Skip to content

Commit

Permalink
Marked Failed TPMs Unusable For Alignment Check
Browse files Browse the repository at this point in the history 
Set the TPM_UNUSABLE attribute for TPMs that failed. This attribute
will be used by FSP during alignment check, so it is important
to reflect the current TPM availability situation. Note that backup
TPM is marked as unusable in istep 6.8, and then re-checked in
istep 10.14.

Change-Id: I32347c542cb4cd09c04bea7f8a9275881d204dfb
RTC: 191163
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/58529
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
  • Loading branch information
@dcrowell77
Ilya Smirnov authored and dcrowell77 committed May 22, 2018
1 parent 70e337a commit d55d64a
Showing 1 changed file with 18 additions and 6 deletions.
24 changes: 18 additions & 6 deletions src/usr/secureboot/trusted/trustedboot.C
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,8 +193,8 @@ bool functionalPrimaryTpmExists()
[&presentAndFunctional, &initialized, &isPrimaryTpm](
const TARGETING::Target* const i_pTpm)
{
return (isPrimaryTpm(i_pTpm) && (presentAndFunctional(i_pTpm)
|| !initialized(i_pTpm)));
return (isPrimaryTpm(i_pTpm) &&
(presentAndFunctional(i_pTpm) || !initialized(i_pTpm)));
});

exists = (itr!=tpmList.end()) ? true : false;
Expand Down Expand Up @@ -324,6 +324,7 @@ void* host_update_master_tpm( void *io_pArgs )
!primaryHwasState.present)
{
primaryTpmAvail = false;
pPrimaryTpm->setAttr<TARGETING::ATTR_TPM_UNUSABLE>(true);
}
}

Expand Down Expand Up @@ -414,13 +415,15 @@ void* host_update_master_tpm( void *io_pArgs )
{
TRACUCOMP( g_trac_trustedboot,
"host_update_master_tpm() - "
"Primary TPM Present:%d Functional:%d Init Attempted:%d",
"Primary TPM Present:%d Functional:%d Init Attempted:%d"
" Usable:%d",
pPrimaryTpm->getAttr<TARGETING::ATTR_HWAS_STATE>().
present,
pPrimaryTpm->getAttr<TARGETING::ATTR_HWAS_STATE>().
functional,
pPrimaryTpm->getAttr<
TARGETING::ATTR_HB_TPM_INIT_ATTEMPTED>());
TARGETING::ATTR_HB_TPM_INIT_ATTEMPTED>(),
!(pPrimaryTpm->getAttr<TARGETING::ATTR_TPM_UNUSABLE>()));
}

TARGETING::Target* pBackupTpm = nullptr;
Expand All @@ -429,14 +432,16 @@ void* host_update_master_tpm( void *io_pArgs )
{
TRACUCOMP( g_trac_trustedboot,
"host_update_master_tpm() - "
"Backup TPM Present:%d Functional:%d Init Attempted:%d. "
"Backup TPM Present:%d Functional:%d Init Attempted:%d "
"Usable: %d. "
"Backup TPM initialization is deferred to istep 10.14.",
pBackupTpm->getAttr<TARGETING::ATTR_HWAS_STATE>().
present,
pBackupTpm->getAttr<TARGETING::ATTR_HWAS_STATE>().
functional,
pBackupTpm->getAttr<
TARGETING::ATTR_HB_TPM_INIT_ATTEMPTED>());
TARGETING::ATTR_HB_TPM_INIT_ATTEMPTED>(),
!(pPrimaryTpm->getAttr<TARGETING::ATTR_TPM_UNUSABLE>()));
}

TRACDCOMP( g_trac_trustedboot,
Expand Down Expand Up @@ -998,6 +1003,9 @@ void tpmMarkFailed(TpmTarget* const i_pTpm,
i_pTpm->setAttr<
TARGETING::ATTR_HWAS_STATE>(hwasState);

// Mark the TPM as unusable so that FSP can perform alignment check
i_pTpm->setAttr<TARGETING::ATTR_TPM_UNUSABLE>(true);

#ifdef CONFIG_SECUREBOOT
TARGETING::Target* l_tpm = i_pTpm;

Expand Down Expand Up @@ -1374,6 +1382,10 @@ void doInitBackupTpm()
if(l_backupTpm)
{
l_backupTpm->setAttr<TARGETING::ATTR_HB_TPM_INIT_ATTEMPTED>(true);
auto l_backupHwasState = l_backupTpm->getAttr<
TARGETING::ATTR_HWAS_STATE>();
l_backupTpm->setAttr<TARGETING::ATTR_TPM_UNUSABLE>(
!(l_backupHwasState.present && l_backupHwasState.functional));
}
}

Expand Down

0 comments on commit d55d64a

Please sign in to comment.