From f2a33cb5c91b97e209f9c15078d4e6568df7f3d2 Mon Sep 17 00:00:00 2001
From: Stephen Cprek <smcprek@us.ibm.com>
Date: Fri, 19 May 2017 16:05:21 -0500
Subject: HW callout for TPM not present when required

RTC:170678
Change-Id: Ic0338b49a9e05a8ccff5dc28b3ed3b00bd851d7c
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/40777
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
---
 src/usr/secureboot/trusted/trustedboot.C | 52 ++++++++++++++++++--------------
 1 file changed, 30 insertions(+), 22 deletions(-)

(limited to 'src/usr/secureboot')

diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C
index 83db64a86..20a099adb 100644
--- a/src/usr/secureboot/trusted/trustedboot.C
+++ b/src/usr/secureboot/trusted/trustedboot.C
@@ -1112,30 +1112,38 @@ void tpmVerifyFunctionalTpmExists()
         }
         else if (l_state == SECUREBOOT::SecureJumperState::SECURITY_ASSERTED)
         {
-            /*@
-             * @errortype
-             * @reasoncode     RC_TPM_NOFUNCTIONALTPM_FAIL
-             * @severity       ERRL_SEV_UNRECOVERABLE
-             * @moduleid       MOD_TPM_VERIFYFUNCTIONAL
-             * @userdata1      0
-             * @userdata2      0
-             * @devdesc        No functional TPMs exist in the system
-             */
-            err = new ERRORLOG::ErrlEntry( ERRORLOG::ERRL_SEV_UNRECOVERABLE,
-                                           MOD_TPM_VERIFYFUNCTIONAL,
-                                           RC_TPM_NOFUNCTIONALTPM_FAIL,
-                                           0, 0,
-                                           true /*Add HB SW Callout*/ );
-
-            err->collectTrace( SECURE_COMP_NAME );
-            uint32_t errPlid = err->plid();
-
-            // Log this failure here
-            errlCommit(err, SECURE_COMP_ID);
-
             if (isTpmRequired())
-
             {
+                /*@
+                 * @errortype
+                 * @reasoncode     RC_TPM_NOFUNCTIONALTPM_FAIL
+                 * @severity       ERRL_SEV_UNRECOVERABLE
+                 * @moduleid       MOD_TPM_VERIFYFUNCTIONAL
+                 * @userdata1      0
+                 * @userdata2      0
+                 * @devdesc        No functional TPMs exist in the system
+                 */
+                err = new ERRORLOG::ErrlEntry(ERRORLOG::ERRL_SEV_UNRECOVERABLE,
+                                              MOD_TPM_VERIFYFUNCTIONAL,
+                                              RC_TPM_NOFUNCTIONALTPM_FAIL);
+
+                // Add low priority HB SW callout
+                err->addProcedureCallout(HWAS::EPUB_PRC_HB_CODE,
+                                         HWAS::SRCI_PRIORITY_LOW);
+                err->collectTrace( SECURE_COMP_NAME );
+                uint32_t errPlid = err->plid();
+
+                // HW callout TPMs
+                TARGETING::TargetHandleList l_tpmList;
+                TRUSTEDBOOT::getTPMs(l_tpmList, TPM_FILTER::ALL_IN_BLUEPRINT);
+                for(const auto &tpm : l_tpmList)
+                {
+                    err->addHwCallout(tpm,
+                                      HWAS::SRCI_PRIORITY_HIGH,
+                                      HWAS::NO_DECONFIG,
+                                      HWAS::GARD_NULL);
+                }
+                errlCommit(err, SECURE_COMP_ID);
                 // terminating the IPL with this fail
                 // Terminate IPL immediately
                 INITSERVICE::doShutdown(errPlid);
-- 
cgit v1.2.3