summaryrefslogtreecommitdiffstats
path: root/src/usr/secureboot/ext
Commit message (Collapse)AuthorAgeFilesLines
* Secureboot: Enhanced Multinode Comm: Master NodeIlya Smirnov2019-02-201-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | This commit introduces the logic to create the master node nodecomm request to the slave nodes and logic to process the responses from the slave nodes. The data from the slave nodes (the slave quote) is hashed and extended into PCR1. The binary quote blob is also included in the TPM log as a log message. Additional changes: the logic to relocate the TPM log to increase its size, and the logic to allow uint8_t* instead of char* as the TPM log message. Change-Id: Ide4465f0d4a91aec815c9db5d765cdbde231dcd3 RTC: 203644 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/71407 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secure Boot: Support API to fence off all node processors' secure mailboxesIlya Smirnov2018-06-192-1/+122
| | | | | | | | | | | | | | | | This change imlpements the logic to lock down the Abus secure mailboxes prior to starting PHyp. The lock down is perormed as part of secure node communication in istep 18 Change-Id: I4bc678ce7844290a7229b605406d5d3c689a0c6c RTC: 191005 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/59692 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Trustedboot support to log different event typesChris Engel2017-04-231-2/+4
| | | | | | | | | | | | | Change-Id: I811e9bd38c8c365acbcf204fa638ec0eb7302b7e Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38879 Reviewed-by: Timothy R. Block <block@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Support DRTM RIT protectionNick Bofferding2017-03-032-2/+727
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Added mailbox scratch register 7 definition - Added DRTM functions - Added set/clear security switch register functions - Added additional security switch bit definitions - Added secureboot extended library to host DRTM functions - Inhibited TPM start command in DRTM flow - Added new config options for DRTM and DRTM RIT protection - Added new DRTM attribute to indicate if DRTM is active - Added new DRTM attribute to hold DRTM payload address - Added new DRTM attribute to initiate DRTM in lieu of loading payload - Updated target service init to determine DRTM settings - Updated host start payload step to initiate DRTM if conditions are met - Updated host MPIPL service to verify DRTM payload and clean up DRTM HW state - Updated host gard step to verify DRTM HW state - Rerouted PCR extensions to PCR 17 in DRTM boot - Use locality 2 for all PCR extensions in DRTM boot - Inhibit extension logging (for now) in DRTM boot - Only extend seperator to PCR 17 in DRTM boot Change-Id: Id52c36c3a64ca002571396d605caa308d9dc0199 RTC: 157140 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35633 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Timothy R. Block <block@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Change copyright prolog for all files to Apache.Patrick Williams2014-05-211-10/+10
| | | | | | | Change-Id: I5664587b4f889099290ef50d50fa9ce5e580e1eb Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/11167 Tested-by: Jenkins Server Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Update makefiles & included .mk files to use += convention.Brian Silver2014-05-211-3/+3
| | | | | | | | Change-Id: I4148bc4c770b7c3c10fe25aa18d57d1a4301e5a9 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/11194 Tested-by: Jenkins Server Reviewed-by: Christopher T. Phan <cphan@us.ibm.com> Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Secureboot memory layout support.Patrick Williams2013-06-141-0/+30
* Start kernel in 1/4 cache mode per Secureboot. * Copy Secureboot header for base image for later use. * Blind-purge bottom half of cache. * Add bottom of cache into memory maps for 1/2 cache mode. RTC: 64762 Change-Id: I1b45f30a2d45c9709d4fd486cfe0ca2ce86b051c Reviewed-on: http://gfw160.austin.ibm.com:8080/gerrit/3773 Reviewed-by: Michael Baiocchi <baiocchi@us.ibm.com> Tested-by: Jenkins Server Reviewed-by: ADAM R. MUHLE <armuhle@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
OpenPOWER on IntegriCloud