summaryrefslogtreecommitdiffstats
path: root/src/include/usr/secureboot
Commit message (Collapse)AuthorAgeFilesLines
...
* Secureboot: Inhibit attribute overrides and sync exposuresMike Baiocchi2017-08-091-0/+9
| | | | | | | | | | | | | | | | | For Secureboot purposes, we don't consider the FSP a secure source. So this commit inhibts attribute overrides and any sort of attribute syncing from the FSP. Change-Id: I941ab5083d3055bc29237839aaaf4b723a2b0e90 RTC:175071 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/42687 Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Move containerHeader class to secureboot common directoryStephen Cprek2017-08-091-0/+2
| | | | | | | | | | | | | RTC: 175115 Change-Id: Ia12949a63100202895be315cb7febb85df3cda3e Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/44131 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Fix duplicate sha512 definitionsJaymes Wilks2017-08-041-5/+3
| | | | | | | | | | | | | | | | | All instances for sha2_hash_t have been replaced with SHA512_t and the SHA512_t typedef is now in securerom/contrib/sha512.H in place of the old definition. Change-Id: I32524524d755eb3b0264881317d9be5a294dc9a7 RTC:172333 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43610 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add Security Settings User Details to Error LogsStephen Cprek2017-07-102-0/+9
| | | | | | | | | | | | | Change-Id: Ife4a19ea7f94670143b701f740c80f991f924601 RTC:165693 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/41904 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Verify the correct HW Key Hash is used in Customized SBE ImageMike Baiocchi2017-06-111-1/+8
| | | | | | | | | | | | | | | | | | This commit keeps track of what HW Key Hash is added to HBBL before customizing the SBE Image and then checks that this HW Key Hash is found in the customized SBE Image. It did this by updating getHwKeyHashFromSbeImage() to possibly read the HW Key Hash from system memory along with its default behavior of reading it from a SBE Seeprom. Change-Id: I0139fb959102de74b12874f30e7d2ec0bf918e3f RTC:175330 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/41453 Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Disable Attribute Overrides in Secure ModeMike Baiocchi2017-06-071-2/+1
| | | | | | | | | | | | | | | This commit disables attribute overrides during the IPL and at Runtime when the system has security enabled. Change-Id: Ia56b11fc1450c8e11be27c90c0de179038273873 RTC: 163094 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/40735 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Create map of SecureROM function types, versions, and offsetsStephen Cprek2017-06-061-0/+7
| | | | | | | | | | | | | | | Done to audit different algorithm versions and provide easy lookup to simplify filling in HDAT Change-Id: Iee1514efca9deb1af1341c2557c543b2ced81845 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/40776 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Enforce synchronized processor security stateJaymes Wilks2017-05-103-8/+58
| | | | | | | | | | | | | | | Ensure the secure state is consistent across all processors. Change-Id: I671253b99d5d87509909681a2cec2380ca6918b0 RTC:167775 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38764 Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Trustedboot support to log different event typesChris Engel2017-04-231-0/+27
| | | | | | | | | | | | | Change-Id: I811e9bd38c8c365acbcf204fa638ec0eb7302b7e Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38879 Reviewed-by: Timothy R. Block <block@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Update the HW Key Hash in HBBL from PNOR for SBE Update OperationsMike Baiocchi2017-04-191-0/+8
| | | | | | | | | | | | | | | | | | | | This commit updates the HW Key Hash section of the HBBL partition pulled from PNOR before the SBE Update customization process. By default the HW Key Hash used to boot the system is used, but inside a Secureboot Key Transition (SBKT) IPL the new HW Key Hash will be used. Change-Id: I5ad235784cca53d746a46f5154c35f77540d24ba RTC: 167585 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38926 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Port SBKT signing and secure loadingStephen Cprek2017-04-101-6/+2
| | | | | | | | | | | Change-Id: I3817cbf8eb25bc83d538d9eb6ea4c5e801603f74 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38543 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Converge shadow TPM object into targeting modelNick Bofferding2017-04-101-43/+78
| | | | | | | | | | | | | | | | | | | | - Added TPM attributes - Linked TPM attributes to XML models - Updated TpmTarget as alias for TARGETING::Target - Trace all states in TPM targeting target Change-Id: Ic0e6cf974aa82f0273523bdada1081b625cb0ae4 RTC: 168781 CMVC-Coreq: 1021028 CMVC-Prereq: 1021177 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38337 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Trace HwKeyHash and Add Errorlog Parser Infrastructure to SecurebootMike Baiocchi2017-03-211-0/+12
| | | | | | | | | | | | | | | | | | This commit traces the HwKeyHash to Secureboot-specific error logs. It also adds the infrastucture necessary to parse secureboot-specific errorlog user data sections. It includes 2 new custom sections: one which is used in this commit, and another which will be used in a future commit. Change-Id: Id5fb115ad1214f956e5256d3641236021e4642ab RTC:165205 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/37901 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Enable HBB measurement based on secure mode enablementNick Bofferding2017-03-171-25/+31
| | | | | | | | | | | | Change-Id: Ia731f7ee2fff280d078da9878322f69beb3aa7cc RTC: 167581 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/36221 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Trace Processor Security Registers; add them to Secure Error LogsMike Baiocchi2017-03-152-1/+13
| | | | | | | | | | | | | | | | This commit adds a trace of the Security Switch and CBS Control/Status registers for all processors in the system. These registers are also captured for Security-specific error logs. Change-Id: I245815c720725a9aaf15a3cbad9a50b3288fc1f9 RTC:165205 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/37290 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Relocate ROM code after HBBL has been verifiedStephen Cprek2017-03-101-4/+4
| | | | | | | | | | | | Create Bootloader to hostboot data manager to control how the shared data is accessed and modified. Change-Id: I54cb543ed289810ab6afb07d333313f5662bce0e RTC: 166848 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35617 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Tested-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Rename SecureROM to SecureRomManagerStephen Cprek2017-03-082-3/+3
| | | | | | | | | | | Change-Id: I839daf3fc44e3459a9c6c147703fd671c5ec79a8 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/36971 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Integrate p9_update_security_ctrl HWP into Istep 10.3Jaymes Wilks2017-03-031-39/+41
| | | | | | | | | | | | | | | | | | Add handling of TPM deconfig and SBE Secure Seeprom Lock by integrating the hardware procedure p9_update_security_ctrl into Istep 10.3 and retriggering the hardware procedure any time a TPM fails. Change-Id: I36f57dc7aef3de6661357736a525fe25a3828c6e RTC:153891 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/36189 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Support DRTM RIT protectionNick Bofferding2017-03-034-14/+271
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Added mailbox scratch register 7 definition - Added DRTM functions - Added set/clear security switch register functions - Added additional security switch bit definitions - Added secureboot extended library to host DRTM functions - Inhibited TPM start command in DRTM flow - Added new config options for DRTM and DRTM RIT protection - Added new DRTM attribute to indicate if DRTM is active - Added new DRTM attribute to hold DRTM payload address - Added new DRTM attribute to initiate DRTM in lieu of loading payload - Updated target service init to determine DRTM settings - Updated host start payload step to initiate DRTM if conditions are met - Updated host MPIPL service to verify DRTM payload and clean up DRTM HW state - Updated host gard step to verify DRTM HW state - Rerouted PCR extensions to PCR 17 in DRTM boot - Use locality 2 for all PCR extensions in DRTM boot - Inhibit extension logging (for now) in DRTM boot - Only extend seperator to PCR 17 in DRTM boot Change-Id: Id52c36c3a64ca002571396d605caa308d9dc0199 RTC: 157140 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35633 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Timothy R. Block <block@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Support extending sections to PCRsNick Bofferding2017-02-022-8/+27
| | | | | | | | | | | | | | - Ported p8 secureboot PCR extension code Change-Id: I2bbf6ee6b2980c2fbe32dfb9cad25e9e2aba3285 RTC: 167581 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35632 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Generalize secure boot settings for all processorsJaymes Wilks2017-01-303-18/+150
| | | | | | | | | | | | | | | Adds the ability to specify which processor target user code is interested in when querying secure boot settings. Change-Id: I0375af03ce8f4e33029736ff2e2d60416629a295 RTC:161916 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/32556 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Use common ROM header files for rom, bootloader, and hostbootStephen Cprek2017-01-302-197/+2
| | | | | | | | | | | | Change-Id: I4d7db7293d44633cf1646f69ab98ddc8d66338ca RTC: 143902 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/34525 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add TPM4 locality supportChris Engel2017-01-271-1/+7
| | | | | | | | | | | | | Change-Id: I9f16fe77ee18f3d8839d0a06f9322ca1b1e47d93 RTC: 134415 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35271 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Support ring overrides for HCODE imageDan Crowell2017-01-251-1/+7
| | | | | | | | | | | | | | | Allows data from the RINGOVD partition of PNOR to be applied to the HCODE/STOP image that is generated during boot and at runtime. Change-Id: I66665bb89af020fc1a249d89f42d541a06383309 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35128 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Corey V. Swenson <cswenson@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* port p8 secureboot settings code to p9Jaymes Wilks2017-01-051-7/+36
| | | | | | | | | | | | | | | | Update the p9 branch to handle the secure settings states as per p8 code but with the new updated p9 constant values. Remove caching of register values. Change-Id: I0a29ce0103a8f9b60b421a4bb625f12adcd916f8 RTC:161916 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/32490 Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Secure PNORRP port resync from p8Jaymes Wilks2016-12-121-3/+8
| | | | | | | | | | | | | | Brings SPNORRP p9 up to date with the latest changes from p8. Change-Id: I9e80199ffad1b3082339069264560029e83a3d78 RTC:163078 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/32260 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Matthew A. Ploetz <maploetz@us.ibm.com>
* Secure PNOR Resource Provider port from p8Jaymes Wilks2016-11-145-3/+637
| | | | | | | | | | | | | | Adds a Secure PNOR Resource Provider (SPNORRP) layer on top of the original PNORRP to handle verification of secured PNOR sections. Change-Id: Iff25abf599f3c850197c6e6d23ff03e5edf945bb RTC:163078 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/31588 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add a TPM separator during host start_payloadChris Engel2016-10-312-2/+14
| | | | | | | | | | Change-Id: I11736ebe4b44e54584febc05e1dea50dd5304fa4 RTC: 155301 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/30996 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Trustedboot support for using TPM targetChris Engel2016-08-221-2/+12
| | | | | | | | | | Change-Id: I362085fd81663b9b8ec56ed9e0670cf71fc851e4 RTC: 153386 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/28482 Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Trustedboot PCR Extend reworked to use task message queueChris Engel2016-07-182-2/+10
| | | | | | | | | | | | | | Removed TPM log manager and required functions from HBB and replaced with a simple message queue Change-Id: I5f5a418b6ea8c0228229e8c45523385b488e2b6b RTC: 155519 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/27133 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Trustedboot add TPM and associated i2c master to the devtreeChris Engel2016-06-083-1/+57
| | | | | | | | | | | Change-Id: Ic2edee549d23669f046a6e78f0cfae838faaec2d RTC: 125287 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/25470 Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* TrustedBoot-Add log manager functions to allow passing in external log bufferChris Engel2016-05-171-0/+2
| | | | | | | | | | | | | | Change-Id: I33b8680fb89072311bb23730bfc1901e4ded9e21 RTC: 125289 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/22003 Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/24669 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com>
* Extend basic config entries to TPMChris Engel2016-05-131-0/+2
| | | | | | | | | | | | Change-Id: I17c215c3120782d022ade0ac8343934c64e2e13e Original-Change-Id: I92e2c7758ebac2912caa9f449c3531c584487bd5 FowardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/22002 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/24481 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Send hash of pnor sections to TPMChris Engel2016-05-112-1/+4
| | | | | | | | | | | | | Replay log events to TPM after initialization Change-Id: Ibab5e28790324c28a7cd9fb2805041d7a896376a RTC:125290 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/23898 Tested-by: Jenkins Server Reviewed-by: Timothy R. Block <block@us.ibm.com> Tested-by: FSP CI Jenkins Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Trustedboot support for PCR ReadChris Engel2016-03-272-1/+3
| | | | | | | | | | | | | | | | cherry picked from commit 93cd77a2455e60f01b003f747368e69cfef1b844 RTC: 125287 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/701 Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Change-Id: I37103173d417ce1f378ee3ce76646f1028339ee0 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/22496 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com>
* Trustedboot add support for PCR ExtendChris Engel2016-03-251-0/+3
| | | | | | | | | | | | | | Change-Id: I05614ef6c3e5d68e0b512ec6b69a0b6054a9d7b4 RTC: 125288 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/790 Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/22366 Tested-by: Jenkins Server Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Tested-by: FSP CI Jenkins
* Trustedboot TPM Event log managerChris Engel2016-03-152-2/+12
| | | | | | | | | | | | | | | Change-Id: I4a8c2010421a63e44112666bdd424e2e5d010e7f RTC: 125289 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/960 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/22009
* Trustedboot : Refactor to allow for skiboot import of TSSLiteChris Engel2016-03-082-2/+17
| | | | | | | | | | | | | | | | Change-Id: I1e90a71f1027e0a801b96cbad6d59e432357f281 RTC: 125289 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/21318 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/21809
* Trustedboot: Additional commands in trusted boot init sequenceChris Engel2015-12-112-3/+16
| | | | | | | | | | | | | | - getCap FW Version - TPM Command marshal/unmarshal code Change-Id: Ia9a90b1160c9c3b5d818318771bff21eb013bdf4 RTC: 125287 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/20056 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Reviewed-by: STEPHEN M. CPREK <smcprek@us.ibm.com> Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Trustedboot: Move data to Hostboot base and add pcrExtend stub functionChris Engel2015-11-181-0/+39
| | | | | | | | | | | | Change-Id: Id488af88c7f1796606434a062a9001f31f413ac0 RTC: 125288 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/21475 Tested-by: Jenkins Server Reviewed-by: Timothy R. Block <block@us.ibm.com> Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Fix copyright prologs for trustedboot codeStephen Cprek2015-11-061-1/+1
| | | | | | | | | | | | | Change-Id: Ib6082544ace176db00473a15f27eeb7f454b1555 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/21870 Tested-by: Jenkins Server Reviewed-by: MATTHEW A. PLOETZ <maploetz@us.ibm.com> Reviewed-by: WILLIAM G. HOFFA <wghoffa@us.ibm.com> Tested-by: Jenkins OP Build CI Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: STEPHEN M. CPREK <smcprek@us.ibm.com>
* Trusted boot support for performing TPM_STARTUP during istepsChris Engel2015-11-053-1/+107
| | | | | | | | | | | | | | | | | Support added for TPM DD2.0 Added call to host_update_master_tpm during host_discover_targets istep host_update_master_tpm istep performs TPM_STARTUP on TPM Change-Id: Ie9c232ed6ecf72da58c40df726fe1deaec5af053 RTC: 125287 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/18075 Tested-by: Jenkins Server Reviewed-by: STEPHEN M. CPREK <smcprek@us.ibm.com> Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Change copyright prolog for all files to Apache.Patrick Williams2014-05-212-22/+22
| | | | | | | Change-Id: I5664587b4f889099290ef50d50fa9ce5e580e1eb Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/11167 Tested-by: Jenkins Server Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Base Support for Secure ROM verificationMike Baiocchi2013-07-082-1/+44
| | | | | | | | | | | | This change adds the basic structure needed to call and implement a verifcation of a signed container via the loaded/initliaized Secure ROM device. Change-Id: Ieada4eb0b557fc556cd12647a698bbfa16aba278 RTC:64764 Reviewed-on: http://gfw160.austin.ibm.com:8080/gerrit/4958 Tested-by: Jenkins Server Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Secureboot memory layout support.Patrick Williams2013-06-142-0/+84
* Start kernel in 1/4 cache mode per Secureboot. * Copy Secureboot header for base image for later use. * Blind-purge bottom half of cache. * Add bottom of cache into memory maps for 1/2 cache mode. RTC: 64762 Change-Id: I1b45f30a2d45c9709d4fd486cfe0ca2ce86b051c Reviewed-on: http://gfw160.austin.ibm.com:8080/gerrit/3773 Reviewed-by: Michael Baiocchi <baiocchi@us.ibm.com> Tested-by: Jenkins Server Reviewed-by: ADAM R. MUHLE <armuhle@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
OpenPOWER on IntegriCloud