From 6c5ba7c0b4d3d1694a2cdf2d6c5365027534ef5a Mon Sep 17 00:00:00 2001
From: Chris Engel <cjengel@us.ibm.com>
Date: Fri, 28 Aug 2015 10:46:52 -0500
Subject: Trustedboot add support for PCR Extend

Change-Id: I05614ef6c3e5d68e0b512ec6b69a0b6054a9d7b4
RTC: 125288
ForwardPort: yes
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/790
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Timothy R. Block <block@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/22366
Tested-by: Jenkins Server
Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com>
Tested-by: FSP CI Jenkins
---
 src/usr/secureboot/trusted/trustedboot.C | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'src/usr/secureboot/trusted/trustedboot.C')

diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C
index ad596648c..d51c9e031 100644
--- a/src/usr/secureboot/trusted/trustedboot.C
+++ b/src/usr/secureboot/trusted/trustedboot.C
@@ -112,6 +112,9 @@ void* host_update_master_tpm( void *io_pArgs )
             }
         }
 
+        // Now we need to replay any existing entries in the log into the TPM
+        tpmReplayLog(systemTpms.tpm[TPM_MASTER_INDEX]);
+
         if (systemTpms.tpm[TPM_MASTER_INDEX].failed ||
             !systemTpms.tpm[TPM_MASTER_INDEX].available)
         {
@@ -150,6 +153,15 @@ void* host_update_master_tpm( void *io_pArgs )
         err = TPMDD::tpmReadAttributes(nodeTarget, tpmInfo);
         if (NULL != err)
         {
+            // We don't want to log this error we will just assume
+            //   the backup doesn't exist
+            delete err;
+            err = NULL;
+            TRACUCOMP( g_trac_trustedboot,
+                       "host_update_master_tpm() tgt=0x%X "
+                       "Marking backup TPM unavailable due to attribute fail",
+                       TARGETING::get_huid(nodeTarget));
+            systemTpms.tpm[TPM_BACKUP_INDEX].available = false;
             break;
         }
         else if (!tpmInfo.tpmEnabled)
@@ -228,7 +240,15 @@ void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target,
 
     TRACDCOMP( g_trac_trustedboot,
                EXIT_MRK"tpmInitialize()");
+}
 
+void tpmReplayLog(TRUSTEDBOOT::TpmTarget & io_target)
+{
+    ///@todo RTC:125288 Implement replay
+    // Function will walk existing entries in the TPM log and call
+    //   tpmCmdPcrExtend as required
+    // This function must commit any errors and call tpmMarkFailed if errors
+    //   are found
 }
 
 
-- 
cgit v1.2.1