Add Physical Presence Check and Window Open Features

This commit does the following:
- Adds an interface to detect if physical presence has been asserted
-- This happens in istep 6
-- If the window is open to detect this, it is then closed here
- Adds an interface to possibly open the window to look for physical presence
-- This happens in istep 10
-- It first checks to see if the window should be opened
-- If the window is opened then the system shuts down to wait for
   physical presence to be asserted on the next power on
- Adds the necessary attributes to support and test this functionality

RTC:211220
Change-Id: I05a26ebad581875a4b9f2a51eb1ca3062f36c5fb
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/84656
Reviewed-by: Ilya Smirnov <ismirno@us.ibm.com>
Reviewed-by: Christopher J Engel <cjengel@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E Bofferding <bofferdn@us.ibm.com>

Author: mabaiocchi

src/include/usr/secureboot/phys_presence_if.H

@@ -0,0 +1,68 @@
+/* IBM_PROLOG_BEGIN_TAG                                                   */
+/* This is an automatically generated prolog.                             */
+/*                                                                        */
+/* $Source: src/include/usr/secureboot/phys_presence_if.H $               */
+/*                                                                        */
+/* OpenPOWER HostBoot Project                                             */
+/*                                                                        */
+/* Contributors Listed Below - COPYRIGHT 2019                             */
+/* [+] International Business Machines Corp.                              */
+/*                                                                        */
+/*                                                                        */
+/* Licensed under the Apache License, Version 2.0 (the "License");        */
+/* you may not use this file except in compliance with the License.       */
+/* You may obtain a copy of the License at                                */
+/*                                                                        */
+/*     http://www.apache.org/licenses/LICENSE-2.0                         */
+/*                                                                        */
+/* Unless required by applicable law or agreed to in writing, software    */
+/* distributed under the License is distributed on an "AS IS" BASIS,      */
+/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or        */
+/* implied. See the License for the specific language governing           */
+/* permissions and limitations under the License.                         */
+/*                                                                        */
+/* IBM_PROLOG_END_TAG                                                     */
+/**
+ * @file phys_presence_if.H
+ *
+ * @brief Interfaces to Detect and Open Physical Presence Windows
+ *
+ */
+#ifndef __PHYS_PRESENCE_H
+#define __PHYS_PRESENCE_H
+// -----------------------------------------------
+// Includes
+// -----------------------------------------------
+
+#include <errl/errlentry.H>
+#include <targeting/common/commontargeting.H>
+#include <config.h>
+
+namespace SECUREBOOT
+{
+    /**
+     * @brief Checks if the Physical Presence Window was opened and if
+     *        Physical Presence was asserted.
+     *
+     * @post  Will ensure the window is closed at the end of the function
+     *
+     * @return errlHndl_t nullptr on success; non-nullptr on error.
+     */
+    errlHndl_t detectPhysPresence(void);
+
+    /**
+     * @brief Handle Physical Presence Window first checks to see if a physical
+     *        presence window should be opened.  Then, if necessary, it sets up
+     *        the physical presence detect circuit and then shuts down the
+     *        system.
+     *
+     * @post If successful, this function will shutdown the system
+     *
+     * @return errlHndl_t nullptr on success; non-nullptr on error.
+     */
+    errlHndl_t handlePhysPresenceWindow(void);
+
+} // namespace SECUREBOOT
+
+
+#endif // __PHYS_PRESENCE_H

src/include/usr/secureboot/secure_reasoncodes.H

@@ -53,7 +53,7 @@ namespace SECUREBOOT
         MOD_CHECK_RISK_LEVEL_FOR_SMF        = 0x13,
         MOD_SMF_SPLIT_SMF_MEM               = 0x14,
 
-        // Use 0x20-0x2F range for Node Communications
+        // Use 0x20-0x3F range for Node Communications
         MOD_NCDD_CHECK_FOR_ERRORS           = 0x20,
         MOD_NCDD_WAIT_FOR_CMD_COMP          = 0x21,
         MOD_NC_XBUS_TEST                    = 0x22,
@@ -70,7 +70,12 @@ namespace SECUREBOOT
         MOD_NC_PROCESS_SLAVE_QUOTE          = 0x2D,
         MOD_NCT_SEND                        = 0x2E,
         MOD_NCT_RECEIVE                     = 0x2F,
-   };
+
+        // Use 0x40-0x4F range for Physical Presence Detection
+        MOD_PHYS_PRES_DETECT                = 0x40,
+        MOD_PHYS_PRES_OPEN_WINDOW           = 0x41,
+
+    };
 
     enum SECUREReasonCode
     {
@@ -123,6 +128,16 @@ namespace SECUREBOOT
         RC_NCT_INITIATION_MISMATCH         = SECURE_COMP_ID | 0x33,
         RC_NCEX_NO_FUNCTIONAL_PRIMARY_TPM  = SECURE_COMP_ID | 0x34,
 
+        // Use 0x20-0x3F range for Node Communications
+
+        // RC_PHYS_PRES_WINDOW_OPENED_SHUTDOWN Must have one unique use
+        //  for Shutdown path since FSP relies on it.
+        // termination_rc
+        RC_PHYS_PRES_WINDOW_OPENED_SHUTDOWN = SECURE_COMP_ID | 0x40,
+        RC_PHYS_PRES_ATTR_NOT_FOUND         = SECURE_COMP_ID | 0x41,
+        RC_PHYS_PRES_WINDOW_NOT_CLOSED      = SECURE_COMP_ID | 0x42,
+        RC_PHYS_PRES_WINDOW_NOT_OPENED      = SECURE_COMP_ID | 0x43,
+
         // Reason codes 0xA0 - 0xEF reserved for trustedboot_reasoncodes.H
     };
 

src/usr/gpio/gpio_pca9551.C

@@ -47,7 +47,7 @@
 
 extern trace_desc_t* g_trac_gpio;
 
-// Set to TRACFCOMP to enble unit race
+// Set to TRACFCOMP to enable unit trace
 #define TRACUCOMP(args...)  TRACDCOMP(args)
 
 using namespace DeviceFW;

src/usr/gpio/gpiodd.C

@@ -77,8 +77,7 @@ errlHndl_t gpioPerformOp(DeviceFW::OperationType i_opType,
     gpioInfo.deviceType = va_arg( i_args, uint64_t );
     gpioInfo.portAddr   = va_arg( i_args, uint64_t );
 
-//MAB make TRACD
-    TRACFCOMP(g_trac_gpio, ENTER_MRK"gpioPerformOp(): "
+    TRACDCOMP(g_trac_gpio, ENTER_MRK"gpioPerformOp(): "
               "optype %d deviceType %d portAddr %d",
               i_opType, gpioInfo.deviceType, gpioInfo.portAddr);
 

src/usr/isteps/istep06/call_host_update_master_tpm.C

@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2015,2018                        */
+/* Contributors Listed Below - COPYRIGHT 2015,2019                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -31,6 +31,8 @@
 #include <trustedbootif.H>
 #include <initservice/isteps_trace.H>
 #include <secureboot/service.H>
+#include <secureboot/phys_presence_if.H>
+#include <config.h>
 
 namespace ISTEP_06
 {
@@ -39,7 +41,7 @@ void* call_host_update_master_tpm( void *io_pArgs )
 {
     ISTEP_ERROR::IStepError l_stepError;
 
-    TRACDCOMP( ISTEPS_TRACE::g_trac_isteps_trace,
+    TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace,
                "call_host_update_master_tpm entry" );
 
     errlHndl_t l_err = nullptr;
@@ -67,10 +69,28 @@ void* call_host_update_master_tpm( void *io_pArgs )
         ERRORLOG::errlCommit( l_err, SECURE_COMP_ID );
     }
 
-    TRACDCOMP( ISTEPS_TRACE::g_trac_isteps_trace,
-               "call_host_update_master_tpm exit" );
+    // Check for Physical Presence
+#ifdef CONFIG_PHYS_PRES_PWR_BUTTON
+    l_err = SECUREBOOT::detectPhysPresence();
+    if (l_err)
+    {
+        // @TODO RTC 210301 - Handle Error Log Correctly, but for now
+        // just delete it
+        TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace,
+                   "call_host_update_master_tpm: Error back from "
+                   "SECUREBOOT::detectPhysPresence: rc=0x%X, plid=0x%X. "
+                   "Deleting error for now",
+                   ERRL_GETRC_SAFE(l_err), ERRL_GETPLID_SAFE(l_err));
+        delete l_err;
+        l_err = nullptr;
+    }
+#endif
 
+    TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace,
+               "call_host_update_master_tpm exit" );
     return l_stepError.getErrorHandle();
+
+
 }
 
 };

src/usr/isteps/istep10/call_host_update_redundant_tpm.C

@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2015,2018                        */
+/* Contributors Listed Below - COPYRIGHT 2015,2019                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -40,6 +40,7 @@
 #include <util/algorithm.H>
 #include <istepHelperFuncs.H>
 #include <secureboot/trustedbootif.H>
+#include <secureboot/phys_presence_if.H>
 
 namespace ISTEP_10
 {
@@ -50,6 +51,7 @@ void* call_host_update_redundant_tpm (void *io_pArgs)
                 ENTER_MRK"call_host_update_redundant_tpm");
 
     ISTEP_ERROR::IStepError l_istepError;
+
 #ifdef CONFIG_TPMDD
     TARGETING::Target* l_backupTpm = nullptr;
 
@@ -67,6 +69,26 @@ void* call_host_update_redundant_tpm (void *io_pArgs)
     } while(0);
 #endif
 
+#ifdef CONFIG_PHYS_PRES_PWR_BUTTON
+    // Check to see if a Physical Presence Window should be opened,
+    // and if so, open it.  This could result in the system being shutdown
+    // to allow the system administrator to assert physical presence
+    errlHndl_t l_err = nullptr;
+    l_err = SECUREBOOT::handlePhysPresenceWindow();
+    if (l_err)
+    {
+        // @TODO RTC 210301 - Handle Error Log Correctly, but for now
+        // just delete it
+        TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace,
+                   "call_host_update_redundant_tpm: Error back from "
+                   "SECUREBOOT::handlePhysPresence: rc=0x%X, plid=0x%X. "
+                   "Deleting error for now",
+                   ERRL_GETRC_SAFE(l_err), ERRL_GETPLID_SAFE(l_err));
+        delete l_err;
+        l_err = nullptr;
+    }
+#endif
+
     TRACFCOMP(ISTEPS_TRACE::g_trac_isteps_trace,
                 EXIT_MRK"call_host_update_redundant_tpm");
 

src/usr/runtime/hdatstructs.H

@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2012,2018                        */
+/* Contributors Listed Below - COPYRIGHT 2012,2019                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -453,7 +453,10 @@ typedef struct sysSecSets
     // NOTE: This bit is labeled "Platform Security Overrides Allowed"
     // in the section 6.1.1 of HDAT spec.
     uint16_t sbeSecBackdoor : 1;
-    uint16_t reserved : 13;
+
+    // bit 3: "System Physical Presence has been asserted"
+    uint16_t physicalPresenceAsserted : 1;
+    uint16_t reserved : 12;
 } SysSecSets;
 
 #endif

src/usr/runtime/populate_hbruntime.C

@@ -1879,6 +1879,13 @@ errlHndl_t populate_hbSecurebootData ( void )
         // populate security override setting
         l_sysSecSets->sbeSecBackdoor = SECUREBOOT::getSbeSecurityBackdoor();
 
+        // populate "System Physical Presence has been asserted"
+        TARGETING::Target* sys = nullptr;
+        TARGETING::targetService().getTopLevelTarget( sys );
+        assert(sys != nullptr, "populate_hbSecurebootData() - Could not obtain top level target");
+        l_sysSecSets->physicalPresenceAsserted =
+            sys->getAttr<TARGETING::ATTR_PHYS_PRES_ASSERTED>();
+
         // populate TPM config bits in hdat
         bool tpmRequired = false;
 #ifdef CONFIG_TPMDD

src/usr/secureboot/HBconfig

@@ -22,3 +22,17 @@ config TPM_NVIDX_VALIDATE
     depends on TPMDD
     help
         Validate TPM MFG NV Index Provisioning during IPL
+
+config PHYS_PRES_PWR_BUTTON
+    default n
+    depends on !PHYS_PRES_JUMPER
+    help
+        Support asserting Physical Presence via pushing the Power Button
+        on the system
+
+config PHYS_PRES_JUMPER
+    default n
+    depends on !PHYS_PRES_PRW_BUTTON
+    help
+        Support asserting Physical Presence via a jumper on the TPM Card
+        Currently not supported.

src/usr/secureboot/ext/makefile

@@ -5,7 +5,7 @@
 #
 # OpenPOWER HostBoot Project
 #
-# Contributors Listed Below - COPYRIGHT 2013,2018
+# Contributors Listed Below - COPYRIGHT 2013,2019
 # [+] International Business Machines Corp.
 #
 #
@@ -30,6 +30,7 @@ PERV_HWP_PATH = $(ROOTPATH)/src/import/chips/p9/procedures/hwp/perv
 
 OBJS += $(if $(CONFIG_DRTM),drtm.o)
 OBJS += $(if $(CONFIG_SECUREBOOT), service_ext.o)
+OBJS += $(if $(CONFIG_PHYS_PRES_PWR_BUTTON), phys_presence.o)
 
 VPATH += $(PERV_HWP_PATH)