From 35964668f9dc302401ff03c691e579a4c48eecea Mon Sep 17 00:00:00 2001 From: Mike Baiocchi Date: Thu, 12 Sep 2019 09:00:52 -0500 Subject: Add Physical Presence Check and Window Open Features This commit does the following: - Adds an interface to detect if physical presence has been asserted -- This happens in istep 6 -- If the window is open to detect this, it is then closed here - Adds an interface to possibly open the window to look for physical presence -- This happens in istep 10 -- It first checks to see if the window should be opened -- If the window is opened then the system shuts down to wait for physical presence to be asserted on the next power on - Adds the necessary attributes to support and test this functionality RTC:211220 Change-Id: I05a26ebad581875a4b9f2a51eb1ca3062f36c5fb Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/84656 Reviewed-by: Ilya Smirnov Reviewed-by: Christopher J Engel Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Nicholas E Bofferding --- src/include/usr/secureboot/phys_presence_if.H | 68 +++++++++++++++++++++++++ src/include/usr/secureboot/secure_reasoncodes.H | 19 ++++++- 2 files changed, 85 insertions(+), 2 deletions(-) create mode 100644 src/include/usr/secureboot/phys_presence_if.H (limited to 'src/include') diff --git a/src/include/usr/secureboot/phys_presence_if.H b/src/include/usr/secureboot/phys_presence_if.H new file mode 100644 index 000000000..a723e8726 --- /dev/null +++ b/src/include/usr/secureboot/phys_presence_if.H @@ -0,0 +1,68 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/include/usr/secureboot/phys_presence_if.H $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2019 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ +/** + * @file phys_presence_if.H + * + * @brief Interfaces to Detect and Open Physical Presence Windows + * + */ +#ifndef __PHYS_PRESENCE_H +#define __PHYS_PRESENCE_H +// ----------------------------------------------- +// Includes +// ----------------------------------------------- + +#include +#include +#include + +namespace SECUREBOOT +{ + /** + * @brief Checks if the Physical Presence Window was opened and if + * Physical Presence was asserted. + * + * @post Will ensure the window is closed at the end of the function + * + * @return errlHndl_t nullptr on success; non-nullptr on error. + */ + errlHndl_t detectPhysPresence(void); + + /** + * @brief Handle Physical Presence Window first checks to see if a physical + * presence window should be opened. Then, if necessary, it sets up + * the physical presence detect circuit and then shuts down the + * system. + * + * @post If successful, this function will shutdown the system + * + * @return errlHndl_t nullptr on success; non-nullptr on error. + */ + errlHndl_t handlePhysPresenceWindow(void); + +} // namespace SECUREBOOT + + +#endif // __PHYS_PRESENCE_H diff --git a/src/include/usr/secureboot/secure_reasoncodes.H b/src/include/usr/secureboot/secure_reasoncodes.H index d121fc7b9..9e0e52c6e 100644 --- a/src/include/usr/secureboot/secure_reasoncodes.H +++ b/src/include/usr/secureboot/secure_reasoncodes.H @@ -53,7 +53,7 @@ namespace SECUREBOOT MOD_CHECK_RISK_LEVEL_FOR_SMF = 0x13, MOD_SMF_SPLIT_SMF_MEM = 0x14, - // Use 0x20-0x2F range for Node Communications + // Use 0x20-0x3F range for Node Communications MOD_NCDD_CHECK_FOR_ERRORS = 0x20, MOD_NCDD_WAIT_FOR_CMD_COMP = 0x21, MOD_NC_XBUS_TEST = 0x22, @@ -70,7 +70,12 @@ namespace SECUREBOOT MOD_NC_PROCESS_SLAVE_QUOTE = 0x2D, MOD_NCT_SEND = 0x2E, MOD_NCT_RECEIVE = 0x2F, - }; + + // Use 0x40-0x4F range for Physical Presence Detection + MOD_PHYS_PRES_DETECT = 0x40, + MOD_PHYS_PRES_OPEN_WINDOW = 0x41, + + }; enum SECUREReasonCode { @@ -123,6 +128,16 @@ namespace SECUREBOOT RC_NCT_INITIATION_MISMATCH = SECURE_COMP_ID | 0x33, RC_NCEX_NO_FUNCTIONAL_PRIMARY_TPM = SECURE_COMP_ID | 0x34, + // Use 0x20-0x3F range for Node Communications + + // RC_PHYS_PRES_WINDOW_OPENED_SHUTDOWN Must have one unique use + // for Shutdown path since FSP relies on it. + // termination_rc + RC_PHYS_PRES_WINDOW_OPENED_SHUTDOWN = SECURE_COMP_ID | 0x40, + RC_PHYS_PRES_ATTR_NOT_FOUND = SECURE_COMP_ID | 0x41, + RC_PHYS_PRES_WINDOW_NOT_CLOSED = SECURE_COMP_ID | 0x42, + RC_PHYS_PRES_WINDOW_NOT_OPENED = SECURE_COMP_ID | 0x43, + // Reason codes 0xA0 - 0xEF reserved for trustedboot_reasoncodes.H }; -- cgit v1.2.1