Sync Attributes to FSP In TPM Required Path

System shut down due to no functional primary TPM doesn't force attribute sync to FSP (which is a part of normal istep shutdown process), so the TPM_UNUSABLE attribute used to perform alignment check is never updated on FSP. This change adds explicit attribute sync to FSP in the TPM required execution path. Change-Id: I0e232c114af9ac08c8207088b337fb5a8c8d4cb1 CQ: SW438909 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/63069 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
open-power · Jul 23, 2018 · 2ff7bd1 · 2ff7bd1
1 parent 78c7928
commit 2ff7bd1
Showing 1 changed file with 18 additions and 1 deletion.
diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C
@@ -38,8 +38,10 @@
 #include <errl/errlmanager.H>
 #include <errl/errludtarget.H>
 #include <errl/errludstring.H>
+#include <targeting/attrsync.H>
 #include <targeting/targplatutil.H>
 #include <targeting/common/targetservice.H>
+#include <targeting/common/commontargeting.H>
 #include <secureboot/service.H>
 #include <secureboot/trustedbootif.H>
 #include <secureboot/trustedboot_reasoncodes.H>
@@ -66,7 +68,6 @@
 #include <fapi2.H>
 #include <plat_hwp_invoker.H>
 #include <p9_update_security_ctrl.H>
-#include <targeting/common/commontargeting.H>
 #include <algorithm>
 #include <util/misc.H>
 #include <hwas/common/hwasCommon.H>
@@ -1276,6 +1277,22 @@ void tpmVerifyFunctionalPrimaryTpmExists(
                                       HWAS::GARD_NULL);
                 }
                 errlCommit(err, TRBOOT_COMP_ID);
+
+                // Sync the attributes to FSP if applicable.
+                // This will allow for FSP to attempt to perform
+                // TPM alignment check.
+                if(INITSERVICE::spBaseServicesEnabled())
+                {
+                    err = TARGETING::syncAllAttributesToFsp();
+                    if(err)
+                    {
+                        TRACFCOMP(g_trac_trustedboot, ERR_MRK"Could not sync"
+                                  " attributes to FSP; errl EID 0x%08X",
+                                  err->eid());
+                        errlCommit(err, TRBOOT_COMP_ID);
+                    }
+                }
+
                 // terminating the IPL with this fail
                 // Terminate IPL immediately
                 INITSERVICE::doShutdown(errPlid,isBackgroundShutdown);