From 06d0a08aa27fa9e28cc300fbd2814fd9b84d59cf Mon Sep 17 00:00:00 2001
From: Corey Swenson <cswenson@us.ibm.com>
Date: Wed, 17 Apr 2019 15:57:46 -0500
Subject: Add NVDIMM key attributes and generate keys

3 keys, 32 bytes each, random numbers generated by TPM hardware.
2 attributes for keys, 1 stored in FW 1 stored in anchor card.
1 attribute for enable/disable encryption.

Change-Id: Ie3c258f06204e68c2d65b8d5fea294da5264d597
RTC:208342
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/76126
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Matt Derksen <mderkse1@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
---
 .../targeting/common/xmltohb/attribute_types.xml   | 66 ++++++++++++++++++++++
 1 file changed, 66 insertions(+)

(limited to 'src/usr/targeting/common/xmltohb/attribute_types.xml')

diff --git a/src/usr/targeting/common/xmltohb/attribute_types.xml b/src/usr/targeting/common/xmltohb/attribute_types.xml
index 2378f270e..0101d2f16 100644
--- a/src/usr/targeting/common/xmltohb/attribute_types.xml
+++ b/src/usr/targeting/common/xmltohb/attribute_types.xml
@@ -5110,6 +5110,72 @@
     <id>NVDIMM_ARMED</id>
   </attribute>
 
+  <attribute>
+    <id>NVDIMM_ENCRYPTION_ENABLE</id>
+    <description>
+        0 - Encryption is not enabled on all NVDIMMS in the system
+        1 - Encryption is enabled on all NVDIMMS in the system
+    </description>
+    <simpleType>
+      <uint8_t>
+        <default>1</default>
+      </uint8_t>
+    </simpleType>
+    <persistency>non-volatile</persistency>
+    <readable/>
+    <writeable/>
+  </attribute>
+
+  <attribute>
+    <id>NVDIMM_ENCRYPTION_KEYS_ANCHOR</id>
+    <description>
+        NVDIMM Encryption keys
+          Bytes  0..31  Random String (RS)
+          Bytes 32..63  Erase Key     (EK)
+          Bytes 64..95  Access Key    (AK)
+        Set by HWSV, stored in anchor card
+        Should match NVDIMM_ENCRYPTION_KEYS_FW
+    </description>
+    <simpleType>
+      <array>96</array>
+      <uint8_t>
+        <default>
+          0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+          0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+          0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+        </default>
+      </uint8_t>
+    </simpleType>
+    <persistency>non-volatile</persistency>
+    <readable/>
+    <writeable/>
+  </attribute>
+
+  <attribute>
+    <id>NVDIMM_ENCRYPTION_KEYS_FW</id>
+    <description>
+        NVDIMM Encryption keys
+          Bytes  0..31  Random String (RS)
+          Bytes 32..63  Erase Key     (EK)
+          Bytes 64..95  Access Key    (AK)
+        Set by Hostboot, stored in FSP flash
+        Should match NVDIMM_ENCRYPTION_KEYS_ANCHOR
+    </description>
+    <simpleType>
+      <array>96</array>
+      <uint8_t>
+        <default>
+          0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+          0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+          0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+        </default>
+      </uint8_t>
+    </simpleType>
+    <persistency>non-volatile</persistency>
+    <readable/>
+    <writeable/>
+  </attribute>
+
   <attribute>
     <id>NV_OPS_TIMEOUT_MSEC</id>
     <description>
-- 
cgit v1.2.1