Add Support for TPM Message Queue Flushing

Add a synchronous message handler to TPM daemon. This message
handler is used to make sure that all of the traces are flushed
before the daemon is shut down.

Change-Id: Ibb8ea2fd12d7ded9e43f284ff44c1791e61d8767
CQ:SW435287
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/55223
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

src/include/usr/secureboot/trustedboot_reasoncodes.H

@@ -58,6 +58,7 @@ namespace TRUSTEDBOOT
         MOD_TPM_SYNCRESPONSE                = 0x0C,
         MOD_TPM_SEPARATOR                   = 0x0D,
         MOD_TPM_CMD_GETCAPNVINDEX           = 0x0E,
+        MOD_FLUSH_TPM_QUEUE                 = 0x0F,
         MOD_TPMLOGMGR_INITIALIZE            = 0x10,
         MOD_TPMLOGMGR_ADDEVENT              = 0x11,
         MOD_TPMLOGMGR_INITIALIZEEXISTLOG    = 0x12,

src/include/usr/secureboot/trustedbootif.H

@@ -341,6 +341,14 @@ namespace TRUSTEDBOOT
      */
     bool isTpmRequired();
 
+    /**
+     * @brief Send the synchronous flush queue message to the TPM daemon
+     *
+     * @return errlHndl_t nullptr if successful, otherwise a pointer to the
+     *      error log.
+     */
+    errlHndl_t flushTpmQueue();
+
 } // end TRUSTEDBOOT namespace
 
 

src/usr/initservice/istepdispatcher/istepdispatcher.C

@@ -82,6 +82,7 @@
 #include <trace/trace.H>
 #include <util/utilmbox_scratch.H>
 #include <secureboot/service.H>
+#include <secureboot/trustedbootif.H>
 #include <p9_perst_phb.H>
 #include <plat_hwp_invoker.H>
 #include <ipcSp.H>
@@ -2167,6 +2168,15 @@ void IStepDispatcher::handleProcFabIovalidMsg(msg_t * & io_pMsg)
                 errlCommit(err, INITSVC_COMP_ID);
             }
 
+            err = TRUSTEDBOOT::flushTpmQueue();
+            if(err)
+            {
+                TRACFCOMP(g_trac_initsvc,
+                          "ERROR: TPM message queue flushing failed. The system"
+                          " may experience a hang condition.");
+                errlCommit(err, INITSVC_COMP_ID);
+            }
+
             //cpu_all_winkle is a system call.. After the system call,
             //the cpu are all hung at that instruction. After the fsp
             //wake us up, we will resume execution from the next instruction

src/usr/secureboot/trusted/base/trustedbootMsg.H

@@ -53,6 +53,7 @@ namespace TRUSTEDBOOT
         MSG_TYPE_NOOP,
         MSG_TYPE_PCREXTEND,
         MSG_TYPE_SEPARATOR,
+        MSG_TYPE_FLUSH,
         MSG_TYPE_SHUTDOWN,
         MSG_TYPE_INIT_BACKUP_TPM,
         MSG_TYPE_GETRANDOM,

src/usr/secureboot/trusted/base/trustedboot_base.C

@@ -802,4 +802,52 @@ errlHndl_t testCmpPrimaryAndBackupTpm()
     return l_err;
 }
 
+errlHndl_t flushTpmQueue()
+{
+    errlHndl_t l_errl = nullptr;
+#ifdef CONFIG_TPMDD
+    TRACFCOMP(g_trac_trustedboot, ENTER_MRK"flushTpmQueue()");
+
+    Message* l_msg = Message::factory(MSG_TYPE_FLUSH,
+                                      0,
+                                      nullptr,
+                                      MSG_MODE_SYNC);
+
+    assert(l_msg != nullptr, "TPM flush message is nullptr");
+
+    int l_rc = msg_sendrecv(systemData.msgQ, l_msg->iv_msg);
+    if(l_rc)
+    {
+       /*@
+        * @errortype       ERRL_SEV_UNRECOVERABLE
+        * @moduleid        MOD_FLUSH_TPM_QUEUE
+        * @reasoncode      RC_SENDRECV_FAIL
+        * @userdata1       rc from msq_sendrecv()
+        * @devdesc         msg_sendrecv() failed trying to send flush message to
+        *                  TPM daemon
+        * @custdesc        Trusted boot failure
+        */
+        l_errl = new ERRORLOG::ErrlEntry(ERRORLOG::ERRL_SEV_UNRECOVERABLE,
+                                         MOD_FLUSH_TPM_QUEUE,
+                                         RC_SENDRECV_FAIL,
+                                         l_rc,
+                                         0,
+                                         true);
+        l_errl->collectTrace(SECURE_COMP_NAME);
+        l_errl->collectTrace(TRBOOT_COMP_NAME);
+    }
+    else
+    {
+        l_errl = l_msg->iv_errl;
+        l_msg->iv_errl = nullptr;
+    }
+
+    delete l_msg;
+    l_msg = nullptr;
+
+    TRACFCOMP(g_trac_trustedboot, EXIT_MRK"flushTpmQueue()");
+#endif
+    return l_errl;
+}
+
 } // end TRUSTEDBOOT

src/usr/secureboot/trusted/trustedboot.C

@@ -1488,8 +1488,7 @@ void* tpmDaemon(void* unused)
                       // Add the separator to this TPM,
                       // if an error occurs the TPM will
                       //  be marked as failed and the error log committed
-                      TRUSTEDBOOT::pcrExtendSeparator(
-                                   tpm);
+                      TRUSTEDBOOT::pcrExtendSeparator(tpm);
                   }
 
                   // Lastly make sure we are in a state
@@ -1537,7 +1536,6 @@ void* tpmDaemon(void* unused)
 
                   err = tpmTransmitCommand(l_pTpm, dataBuf, dataSize,
                                            TPM_LOCALITY_0);
-
                   if (err != nullptr)
                   {
                       TRACFCOMP( g_trac_trustedboot,
@@ -1571,6 +1569,12 @@ void* tpmDaemon(void* unused)
                   }
               }
               break;
+          case TRUSTEDBOOT::MSG_TYPE_FLUSH:
+              {
+                  TRACFCOMP(g_trac_trustedboot, "Flushing TPM message queue");
+              }
+              break;
+
           default:
             assert(false, "Invalid msg command");
             break;