From ca03643dd8935f9c839cf8dfd4971c519476f4a1 Mon Sep 17 00:00:00 2001 From: Nick Bofferding Date: Thu, 28 Mar 2019 09:15:07 -0500 Subject: Initialize backup TPM in MPIPL Update the boot flow to call the istep to initialize the backup TPM during an MPIPL and carry over the backup present/functional state as they were from runtime, prior to the MPIPL. Change-Id: Ic402e37cf2f465686770ff22d4f2296332b0f3f7 CQ: SW456951 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/75163 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: FSP CI Jenkins Tested-by: Jenkins OP HW Reviewed-by: Ilya Smirnov Reviewed-by: Michael Baiocchi Reviewed-by: Matthew Raybuck Reviewed-by: William G. Hoffa --- src/usr/secureboot/trusted/base/trustedboot_base.C | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'src/usr/secureboot/trusted/base') diff --git a/src/usr/secureboot/trusted/base/trustedboot_base.C b/src/usr/secureboot/trusted/base/trustedboot_base.C index 9e78e08f5..7cb73b8bf 100644 --- a/src/usr/secureboot/trusted/base/trustedboot_base.C +++ b/src/usr/secureboot/trusted/base/trustedboot_base.C @@ -88,6 +88,24 @@ void getTPMs( TARGETING::TYPE_TPM, (i_filter == TPM_FILTER::ALL_IN_BLUEPRINT) ? false : true); + if(i_filter == TPM_FILTER::ALL_FUNCTIONAL) + { + // From functional TPMs, remove any TPMs that are not actually + // initialized. This prevents Hostboot from using the backup TPM + // in an MPIPL when it's considered "functional" but hasn't been + // initialized yet. + o_tpmList.erase( + std::remove_if( + o_tpmList.begin(), + o_tpmList.end(), + [](TARGETING::Target* i_pTpm) + { + return !i_pTpm->getAttr< + TARGETING::ATTR_HB_TPM_INIT_ATTEMPTED>(); + }), + o_tpmList.end()); + } + TRACUCOMP(g_trac_trustedboot,EXIT_MRK "getTPMs(): Found %d TPMs", o_tpmList.size()); } -- cgit v1.2.3