From da8911ce095aa7d18231c9d344dc978dae7cf984 Mon Sep 17 00:00:00 2001 From: Ilya Smirnov Date: Mon, 19 Mar 2018 17:12:32 -0500 Subject: Secure Boot: Support Phyp debug flag in HDAT PHYP needs a way to know if SBE security backdoor is enabled for debug purposes. This change creates a flag in TPM instance data structure to indicate whether the backdoor is enabled. This flag is passed by SBE to the hb bootloader; also added the flag to indicate whether PCR is poisoned (default of 0). The population of this flag will be implemented on Fleetwood. Change-Id: I22305dbc9651134ba7dfe3b0bd3c760fe53c2c85 RTC: 188961 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/56045 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Nicholas E. Bofferding Reviewed-by: Michael Baiocchi CI-Ready: Daniel M. Crowell Reviewed-by: Daniel M. Crowell --- src/usr/secureboot/base/service.C | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'src/usr/secureboot/base') diff --git a/src/usr/secureboot/base/service.C b/src/usr/secureboot/base/service.C index 1f5b5d83d..e5af124ab 100644 --- a/src/usr/secureboot/base/service.C +++ b/src/usr/secureboot/base/service.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2013,2017 */ +/* Contributors Listed Below - COPYRIGHT 2013,2018 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -637,6 +637,23 @@ bool allowAttrOverrides() }; #endif +bool getSbeSecurityBackdoor() +{ + bool l_backdoorEnabled = false; + + if(g_BlToHbDataManager.getSecBackdoor()) + { + l_backdoorEnabled = true; + SB_INF("getSbeSecurityBackdoor: SBE Security Backdoor is enabled."); + } + else + { + l_backdoorEnabled = false; + SB_INF("getSbeSecurityBackdoor: SBE Security Backdoor is disabled."); + } + return l_backdoorEnabled; +} + uint8_t getSbeSecurityMode() { return g_sbeSecurityMode; -- cgit v1.2.3