Integrate p9_update_security_ctrl HWP into Istep 10.3

Add handling of TPM deconfig and SBE Secure Seeprom Lock by integrating the hardware procedure p9_update_security_ctrl into Istep 10.3 and retriggering the hardware procedure any time a TPM fails. Change-Id: I36f57dc7aef3de6661357736a525fe25a3828c6e RTC:153891 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/36189 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
open-power · Mar 3, 2017 · 2384503 · 2384503
1 parent a9eefaa
commit 2384503
Show file tree

Hide file tree

Showing 7 changed files with 339 additions and 48 deletions.
diff --git a/src/include/usr/isteps/istep_reasoncodes.H b/src/include/usr/isteps/istep_reasoncodes.H
@@ -54,6 +54,7 @@ namespace ISTEP
         MOD_PM_LOAD_HOST_DATA_TO_SRAM                     = 0x12,
         MOD_VOLTAGE_CONFIG                                = 0x13,
         MOD_PM_VERIFY_OCC_CHKPT                           = 0x14,
+        MOD_UPDATE_REDUNDANT_TPM                          = 0x15,
     };
 
     /**
@@ -90,6 +91,7 @@ namespace ISTEP
         RC_NO_PRESENT_EQS                        = ISTEP_COMP_ID | 0x1A,
         RC_NOMINAL_FREQ_MISMATCH                 = ISTEP_COMP_ID | 0x1B,
         RC_PM_OCC_CHKPT_TIMEOUT                  = ISTEP_COMP_ID | 0x1C,
+        RC_UPDATE_SECURITY_CTRL_HWP_FAIL         = ISTEP_COMP_ID | 0x1D,
     };
 
 };

diff --git a/src/include/usr/secureboot/trustedboot_reasoncodes.H b/src/include/usr/secureboot/trustedboot_reasoncodes.H
@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2015,2016                        */
+/* Contributors Listed Below - COPYRIGHT 2015,2017                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -43,51 +43,53 @@ namespace TRUSTEDBOOT
 
     enum TRUSTEDModuleId
     {
-        MOD_HOST_UPDATE_MASTER_TPM      = 0x00,
-        MOD_TPM_INITIALIZE              = 0x01,
-        MOD_TPM_CMD_STARTUP             = 0x02,
-        MOD_TPM_CMD_GETCAPFWVERSION     = 0x03,
-        MOD_TPM_MARSHALCMDDATA          = 0x04,
-        MOD_TPM_UNMARSHALRESPDATA       = 0x05,
-        MOD_TPM_VERIFYFUNCTIONAL        = 0x06,
-        MOD_TPM_CMD_PCREXTEND           = 0x07,
-        MOD_TPM_CMD_PCRREAD             = 0x08,
-        MOD_TPM_REPLAY_LOG              = 0x09,
-        MOD_TPM_PCREXTEND               = 0x0A,
-        MOD_TPM_TPMDAEMON               = 0x0B,
-        MOD_TPM_SYNCRESPONSE            = 0x0C,
-        MOD_TPM_SEPARATOR               = 0x0D,
+        MOD_HOST_UPDATE_MASTER_TPM       = 0x00,
+        MOD_TPM_INITIALIZE               = 0x01,
+        MOD_TPM_CMD_STARTUP              = 0x02,
+        MOD_TPM_CMD_GETCAPFWVERSION      = 0x03,
+        MOD_TPM_MARSHALCMDDATA           = 0x04,
+        MOD_TPM_UNMARSHALRESPDATA        = 0x05,
+        MOD_TPM_VERIFYFUNCTIONAL         = 0x06,
+        MOD_TPM_CMD_PCREXTEND            = 0x07,
+        MOD_TPM_CMD_PCRREAD              = 0x08,
+        MOD_TPM_REPLAY_LOG               = 0x09,
+        MOD_TPM_PCREXTEND                = 0x0A,
+        MOD_TPM_TPMDAEMON                = 0x0B,
+        MOD_TPM_SYNCRESPONSE             = 0x0C,
+        MOD_TPM_SEPARATOR                = 0x0D,
 
-        MOD_TPMLOGMGR_INITIALIZE        = 0x10,
-        MOD_TPMLOGMGR_ADDEVENT          = 0x11,
-        MOD_TPMLOGMGR_INITIALIZEEXISTLOG = 0x012,
-        MOD_TPMLOGMGR_GETDEVTREEINFO    = 0x13,
+        MOD_TPMLOGMGR_INITIALIZE         = 0x10,
+        MOD_TPMLOGMGR_ADDEVENT           = 0x11,
+        MOD_TPMLOGMGR_INITIALIZEEXISTLOG = 0x12,
+        MOD_TPMLOGMGR_GETDEVTREEINFO     = 0x13,
+        MOD_TPM_MARK_FAILED              = 0x14,
    };
 
     enum TRUSTEDReasonCode
     {
         // Reason codes 0x00 - 0x9F reserved for secure_reasoncodes.H
 
-        RC_TPM_START_FAIL               = SECURE_COMP_ID | 0xA0,
-        RC_TPM_EXISTENCE_FAIL           = SECURE_COMP_ID | 0xA1,
-        RC_TPM_GETCAP_FAIL              = SECURE_COMP_ID | 0xA2,
-        RC_TPM_GETCAP_FW_INVALID_RESP   = SECURE_COMP_ID | 0xA3,
-        RC_TPM_GETCAP2_FAIL             = SECURE_COMP_ID | 0xA4,
-        RC_TPM_GETCAP2_FW_INVALID_RESP  = SECURE_COMP_ID | 0xA5,
-        RC_TPM_MARSHAL_INVALID_CMD      = SECURE_COMP_ID | 0xA6,
-        RC_TPM_MARSHALING_FAIL          = SECURE_COMP_ID | 0xA7,
-        RC_TPM_UNMARSHAL_INVALID_CMD    = SECURE_COMP_ID | 0xA8,
-        RC_TPM_UNMARSHALING_FAIL        = SECURE_COMP_ID | 0xA9,
-        RC_TPMLOGMGR_ADDEVENT_FAIL      = SECURE_COMP_ID | 0xAA,
-        RC_TPMLOGMGR_ADDEVENTMARSH_FAIL = SECURE_COMP_ID | 0xAB,
-        RC_TPMLOGMGR_INIT_FAIL          = SECURE_COMP_ID | 0xAC,
-        RC_TPM_NOFUNCTIONALTPM_FAIL     = SECURE_COMP_ID | 0xAD,
-        RC_TPM_COMMAND_FAIL             = SECURE_COMP_ID | 0xAE,
-        RC_TPM_INVALID_ARGS             = SECURE_COMP_ID | 0xAF,
-        RC_TPMLOGMGR_LOGWALKFAIL        = SECURE_COMP_ID | 0xB0,
-        RC_SENDRECV_FAIL                = SECURE_COMP_ID | 0xB1,
-        RC_SEND_FAIL                    = SECURE_COMP_ID | 0xB2,
-        RC_MSGRESPOND_FAIL              = SECURE_COMP_ID | 0xB3,
+        RC_TPM_START_FAIL                = SECURE_COMP_ID | 0xA0,
+        RC_TPM_EXISTENCE_FAIL            = SECURE_COMP_ID | 0xA1,
+        RC_TPM_GETCAP_FAIL               = SECURE_COMP_ID | 0xA2,
+        RC_TPM_GETCAP_FW_INVALID_RESP    = SECURE_COMP_ID | 0xA3,
+        RC_TPM_GETCAP2_FAIL              = SECURE_COMP_ID | 0xA4,
+        RC_TPM_GETCAP2_FW_INVALID_RESP   = SECURE_COMP_ID | 0xA5,
+        RC_TPM_MARSHAL_INVALID_CMD       = SECURE_COMP_ID | 0xA6,
+        RC_TPM_MARSHALING_FAIL           = SECURE_COMP_ID | 0xA7,
+        RC_TPM_UNMARSHAL_INVALID_CMD     = SECURE_COMP_ID | 0xA8,
+        RC_TPM_UNMARSHALING_FAIL         = SECURE_COMP_ID | 0xA9,
+        RC_TPMLOGMGR_ADDEVENT_FAIL       = SECURE_COMP_ID | 0xAA,
+        RC_TPMLOGMGR_ADDEVENTMARSH_FAIL  = SECURE_COMP_ID | 0xAB,
+        RC_TPMLOGMGR_INIT_FAIL           = SECURE_COMP_ID | 0xAC,
+        RC_TPM_NOFUNCTIONALTPM_FAIL      = SECURE_COMP_ID | 0xAD,
+        RC_TPM_COMMAND_FAIL              = SECURE_COMP_ID | 0xAE,
+        RC_TPM_INVALID_ARGS              = SECURE_COMP_ID | 0xAF,
+        RC_TPMLOGMGR_LOGWALKFAIL         = SECURE_COMP_ID | 0xB0,
+        RC_SENDRECV_FAIL                 = SECURE_COMP_ID | 0xB1,
+        RC_SEND_FAIL                     = SECURE_COMP_ID | 0xB2,
+        RC_MSGRESPOND_FAIL               = SECURE_COMP_ID | 0xB3,
+        RC_UPDATE_SECURITY_CTRL_HWP_FAIL = SECURE_COMP_ID | 0xB4,
     };
 #ifdef __cplusplus
 }

diff --git a/src/usr/isteps/istep10/call_host_update_redundant_tpm.C b/src/usr/isteps/istep10/call_host_update_redundant_tpm.C
@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2015,2016                        */
+/* Contributors Listed Below - COPYRIGHT 2015,2017                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -23,14 +23,153 @@
 /*                                                                        */
 /* IBM_PROLOG_END_TAG                                                     */
 #include <errl/errlentry.H>
+#include <errl/errlmanager.H>
+#include <isteps/istep_reasoncodes.H>
+
+// targeting support
+#include <targeting/common/target.H>
+#include <targeting/common/commontargeting.H>
+#include <targeting/common/utilFilter.H>
+#include <errl/errludtarget.H>
+#include <attributetraits.H>
+
+#include <config.h>
+#include <util/align.H>
+#include <util/algorithm.H>
+
+// Fapi Support
+#include <fapi2.H>
+#include <target_types.H>
+#include <plat_hwp_invoker.H>
+#include <attributeenums.H>
+#include <istepHelperFuncs.H>
+
+// HWP
+#include <p9_update_security_ctrl.H>
+
+// secure boot
+#include <secureboot/service.H>
+
 
 namespace ISTEP_10
 {
 void* call_host_update_redundant_tpm (void *io_pArgs)
 {
-    errlHndl_t l_err = NULL;
-    //@TODO RTC:153891 call p9_update_security_ctrl.C HWP
-    return l_err;
+    #ifdef CONFIG_SECUREBOOT
+    do {
+
+    bool l_force = false;
+
+    if (!SECUREBOOT::enabled() && !l_force)
+    {
+        break;
+    }
+
+    // call p9_update_security_ctrl.C HWP
+    TARGETING::TargetHandleList l_procList;
+    getAllChips(l_procList,TARGETING::TYPE_PROC,true);
+
+    TARGETING::TargetHandleList l_tpmList;
+    getAllChips(l_tpmList,TARGETING::TYPE_TPM,false);
+
+    // for each processor in list
+    for(auto pProc : l_procList)
+    {
+        bool l_notInMrw = true;
+        TARGETING::Target* l_tpm = nullptr;
+
+        // check if processor has a TPM according to the mrw
+
+        // for each TPM in the list compare i2c master path with
+        // the path of the current processor
+        for (auto itpm : l_tpmList)
+        {
+            auto l_physPath = pProc->getAttr<TARGETING::ATTR_PHYS_PATH>();
+
+            auto l_tpmInfo = itpm->getAttr<TARGETING::ATTR_TPM_INFO>();
+
+            if (l_tpmInfo.i2cMasterPath == l_physPath)
+            {
+                l_notInMrw = false;
+                l_tpm = itpm;
+                break;
+            }
+        }
+
+        if (l_notInMrw)
+        {
+            uint8_t l_protectTpm = 1;
+            pProc->setAttr<TARGETING::ATTR_SECUREBOOT_PROTECT_DECONFIGURED_TPM
+                >(l_protectTpm);
+        }
+
+        errlHndl_t err = nullptr;
+
+        const fapi2::Target<fapi2::TARGET_TYPE_PROC_CHIP> l_fapiTarg(pProc);
+
+        FAPI_INVOKE_HWP(err, p9_update_security_ctrl, l_fapiTarg);
+
+        if (err)
+        {
+            TRACFCOMP(ISTEPS_TRACE::g_trac_isteps_trace,
+                ERR_MRK"call_host_update_redundant_tpm - "
+                "p9_update_security_ctrl failed for processor tgt=0x%X, "
+                "TPM tgt=0x%X. Deconfiguring processor because future "
+                "security cannot be guaranteed.",
+                TARGETING::get_huid(pProc),
+                TARGETING::get_huid(l_tpm));
+
+            // save the plid from the error before commiting
+            auto plid = err->plid();
+
+            ERRORLOG::ErrlUserDetailsTarget(pProc).addToLog(err);
+
+            // commit this error log first before creating the new one
+            ERRORLOG::errlCommit(err, ISTEP_COMP_ID);
+
+            /*@
+             * @errortype
+             * @reasoncode       ISTEP::RC_UPDATE_SECURITY_CTRL_HWP_FAIL
+             * @moduleid         ISTEP::MOD_UPDATE_REDUNDANT_TPM
+             * @severity         ERRL_SEV_UNRECOVERABLE
+             * @userdata1        Processor Target
+             * @userdata2        TPM Target
+             * @devdesc          Failed to set SEEPROM lock and/or TPM deconfig
+             *                   protection for this processor, so we cannot
+             *                   guarrantee platform secuirty for this processor
+             * @custdesc         Platform security problem detected
+            */
+            err = new ERRORLOG::ErrlEntry(ERRORLOG::ERRL_SEV_UNRECOVERABLE,
+                ISTEP::MOD_UPDATE_REDUNDANT_TPM,
+                ISTEP::RC_UPDATE_SECURITY_CTRL_HWP_FAIL,
+                TARGETING::get_huid(pProc),
+                TARGETING::get_huid(l_tpm),
+                true);
+
+            err->addHwCallout(pProc,
+                            HWAS::SRCI_PRIORITY_LOW,
+                            HWAS::DELAYED_DECONFIG,
+                            HWAS::GARD_NULL);
+
+            err->collectTrace(ISTEP_COMP_NAME);
+
+            // pass on the plid from the previous error log to the new one
+            err->plid(plid);
+
+            ERRORLOG::ErrlUserDetailsTarget(pProc).addToLog(err);
+
+            ERRORLOG::errlCommit(err, ISTEP_COMP_ID);
+
+            // we don't break here. we need to continue on to the next
+            // processor and run the HWP on that one
+        }
+    }
+
+    } while(0);
+
+    #endif // CONFIG_SECUREBOOT
+
+    return nullptr;
 }
 
 };
diff --git a/src/usr/isteps/istep10/makefile b/src/usr/isteps/istep10/makefile
@@ -5,7 +5,7 @@
 #
 # OpenPOWER HostBoot Project
 #
-# Contributors Listed Below - COPYRIGHT 2015,2016
+# Contributors Listed Below - COPYRIGHT 2015,2017
 # [+] International Business Machines Corp.
 #
 #
@@ -27,7 +27,7 @@ MODULE = istep10
 
 NEST_HWP_PATH += ${ROOTPATH}/src/import/chips/p9/procedures/hwp/nest
 INITFILES_HWP_PATH += ${ROOTPATH}/src/import/chips/p9/procedures/hwp/initfiles
-
+PERV_HWP_PATH += ${ROOTPATH}/src/import/chips/p9/procedures/hwp/perv
 
 EXTRAINCDIR += ${ROOTPATH}/src/usr/isteps/
 EXTRAINCDIR += ${ROOTPATH}/src/include/usr/fapi2/
@@ -36,13 +36,15 @@ EXTRAINCDIR += ${ROOTPATH}/src/import/chips/p9/utils/imageProcs/
 EXTRAINCDIR += ${ROOTPATH}/src/import/chips/p9/common/include/
 EXTRAINCDIR += ${NEST_HWP_PATH}
 EXTRAINCDIR += ${INITFILES_HWP_PATH}
+EXTRAINCDIR += ${PERV_HWP_PATH}
 
 OBJS += call_proc_build_smp.o
 OBJS += call_host_slave_sbe_update.o
 OBJS += call_host_update_redundant_tpm.o
 
 VPATH += ${NEST_HWP_PATH}
 VPATH += ${INITFILES_HWP_PATH}
+VPATH += ${PERV_HWP_PATH}
 
 #Required include before all the procedure.mk are included
 include ${ROOTPATH}/procedure.rules.mk
@@ -51,5 +53,6 @@ include ${ROOTPATH}/procedure.rules.mk
 include $(NEST_HWP_PATH)/p9_build_smp.mk
 include ${INITFILES_HWP_PATH}/p9_fbc_ab_hp_scom.mk
 include ${INITFILES_HWP_PATH}/p9_fbc_cd_hp_scom.mk
+include ${PERV_HWP_PATH}/p9_update_security_ctrl.mk
 
 include ${ROOTPATH}/config.mk
diff --git a/src/usr/secureboot/trusted/makefile b/src/usr/secureboot/trusted/makefile
@@ -5,7 +5,7 @@
 #
 # OpenPOWER HostBoot Project
 #
-# Contributors Listed Below - COPYRIGHT 2015,2016
+# Contributors Listed Below - COPYRIGHT 2015,2017
 # [+] International Business Machines Corp.
 #
 #
@@ -24,15 +24,31 @@
 # IBM_PROLOG_END_TAG
 ROOTPATH = ../../../..
 MODULE = secureboot_trusted
+PERV_HWP_PATH += ${ROOTPATH}/src/import/chips/p9/procedures/hwp/perv
 
+#Hardware procedure includes
+EXTRAINCDIR += ${PERV_HWP_PATH}
+EXTRAINCDIR += ${ROOTPATH}/src/include/usr/fapi2/
+EXTRAINCDIR += ${ROOTPATH}/src/import/hwpf/fapi2/include/
+EXTRAINCDIR += ${ROOTPATH}/src/import/chips/p9/utils/imageProcs/
+EXTRAINCDIR += ${ROOTPATH}/src/import/chips/p9/common/include/
+
+#Trustedboot compilation units
 OBJS += $(if $(CONFIG_TPMDD),trustedboot.o,)
 OBJS += $(if $(CONFIG_TPMDD),trustedbootCmds.o,)
 OBJS += $(if $(CONFIG_TPMDD),trustedTypes.o,)
 OBJS += $(if $(CONFIG_TPMDD),tpmLogMgr.o,)
 OBJS += $(if $(CONFIG_TPMDD),trustedbootUtils.o,)
 
+#Handle the hardware procedure link dependency
+VPATH += ${PERV_HWP_PATH}
+
 SUBDIRS += $(if $(CONFIG_TPMDD),test.d,)
 
 CFLAGS += -iquote ../
 
+#Include HWP procedure makefiles
+include ${ROOTPATH}/procedure.rules.mk
+include ${PERV_HWP_PATH}/p9_update_security_ctrl.mk
+
 include ${ROOTPATH}/config.mk