From d55d64a79ca44280e0e6415893bab44fcaafa34f Mon Sep 17 00:00:00 2001 From: Ilya Smirnov Date: Tue, 8 May 2018 16:01:25 -0500 Subject: Marked Failed TPMs Unusable For Alignment Check Set the TPM_UNUSABLE attribute for TPMs that failed. This attribute will be used by FSP during alignment check, so it is important to reflect the current TPM availability situation. Note that backup TPM is marked as unusable in istep 6.8, and then re-checked in istep 10.14. Change-Id: I32347c542cb4cd09c04bea7f8a9275881d204dfb RTC: 191163 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/58529 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: FSP CI Jenkins Tested-by: Jenkins OP HW Reviewed-by: Nicholas E. Bofferding Reviewed-by: Michael Baiocchi Reviewed-by: Daniel M. Crowell --- src/usr/secureboot/trusted/trustedboot.C | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) (limited to 'src/usr/secureboot') diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C index de4222e41..f4262bcf1 100644 --- a/src/usr/secureboot/trusted/trustedboot.C +++ b/src/usr/secureboot/trusted/trustedboot.C @@ -193,8 +193,8 @@ bool functionalPrimaryTpmExists() [&presentAndFunctional, &initialized, &isPrimaryTpm]( const TARGETING::Target* const i_pTpm) { - return (isPrimaryTpm(i_pTpm) && (presentAndFunctional(i_pTpm) - || !initialized(i_pTpm))); + return (isPrimaryTpm(i_pTpm) && + (presentAndFunctional(i_pTpm) || !initialized(i_pTpm))); }); exists = (itr!=tpmList.end()) ? true : false; @@ -324,6 +324,7 @@ void* host_update_master_tpm( void *io_pArgs ) !primaryHwasState.present) { primaryTpmAvail = false; + pPrimaryTpm->setAttr(true); } } @@ -414,13 +415,15 @@ void* host_update_master_tpm( void *io_pArgs ) { TRACUCOMP( g_trac_trustedboot, "host_update_master_tpm() - " - "Primary TPM Present:%d Functional:%d Init Attempted:%d", + "Primary TPM Present:%d Functional:%d Init Attempted:%d" + " Usable:%d", pPrimaryTpm->getAttr(). present, pPrimaryTpm->getAttr(). functional, pPrimaryTpm->getAttr< - TARGETING::ATTR_HB_TPM_INIT_ATTEMPTED>()); + TARGETING::ATTR_HB_TPM_INIT_ATTEMPTED>(), + !(pPrimaryTpm->getAttr())); } TARGETING::Target* pBackupTpm = nullptr; @@ -429,14 +432,16 @@ void* host_update_master_tpm( void *io_pArgs ) { TRACUCOMP( g_trac_trustedboot, "host_update_master_tpm() - " - "Backup TPM Present:%d Functional:%d Init Attempted:%d. " + "Backup TPM Present:%d Functional:%d Init Attempted:%d " + "Usable: %d. " "Backup TPM initialization is deferred to istep 10.14.", pBackupTpm->getAttr(). present, pBackupTpm->getAttr(). functional, pBackupTpm->getAttr< - TARGETING::ATTR_HB_TPM_INIT_ATTEMPTED>()); + TARGETING::ATTR_HB_TPM_INIT_ATTEMPTED>(), + !(pPrimaryTpm->getAttr())); } TRACDCOMP( g_trac_trustedboot, @@ -998,6 +1003,9 @@ void tpmMarkFailed(TpmTarget* const i_pTpm, i_pTpm->setAttr< TARGETING::ATTR_HWAS_STATE>(hwasState); + // Mark the TPM as unusable so that FSP can perform alignment check + i_pTpm->setAttr(true); + #ifdef CONFIG_SECUREBOOT TARGETING::Target* l_tpm = i_pTpm; @@ -1374,6 +1382,10 @@ void doInitBackupTpm() if(l_backupTpm) { l_backupTpm->setAttr(true); + auto l_backupHwasState = l_backupTpm->getAttr< + TARGETING::ATTR_HWAS_STATE>(); + l_backupTpm->setAttr( + !(l_backupHwasState.present && l_backupHwasState.functional)); } } -- cgit v1.2.3