Emit an Error Log When TPM_UNUSABLE Is Set

Create and commit an error log when TPMs are marked TPM_UNUSABLE so that the customer knows that some of the TPMs on their system are not functional. Change-Id: I079806ee7513e5da0a1ee66488cd7883d1fd4568 CQ: SW490773 Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/95818 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M Crowell <dcrowell@us.ibm.com>
open-power · May 13, 2020 · d4e6913 · d4e6913
1 parent 598923e
commit d4e6913
Show file tree

Hide file tree

Showing 3 changed files with 89 additions and 8 deletions.
diff --git a/src/include/usr/secureboot/trustedboot_reasoncodes.H b/src/include/usr/secureboot/trustedboot_reasoncodes.H
@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2015,2019                        */
+/* Contributors Listed Below - COPYRIGHT 2015,2020                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -80,6 +80,7 @@ namespace TRUSTEDBOOT
         MOD_PCR_READ                        = 0x22,
         MOD_EXPAND_TPM_LOG                  = 0x23,
         MOD_TPM_CMD_EXPAND_TPM_LOG          = 0x24,
+        MOD_MARK_TPM_UNUSABLE               = 0x25,
    };
 
     enum TRUSTEDReasonCode
@@ -117,6 +118,7 @@ namespace TRUSTEDBOOT
         RC_RAND_NUM_TOO_BIG              = TRBOOT_COMP_ID | 0xBB,
         RC_TPM_BAD_RESP                  = TRBOOT_COMP_ID | 0xBC,
         RC_NO_TPM_LOG_MGR                = TRBOOT_COMP_ID | 0xBD,
+        RC_TPM_IS_UNUSABLE               = TRBOOT_COMP_ID | 0xBE,
     };
 #ifdef __cplusplus
 }

diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C
@@ -381,10 +381,7 @@ void* host_update_master_tpm( void *io_pArgs )
                 primaryTpmAvail = false;
                 if(isTpmRequired())
                 {
-                    TRACFCOMP(g_trac_trustedboot,ERR_MRK
-                        "Marking Primary TPM HUID 0x%08X as unusable",
-                        TARGETING::get_huid(pPrimaryTpm));
-                    pPrimaryTpm->setAttr<TARGETING::ATTR_TPM_UNUSABLE>(true);
+                    markTpmUnusable(pPrimaryTpm);
                 }
             }
         }
@@ -1145,7 +1142,7 @@ void tpmMarkFailed(TpmTarget* const i_pTpm,
     if(isTpmRequired())
     {
         // Mark the TPM as unusable so that FSP can perform alignment check
-        i_pTpm->setAttr<TARGETING::ATTR_TPM_UNUSABLE>(true);
+        markTpmUnusable(i_pTpm, io_err);
     }
 
     #ifdef CONFIG_SECUREBOOT
@@ -1574,7 +1571,7 @@ void doInitBackupTpm()
 
             if(!l_backupHwasState.present || !l_backupHwasState.functional)
             {
-                l_backupTpm->setAttr<TARGETING::ATTR_TPM_UNUSABLE>(true);
+                markTpmUnusable(l_backupTpm);
             }
         }
     }
@@ -2422,4 +2419,75 @@ errlHndl_t poisonAllTpms()
     return l_errl;
 }
 
+void markTpmUnusable(TARGETING::Target* i_tpm,
+                     const errlHndl_t i_associatedErrl)
+{
+    do {
+
+    if(i_tpm->getAttr<TARGETING::ATTR_TPM_UNUSABLE>())
+    {
+        TRACFCOMP(g_trac_trustedboot, "TPM HUID 0x%08x is already set as UNUSABLE; will not create additional error logs",
+                  TARGETING::get_huid(i_tpm));
+        break;
+    }
+
+    TRACFCOMP(g_trac_trustedboot, "Marking TPM HUID 0x%08x as UNUSABLE",
+              TARGETING::get_huid(i_tpm));
+    i_tpm->setAttr<TARGETING::ATTR_TPM_UNUSABLE>(true);
+    /* @
+     * @errortype
+     * @reasoncode RC_TPM_IS_UNUSABLE
+     * @moduleid   MOD_MARK_TPM_UNUSABLE
+     * @severity   ERRL_SEV_UNRECOVERABLE
+     * @userdata1  The HUID of the affected TPM
+     * @devdesc    One of the TPMs on the system has been diabled and flagged as
+     *             UNUSABLE. The affected TPM will remain UNUSABLE until it has
+     *             been explicitly re-enabled.  To re-enable the TPM, power the
+     *             system off, disable the TPM Required policy, and boot the
+     *             system.  With the TPM back in service, power the system off,
+     *             restore the original TPM Required policy, and boot one final
+     *             time.
+     *             Potential reasons:
+     *             - TPM was not detected present
+     *             - TPM was detected by later failed
+     *             - TPM was disabled by the OS due to error
+     * @custdesc   One of the TPMs on the system has been diabled and flagged as
+     *             UNUSABLE. The affected TPM will remain UNUSABLE until it has
+     *             been explicitly re-enabled.  To re-enable the TPM, power the
+     *             system off, disable the TPM Required policy, and boot the
+     *             system.  With the TPM back in service, power the system off,
+     *             restore the original TPM Required policy, and boot one final
+     *             time.
+     */
+    errlHndl_t l_errl =
+                   new ERRORLOG::ErrlEntry(ERRORLOG::ERRL_SEV_UNRECOVERABLE,
+                                           MOD_MARK_TPM_UNUSABLE,
+                                           RC_TPM_IS_UNUSABLE,
+                                           TARGETING::get_huid(i_tpm));
+    // High priority callout for TPM
+    l_errl->addHwCallout(i_tpm,
+                         HWAS::SRCI_PRIORITY_HIGH,
+                         HWAS::NO_DECONFIG,
+                         HWAS::GARD_NULL);
+
+    // Medium priority callout for Hostboot firmware
+    l_errl->addProcedureCallout(HWAS::EPUB_PRC_HB_CODE,
+                                HWAS::SRCI_PRIORITY_MED);
+
+    ERRORLOG::ErrlUserDetailsTarget(i_tpm).addToLog(l_errl);
+
+    l_errl->collectTrace(SECURE_COMP_NAME);
+    l_errl->collectTrace(TRBOOT_COMP_NAME);
+    l_errl->collectTrace(I2C_COMP_NAME);
+    l_errl->collectTrace(HWAS_COMP_NAME);
+
+    if(i_associatedErrl)
+    {
+        l_errl->plid(i_associatedErrl->plid());
+    }
+
+    errlCommit(l_errl, TRBOOT_COMP_ID);
+    }while(0);
+}
+
 } // end TRUSTEDBOOT
diff --git a/src/usr/secureboot/trusted/trustedboot.H b/src/usr/secureboot/trusted/trustedboot.H
@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2015,2019                        */
+/* Contributors Listed Below - COPYRIGHT 2015,2020                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -243,6 +243,17 @@ void getTpmWithRoleOf(
 bool getTpmRequiredSensorValue(
     bool& o_isTpmRequired);
 
+/**
+ * @brief Marks the input TPM as UNUSABLE and creates an unrecoverable errorlog
+ *        to notify the user of the system that a TPM has been marked UNUSABLE.
+ *        The error log is committed internally.
+ *
+ * @param[in] i_tpm the TPM to mark UNUSABLE
+ * @param[in] i_associatedErrl an error log that forced the TPM to be UNUSABLE;
+ *            default - nullptr.
+ */
+void markTpmUnusable(TARGETING::Target* i_tpm,
+                     const errlHndl_t i_associatedErrl = nullptr);
 
 } // end TRUSTEDBOOT namespace
 #endif