Skip to content

Commit

Permalink
Add FFDC to 'No Functional TPM' Fails
Browse files Browse the repository at this point in the history 
When no functional TPMs are detected, but TPMs are required, this
commit will capture the Security Registers of each processor in the
system and add them to the error log. It also updates how the
tpmMarkFailed() function links and commits various error logs.

Change-Id: I2e95bbfcb6ab3f3dff26149f234c219d4280e1fb
CQ:SW417814
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/54808
CI-Ready: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
  • Loading branch information
@mabaiocchi @dcrowell77
mabaiocchi authored and dcrowell77 committed Mar 19, 2018
1 parent 54d16a1 commit 234ef44
Show file tree
Hide file tree
Showing 4 changed files with 97 additions and 32 deletions.
4 changes: 3 additions & 1 deletion src/usr/hwas/hwasPlatDeconfigGard.C
View file
Original file line number Diff line number Diff line change
Expand Up @@ -567,7 +567,9 @@ void DeconfigGard::platPostDeconfigureTarget(
{
HWAS_INF("platPostDeconfigureTarget: Deconfiguring TPM 0x%08X",
get_huid(i_pTarget));
(void)TRUSTEDBOOT::tpmMarkFailed(i_pTarget);
errlHndl_t pError = nullptr; // No error log with FFDC
(void)TRUSTEDBOOT::tpmMarkFailed(i_pTarget,
pError);
}
#endif // CONFIG_TPMDD
#endif // #ifndef __HOSTBOOT_RUNTIME
Expand Down
8 changes: 7 additions & 1 deletion src/usr/i2c/tpmdd.C
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@
#include <i2c/i2creasoncodes.H>
#include <i2c/tpmddreasoncodes.H>
#include <i2c/i2cif.H>
#include <secureboot/service.H>
#include "tpmdd.H"
#include "errlud_i2c.H"

Expand Down Expand Up @@ -297,12 +298,17 @@ errlHndl_t tpmPerformOp( DeviceFW::OperationType i_opType,

} while( 0 );

if ( err != nullptr )
{
// Add Security Registers to the error log
SECUREBOOT::addSecurityRegistersToErrlog(err);
}

if( unlock )
{
mutex_unlock( & g_tpmMutex );
}


TRACDCOMP( g_trac_tpmdd,
EXIT_MRK"tpmPerformOp() - %s",
((NULL == err) ? "No Error" : "With Error") );
Expand Down
103 changes: 76 additions & 27 deletions src/usr/secureboot/trusted/trustedboot.C
View file
Original file line number Diff line number Diff line change
Expand Up @@ -362,7 +362,7 @@ void* host_update_master_tpm( void *io_pArgs )
getBackupTpm(pBackupTpm);
if(pBackupTpm == nullptr)
{
TRACUCOMP( g_trac_trustedboot,
TRACFCOMP( g_trac_trustedboot,
"host_update_master_tpm() "
"Backup TPM unavailable "
"since it's not in the system blueprint.");
Expand Down Expand Up @@ -558,12 +558,11 @@ void tpmInitialize(TRUSTEDBOOT::TpmTarget* const i_pTpm)
} while ( 0 );


// If the TPM failed we will mark it not functional
// If the TPM failed we will mark it not functional and commit err
if (nullptr != err)
{
tpmMarkFailed(i_pTpm);
// Log this failure
errlCommit(err, TRBOOT_COMP_ID);
// err will be committed and set to nullptr
tpmMarkFailed(i_pTpm, err);
}

TRACDCOMP( g_trac_trustedboot,
Expand Down Expand Up @@ -644,13 +643,12 @@ void tpmReplayLog(TRUSTEDBOOT::TpmTarget* const i_pTpm)
}
}
}

// If the TPM failed we will mark it not functional and commit errl
if (err)
{
tpmMarkFailed(i_pTpm);
errlCommit(err, TRBOOT_COMP_ID);
delete err;
err = nullptr;
// err will be committed and set to nullptr
tpmMarkFailed(i_pTpm, err);
}
}

Expand Down Expand Up @@ -855,10 +853,8 @@ void pcrExtendSingleTpm(TpmTarget* const i_pTpm,
if (nullptr != err)
{
// We failed to extend to this TPM we can no longer use it
tpmMarkFailed(i_pTpm);

// Log this failure
errlCommit(err, TRBOOT_COMP_ID);
// Mark TPM as not functional, commit err and set it to nullptr
tpmMarkFailed(i_pTpm, err);
}

if (unlock)
Expand Down Expand Up @@ -977,7 +973,8 @@ void pcrExtendSeparator(TpmTarget* const i_pTpm)
if (nullptr != err)
{
// We failed to extend to this TPM we can no longer use it
tpmMarkFailed(i_pTpm);
// Mark TPM as not functional, commit err and set it to nullptr
tpmMarkFailed(i_pTpm, err);

// Log this failure
errlCommit(err, TRBOOT_COMP_ID);
Expand All @@ -990,7 +987,8 @@ void pcrExtendSeparator(TpmTarget* const i_pTpm)
return;
}

void tpmMarkFailed(TpmTarget* const i_pTpm)
void tpmMarkFailed(TpmTarget* const i_pTpm,
errlHndl_t& io_err)
{
assert(i_pTpm != nullptr,"tpmMarkFailed: BUG! i_pTpm was nullptr");
assert(i_pTpm->getAttr<TARGETING::ATTR_TYPE>() == TARGETING::TYPE_TPM,
Expand All @@ -999,8 +997,9 @@ void tpmMarkFailed(TpmTarget* const i_pTpm)

TRACFCOMP( g_trac_trustedboot,
ENTER_MRK"tpmMarkFailed() Marking TPM as failed : "
"tgt=0x%08X",
TARGETING::get_huid(i_pTpm));
"tgt=0x%08X; io_err rc=0x%04X, plid=0x%08X",
TARGETING::get_huid(i_pTpm), ERRL_GETRC_SAFE(io_err),
ERRL_GETPLID_SAFE(io_err));

auto hwasState = i_pTpm->getAttr<
TARGETING::ATTR_HWAS_STATE>();
Expand Down Expand Up @@ -1086,18 +1085,44 @@ void tpmMarkFailed(TpmTarget* const i_pTpm)

} while(0);

// If we got a local error log, link it to input error log and then
// commit it
if (l_err)
{
TRACFCOMP(g_trac_trustedboot,
ERR_MRK "Processor tgt=0x%08X TPM tgt=0x%08X. Deconfiguring "
"processor because future security cannot be guaranteed.",
TARGETING::get_huid(l_proc),
TARGETING::get_huid(l_tpm));

// save the plid from the error before commiting
// commit this error log first before creating the new one
auto plid = l_err->plid();

// If we have an input error log then link these all together
if (io_err)
{
TRACFCOMP(g_trac_trustedboot,
ERR_MRK "tpmMarkFailed(): Processor tgt=0x%08X TPM tgt=0x%08X. "
"Deconfiguring proc because future security cannot be "
"guaranteed. Linking new l_err rc=0x%04X eid=0x%08X to "
"io_err rc=0x%04X, plid=0x%08X",
TARGETING::get_huid(l_proc),
TARGETING::get_huid(l_tpm),
l_err->reasonCode(), l_err->eid(),
io_err->reasonCode(), io_err->plid());

// Use io_err's plid to link all errors together
plid = io_err->plid();
l_err->plid(plid);
}
else
{
TRACFCOMP(g_trac_trustedboot,
ERR_MRK "tpmMarkFailed(): Processor tgt=0x%08X TPM tgt=0x%08X: "
"Deconfiguring proc because future security cannot be "
"guaranteed due to new l_err rc=0x%04X plid=0x%08X",
TARGETING::get_huid(l_proc),
TARGETING::get_huid(l_tpm),
l_err->reasonCode(), l_err->plid());
}

ERRORLOG::ErrlUserDetailsTarget(l_proc).addToLog(l_err);
l_err->collectTrace(SECURE_COMP_NAME);
l_err->collectTrace(TRBOOT_COMP_NAME);

// commit this error log first before creating the new one
errlCommit(l_err, TRBOOT_COMP_ID);
Expand All @@ -1120,6 +1145,16 @@ void tpmMarkFailed(TpmTarget* const i_pTpm)
TARGETING::get_huid(l_proc),
TARGETING::get_huid(l_tpm));

// Pass on the plid to connect all previous error(s)
l_err->plid(plid);

TRACFCOMP(g_trac_trustedboot,
ERR_MRK "tpmMarkFailed(): Processor tgt=0x%08X TPM tgt=0x%08X. "
"Deconfiguring proc errorlog is rc=0x%04X plid=0x%08X, eid=0x%08X",
TARGETING::get_huid(l_proc),
TARGETING::get_huid(l_tpm),
l_err->reasonCode(), l_err->plid(), l_err->eid());

l_err->addHwCallout(l_proc,
HWAS::SRCI_PRIORITY_LOW,
HWAS::DELAYED_DECONFIG,
Expand All @@ -1128,14 +1163,25 @@ void tpmMarkFailed(TpmTarget* const i_pTpm)
l_err->collectTrace(SECURE_COMP_NAME);
l_err->collectTrace(TRBOOT_COMP_NAME);

// pass on the plid from the previous error log to the new one
l_err->plid(plid);

ERRORLOG::ErrlUserDetailsTarget(l_proc).addToLog(l_err);

ERRORLOG::errlCommit(l_err, TRBOOT_COMP_ID);
}
#endif
// Commit input error log
if (io_err)
{
TRACFCOMP(g_trac_trustedboot,
ERR_MRK "Committing io_err rc=0x%04X plid=0x%08X, eid=0x%08X",
io_err->reasonCode(), io_err->plid(), io_err->eid());

io_err->collectTrace(SECURE_COMP_NAME);
io_err->collectTrace(TRBOOT_COMP_NAME);

ERRORLOG::errlCommit(io_err, TRBOOT_COMP_ID);
}

}

void tpmVerifyFunctionalTpmExists(
Expand Down Expand Up @@ -1209,6 +1255,9 @@ void tpmVerifyFunctionalTpmExists(
err->collectTrace( TPMDD_COMP_NAME );
uint32_t errPlid = err->plid();

// Add Security Registers to the error log
SECUREBOOT::addSecurityRegistersToErrlog(err);

// HW callout TPMs
TARGETING::TargetHandleList l_tpmList;
TRUSTEDBOOT::getTPMs(l_tpmList, TPM_FILTER::ALL_IN_BLUEPRINT);
Expand Down
14 changes: 11 additions & 3 deletions src/usr/secureboot/trusted/trustedbootUtils.H
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2015,2017 */
/* Contributors Listed Below - COPYRIGHT 2015,2018 */
/* [+] International Business Machines Corp. */
/* */
/* */
Expand Down Expand Up @@ -81,9 +81,17 @@ errlHndl_t tpmCreateErrorLog(const uint8_t i_modId,
/**
* @brief Mark the TPM as non-functional and take required steps
*
* @param[in] i_pTpm Handle to TPM target
* @param[in] i_pTpm - Handle to TPM target
*
* @param[in] io_errLog - Handle to Error Log used to collect FFDC
* -- This log will be COMMITED in this function
* and the handle will be set to nullptr
* -- Any additional fails in marking the TPM as
* non-functional will be linked to this
* -- If nullptr, then the above actions are no-ops
*/
void tpmMarkFailed(TpmTarget * i_pTpm);
void tpmMarkFailed(TpmTarget * i_pTpm,
errlHndl_t & io_errLog);

#ifdef __cplusplus
} // end TRUSTEDBOOT namespace
Expand Down

0 comments on commit 234ef44

Please sign in to comment.