summaryrefslogtreecommitdiffstats
path: root/src/usr/secureboot
Commit message (Collapse)AuthorAgeFilesLines
* Read the HW Key Hash from a Processor's SBE SeepromMike Baiocchi2017-04-031-1/+1
| | | | | | | | | | | | | | | | This commit adds an interface to read the HW Key Hash located in the HBBL section of each Processor's two SBE Seeproms. Change-Id: I906434269746c296c646f7b0594575c58b145294 RTC: 167585 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38465 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Secureboot best effort compatibility supportStephen Cprek2017-03-303-1/+12
| | | | | | | | | | | | Change-Id: I1671459ca58684b14f65f322ff6dccddcaad40a2 RTC: 170685 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38104 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Trace HwKeyHash and Add Errorlog Parser Infrastructure to SecurebootMike Baiocchi2017-03-218-4/+529
| | | | | | | | | | | | | | | | | | This commit traces the HwKeyHash to Secureboot-specific error logs. It also adds the infrastucture necessary to parse secureboot-specific errorlog user data sections. It includes 2 new custom sections: one which is used in this commit, and another which will be used in a future commit. Change-Id: Id5fb115ad1214f956e5256d3641236021e4642ab RTC:165205 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/37901 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Enable HBB measurement based on secure mode enablementNick Bofferding2017-03-171-34/+23
| | | | | | | | | | | | Change-Id: Ia731f7ee2fff280d078da9878322f69beb3aa7cc RTC: 167581 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/36221 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Trace Processor Security Registers; add them to Secure Error LogsMike Baiocchi2017-03-154-8/+408
| | | | | | | | | | | | | | | | This commit adds a trace of the Security Switch and CBS Control/Status registers for all processors in the system. These registers are also captured for Security-specific error logs. Change-Id: I245815c720725a9aaf15a3cbad9a50b3288fc1f9 RTC:165205 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/37290 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Relocate ROM code after HBBL has been verifiedStephen Cprek2017-03-103-378/+237
| | | | | | | | | | | | Create Bootloader to hostboot data manager to control how the shared data is accessed and modified. Change-Id: I54cb543ed289810ab6afb07d333313f5662bce0e RTC: 166848 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35617 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Tested-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Rename SecureROM to SecureRomManagerStephen Cprek2017-03-085-79/+70
| | | | | | | | | | | Change-Id: I839daf3fc44e3459a9c6c147703fd671c5ec79a8 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/36971 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add TPM device driver support for DRTM PCR reset sequenceChris Engel2017-03-082-1/+41
| | | | | | | | | | | Change-Id: Ief02e10fc85d09b837e20dfb529186e2da4269fd Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35935 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Integrate p9_update_security_ctrl HWP into Istep 10.3Jaymes Wilks2017-03-032-3/+147
| | | | | | | | | | | | | | | | | | Add handling of TPM deconfig and SBE Secure Seeprom Lock by integrating the hardware procedure p9_update_security_ctrl into Istep 10.3 and retriggering the hardware procedure any time a TPM fails. Change-Id: I36f57dc7aef3de6661357736a525fe25a3828c6e RTC:153891 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/36189 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Support DRTM RIT protectionNick Bofferding2017-03-038-22/+1007
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Added mailbox scratch register 7 definition - Added DRTM functions - Added set/clear security switch register functions - Added additional security switch bit definitions - Added secureboot extended library to host DRTM functions - Inhibited TPM start command in DRTM flow - Added new config options for DRTM and DRTM RIT protection - Added new DRTM attribute to indicate if DRTM is active - Added new DRTM attribute to hold DRTM payload address - Added new DRTM attribute to initiate DRTM in lieu of loading payload - Updated target service init to determine DRTM settings - Updated host start payload step to initiate DRTM if conditions are met - Updated host MPIPL service to verify DRTM payload and clean up DRTM HW state - Updated host gard step to verify DRTM HW state - Rerouted PCR extensions to PCR 17 in DRTM boot - Use locality 2 for all PCR extensions in DRTM boot - Inhibit extension logging (for now) in DRTM boot - Only extend seperator to PCR 17 in DRTM boot Change-Id: Id52c36c3a64ca002571396d605caa308d9dc0199 RTC: 157140 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35633 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Timothy R. Block <block@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Invert polarity of secure jumper bitNick Bofferding2017-02-071-2/+6
| | | | | | | | | | | | Change-Id: I58b67d83225bd72a25b275cca61845719dfb1245 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35803 Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Fix to compile without secureboot config optionDean Sanner2017-02-071-0/+2
| | | | | | | | | | | Change-Id: I6fca0b735447087317228c567b7762b397db87e5 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35949 Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Support extending sections to PCRsNick Bofferding2017-02-029-90/+319
| | | | | | | | | | | | | | - Ported p8 secureboot PCR extension code Change-Id: I2bbf6ee6b2980c2fbe32dfb9cad25e9e2aba3285 RTC: 167581 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35632 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Verify HBB in HBBL using ROM codeStephen Cprek2017-02-012-51/+1
| | | | | | | | | | | | | | | | Puts ROM code into the HBBL image page aligned after the end of HBBL Change-Id: I1a07dd912c07557b2a43dfbadc5394a7d212c841 RTC: 143902 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/34293 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Generalize secure boot settings for all processorsJaymes Wilks2017-01-306-121/+155
| | | | | | | | | | | | | | | Adds the ability to specify which processor target user code is interested in when querying secure boot settings. Change-Id: I0375af03ce8f4e33029736ff2e2d60416629a295 RTC:161916 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/32556 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Use common ROM header files for rom, bootloader, and hostbootStephen Cprek2017-01-302-94/+5
| | | | | | | | | | | | Change-Id: I4d7db7293d44633cf1646f69ab98ddc8d66338ca RTC: 143902 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/34525 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add TPM4 locality supportChris Engel2017-01-276-34/+81
| | | | | | | | | | | | | Change-Id: I9f16fe77ee18f3d8839d0a06f9322ca1b1e47d93 RTC: 134415 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35271 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* port p8 secureboot settings code to p9Jaymes Wilks2017-01-056-35/+92
| | | | | | | | | | | | | | | | Update the p9 branch to handle the secure settings states as per p8 code but with the new updated p9 constant values. Remove caching of register values. Change-Id: I0a29ce0103a8f9b60b421a4bb625f12adcd916f8 RTC:161916 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/32490 Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Secure PNORRP port resync from p8Jaymes Wilks2016-12-121-9/+9
| | | | | | | | | | | | | | Brings SPNORRP p9 up to date with the latest changes from p8. Change-Id: I9e80199ffad1b3082339069264560029e83a3d78 RTC:163078 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/32260 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Matthew A. Ploetz <maploetz@us.ibm.com>
* Fix TPM log header SPEC errata and invalid digestChris Engel2016-12-052-1/+2
| | | | | | | | | | | | | | | Change-Id: I79a108fb547cb1eb3166ee14f675b8572d7e0cc8 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/33071 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/33181 Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com>
* Secure PNOR Resource Provider port from p8Jaymes Wilks2016-11-149-98/+406
| | | | | | | | | | | | | | Adds a Secure PNOR Resource Provider (SPNORRP) layer on top of the original PNORRP to handle verification of secured PNOR sections. Change-Id: Iff25abf599f3c850197c6e6d23ff03e5edf945bb RTC:163078 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/31588 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add a TPM separator during host start_payloadChris Engel2016-10-319-156/+319
| | | | | | | | | | Change-Id: I11736ebe4b44e54584febc05e1dea50dd5304fa4 RTC: 155301 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/30996 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Support for TPM Required IPMI sensorChris Engel2016-10-111-13/+53
| | | | | | | | | Change-Id: Ib34f9ff272840fcd04e407a07c2e6e8c2bb7f603 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/30953 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Updates to handling of missing TPMs in trustedboot modeChris Engel2016-08-233-49/+57
| | | | | | | | | | | | | | | Change-Id: I610b6c62a325b45e7989abf09f55173ca863a4a4 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/27953 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/28623 Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com>
* Trustedboot support for using TPM targetChris Engel2016-08-226-95/+163
| | | | | | | | | | Change-Id: I362085fd81663b9b8ec56ed9e0670cf71fc851e4 RTC: 153386 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/28482 Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* SecureBoot: Update sha1 bank of PCRs along with sha256Chris Engel2016-08-019-61/+182
| | | | | | | | | | | | | | | Change-Id: I526809abe8fa8d00929f79a4c3e1dcaf7386873a RTC: 154324 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/27032 Reviewed-by: Timothy R. Block <block@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/27634 Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com>
* Support for TPM Required attribute to allow system to IPL without a TPMChris Engel2016-07-273-48/+116
| | | | | | | | | | | Change-Id: I53e841036dfff75c6ed7d04ee55292b1285a6bee RTC: 125287 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/27454 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Trustedboot PCR Extend reworked to use task message queueChris Engel2016-07-1817-789/+1187
| | | | | | | | | | | | | | Removed TPM log manager and required functions from HBB and replaced with a simple message queue Change-Id: I5f5a418b6ea8c0228229e8c45523385b488e2b6b RTC: 155519 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/27133 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Fix P9 expansion into bottom 512K cacheDean Sanner2016-07-111-9/+5
| | | | | | | | | | Change-Id: Ie7d8ab2ae3730b57448a07f0367c8715d61b6124 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/26495 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Matthew A. Ploetz <maploetz@us.ibm.com>
* Register verify_container runtime interfaceNick Bofferding2016-07-078-1/+393
| | | | | | | | | | | | | | | - Added verify_container API to runtime interface for secureboot - Added testcase to test API registration - Created common secureboot tracing files Change-Id: If755644ff6507f14fd0463f4accf05301fc91832 RTC: 156119 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/26104 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Update purge of L3 cache during initial bootElizabeth Liner2016-06-103-174/+7
| | | | | | | | | | Change-Id: Ic6cfabbdfe8f10cf5fa1cd9a4a13093452b61978 RTC:118832 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/24021 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Trustedboot add TPM and associated i2c master to the devtreeChris Engel2016-06-085-2/+198
| | | | | | | | | | | Change-Id: Ic2edee549d23669f046a6e78f0cfae838faaec2d RTC: 125287 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/25470 Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Add P9 vpo build config, config compile and extra traces for debugPrachi Gupta2016-06-061-3/+3
| | | | | | | | | | | Change-Id: Id377c921327940cc7b720e601dada4af2068d94e Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/22177 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: Dean Sanner <dsanner@us.ibm.com> Reviewed-by: Prachi Gupta <pragupta@us.ibm.com> Reviewed-by: Christian R. Geddes <crgeddes@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
* Change securerom test to use current hw hash keyStephen Cprek2016-05-183-65/+41
| | | | | | | | | | | | | | | Change-Id: Icb596e6c69fadd2f7b8109876a92db04763f206f RTC: 68883 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/23066 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Christian R. Geddes <crgeddes@us.ibm.com> Reviewed-by: Matthew A. Ploetz <maploetz@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/23070
* TrustedBoot-Add log manager functions to allow passing in external log bufferChris Engel2016-05-175-24/+428
| | | | | | | | | | | | | | Change-Id: I33b8680fb89072311bb23730bfc1901e4ded9e21 RTC: 125289 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/22003 Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/24669 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com>
* Extend basic config entries to TPMChris Engel2016-05-135-10/+112
| | | | | | | | | | | | Change-Id: I17c215c3120782d022ade0ac8343934c64e2e13e Original-Change-Id: I92e2c7758ebac2912caa9f449c3531c584487bd5 FowardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/22002 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/24481 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Send hash of pnor sections to TPMChris Engel2016-05-1112-205/+822
| | | | | | | | | | | | | Replay log events to TPM after initialization Change-Id: Ibab5e28790324c28a7cd9fb2805041d7a896376a RTC:125290 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/23898 Tested-by: Jenkins Server Reviewed-by: Timothy R. Block <block@us.ibm.com> Tested-by: FSP CI Jenkins Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
* Trustedboot fixes for compile failures without tracesChris Engel2016-04-282-19/+0
| | | | | | | | | | | | | | | | | Change-Id: I20e54c4d9ab23d422ae2e24649c79f68099c1168 Original-Change-Id: I80f544432fed8c61eef826df13583914149a8e26 RTC: 125287 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/23782 Reviewed-by: Timothy R. Block <block@us.ibm.com> Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/23800 Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com>
* Trustedboot support for PCR ReadChris Engel2016-03-276-4/+577
| | | | | | | | | | | | | | | | cherry picked from commit 93cd77a2455e60f01b003f747368e69cfef1b844 RTC: 125287 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/701 Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Change-Id: I37103173d417ce1f378ee3ce76646f1028339ee0 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/22496 Tested-by: Jenkins Server Tested-by: FSP CI Jenkins Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com>
* Trustedboot add support for PCR ExtendChris Engel2016-03-258-21/+536
| | | | | | | | | | | | | | Change-Id: I05614ef6c3e5d68e0b512ec6b69a0b6054a9d7b4 RTC: 125288 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/790 Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/22366 Tested-by: Jenkins Server Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Tested-by: FSP CI Jenkins
* Trustedboot TPM Event log managerChris Engel2016-03-1515-83/+1192
| | | | | | | | | | | | | | | Change-Id: I4a8c2010421a63e44112666bdd424e2e5d010e7f RTC: 125289 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/960 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/22009
* Trustedboot : Refactor to allow for skiboot import of TSSLiteChris Engel2016-03-0811-442/+692
| | | | | | | | | | | | | | | | Change-Id: I1e90a71f1027e0a801b96cbad6d59e432357f281 RTC: 125289 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/21318 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com> Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/21809
* Base kernel changes for Nimbus/CumulusCorey Swenson2015-12-112-4/+9
| | | | | | | | | Change-Id: Ic5dfde1e975453d760631335bab674919e1109e7 RTC: 126637 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/18321 Tested-by: Jenkins Server Reviewed-by: Christian Geddes <crgeddes@us.ibm.com> Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Trustedboot: Additional commands in trusted boot init sequenceChris Engel2015-12-119-142/+1912
| | | | | | | | | | | | | | - getCap FW Version - TPM Command marshal/unmarshal code Change-Id: Ia9a90b1160c9c3b5d818318771bff21eb013bdf4 RTC: 125287 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/20056 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Reviewed-by: STEPHEN M. CPREK <smcprek@us.ibm.com> Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Trustedboot: Remove TPM 1.2 supportChris Engel2015-11-192-100/+7
| | | | | | | | | | | | Change-Id: I2a8635f901e1473ffb81e92861a4b25a5d479095 RTC:125288 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/22088 Tested-by: Jenkins Server Reviewed-by: Timothy R. Block <block@us.ibm.com> Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Trustedboot: Move data to Hostboot base and add pcrExtend stub functionChris Engel2015-11-184-29/+137
| | | | | | | | | | | | Change-Id: Id488af88c7f1796606434a062a9001f31f413ac0 RTC: 125288 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/21475 Tested-by: Jenkins Server Reviewed-by: Timothy R. Block <block@us.ibm.com> Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Fix copyright prologs for trustedboot codeStephen Cprek2015-11-062-2/+2
| | | | | | | | | | | | | Change-Id: Ib6082544ace176db00473a15f27eeb7f454b1555 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/21870 Tested-by: Jenkins Server Reviewed-by: MATTHEW A. PLOETZ <maploetz@us.ibm.com> Reviewed-by: WILLIAM G. HOFFA <wghoffa@us.ibm.com> Tested-by: Jenkins OP Build CI Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com> Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: STEPHEN M. CPREK <smcprek@us.ibm.com>
* Trusted boot support for performing TPM_STARTUP during istepsChris Engel2015-11-054-2/+372
| | | | | | | | | | | | | | | | | Support added for TPM DD2.0 Added call to host_update_master_tpm during host_discover_targets istep host_update_master_tpm istep performs TPM_STARTUP on TPM Change-Id: Ie9c232ed6ecf72da58c40df726fe1deaec5af053 RTC: 125287 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/18075 Tested-by: Jenkins Server Reviewed-by: STEPHEN M. CPREK <smcprek@us.ibm.com> Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Timothy R. Block <block@us.ibm.com> Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* Nuvoton TPM 1.2 Device DriverChris Engel2015-08-313-1/+138
| | | | | | | | | | | | | | This adds support for the Nuvoton TPM 1.2 in simics Change-Id: I24973cb9824e31967aae3fb97e86a631e514b2ff RTC: 125287 Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/16535 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Michael Baiocchi <baiocchi@us.ibm.com> Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
* P8+ VPO - HB supports to istep 7 for NVLINK testThi Tran2015-01-161-5/+12
| | | | | | | | | | Change-Id: I79ec79e1601ae51bf759b80a07c5b4cf2d97fc5c RTC: 95236 Depends-On: I19823ac32a963d7072d21140b828c30ab326a19f Reviewed-on: http://gfw160.aus.stglabs.ibm.com:8080/gerrit/14468 Tested-by: Jenkins Server Reviewed-by: Thi N. Tran <thi@us.ibm.com> Reviewed-by: A. Patrick Williams III <iawillia@us.ibm.com>
OpenPOWER on IntegriCloud