Fix developer and customer descriptions for TPM required policy

Adds more useful information to the developer and customer descriptions of error logs that are created when the TPM required policy is broken. Change-Id: Ib2c42c85cb5689b5a791ab96709dc40f4bbd85d4 CQ:SW415447 Backport:release-fips910 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/52848 Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
open-power · Feb 10, 2018 · 24252f0 · 24252f0
1 parent e770e96
commit 24252f0
Showing 1 changed file with 20 additions and 1 deletion.
diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C
@@ -1148,7 +1148,26 @@ void tpmVerifyFunctionalTpmExists(
                  * @moduleid       MOD_TPM_VERIFYFUNCTIONAL
                  * @userdata1      0
                  * @userdata2      0
-                 * @devdesc        No functional TPMs exist in the system
+                 * @devdesc        The system is configured in the hardware
+                 *                 (via processor secure jumpers) to enable
+                 *                 Secure Boot, and the system's "TPM required"
+                 *                 policy is configured to require at least one
+                 *                 functional TPM in order to boot with Secure
+                 *                 Boot enabled. Therefore, the system will
+                 *                 terminate due to lack of functional TPMs.
+                 * @custdesc       The system is configured for Secure Boot and
+                 *                 trusted platform module required mode; at
+                 *                 least one functional trusted platform module
+                 *                 is required to boot the system, but none are
+                 *                 available.  Therefore, the system will
+                 *                 terminate.
+                 *                 Trusted platform module required mode may be
+                 *                 disabled via the appropriate systems
+                 *                 management interface to allow platform boot
+                 *                 without the remote trusted attestation
+                 *                 capability. Look for other errors which call
+                 *                 out the trusted platform module and follow
+                 *                 the repair actions for these errors.
                  */
                 err = new ERRORLOG::ErrlEntry(ERRORLOG::ERRL_SEV_UNRECOVERABLE,
                                               MOD_TPM_VERIFYFUNCTIONAL,