Skip to content

Commit

Permalink
Add Physical Presence Check and Window Open Features
Browse files Browse the repository at this point in the history 
This commit does the following:
- Adds an interface to detect if physical presence has been asserted
-- This happens in istep 6
-- If the window is open to detect this, it is then closed here
- Adds an interface to possibly open the window to look for physical presence
-- This happens in istep 10
-- It first checks to see if the window should be opened
-- If the window is opened then the system shuts down to wait for
   physical presence to be asserted on the next power on
- Adds the necessary attributes to support and test this functionality

RTC:211220
Change-Id: I05a26ebad581875a4b9f2a51eb1ca3062f36c5fb
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/84656
Reviewed-by: Ilya Smirnov <ismirno@us.ibm.com>
Reviewed-by: Christopher J Engel <cjengel@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E Bofferding <bofferdn@us.ibm.com>
  • Loading branch information
@mabaiocchi
mabaiocchi authored and Nicholas E Bofferding committed Nov 14, 2019
1 parent eace166 commit 3596466
Show file tree
Hide file tree
Showing 13 changed files with 700 additions and 13 deletions.
68 changes: 68 additions & 0 deletions src/include/usr/secureboot/phys_presence_if.H
View file
@@ -0,0 +1,68 @@
/* IBM_PROLOG_BEGIN_TAG */
/* This is an automatically generated prolog. */
/* */
/* $Source: src/include/usr/secureboot/phys_presence_if.H $ */
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2019 */
/* [+] International Business Machines Corp. */
/* */
/* */
/* Licensed under the Apache License, Version 2.0 (the "License"); */
/* you may not use this file except in compliance with the License. */
/* You may obtain a copy of the License at */
/* */
/* http://www.apache.org/licenses/LICENSE-2.0 */
/* */
/* Unless required by applicable law or agreed to in writing, software */
/* distributed under the License is distributed on an "AS IS" BASIS, */
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */
/* implied. See the License for the specific language governing */
/* permissions and limitations under the License. */
/* */
/* IBM_PROLOG_END_TAG */
/**
* @file phys_presence_if.H
*
* @brief Interfaces to Detect and Open Physical Presence Windows
*
*/
#ifndef __PHYS_PRESENCE_H
#define __PHYS_PRESENCE_H
// -----------------------------------------------
// Includes
// -----------------------------------------------

#include <errl/errlentry.H>
#include <targeting/common/commontargeting.H>
#include <config.h>

namespace SECUREBOOT
{
/**
* @brief Checks if the Physical Presence Window was opened and if
* Physical Presence was asserted.
*
* @post Will ensure the window is closed at the end of the function
*
* @return errlHndl_t nullptr on success; non-nullptr on error.
*/
errlHndl_t detectPhysPresence(void);

/**
* @brief Handle Physical Presence Window first checks to see if a physical
* presence window should be opened. Then, if necessary, it sets up
* the physical presence detect circuit and then shuts down the
* system.
*
* @post If successful, this function will shutdown the system
*
* @return errlHndl_t nullptr on success; non-nullptr on error.
*/
errlHndl_t handlePhysPresenceWindow(void);

} // namespace SECUREBOOT


#endif // __PHYS_PRESENCE_H
19 changes: 17 additions & 2 deletions src/include/usr/secureboot/secure_reasoncodes.H
View file
Expand Up @@ -53,7 +53,7 @@ namespace SECUREBOOT
MOD_CHECK_RISK_LEVEL_FOR_SMF = 0x13,
MOD_SMF_SPLIT_SMF_MEM = 0x14,

// Use 0x20-0x2F range for Node Communications
// Use 0x20-0x3F range for Node Communications
MOD_NCDD_CHECK_FOR_ERRORS = 0x20,
MOD_NCDD_WAIT_FOR_CMD_COMP = 0x21,
MOD_NC_XBUS_TEST = 0x22,
Expand All @@ -70,7 +70,12 @@ namespace SECUREBOOT
MOD_NC_PROCESS_SLAVE_QUOTE = 0x2D,
MOD_NCT_SEND = 0x2E,
MOD_NCT_RECEIVE = 0x2F,
};

// Use 0x40-0x4F range for Physical Presence Detection
MOD_PHYS_PRES_DETECT = 0x40,
MOD_PHYS_PRES_OPEN_WINDOW = 0x41,

};

enum SECUREReasonCode
{
Expand Down Expand Up @@ -123,6 +128,16 @@ namespace SECUREBOOT
RC_NCT_INITIATION_MISMATCH = SECURE_COMP_ID | 0x33,
RC_NCEX_NO_FUNCTIONAL_PRIMARY_TPM = SECURE_COMP_ID | 0x34,

// Use 0x20-0x3F range for Node Communications

// RC_PHYS_PRES_WINDOW_OPENED_SHUTDOWN Must have one unique use
// for Shutdown path since FSP relies on it.
// termination_rc
RC_PHYS_PRES_WINDOW_OPENED_SHUTDOWN = SECURE_COMP_ID | 0x40,
RC_PHYS_PRES_ATTR_NOT_FOUND = SECURE_COMP_ID | 0x41,
RC_PHYS_PRES_WINDOW_NOT_CLOSED = SECURE_COMP_ID | 0x42,
RC_PHYS_PRES_WINDOW_NOT_OPENED = SECURE_COMP_ID | 0x43,

// Reason codes 0xA0 - 0xEF reserved for trustedboot_reasoncodes.H
};

Expand Down
2 changes: 1 addition & 1 deletion src/usr/gpio/gpio_pca9551.C
View file
Expand Up @@ -47,7 +47,7 @@

extern trace_desc_t* g_trac_gpio;

// Set to TRACFCOMP to enble unit race
// Set to TRACFCOMP to enable unit trace
#define TRACUCOMP(args...) TRACDCOMP(args)

using namespace DeviceFW;
Expand Down
3 changes: 1 addition & 2 deletions src/usr/gpio/gpiodd.C
View file
Expand Up @@ -77,8 +77,7 @@ errlHndl_t gpioPerformOp(DeviceFW::OperationType i_opType,
gpioInfo.deviceType = va_arg( i_args, uint64_t );
gpioInfo.portAddr = va_arg( i_args, uint64_t );

//MAB make TRACD
TRACFCOMP(g_trac_gpio, ENTER_MRK"gpioPerformOp(): "
TRACDCOMP(g_trac_gpio, ENTER_MRK"gpioPerformOp(): "
"optype %d deviceType %d portAddr %d",
i_opType, gpioInfo.deviceType, gpioInfo.portAddr);

Expand Down
28 changes: 24 additions & 4 deletions src/usr/isteps/istep06/call_host_update_master_tpm.C
View file
Expand Up @@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2015,2018 */
/* Contributors Listed Below - COPYRIGHT 2015,2019 */
/* [+] International Business Machines Corp. */
/* */
/* */
Expand All @@ -31,6 +31,8 @@
#include <trustedbootif.H>
#include <initservice/isteps_trace.H>
#include <secureboot/service.H>
#include <secureboot/phys_presence_if.H>
#include <config.h>

namespace ISTEP_06
{
Expand All @@ -39,7 +41,7 @@ void* call_host_update_master_tpm( void *io_pArgs )
{
ISTEP_ERROR::IStepError l_stepError;

TRACDCOMP( ISTEPS_TRACE::g_trac_isteps_trace,
TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace,
"call_host_update_master_tpm entry" );

errlHndl_t l_err = nullptr;
Expand Down Expand Up @@ -67,10 +69,28 @@ void* call_host_update_master_tpm( void *io_pArgs )
ERRORLOG::errlCommit( l_err, SECURE_COMP_ID );
}

TRACDCOMP( ISTEPS_TRACE::g_trac_isteps_trace,
"call_host_update_master_tpm exit" );
// Check for Physical Presence
#ifdef CONFIG_PHYS_PRES_PWR_BUTTON
l_err = SECUREBOOT::detectPhysPresence();
if (l_err)
{
// @TODO RTC 210301 - Handle Error Log Correctly, but for now
// just delete it
TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace,
"call_host_update_master_tpm: Error back from "
"SECUREBOOT::detectPhysPresence: rc=0x%X, plid=0x%X. "
"Deleting error for now",
ERRL_GETRC_SAFE(l_err), ERRL_GETPLID_SAFE(l_err));
delete l_err;
l_err = nullptr;
}
#endif

TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace,
"call_host_update_master_tpm exit" );
return l_stepError.getErrorHandle();


}

};
24 changes: 23 additions & 1 deletion src/usr/isteps/istep10/call_host_update_redundant_tpm.C
View file
Expand Up @@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2015,2018 */
/* Contributors Listed Below - COPYRIGHT 2015,2019 */
/* [+] International Business Machines Corp. */
/* */
/* */
Expand Down Expand Up @@ -40,6 +40,7 @@
#include <util/algorithm.H>
#include <istepHelperFuncs.H>
#include <secureboot/trustedbootif.H>
#include <secureboot/phys_presence_if.H>

namespace ISTEP_10
{
Expand All @@ -50,6 +51,7 @@ void* call_host_update_redundant_tpm (void *io_pArgs)
ENTER_MRK"call_host_update_redundant_tpm");

ISTEP_ERROR::IStepError l_istepError;

#ifdef CONFIG_TPMDD
TARGETING::Target* l_backupTpm = nullptr;

Expand All @@ -67,6 +69,26 @@ void* call_host_update_redundant_tpm (void *io_pArgs)
} while(0);
#endif

#ifdef CONFIG_PHYS_PRES_PWR_BUTTON
// Check to see if a Physical Presence Window should be opened,
// and if so, open it. This could result in the system being shutdown
// to allow the system administrator to assert physical presence
errlHndl_t l_err = nullptr;
l_err = SECUREBOOT::handlePhysPresenceWindow();
if (l_err)
{
// @TODO RTC 210301 - Handle Error Log Correctly, but for now
// just delete it
TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace,
"call_host_update_redundant_tpm: Error back from "
"SECUREBOOT::handlePhysPresence: rc=0x%X, plid=0x%X. "
"Deleting error for now",
ERRL_GETRC_SAFE(l_err), ERRL_GETPLID_SAFE(l_err));
delete l_err;
l_err = nullptr;
}
#endif

TRACFCOMP(ISTEPS_TRACE::g_trac_isteps_trace,
EXIT_MRK"call_host_update_redundant_tpm");

Expand Down
7 changes: 5 additions & 2 deletions src/usr/runtime/hdatstructs.H
View file
Expand Up @@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2012,2018 */
/* Contributors Listed Below - COPYRIGHT 2012,2019 */
/* [+] International Business Machines Corp. */
/* */
/* */
Expand Down Expand Up @@ -453,7 +453,10 @@ typedef struct sysSecSets
// NOTE: This bit is labeled "Platform Security Overrides Allowed"
// in the section 6.1.1 of HDAT spec.
uint16_t sbeSecBackdoor : 1;
uint16_t reserved : 13;

// bit 3: "System Physical Presence has been asserted"
uint16_t physicalPresenceAsserted : 1;
uint16_t reserved : 12;
} SysSecSets;

#endif
7 changes: 7 additions & 0 deletions src/usr/runtime/populate_hbruntime.C
View file
Expand Up @@ -1879,6 +1879,13 @@ errlHndl_t populate_hbSecurebootData ( void )
// populate security override setting
l_sysSecSets->sbeSecBackdoor = SECUREBOOT::getSbeSecurityBackdoor();

// populate "System Physical Presence has been asserted"
TARGETING::Target* sys = nullptr;
TARGETING::targetService().getTopLevelTarget( sys );
assert(sys != nullptr, "populate_hbSecurebootData() - Could not obtain top level target");
l_sysSecSets->physicalPresenceAsserted =
sys->getAttr<TARGETING::ATTR_PHYS_PRES_ASSERTED>();

// populate TPM config bits in hdat
bool tpmRequired = false;
#ifdef CONFIG_TPMDD
Expand Down
14 changes: 14 additions & 0 deletions src/usr/secureboot/HBconfig
View file
Expand Up @@ -22,3 +22,17 @@ config TPM_NVIDX_VALIDATE
depends on TPMDD
help
Validate TPM MFG NV Index Provisioning during IPL

config PHYS_PRES_PWR_BUTTON
default n
depends on !PHYS_PRES_JUMPER
help
Support asserting Physical Presence via pushing the Power Button
on the system

config PHYS_PRES_JUMPER
default n
depends on !PHYS_PRES_PRW_BUTTON
help
Support asserting Physical Presence via a jumper on the TPM Card
Currently not supported.
3 changes: 2 additions & 1 deletion src/usr/secureboot/ext/makefile
View file
Expand Up @@ -5,7 +5,7 @@
#
# OpenPOWER HostBoot Project
#
# Contributors Listed Below - COPYRIGHT 2013,2018
# Contributors Listed Below - COPYRIGHT 2013,2019
# [+] International Business Machines Corp.
#
#
Expand All @@ -30,6 +30,7 @@ PERV_HWP_PATH = $(ROOTPATH)/src/import/chips/p9/procedures/hwp/perv

OBJS += $(if $(CONFIG_DRTM),drtm.o)
OBJS += $(if $(CONFIG_SECUREBOOT), service_ext.o)
OBJS += $(if $(CONFIG_PHYS_PRES_PWR_BUTTON), phys_presence.o)

VPATH += $(PERV_HWP_PATH)

Expand Down

0 comments on commit 3596466

Please sign in to comment.