| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds many checks to callout potential issues with the new
multinode trustedboot transfer protocol. It also improves some
TPM-related traces.
Change-Id: Ice3f8be0668cc63321eeb2562bb8ffe610284b6a
RTC:203642
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72363
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Ilya Smirnov <ismirno@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit introduces a new attribute TPM_POISONED used
to indicate that a certain TPM was poisoned during the boot.
This attribute is also used to adjust the trustedboot flag
in HDAT: if the primary TPM was poisoned during the IPL,
the trustedboot setting is turned off in HDAT.
Change-Id: I32ff6e79ebba0e38c0e8b4b9bd4aa0f52a250d9a
RTC: 203645
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72129
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds the size of the quote and signature fields returned
from the TPM as part of enhanced multinode comm to the generated
slave quote. This will make it easier to process the slave quote
for remote attestation.
Change-Id: Iab0d66bf5c34f49441fec346c6964458c58cff1f
RTC: 203645
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72357
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds a new exchange of data between the master and
slave nodes to further enhance our Trustedboot IPL. It builds
upon updates to the transfer mechanism between the nodes and new
TPM commands on the nodes.
Change-Id: I18bd152e4bd3aeb9b79eb9ec774fc80871874155
RTC:203642
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/71903
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Ilya Smirnov <ismirno@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit introduces the logic to create the master node nodecomm
request to the slave nodes and logic to process the responses from
the slave nodes. The data from the slave nodes (the slave quote) is
hashed and extended into PCR1. The binary quote blob is also included
in the TPM log as a log message.
Additional changes: the logic to relocate the TPM log to increase
its size, and the logic to allow uint8_t* instead of char* as
the TPM log message.
Change-Id: Ide4465f0d4a91aec815c9db5d765cdbde231dcd3
RTC: 203644
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/71407
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit introduces the logic to create the slave response
for the new enhanced multinode comm protocol. The slave response
consists of an eye catcher, node ID, quote and signature data
from TPM, PCR contents of the slave node TPM, Attestation Key
Certificate, and the TPM log. All of the above data is packaged
into a binary blob to be sent back to the master node.
Change-Id: I927c6ca937e6c07af4185cf54c782697c5d822f6
RTC: 203643
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/70791
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds a more flexible Node-to-Node Transfer Protocol
that will be used for the secureboot/trustedboot algorithm in
multi-node configurations. The original message transfer has
been updated to use this new transfer protocol.
Change-Id: I12704e8d71d8c0aac52c286160322f9b845a5026
RTC:203641
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/71317
Reviewed-by: Ilya Smirnov <ismirno@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds four new TPM commands, and APIs thereto,
for enhanced secure multinode communication protocol. The
TPM commands are the base for the new protocol and will be
used as part of it.
Change-Id: I080ff87cd6001b5d2e13ae350a379cbc2c92bfcf
RTC: 202364
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/69725
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New Secure Multinode Comm protocol calls for generation of
random number that is 32 bytes in size. This commit extends
the existing GetRandom API to be able to accept a size of
the random number to be generated by TPM.
Change-Id: Ic6fc1705594f51f121ff75aaa489d6d32fe41409
RTC: 202364
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/70116
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit bdb1634e8e6a385884025f49cadbd4262962dd3e.
Change-Id: Idbe1edff3d3a241ff2002cf053b59095ea3cb524
CQ: SW446799
CMVC-Prereq: 1069262
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/65708
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Deletes a non-terminating TPM error in the fabric integration step to
avoid setting up a race condition on FSP that results in FSP not waking
Hostboot up from winkle properly. That issue will be pervasively addressed by
SW444320.
Change-Id: I1f43f704a53ec77593d082021cc545e2365d499a
CQ: SW443597
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/65594
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds the appropriate addHwCallout() after addBusCallout()
to ensure that the appropriate item (either XBUS or SMPGROUP) gets
deconfigured.
Change-Id: Iff2cea9d41b6d86b79024a5f682675d4938f20a3
RTC:184518
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/63727
Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ABUS Node Communications procedure is operational and its error
handling works. So this commit updates the code such that any errors
during this procedure are now committed so that they can be properly
handled.
Change-Id: I0c97b74bca83a3bc001426aa01beb0c81cd7a717
RTC:184518
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/62753
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds redundancy to the ABUS Node Communication procedure
by using the best possible link per connection rather than the default
secure link.
Change-Id: I051d316eacb05d59889d3f45fcb387e29877e1fe
RTC:184518
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/62133
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code adds bus, hw, code, etc callouts to the appropriate errors.
It also cleans up other TODOs, refactors some functions, and applies
somes fixes found in testing.
Change-Id: I462cdb2c4e313c277a3e0542f740e82ede3313f3
RTC:184518
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/61813
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit applies all of the known fixes to make the 'good-path'
work for Secure Node-to-Node Communications. It also cleans up
some trace messages and removes some TODOs.
Change-Id: I2ffa63f2579f2a0075b188d67c56f45bed576a0f
RTC:184518
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/61305
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds the TPM calls to generate a random number and log
('extend') the nonces passed between the nodes via the ABUSes. It
also cleans up some other TODOs and traces.
Change-Id: I1389af2d809351421f3c2b3b954b3eaf6b0506aa
RTC:184518
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/60962
Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit creates a new interface that will be called in istep 18
to facilitate the exchanging of Link Mailboxes messages between nodes
acros the ABUS interface. It also does the basic procedure without
all of the final FFDC and RAS implementation that will come in
subsequent commits. All error logs are deleted to not kill any
IPLs until full functionality is tested.
Change-Id: I7391deaa37e49629cd01cfad212b64fecb9529bd
RTC:184518
CMVC-Prereq:1058895
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/60793
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds the attributes needed for a mutex XBUS and ABUS lock
and then uses them in the Node Communications Device Driver. It also
adds some additional error recovery to the Node Comm DD. Plus, it adds
some additional SCOMs to the Read and Write Node Comm DD operations.
Change-Id: I27b94f29a6e3c2e3e2ba98fec48cc000c39add47
RTC:191008
Depends-on:I19510888c0922e5bb857cffc9426399e79e113ba
Depends-on:I11893af06b7a097b43106117d648e9a431c4f3ea
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/59292
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds a new custom Node Comm Device Driver error log
user details section and its parser code. It also adds a function
to add the target and important HW registers to an error log.
Change-Id: I11893af06b7a097b43106117d648e9a431c4f3ea
RTC:191008
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/59079
Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
|
|
This commit establishes base support for Secure Node Communications.
It creates a new device driver to operate the XBUS and ABUS Link
Mailboxes and adds base support for using these device drivers to
send and receive messages. It also adds a test to perform a 2-chip
XBUS Link Mailbox operation.
Change-Id: I19510888c0922e5bb857cffc9426399e79e113ba
RTC:191008
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/58376
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
|