_window, attr_open_window, + attr_fake_assert, attr_fake_assert); + + // The PCA9551 device that controls the "window open" and + // "physical presence asserted" logic is connected to the master processor + err = targetService().queryMasterProcChipTargetHandle(mproc); + if(err) + { + SB_ERR("detectPhysPresence: call to queryMasterProcChipTargetHandle " + "failed. err_plid=0x%X, err_rc=0x%X", + ERRL_GETPLID_SAFE(err), + ERRL_GETRC_SAFE(err)); + + err->collectTrace(SECURE_COMP_NAME); + break; + } + + // Get the attribute with the needed GPIO information + if (mproc->tryGetAttr<ATTR_GPIO_INFO_PHYS_PRES>(gpioInfo)) + { + SB_INF("detectPhysPresence: gpioInfo: e%d/p%d/devAddr=0x%X, " + "windowOpenPin=%d, physPresPin=%d", + gpioInfo.engine, gpioInfo.port, gpioInfo.devAddr, + gpioInfo.windowOpenPin, gpioInfo.physicalPresencePin); + } + else + { + SB_ERR("detectPhysPresence: couldn't find GPIO_INFO_PHYS_PRES " + "on mproc 0x%.08X", get_huid(mproc)); + + /*@ + * @errortype + * @reasoncode RC_PHYS_PRES_ATTR_NOT_FOUND + * @severity ERRORLOG::ERRL_SEV_UNRECOVERABLE + * @moduleid MOD_PHYS_PRES_DETECT + * @userdata1 HUID of Master Processor Target + * @userdata2 ATTR_GPIO_INFO_PHYS_PRES hash value + * @devdesc Master processor target did not have + * ATTR_GPIO_INFO_PHYS_PRES associated with it + * @custdesc A problem occurred during the IPL + * of the system. + */ + err = new ERRORLOG::ErrlEntry(ERRORLOG::ERRL_SEV_UNRECOVERABLE, + MOD_PHYS_PRES_DETECT, + RC_PHYS_PRES_ATTR_NOT_FOUND, + get_huid(mproc), + ATTR_GPIO_INFO_PHYS_PRES, + ERRORLOG::ErrlEntry::ADD_SW_CALLOUT); + + err->collectTrace( SECURE_COMP_NAME ); + break; + } + + // Get "window open" and "physical presence asserted" LEDs/Pins + led_window_open = PCA9551_LED0 << gpioInfo.windowOpenPin; + led_phys_pres_asserted = PCA9551_LED0 << gpioInfo.physicalPresencePin; + + // Read PCA9551 INPUT Register to get LED Values + led_data = 0; + err = gpioPca9551GetLeds(mproc, led_data); + if(err) + { + SB_ERR("detectPhysPresence: Reading LEDs failed"); + break; + } + + // Look for "window open" and "physical presence asserted" + // LEDs/PINs represent "WINDOW_OPEN_N" and "PHYS_PRESENCE_N" so need + // to invert their values to get their true meaning + is_window_open = ! (led_window_open & led_data); + + // Only care if its asserted if the window is open + // (technically it's not supposed to be asserted unless the window is open) + is_phys_pres_asserted = is_window_open && + (! (led_phys_pres_asserted & led_data)); + + + // Look for special case to fake assertion + if ((is_window_open == true ) && + (is_phys_pres_asserted == false) && + (attr_fake_assert != 0 )) + { + is_phys_pres_asserted = true; + SB_INF("detectPhysPresence: FAKING Physical Assertion: " + "is_WO=%d, is_PPA=%d, attr_FA=0x%X", + is_window_open, is_phys_pres_asserted, + attr_fake_assert); + + // Write the attribute so faking the assert only happens once + sys->setAttr<ATTR_PHYS_PRES_FAKE_ASSERT>(0x00); + } + + SB_INF("detectPhysPresence: LEDs=0x%.2X, led_WO=0x%X, led_PPA=0x%X, " + "attrWO=0x%X, attr_FA=0x%X, is_WO=%d, is_PPA=%d", + led_data, led_window_open, led_phys_pres_asserted, + attr_open_window, attr_fake_assert, + is_window_open, is_phys_pres_asserted); + + } while(0); + + // Regardless of any previous error, attempt to close the window here + // if it was already opened + if (is_window_open == true) + { + errlHndl_t err_close = nullptr; + err_close = gpioPca9551SetLed(mproc, + static_cast<GPIO::PCA9551_LEDS_t> + (led_window_open), + PCA9551_OUTPUT_HIGH_IMPEDANCE, + led_data); + + if (err_close == nullptr) + { + // Verify that window was closed + // LEDs/PIN represents "WINDOW_OPEN_N" so looking for a "1" in + // that position + if (!(led_data & led_window_open)) + { + SB_ERR("detectPhysPresence: Closed Window LEDs = 0x%.2X " + "indicated that LED %d is showing window is still open", + led_data, led_window_open); + + /*@ + * @errortype + * @reasoncode RC_PHYS_PRES_WINDOW_NOT_CLOSED + * @severity ERRORLOG::ERRL_SEV_UNRECOVERABLE + * @moduleid MOD_PHYS_PRES_DETECT + * @userdata1 HUID of Master Processor Target + * @userdata2[0:31] LED Data from PCA9551 + * @userdata[32:63] LED Windoow Open LED (aka PIN) + * @devdesc Attempt to close physical presence window + * did not close the window + * @custdesc A problem occurred during the IPL + * of the system. + */ + err_close = new ERRORLOG::ErrlEntry( + ERRORLOG::ERRL_SEV_UNRECOVERABLE, + MOD_PHYS_PRES_DETECT, + RC_PHYS_PRES_WINDOW_NOT_CLOSED, + get_huid(mproc), + TWO_UINT32_TO_UINT64( + led_data, + led_window_open), + ERRORLOG::ErrlEntry::ADD_SW_CALLOUT); + } + else + { + SB_INF("detectPhysPresence: Closed Window LEDs = 0x%.2X", + led_data); + } + + } + + if (err_close) + { + if (err) + { + // commit new erro with PLID or original err + err_close->plid(err->plid()); + SB_ERR("detectPhysPresence: Error in closing window. " + "Committing err_close eid=0x%X " + "with plid of original err: 0x%X", + err_close->eid(), err_close->plid()); + + err_close->collectTrace( SECURE_COMP_NAME ); + errlCommit(err_close, SECURE_COMP_ID); + } + else + { + SB_ERR("detectPhysPresence: Error in closing window. " + "err_close eid=0x%X plid=0x%X", + err_close->eid(), err_close->plid()); + err_close->collectTrace( SECURE_COMP_NAME ); + err = err_close; + err_close = nullptr; + } + } + } // end of 'must close window' + + if (err == nullptr) + { + // If no error, including in closing the window, then write attribute + // for Physical Presence Assertion + sys->setAttr<ATTR_PHYS_PRES_ASSERTED>(is_phys_pres_asserted); + } + + SB_EXIT("detectPhysPresence: err rc=0x%X", + ERRL_GETRC_SAFE(err)); + + return err; +} + +errlHndl_t handlePhysPresenceWindow(void) +{ + errlHndl_t err = nullptr; + + SB_ENTER("handlePhysPresenceWindow"); + + // Declare local variables here as there might be an operation + // after the do-while() loop + Target * mproc = nullptr; + uint8_t led_data = 0; + ATTR_GPIO_INFO_PHYS_PRES_type gpioInfo = {}; + uint8_t led_window_open = 0; + bool is_window_open = false; + + do + { + + // Not supported in simics + if (Util::isSimicsRunning()) + { + SB_INF("handlePhysPresenceWindow: Skipping as not supported in simics"); + break; + } + + // Get the attributes associated with Physical Presence + TargetService& tS = targetService(); + Target* sys = nullptr; + (void) tS.getTopLevelTarget( sys ); + assert(sys, "handlePhysPresenceWindow: system target is nullptr"); + + // NOTE: Using attributes to request opening the physical presence window + // and/or fake the assertion of physical presence is only for testing + // purposes. Both attributes will default to 'no' and cannot be changed + // when security is enabled in a production driver since attribute + // overrides are not allowed in that scenario. + uint8_t attr_open_window = + sys->getAttr<ATTR_PHYS_PRES_REQUEST_OPEN_WINDOW>(); + uint8_t attr_phys_pres_asserted = sys->getAttr<ATTR_PHYS_PRES_ASSERTED>(); + + if (attr_open_window == 0) + { + SB_INF("handlePhysPresenceWindow: attr_open_window=0x%.2X: " + "no need to open window (attr_phys_pres_asserted=0x%.2X)", + attr_open_window, attr_phys_pres_asserted); + break; + } + // This solves the issue of using attribute overrides to open the window, + // as they don't always get cleared on re-IPLs and attr_open_window might + // still != 0 + else if (attr_phys_pres_asserted != 0) + { + SB_INF("handlePhysPresenceWindow: attr_open_window=0x%.2X, but " + "attr_phys_pres_asserted=0x%.2X, so no need to open window. " + "Clearing open window request", + attr_open_window, attr_phys_pres_asserted); + + // Close request to open the window + sys->setAttr<ATTR_PHYS_PRES_REQUEST_OPEN_WINDOW>(0x00); + break; + } + else + { + SB_INF("handlePhysPresenceWindow: attr_open_window=0x%.2X, " + "attr_phys_pres_asserted=0x%.2X: " + "Will Open Window To Detect Physical Presence", + attr_open_window, attr_phys_pres_asserted); + } + + // The PCA9551 device that controls the "window open" and + // "physical presence asserted" logic is connected to the master processor + err = targetService().queryMasterProcChipTargetHandle(mproc); + if(err) + { + SB_ERR("handlePhysPresenceWindow: call to queryMasterProcChipTargetHandle " + "failed. err_plid=0x%X, err_rc=0x%X", + ERRL_GETPLID_SAFE(err), + ERRL_GETRC_SAFE(err)); + + err->collectTrace(SECURE_COMP_NAME); + break; + } + + // Get "window open" LED/Pin + led_window_open = PCA9551_LED0 << gpioInfo.windowOpenPin; + + + // Open The Window + led_data=0; // For INPUT register read-back + err = gpioPca9551SetLed(mproc, + static_cast<GPIO::PCA9551_LEDS_t> + (led_window_open), + PCA9551_OUTPUT_LOW, + led_data); + + // Verify that the "window open" LED is set + // LEDs/PINs represent "WINDOW_OPEN_N" and "PHYS_PRESENCE_N" so need + // to invert their values to get their true meaning + is_window_open = ! (led_window_open & led_data); + if (is_window_open == true) + { + SB_INF("handlePhysPresenceWindow: Window is Opened: " + "led_window_open=0x%X, led_data=0x%.2X", + led_window_open, led_data); + } + else + { + SB_ERR("handlePhysPresenceWindow: ERROR: Window is NOT Opened: " + "led_window_open=0x%X, led_data=0x%.2X", + led_window_open, led_data); + + /*@ + * @errortype + * @reasoncode RC_PHYS_PRES_WINDOW_NOT_OPENED + * @severity ERRORLOG::ERRL_SEV_UNRECOVERABLE + * @moduleid MOD_PHYS_PRES_OPEN_WINDOW + * @userdata1 HUID of Master Processor Target + * @userdata2[0:31] LED Data from PCA9551 + * @userdata2[32:63] LED Windoow Open LED (aka PIN) + * @devdesc Attempt to open physical presence window + * did not close the window + * @custdesc A problem occurred during the IPL + * of the system. + */ + err = new ERRORLOG::ErrlEntry( + ERRORLOG::ERRL_SEV_UNRECOVERABLE, + MOD_PHYS_PRES_OPEN_WINDOW, + RC_PHYS_PRES_WINDOW_NOT_OPENED, + get_huid(mproc), + TWO_UINT32_TO_UINT64( + led_data, + led_window_open), + ERRORLOG::ErrlEntry::ADD_SW_CALLOUT); + + err->collectTrace( SECURE_COMP_NAME ); + break; + } + + // Close request to open the window and sync attributes + sys->setAttr<ATTR_PHYS_PRES_REQUEST_OPEN_WINDOW>(0x00); + + if(INITSERVICE::spBaseServicesEnabled()) + { + // Sync all attributes to FSP before powering off + err = TARGETING::AttrRP::syncAllAttributesToFsp(); + if( err ) + { + // Failed to sync all attributes to FSP; this is not + // necessarily fatal. The power off will continue, + // but this issue will be logged. + SB_ERR("handlePhysPresenceWindow: Error syncing " + "attributes to FSP, RC=0x%04X, PLID=0x%08X", + ERRL_GETRC_SAFE(err), + ERRL_GETPLID_SAFE(err)); + errlCommit(err,SECURE_COMP_ID ); + } + } + + // Alert the users that the system will power off +#ifdef CONFIG_CONSOLE + CONSOLE::displayf(SECURE_COMP_NAME, "Opened Physical Presence Detection Window\n"); + CONSOLE::displayf(SECURE_COMP_NAME, "System Will Power Off and Wait For Manual Power On\n"); + CONSOLE::flush(); +#endif + + // Power Off the System +#ifdef CONFIG_BMC_IPMI + // Initiate a graceful power off + SB_INF("handlePhysPresenceWindow: Opened Physical Presence Detection Window. " + "System Will Power Off and Wait For Manual Power On. " + "Requesting power off"); + INITSERVICE::requestPowerOff(); +#else //non-IPMI + SB_INF("handlePhysPresenceWindow: Opened Physical Presence Detection Window. " + "Calling INITSERVICE::doShutdown() with " + "RC_PHYS_PRES_WINDOW_OPENED_SHUTDOWN = 0x%08X", + RC_PHYS_PRES_WINDOW_OPENED_SHUTDOWN); + INITSERVICE::doShutdown(RC_PHYS_PRES_WINDOW_OPENED_SHUTDOWN); +#endif + + + } while (0); + + SB_EXIT("handlePhysPresenceWindow: err_rc=0x%X", + ERRL_GETRC_SAFE(err)); + + return err; +} + +} // namespace SECUREBOOT diff --git a/src/usr/secureboot/ext/service_ext.C b/src/usr/secureboot/ext/service_ext.C index 1f8595a71..b9050af43 100644 --- a/src/usr/secureboot/ext/service_ext.C +++ b/src/usr/secureboot/ext/service_ext.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2018 */ +/* Contributors Listed Below - COPYRIGHT 2018,2019 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -36,7 +36,6 @@ #include <fapi2/plat_hwp_invoker.H> #include <p9_update_security_ctrl.H> -#include <config.h> namespace SECUREBOOT { @@ -69,7 +68,7 @@ void lockAbusSecMailboxes() ERRORLOG::ErrlUserDetailsTarget(*l_pProc).addToLog(l_errl); ERRORLOG::errlCommit(l_errl, SECURE_COMP_ID); - /* + /*@ * @errortype * @reasoncode RC_LOCK_MAILBOXES_FAILED * @moduleid MOD_LOCK_ABUS_SEC_MAILBOXES diff --git a/src/usr/secureboot/node_comm/README.md b/src/usr/secureboot/node_comm/README.md new file mode 100644 index 000000000..0def94860 --- /dev/null +++ b/src/usr/secureboot/node_comm/README.md @@ -0,0 +1,97 @@ +# **'node\_comm'** Secureboot Services in Hostboot +This directory implements the Hostboot functions necessary to create a + secure channel between nodes using a series of a-bus mailbox registers + enabled after a-bus training but before the iovalid drop. +This secure channel is used in a multi-node evironment for nodes to exchange + cryptographic material that can later be used for internode authentication + higher up the firmware stack. + +## Key Points +* This code implements device driver-like functionality to send messages + across the a-bus connection from one node to another + * This functionality is based on a-bus mailbox registers which are used to + detect incoming messages, retrieve data, and send data messages to/from + specific nodes +* This code establishes a master node which then starts the process of exchanging + information with each of the other slave nodes +* The files are built into libnode_comm.so +* This module implements the interfaces defined in + [nodecommif.H](../../../include/usr/secureboot/nodecommif.H) +* NOTE: The P9 code references "OBUS" a lot which is the specific processor + chiplet that the a-bus messaging system runs through. + +## Algorithm +* First, each node does the following: + * Determine the nodes in the system + * Determine the master processor of this node + * Determine the a-bus connection to its master processor peers on the + other nodes + +* ***The Master Processor on Master Node*** does the following + (see node_comm_exchange.C's nodeCommAbusExchangeMaster()): + * **Loop 1:** Exchange SBID/nonces between Master and each of the Slave Nodes + * Generate SBID/nonce and send to slave node + * Look for return SBID/nonce from the slave + * **Loop 2:** Master Node requests quotes from each Slave Node + * Generate and send Quote Request to a slave + * Look for Quote Response from the slave node + * Process the Quote Response that was returned from the slave node + * NOTE: + * Nonces are encoded 64-bytes of data: part random number, part node ID + * Quotes are a form of attestation between two TPMs on the system. See + TrustedComputingGroup.org's Trusted Platform Module Library Specification, + Family "2.0" for more details. + +* ***The Master Processor on each Slave Node*** does the following + (see node_comm_exchange.C's nodeCommAbusExchangeSlave()): + + * Wait for SBID/nonce from the master node + * Send a SBID/nonce back to the master node + * Wait for Quote Request from master node + * Generate the Quote Response + * Send the Quote Response to the master node + + +* NOTE: Generating the SBID/Nonces, Quote Requests, and Quote Responses above + all require interacting with the TPMs on the different nodes in specific + ways + * The devil is truly in the details, and the details can be found in the + supporting functions of node_comm_exchange.C +* NOTE: In the event that one node fails in this process there will be an + attempt to poison the TPMs on that node and move on in most cases. This is + to prevent an entire system from failing to boot with one bad node. + +## Files + +* __makefile__ + * Standard Hostboot makefile + +* __node_comm.C, node_comm.H__ + * The majority of the sub-functions used to implement the algorithm are + defined and implemented here, including the a-bus mapping details between + the nodes + +* __node_comm_dd.C, node_comm_dd.H__ + * Defines and implements the "NODECOMM" device driver that interacts directly + with the a-bus mailbox registers + +* __node_comm_exchange.C__ + * The core of this module - the primary function nodeCommAbusExchange() + is implemented here and shows the high-level data flow between the nodes + * The procedure for the master node is defined in nodeCommAbusExchangeMaster() + * The procedure for the slave nodes is defiend in nodeCommAbusExchangeSlave() + * The interactions with the TPM - generating and logging SBID/Nonces, Quote + Requests, Quote Responses - are all in this file + +* __node_comm_test.C__ + * Implements the proof-of-concept "nodeCommXbus2ProcTest" test to transfer + data across the x-bus between processors using a similar method to the a-bus + mechanism + +* __node_comm_transfer.C, node_comm_transfer.H__ + * Defines and implements the different types of messages that can be sent + between the nodes, including the actual send and receive functions + +* __[README.md](./README.md)__ + * This file + diff --git a/src/usr/secureboot/node_comm/node_comm.H b/src/usr/secureboot/node_comm/node_comm.H index e44893683..227d53ac2 100644 --- a/src/usr/secureboot/node_comm/node_comm.H +++ b/src/usr/secureboot/node_comm/node_comm.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2018 */ +/* Contributors Listed Below - COPYRIGHT 2018,2020 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -28,11 +28,10 @@ // ---------------------------------------------- // Includes // ---------------------------------------------- -#include <config.h> #include <time.h> #include <devicefw/userif.H> #include <trace/interface.H> -#include <scom/centaurScomCache.H> // for TRACE_ERR_FMT, TRACE_ERR_ARGS +#include <errl/errlentry.H> // for TRACE_ERR_FMT, TRACE_ERR_ARGS #include <secureboot/nodecommif.H> #include "../trusted/trustedboot.H" #include <secureboot/trustedbootif.H> diff --git a/src/usr/secureboot/node_comm/node_comm_dd.H b/src/usr/secureboot/node_comm/node_comm_dd.H index 212ab24df..f8b057bcd 100644 --- a/src/usr/secureboot/node_comm/node_comm_dd.H +++ b/src/usr/secureboot/node_comm/node_comm_dd.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2018 */ +/* Contributors Listed Below - COPYRIGHT 2018,2019 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -28,7 +28,6 @@ // ---------------------------------------------- // Includes // ---------------------------------------------- -#include <config.h> #include <devicefw/userif.H> #include <secureboot/nodecommif.H> diff --git a/src/usr/secureboot/node_comm/node_comm_exchange.C b/src/usr/secureboot/node_comm/node_comm_exchange.C index ff8ff8a31..ccbd973d3 100644 --- a/src/usr/secureboot/node_comm/node_comm_exchange.C +++ b/src/usr/secureboot/node_comm/node_comm_exchange.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2018 */ +/* Contributors Listed Below - COPYRIGHT 2018,2019 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -51,7 +51,6 @@ #include <targeting/targplatutil.H> #include <sys/internode.h> #include <util/misc.H> -#include <config.h> #include "node_comm.H" #include "node_comm_transfer.H" @@ -133,6 +132,7 @@ errlHndl_t nodeCommAbusGetRandom(uint64_t & o_nonce) { errlHndl_t err = nullptr; o_nonce = NODE_COMM_DEFAULT_NONCE; +#ifdef CONFIG_TPMDD Target* tpm_tgt = nullptr; TRACUCOMP(g_trac_nc,ENTER_MRK"nodeCommAbusGetRandom:"); @@ -144,9 +144,7 @@ errlHndl_t nodeCommAbusGetRandom(uint64_t & o_nonce) // This function call requires the CONFIG check for compilation purposes, // but no extra error handling is needed as it should not have gotten this // far if CONFIG_TPMDD wasn't set -#ifdef CONFIG_TPMDD TRUSTEDBOOT::getPrimaryTpm(tpm_tgt); -#endif HwasState hwasState{}; if(tpm_tgt) { @@ -192,11 +190,9 @@ errlHndl_t nodeCommAbusGetRandom(uint64_t & o_nonce) // This function call requires the CONFIG check for compilation purposes, // but no extra error handling is needed as it should not have gotten this // far if CONFIG_TPMDD wasn't set -#ifdef CONFIG_TPMDD err = TRUSTEDBOOT::GetRandom(tpm_tgt, sizeof(o_nonce), reinterpret_cast<uint8_t*>(&o_nonce)); -#endif if (err) { // Reset just to make sure above call didn't change it @@ -208,18 +204,30 @@ errlHndl_t nodeCommAbusGetRandom(uint64_t & o_nonce) get_huid(tpm_tgt), TRACE_ERR_ARGS(err), o_nonce); - // err commited outside of do-while loop below - // break to be safe in case code gets added later break; } } while( 0 ); - if (err) + if(err) { - err->collectTrace(TRBOOT_COMP_NAME); - err->collectTrace(NODECOMM_TRACE_NAME); + if(!TRUSTEDBOOT::isTpmRequired()) + { + TRACFCOMP(g_trac_nc,ERR_MRK"nodeCommAbusGetRandom: Error occurred; " + "RC: 0x%.04X; PLID: 0x%.08X. TPM Required policy is off; " + "deleting the error and trying to continue.", + err->reasonCode(), + err->plid()); + // TPM is not required - do not return the error + delete err; + err = nullptr; + } + else + { + err->collectTrace(TRBOOT_COMP_NAME); + err->collectTrace(NODECOMM_TRACE_NAME); + } } TRACFCOMP(g_trac_nc,EXIT_MRK"nodeCommAbusGetRandom: " @@ -228,6 +236,7 @@ errlHndl_t nodeCommAbusGetRandom(uint64_t & o_nonce) o_nonce, get_huid(tpm_tgt), TRACE_ERR_ARGS(err)); +#endif return err; } // end of nodeCommAbusGetRandom @@ -618,17 +627,19 @@ errlHndl_t nodeCommGenSlaveQuoteResponse(const MasterQuoteRequestBlob* const i_r { l_poisonTpmErr->plid(l_errl->plid()); } - errlCommit(l_poisonTpmErr, SECURE_COMP_ID); - } - } - - if(l_errl) - { - if(!l_tpmRequired) - { - // TPM is not required, so no need to propagate the error up and - // fail the boot. - errlCommit(l_errl, SECURE_COMP_ID); + if(l_tpmRequired) + { + errlCommit(l_poisonTpmErr, SECURE_COMP_ID); + } + else + { + TRACFCOMP(g_trac_nc,ERR_MRK"nodeCommGenSlaveQuoteResponse: " + "Could not poison TPMs. Errl PLID: 0x%.08X " + "Deleting the error log and continuing anyway.", + l_poisonTpmErr->plid()); + delete l_poisonTpmErr; + l_poisonTpmErr = nullptr; + } } } @@ -721,14 +732,19 @@ errlHndl_t nodeCommGenMasterQuoteRequest(MasterQuoteRequestBlob* const o_request { l_poisonTpmErr->plid(l_errl->plid()); } - errlCommit(l_poisonTpmErr, SECURE_COMP_ID); - } - - if(!l_tpmRequired) - { - // TPM is not required, so no need to propagate the error up and - // fail the boot. - errlCommit(l_errl, SECURE_COMP_ID); + if(l_tpmRequired) + { + errlCommit(l_poisonTpmErr, SECURE_COMP_ID); + } + else + { + TRACFCOMP(g_trac_nc,ERR_MRK"nodeCommGenMasterQuoteRequest: " + "Could not poison TPMs. Errl PLID: 0x%.08X. " + "Deleting the error log and continuing anyway.", + l_poisonTpmErr->plid()); + delete l_poisonTpmErr; + l_poisonTpmErr = nullptr; + } } } @@ -814,13 +830,19 @@ errlHndl_t nodeCommProcessSlaveQuote(uint8_t* const i_slaveQuote, { l_poisonTpmErr->plid(l_errl->plid()); } - errlCommit(l_poisonTpmErr, SECURE_COMP_ID); - } - - if(!TRUSTEDBOOT::isTpmRequired()) - { - // TPM is not required - do not propagate the error - errlCommit(l_errl, SECURE_COMP_ID); + if(TRUSTEDBOOT::isTpmRequired()) + { + errlCommit(l_poisonTpmErr, SECURE_COMP_ID); + } + else + { + TRACFCOMP(g_trac_nc, ERR_MRK"nodeCommProcessSlaveQuote: " + "Could not poison TPMs. Errl PLID: 0x%.08X. " + "Deleting the error log and continuing.", + l_poisonTpmErr->plid()); + delete l_poisonTpmErr; + l_poisonTpmErr = nullptr; + } } } @@ -1738,9 +1760,24 @@ errlHndl_t nodeCommAbusExchange(void) if (err) { - err->collectTrace(SECURE_COMP_NAME); - err->collectTrace(NODECOMM_TRACE_NAME); - err->collectTrace(TRBOOT_COMP_NAME); + if(!TRUSTEDBOOT::isTpmRequired()) + { + TRACFCOMP(g_trac_nc,EXIT_MRK"nodeCommAbusExchange:An error occurred" + " during secure node communication, but the TPM required " + "policy is not set, so the error will not be propagated." + " Original error RC: 0x%.04X; PLID: 0x%.08X." + " Deleting the error log and continuing.", + err->reasonCode(), + err->plid()); + delete err; + err = nullptr; + } + else + { + err->collectTrace(SECURE_COMP_NAME); + err->collectTrace(NODECOMM_TRACE_NAME); + err->collectTrace(TRBOOT_COMP_NAME); + } } if (l_phys_path_str != nullptr) diff --git a/src/usr/secureboot/node_comm/node_comm_transfer.C b/src/usr/secureboot/node_comm/node_comm_transfer.C index b7afb02ef..4b82688f0 100644 --- a/src/usr/secureboot/node_comm/node_comm_transfer.C +++ b/src/usr/secureboot/node_comm/node_comm_transfer.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2019 */ +/* Contributors Listed Below - COPYRIGHT 2019,2020 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -26,11 +26,10 @@ // ---------------------------------------------- // Includes // ---------------------------------------------- -#include <config.h> #include <time.h> #include <devicefw/userif.H> #include <trace/interface.H> -#include <scom/centaurScomCache.H> // for TRACE_ERR_FMT, TRACE_ERR_ARGS +#include <errl/errlentry.H> // for TRACE_ERR_FMT, TRACE_ERR_ARGS #include <targeting/targplatutil.H> #include <secureboot/nodecommif.H> #include <secureboot/secure_reasoncodes.H> diff --git a/src/usr/secureboot/node_comm/node_comm_transfer.H b/src/usr/secureboot/node_comm/node_comm_transfer.H index 201661447..93f45a512 100644 --- a/src/usr/secureboot/node_comm/node_comm_transfer.H +++ b/src/usr/secureboot/node_comm/node_comm_transfer.H @@ -28,7 +28,6 @@ // ---------------------------------------------- // Includes // ---------------------------------------------- -#include <config.h> #include "node_comm.H" #include <map> diff --git a/src/usr/secureboot/runtime/README.md b/src/usr/secureboot/runtime/README.md new file mode 100644 index 000000000..552ca9b6f --- /dev/null +++ b/src/usr/secureboot/runtime/README.md @@ -0,0 +1,21 @@ +# **'runtime'** Secureboot Services in Hostboot +This directory implements a small, select subset of core secureboot-related + functionality that Hostboot provides at runtime, ie as part of + Hostboot runtime services. + +## Files + +* __makefile__ + * Standard Hostboot makefile + +* __[README.md](./README.md)__ + * This file + +* __rt_secureboot.C__ + * This file implements several secureboot functions for hostboot runtime + services + +## sub-directories +* __test__ + * Standard Hostboot test directory that implements CXX Unit Tests + diff --git a/src/usr/secureboot/runtime/rt_secureboot.C b/src/usr/secureboot/runtime/rt_secureboot.C index 7c297be9e..c1608fa73 100644 --- a/src/usr/secureboot/runtime/rt_secureboot.C +++ b/src/usr/secureboot/runtime/rt_secureboot.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2016,2018 */ +/* Contributors Listed Below - COPYRIGHT 2016,2019 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -29,14 +29,13 @@ */ #include <runtime/interface.h> -#include <config.h> #include "common/securetrace.H" #include <secureboot/service.H> #include <secureboot/secure_reasoncodes.H> #include <errl/errlmanager.H> -#include <runtime/rt_targeting.H> +#include <targeting/runtime/rt_targeting.H> #include <targeting/common/commontargeting.H> #include <targeting/common/targetservice.H> #include <devicefw/userif.H> diff --git a/src/usr/secureboot/runtime/test/testsecureboot_rt.H b/src/usr/secureboot/runtime/test/testsecureboot_rt.H index 380b9eb0c..5a690d3fa 100644 --- a/src/usr/secureboot/runtime/test/testsecureboot_rt.H +++ b/src/usr/secureboot/runtime/test/testsecureboot_rt.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2016,2017 */ +/* Contributors Listed Below - COPYRIGHT 2016,2019 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -33,9 +33,8 @@ #include <cxxtest/TestSuite.H> #include <runtime/interface.h> -#include <config.h> -#include <runtime/rt_targeting.H> +#include <targeting/runtime/rt_targeting.H> #include <errl/errlmanager.H> #include <devicefw/userif.H> diff --git a/src/usr/secureboot/smf/test/testsmf.H b/src/usr/secureboot/smf/test/testsmf.H index 81a50a6e0..fb3993724 100644 --- a/src/usr/secureboot/smf/test/testsmf.H +++ b/src/usr/secureboot/smf/test/testsmf.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2018 */ +/* Contributors Listed Below - COPYRIGHT 2018,2019 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -29,6 +29,7 @@ #include <errl/errlmanager.H> #include <targeting/common/target.H> #include <targeting/common/targetservice.H> +#include <targeting/common/utilFilter.H> #include <hbotcompid.H> #include <secureboot/smf.H> #include <secureboot/secure_reasoncodes.H> @@ -346,9 +347,14 @@ public: break; } - if(l_smfBarSize != DISTRIBUTE_EXACT_SMF_AMT) + // Memory is distributed across processors so need to divide the + // expected results by the number of processors + TARGETING::TargetHandleList l_procList; + TARGETING::getAllChips(l_procList, TARGETING::TYPE_PROC, true); + + if(l_smfBarSize != (DISTRIBUTE_EXACT_SMF_AMT/l_procList.size())) { - TS_FAIL("testDistributeExactAmt: Unexpected amount of memory allocated. Expected: 0x%x, actual 0x%x", DISTRIBUTE_EXACT_SMF_AMT, l_smfBarSize); + TS_FAIL("testDistributeExactAmt: Unexpected amount of memory allocated. Expected: 0x%x, actual 0x%x", (DISTRIBUTE_EXACT_SMF_AMT/l_procList.size()), l_smfBarSize); } } while(0); @@ -400,9 +406,14 @@ public: break; } - if(l_smfBarSize != DISTRIBUTE_EXACT_SMF_AMT) + // Memory is distributed across processors so need to divide the + // expected results by the number of processors + TARGETING::TargetHandleList l_procList; + TARGETING::getAllChips(l_procList, TARGETING::TYPE_PROC, true); + + if(l_smfBarSize != (DISTRIBUTE_EXACT_SMF_AMT/l_procList.size())) { - TS_FAIL("testDistributeNotExactAmt: Unexpected amount of memory allocated. Expected: 0x%x, actual 0x%x", DISTRIBUTE_EXACT_SMF_AMT, l_smfBarSize); + TS_FAIL("testDistributeNotExactAmt: Unexpected amount of memory allocated. Expected: 0x%x, actual 0x%x", (DISTRIBUTE_EXACT_SMF_AMT/l_procList.size()), l_smfBarSize); } } while(0); diff --git a/src/usr/secureboot/trusted/README.md b/src/usr/secureboot/trusted/README.md new file mode 100644 index 000000000..effe75f44 --- /dev/null +++ b/src/usr/secureboot/trusted/README.md @@ -0,0 +1,74 @@ +# **'trusted'** Secureboot Services in Hostboot +This directory implements the 'trusted' boot functionality that Hostboot + provides. +It primarily does this by measuring and storing firmware images and system + data into the system's TPMs (Trusted Platform Modules). + +## Key Points +* This code measures specific information on the system, including different + firmware images that are loaded onto the system by hostboot +* These mesasurements, along with other system data, are stored in the TPMs + on the system +* This code also determines which TPMs exist on the system, if they are + functional, and initializes them +* To directly talk to the TPMs this code uses the TPM Device Driver, which + is built on top of the I2C Device Driver: + * [src/usr/i2c/tmpdd.C](../../i2c/tpmdd.C) + * [src/usr/i2c/tpmdd.H](../../i2c/tpmdd.H) + +* The **libsecureboot_trusted.so** module created here is available in + Hostboot's extended image +* However, the code in the 'base' sub-directory is built into + libsecureboot_base.so and is available in Hostboot's base image +* This module implements the interfaces defined in + [trustedbootif.H](../../../include/usr/secureboot/trustedbootif.H) + +## Files + +* __makefile__ + * Standard Hostboot makefile + +* __[README.md](./README.md)__ + * This file + +* __tpmLogMgr.C, tpmLogMgr.H__ + * Defines and implements functions around the TPM Event Log, including + adding new events, extending the log to the TPM, and moving the log to + different memory locations + +* __trustedTypes.C, trustedTypes.H__ + * Defines different structures and methods for sending and receiving data + to and from the TPM + +* __trustedboot.C, trustedboot.H__ + * Defines and implements the majority of the functions that interact with the + TPMs + * Implements the majority of the functions that verify and initialize the TPMs + +* __trustedbootCmds.C, trustedbootCmds.H__ + * Defines and implements commands sent to the TPM and then processes (aka + marshall and unmarshall) the data appropriately + +* __trustedbootUtils.C, trustedbootUtils.H__ + * Defines and implements a few utility functions like a wrapper to the TPM + Device Driver and creating trustedboot error logs. + + +## sub-directories +* __base__ + * These files create a message queue to reserve operations that can be + implemented once the full Hostboot extended code, including + libsecureboot_trusted.so, is available to process them + * These files also take the basic operations that the Hostboot base code + needs and sends them to the message queue + * __trustedboot_base.C__ + * Implements early trustedboot/TPM calls be calling into a message + queue so that they can be processed later + + * __trustedbootMsg.C, trustedbootMsg.H__ + * Defines and implements the message queue so that commands can be + processed later when libsecureboot_trusted.so is available + +* __test__ + * Standard Hostboot test directory that implements CXX Unit Tests + diff --git a/src/usr/secureboot/trusted/base/trustedboot_base.C b/src/usr/secureboot/trusted/base/trustedboot_base.C index 2e5182d2f..eb889131c 100644 --- a/src/usr/secureboot/trusted/base/trustedboot_base.C +++ b/src/usr/secureboot/trusted/base/trustedboot_base.C @@ -45,7 +45,6 @@ #include <secureboot/header.H> #include <secureboot/containerheader.H> #include <pnor/pnorif.H> -#include <config.h> #include "../trustedboot.H" #include "../trustedbootCmds.H" #include "../trustedbootUtils.H" @@ -1165,7 +1164,7 @@ errlHndl_t expandTpmLog(TpmTarget* i_target) int l_rc = msg_sendrecv(systemData.msgQ, l_msg->iv_msg); if(l_rc) { - /** + /*@ * @errortype ERRL_SEV_UNRECOVERABLE * @moduleid MOD_EXPAND_TPM_LOG * @reasoncode RC_SENDRECV_FAIL diff --git a/src/usr/secureboot/trusted/test/trustedbootTest.H b/src/usr/secureboot/trusted/test/trustedbootTest.H index cbf221e57..50564f12d 100755 --- a/src/usr/secureboot/trusted/test/trustedbootTest.H +++ b/src/usr/secureboot/trusted/test/trustedbootTest.H @@ -45,7 +45,6 @@ #include "../trustedboot.H" #include "../trustedbootCmds.H" #include "../tpmLogMgr.H" -#include <config.h> using namespace TRUSTEDBOOT; diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C index 6046a76df..d0ec76030 100644 --- a/src/usr/secureboot/trusted/trustedboot.C +++ b/src/usr/secureboot/trusted/trustedboot.C @@ -53,7 +53,6 @@ #ifdef CONFIG_BMC_IPMI #include <ipmi/ipmisensor.H> #endif -#include <config.h> #include <devicefw/driverif.H> #include <i2c/tpmddif.H> #include "trustedboot.H" diff --git a/src/usr/secureboot/trusted/trustedbootCmds.C b/src/usr/secureboot/trusted/trustedbootCmds.C index 604757b7a..fe2956929 100644 --- a/src/usr/secureboot/trusted/trustedbootCmds.C +++ b/src/usr/secureboot/trusted/trustedbootCmds.C @@ -37,7 +37,6 @@ // ---------------------------------------------- #include <string.h> #include <stdlib.h> -#include <config.h> #ifdef __HOSTBOOT_MODULE #include <secureboot/trustedboot_reasoncodes.H> |
