summaryrefslogtreecommitdiffstats
path: root/src/usr/secureboot/trusted
Commit message (Collapse)AuthorAgeFilesLines
* Add README.md files to the secureboot componentMike Baiocchi2020-02-131-0/+74
| | | | | | | | | | | | | | | | | This commit adds a top-level README.md file to the secureboot component that then calls into new README.md files in the different sub-directories. Change-Id: I7460a0e591232c2f8387321b0251ac3f62a1c76e Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/89025 Reviewed-by: Ilya Smirnov <ismirno@us.ibm.com> Reviewed-by: Nicholas E Bofferding <bofferdn@us.ibm.com> Reviewed-by: Christopher J Engel <cjengel@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M Crowell <dcrowell@us.ibm.com>
* Automatically include config.hDan Crowell2019-12-064-4/+0
| | | | | | | | | | | | | | | | | | Rather than having to remember to include config.h anywhere we reference a CONFIG variable (and usually forgetting), this adds it to the default compiler flags so that it gets included in every source file we build. Change-Id: I53622ab4d46c55d942e98cae6ec03049fd5b3d08 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/87475 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Zachary Clark <zach@ibm.com> Reviewed-by: Roland Veloz <rveloz@us.ibm.com> Reviewed-by: Christian R Geddes <crgeddes@us.ibm.com> Reviewed-by: Nicholas E Bofferding <bofferdn@us.ibm.com>
* Fix NVDIMM update error log commentsCorey Swenson2019-08-201-1/+1
| | | | | | | | | | | | | | First line of error log comment must include /*@ or error log will not be documented. Also fixed in other HB files. Change-Id: Ifa5eba6d6abd7f8565a4cc8d62a25a2b833725f2 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/82497 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E Bofferding <bofferdn@us.ibm.com> Reviewed-by: Matt Derksen <mderkse1@us.ibm.com> Reviewed-by: Daniel M Crowell <dcrowell@us.ibm.com>
* HB Improvements: Compiler Issues with Different Config FilesLuis Fernandez2019-04-051-1/+1
| | | | | | | | | | | | | | | Fixed compiler issues with Witherspoon, Romulus, Zaius, Boston. Change-Id: Ic4046323eb391be6ec311bc408ef9d858ceff8cd RTC: 202716 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/75552 Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Ilya Smirnov <ismirno@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Initialize backup TPM in MPIPLNick Bofferding2019-04-012-48/+53
| | | | | | | | | | | | | | | | | | Update the boot flow to call the istep to initialize the backup TPM during an MPIPL and carry over the backup present/functional state as they were from runtime, prior to the MPIPL. Change-Id: Ic402e37cf2f465686770ff22d4f2296332b0f3f7 CQ: SW456951 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/75163 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Ilya Smirnov <ismirno@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Matthew Raybuck <matthew.raybuck@ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Secureboot: Enhanced Nomdecomm: Quote FixIlya Smirnov2019-03-261-1/+1
| | | | | | | | | | | | | | | | PCR8 was erroneously being included in the quote response from the TPM. We don't actually want to read out PCR8 in hostboot firmware. This change excludes PCR8 from the quote process. Change-Id: Ib2ace53b157b64b6a5dac392b0304b31765d7afb Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/74895 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secureboot: Enhance Error Callouts For New Multinode Trustedboot TransferMike Baiocchi2019-03-051-11/+17
| | | | | | | | | | | | | | | | | This commit adds many checks to callout potential issues with the new multinode trustedboot transfer protocol. It also improves some TPM-related traces. Change-Id: Ice3f8be0668cc63321eeb2562bb8ffe610284b6a RTC:203642 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72363 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Ilya Smirnov <ismirno@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secureboot: Enhanced Multinode Comm: TPM_POISONEDIlya Smirnov2019-03-011-1/+9
| | | | | | | | | | | | | | | | | | | This commit introduces a new attribute TPM_POISONED used to indicate that a certain TPM was poisoned during the boot. This attribute is also used to adjust the trustedboot flag in HDAT: if the primary TPM was poisoned during the IPL, the trustedboot setting is turned off in HDAT. Change-Id: I32ff6e79ebba0e38c0e8b4b9bd4aa0f52a250d9a RTC: 203645 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72129 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secureboot: Enhanced Multinode Comm: Quote Size FixIlya Smirnov2019-02-222-1/+5
| | | | | | | | | | | | | | | | | | It was discovered that the quote and signature data returned from TPM as part of the new multinode comm contained an extra uint32 size field that should not be inlcuded into the slave quote blob. This commit removes that size field from the quote. Change-Id: Ia40eeee67567d08b1c1982f964dab1db411ff81b RTC: 203645 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72216 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secureboot: Enhanced Multinode Comm: Master NodeIlya Smirnov2019-02-2011-53/+249
| | | | | | | | | | | | | | | | | | | | | | | | This commit introduces the logic to create the master node nodecomm request to the slave nodes and logic to process the responses from the slave nodes. The data from the slave nodes (the slave quote) is hashed and extended into PCR1. The binary quote blob is also included in the TPM log as a log message. Additional changes: the logic to relocate the TPM log to increase its size, and the logic to allow uint8_t* instead of char* as the TPM log message. Change-Id: Ide4465f0d4a91aec815c9db5d765cdbde231dcd3 RTC: 203644 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/71407 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secureboot: Enhanced Multinode Comm: Slave NodeIlya Smirnov2019-02-198-39/+217
| | | | | | | | | | | | | | | | | | | | | | This commit introduces the logic to create the slave response for the new enhanced multinode comm protocol. The slave response consists of an eye catcher, node ID, quote and signature data from TPM, PCR contents of the slave node TPM, Attestation Key Certificate, and the TPM log. All of the above data is packaged into a binary blob to be sent back to the master node. Change-Id: I927c6ca937e6c07af4185cf54c782697c5d822f6 RTC: 203643 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/70791 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secureboot: Add New TPM Commands For NodecommIlya Smirnov2019-01-187-21/+887
| | | | | | | | | | | | | | | | | | This commit adds four new TPM commands, and APIs thereto, for enhanced secure multinode communication protocol. The TPM commands are the base for the new protocol and will be used as part of it. Change-Id: I080ff87cd6001b5d2e13ae350a379cbc2c92bfcf RTC: 202364 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/69725 Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add additional FFDC to better debug TPM related errorsNick Bofferding2019-01-141-28/+84
| | | | | | | | | | | | | | | - Added additional trace to master TPM init step to diagnose TPM related errors Change-Id: Iec93d92d26872f6c54811b77803e93c80799e445 CQ: SW452193 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/70293 Reviewed-by: Ilya Smirnov <ismirno@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Trustedboot: GetRandom API ChangesIlya Smirnov2019-01-103-18/+69
| | | | | | | | | | | | | | | | | | New Secure Multinode Comm protocol calls for generation of random number that is 32 bytes in size. This commit extends the existing GetRandom API to be able to accept a size of the random number to be generated by TPM. Change-Id: Ic6fc1705594f51f121ff75aaa489d6d32fe41409 RTC: 202364 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/70116 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Serialize all attribute synchronization callsNick Bofferding2018-10-171-1/+2
| | | | | | | | | | | | | | | Forces all FSP attribute synchronizations down to FSP to serialize in the attribute resource provider attribute synchronization daemon thread to avoid concurrenty problems. Change-Id: Ifb355ba6f42872465ea3d6f0d9009cfd6f768d7a CQ: SW448280 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/67450 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Additional tracing for shutdown eventsMatt Derksen2018-09-121-1/+2
| | | | | | | | | | | | | | | | | Hit an issue where a shutdown was called but all that is traced is a msgQ pointer. These traces should help associate the msgQ pointer to an actual task being shutdown. Change-Id: Ic22fdde1a146eec90f26d557e8af1ddec3c85c4e CQ:SW443508 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/65464 Reviewed-by: Christian R. Geddes <crgeddes@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Corey V. Swenson <cswenson@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Trusted Boot: Report Primary TPM required reason code as terminatingNick Bofferding2018-08-241-2/+2
| | | | | | | | | | | | | | | | | | | | This commit flags the RC_TPM_NOFUNCTIONALTPM_FAIL reason code as a terminating reason code to tell FSP that there is an expected boot failure without a deconfiguration. Further, when this error occurs, it TIs with this error's reason code instead of its PLID, so that FSP will balk to the alignment check to failover and use the backup TPM, when possible. Change-Id: I6809dd1de6f37ce50d6528ce1014c5ede115b0dd CQ: SW442904 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/64973 Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Set TPM_UNUSABLE Only if TPM is RequiredIlya Smirnov2018-08-161-6/+18
| | | | | | | | | | | | | | | | This change sets the attribure used for TPM alignment check (TPM_UNUSABLE) only if the TPM Required policy is on. This will prevent HWSV from failing the boot due to no minimum HW when the policy is off. Change-Id: Ia63475c7496e5a4deb73c0caeb0d070bd8eb95c3 CQ: SW441033 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/64553 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Sync Attributes to FSP In TPM Required PathIlya Smirnov2018-07-231-1/+18
| | | | | | | | | | | | | | | | | | System shut down due to no functional primary TPM doesn't force attribute sync to FSP (which is a part of normal istep shutdown process), so the TPM_UNUSABLE attribute used to perform alignment check is never updated on FSP. This change adds explicit attribute sync to FSP in the TPM required execution path. Change-Id: I0e232c114af9ac08c8207088b337fb5a8c8d4cb1 CQ: SW438909 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/63069 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add Support for TPM Message Queue FlushingIlya Smirnov2018-07-013-3/+56
| | | | | | | | | | | | | | | Add a synchronous message handler to TPM daemon. This message handler is used to make sure that all of the traces are flushed before the daemon is shut down. Change-Id: Ibb8ea2fd12d7ded9e43f284ff44c1791e61d8767 CQ:SW435287 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/55223 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Trusted Boot: Provide appropriate callout when TPM not provisionedNick Bofferding2018-06-273-40/+68
| | | | | | | | | | | | | | Adds high priority TPM callout and low priority HB procedure callout when the TPM is detected not to be provisoned correctly Change-Id: Ia6fc3e4d5baf80f5a899e0b576d9fe07f4a1570c CQ: SW435398 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/61429 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add TPM Calls to Node Communication ABUS Exchange ProcedureMike Baiocchi2018-06-211-0/+2
| | | | | | | | | | | | | | | | | | This commit adds the TPM calls to generate a random number and log ('extend') the nonces passed between the nodes via the ABUSes. It also cleans up some other TODOs and traces. Change-Id: I1389af2d809351421f3c2b3b954b3eaf6b0506aa RTC:184518 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/60962 Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Secure Boot: Enabled final Secure Boot settings for ZeppelinNick Bofferding2018-06-041-2/+2
| | | | | | | | | | | | | | | | - Force TPM_REQUIRED to 1 in various XML models (by not overriding default) - Remove old reference to SECUREBOOT_BEST_EFFORT policy in HBConfig - Double initial TPM log size Change-Id: Ibc9a2075ec5e490a876415d5743da40984f172f7 RTC: 187292 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/59776 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Support TPM PCR PoisoningJaymes Wilks2018-05-234-96/+325
| | | | | | | | | | | | | | | | | | | To support Fleetwood secure inter-node communication, we need to “poison” the PCRs of all still functional non-master node TPMs just prior to transferring control to PHyp, and report that poisoned state to HDAT. Change-Id: Ic104ef2e44fc98895b9b435fdf8ba4c5e4972818 RTC:191001 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/58244 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Marked Failed TPMs Unusable For Alignment CheckIlya Smirnov2018-05-221-6/+18
| | | | | | | | | | | | | | | | | | | Set the TPM_UNUSABLE attribute for TPMs that failed. This attribute will be used by FSP during alignment check, so it is important to reflect the current TPM availability situation. Note that backup TPM is marked as unusable in istep 6.8, and then re-checked in istep 10.14. Change-Id: I32347c542cb4cd09c04bea7f8a9275881d204dfb RTC: 191163 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/58529 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* New API to Retrieve Random Number from the TPMJaymes Wilks2018-05-106-9/+297
| | | | | | | | | | | | | | | | | A new programming interface allows us to obtain random numbers from the TPM more easily (i.e. in a more high-level way). Change-Id: Ibd3d3b320411bea146d6eab4d1a59ca760bc726c RTC:191000 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/57802 Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Primary TPM Required PolicyIlya Smirnov2018-05-032-39/+49
| | | | | | | | | | | | | | | | | | Change the "TPM Required" policy to "Primary TPM Required," wherein only the presence and functionality of the primary TPM (attached to the acting master proc) will be considered when evaluating the TPM required condition. The presence and functionality of the backup TPM will not play a role in this policy. Change-Id: Id968123d0fc399c531da7429fdb8efabfa66c53c Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/57843 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Secure Boot: Basic Support For Redundant TPMIlya Smirnov2018-05-024-51/+474
| | | | | | | | | | | | | | | | | | | This change implements the detection and initialization of the backup TPM in istep 10.14. The backup TPM is presence-detected and initialized; the logs of the primary TPM are extended into the secondary TPM in istep 10.14. After the initialization of the secondary TPM, all events are extended into both TPMs. A test was created to test whether the backup TPM is initialized correctly. Change-Id: I305500c9f680115e684ab153fc882b8d5364b0d4 RTC: 134912 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/57374 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Reset Host-mode Processor I2C Masters connected to the TPMsMike Baiocchi2018-03-301-28/+0
| | | | | | | | | | | | | | | | | This commit resets the I2C buses connected to the TPMs early in the IPL since the FSP can't do the reset for us as they lack a FSI I2C connection to the TPMs. Change-Id: I4b4893da447f3c567c04a8d0c2b647f2927ec0ab RTC:188956 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/56188 Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add FFDC to 'No Functional TPM' FailsMike Baiocchi2018-03-192-30/+87
| | | | | | | | | | | | | | | | | | | When no functional TPMs are detected, but TPMs are required, this commit will capture the Security Registers of each processor in the system and add them to the error log. It also updates how the tpmMarkFailed() function links and commits various error logs. Change-Id: I2e95bbfcb6ab3f3dff26149f234c219d4280e1fb CQ:SW417814 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/54808 CI-Ready: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add Reset to TPM's I2C Bus for MPIPLsMike Baiocchi2018-03-011-0/+28
| | | | | | | | | | | | | | | | | | | | | | | | This commit updates the general I2C reset function to only reset certain engine(s) of the I2C master. This new functionality is then used to reset all of the processor I2C engines that can drive the TPMs on MPIPLs. Change-Id: Ie19e93233b5012b69d59bfc3f485ce2914d665da CQ:SW419116 Backport:release-fips910 Backport:release-fips900 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/54840 CI-Ready: Nicholas E. Bofferding <bofferdn@us.ibm.com> CI-Ready: Marshall J. Wilks <mjwilks@us.ibm.com> CI-Ready: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secure Boot: On get jumper state error path, save PLID before committingNick Bofferding2018-02-241-2/+1
| | | | | | | | | | | | | | | When SECUREBOOT::getJumperState() returns error, save off the error PLID before committing it, to avoid a segfault condition Change-Id: I968c73de11abf580b19720c4ee9689e38c155bb6 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/54596 Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Reviewed-by: Richard J. Knight <rjknight@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Fix developer and customer descriptions for TPM required policyJaymes Wilks2018-02-101-1/+20
| | | | | | | | | | | | | | | | | | Adds more useful information to the developer and customer descriptions of error logs that are created when the TPM required policy is broken. Change-Id: Ib2c42c85cb5689b5a791ab96709dc40f4bbd85d4 CQ:SW415447 Backport:release-fips910 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/52848 Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Verify ComponentID and Extend PAYLOADMike Baiocchi2018-02-011-1/+2
| | | | | | | | | | | | | | | | | | | While verifying the PAYLOAD in memory before moving it to its final location, this commit parses the PAYLOAD's header and verifies that it has the correct componentId. It also extends the PAYLOAD information to the TPM. Change-Id: Ie333d1ba5919b36919b207f25ad60806359ed710 RTC:168745 Backport: release-fips910 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/52837 Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secure Boot: Remove cyclic dependency in TPM daemon shutdown pathNick Bofferding2018-01-192-8/+30
| | | | | | | | | | | | | | | Change-Id: Id2bd6597e930015dfad0ae4196aa326948bdee8e Backport: release-fips910 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/52095 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Remove Secure Boot workaroundsStephen Cprek2017-12-181-35/+17
| | | | | | | | | | | | | | | | | | | | | | | - Removing the magic number checks that would block sb functionality if things didn't appear secure - Remove Best Effort Policy and all of its related code - Remove the legacy PCR extension - Remove the non-secure header preservation path. - Always load HB base image header from the bl to hb data path vs settings unsecurely out of pnor Change-Id: Ie638384ac50ed47850985c959ea7a32e5757d64e RTC: 178520 RTC: 155374 RTC: 173489 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49925 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Support Verifying and Moving PAYLOAD and HDAT when TCEs are EnabledMike Baiocchi2017-12-121-0/+2
| | | | | | | | | | | | | | | | | | | This commit makes changes in istep 16 to set up temporary memory regions that the FSP will use to DMA-via-TCEs the PAYLOAD and HDAT sections into memory in istep 20. Then in istep 21 Hostboot will verify and move these sections to the final memory locations. Change-Id: I3c9e026a8e2c3c40008364c4229915b4a661d0fe RTC:181900 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/50624 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Create a Trusted boot trace component and collect trace on errorsStephen Cprek2017-12-056-17/+27
| | | | | | | | | | | | | | Error log trace never included "TRBOOT" trace Change-Id: I0ff99d3d3cc78a7a25c576059d69d1644a2c802d RTC: 181899 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/50077 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Handle ContainerHeader asserts more nicely with error logsStephen Cprek2017-12-051-1/+7
| | | | | | | | | | | | Change-Id: I2dfd02bd7c7f5b5356cd93ca967482c2d7f79ec1 RTC: 178520 RTC: 181899 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49966 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Process Components in Master Container LidStephen Cprek2017-11-011-1/+2
| | | | | | | | | | | | | | Change-Id: I31523494f462c88addb51973f605b2ed72674e97 RTC: 125304 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/46840 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Centaur ring support - ring_apply and ring dataSumit Kumar2017-11-011-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Introduces Centaur ring ID header files and ring_apply support to generate a separate Centaur ring image file. - Introduces common ring ID header file consumed by both P9 and Centaur and all user codes, e.g. putRing, ipl_build, xip_tool, etc. - Introduces a namespace approach for complete separation of P9 and Centaur ring data and to facilitate execution time selection of either P9 and Centaur ring data. - Added Centaur image .rings generation function to p9_ring_apply. - This commit does NOT support Centaur in the TOR API nor in xip_tool. See commit 38018 for that support. - Modified hw_image.mk file to support Centaur XIP image generation. - Updated ring_apply to also support .overrides ring gen for Centaur. Change-Id: I12a27b194dc14d906fea7bc273eb9f766f0fc5bf Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35639 Tested-by: HWSV CI <hwsv-ci+hostboot@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Sumit Kumar <sumit_kumar@in.ibm.com> Tested-by: PPE CI <ppe-ci+hostboot@us.ibm.com> Reviewed-by: Richard J. Knight <rjknight@us.ibm.com> Reviewed-by: Thi N. Tran <thi@us.ibm.com> Tested-by: Hostboot CI <hostboot-ci+hostboot@us.ibm.com> Reviewed-by: Jennifer A. Stofer <stofer@us.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/36011 Reviewed-by: Hostboot Team <hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Christian R. Geddes <crgeddes@us.ibm.com>
* Update TPM_REQUIRED "SENSOR_NAME" Attribute EnumMike Baiocchi2017-08-221-1/+3
| | | | | | | | | | | | | Change-Id: If38b03348f19d255f551b75876a12fb3f3062757 RTC:173353 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/44884 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* MFG support to validate TPM provisioningChris Engel2017-08-115-2/+237
| | | | | | | | | | | | | | Change-Id: I137b6f6c81cbcd3c2379e4ef34ddff021c3cd576 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/42835 Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Timothy R. Block <block@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Fix HDAT support for TPM log to support events after HDAT is populatedChris Engel2017-08-092-0/+42
| | | | | | | | | | | | | Change-Id: I55a85f48e9238846134cdc39bcb4e5e03466bce5 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43961 Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Timothy R. Block <block@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Fix duplicate sha512 definitionsJaymes Wilks2017-08-041-2/+2
| | | | | | | | | | | | | | | | | All instances for sha2_hash_t have been replaced with SHA512_t and the SHA512_t typedef is now in securerom/contrib/sha512.H in place of the old definition. Change-Id: I32524524d755eb3b0264881317d9be5a294dc9a7 RTC:172333 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43610 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Create more space in base image by switching trace to debug and smaller printkStephen Cprek2017-06-011-3/+3
| | | | | | | | | | | Change-Id: I5bdb3487d202f8713b543cbdda6d8103ad39807a Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/41186 Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* HW callout for TPM not present when requiredStephen Cprek2017-05-261-22/+30
| | | | | | | | | | | | | RTC:170678 Change-Id: Ic0338b49a9e05a8ccff5dc28b3ed3b00bd851d7c Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/40777 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Fix up Event Types for PCR ExtendJaymes Wilks2017-05-251-8/+12
| | | | | | | | | | | | | | | | | | | Trusted Boot will now use correct event types when performing PCR extend for PNOR sections that are meant to establish a core root of trust. Change-Id: I3cb62e2899083c898e1af6a2031cc8a0a365015e RTC:172332 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/40601 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* move all non-volatile/openpower attributes from _hb to _openpower filesPrachi Gupta2017-05-011-0/+2
| | | | | | | | | | | | | | | | | | | When pushing hb's attr/target type files to common-mrw-xml repo, we add tags to represent which attributes are for openpower (bmc based system) and which are for fsp based systems. All attributes in _hb files are considered common for both platforms and do not have any tag. All attributes in _openpower will get openpower tag and be only shown to a system engineer if they are building a bmc based system. Therefore, the source of the attribute file is important from now on. Change-Id: I213348f4c4f372b0610b07ad3453f08f75d02224 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38161 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Matthew A. Ploetz <maploetz@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Update 'is TPM Required' checking to include the use of a new sensorMike Baiocchi2017-04-282-39/+109
| | | | | | | | | | | | | | | | | | This commit adds the support to read the new "is TPM Required" sensor and updates the decision tree of whether or not the system requires a TPM to be present. Change-Id: I61871935d59272351ea1aa769641579efeee2f7e RTC:167580 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/39592 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
OpenPOWER on IntegriCloud