Skip to content

Commit

Permalink
Secureboot: Enhance Error Callouts For New Multinode Trustedboot Tran…
Browse files Browse the repository at this point in the history 
…sfer

This commit adds many checks to callout potential issues with the new
multinode trustedboot transfer protocol.  It also improves some
TPM-related traces.

Change-Id: Ice3f8be0668cc63321eeb2562bb8ffe610284b6a
RTC:203642
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/72363
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Ilya Smirnov <ismirno@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
  • Loading branch information
@mabaiocchi @dcrowell77
mabaiocchi authored and dcrowell77 committed Mar 5, 2019
1 parent eeb5732 commit d74d393
Show file tree
Hide file tree
Showing 7 changed files with 336 additions and 74 deletions.
9 changes: 8 additions & 1 deletion src/include/usr/secureboot/secure_reasoncodes.H
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,8 @@ namespace SECUREBOOT
MOD_NC_GEN_SLAVE_RESPONSE = 0x2B,
MOD_NC_GEN_MASTER_REQUEST = 0x2C,
MOD_NC_PROCESS_SLAVE_QUOTE = 0x2D,
MOD_NCT_SEND = 0x2E,
MOD_NCT_RECEIVE = 0x2F,
};

enum SECUREReasonCode
Expand Down Expand Up @@ -98,7 +100,7 @@ namespace SECUREBOOT
RC_COULD_NOT_ALLOCATE_SMF_MEM = SECURE_COMP_ID | 0x17,
RC_ALLOCATED_NE_REQUESTED = SECURE_COMP_ID | 0x18,

// Use 0x20-0x2F range for Node Communications
// Use 0x20-0x3F range for Node Communications
RC_NCDD_HW_ERROR_FOUND = SECURE_COMP_ID | 0x20,
RC_NCDD_CMD_COMP_TIMEOUT = SECURE_COMP_ID | 0x21,
RC_NC_DATA_MISCOMPARE = SECURE_COMP_ID | 0x22,
Expand All @@ -115,6 +117,11 @@ namespace SECUREBOOT
RC_NC_NO_PRIMARY_TPM_LOG = SECURE_COMP_ID | 0x2D,
RC_NC_BAD_MASTER_EYE_CATCH = SECURE_COMP_ID | 0x2E,
RC_NC_BAD_SLAVE_QUOTE = SECURE_COMP_ID | 0x2F,
RC_NCDD_INVALID_OP_TYPE = SECURE_COMP_ID | 0x30,
RC_NCT_TYPE_SIZE_MISMATCH = SECURE_COMP_ID | 0x31,
RC_NCT_ACK_MISMATCH = SECURE_COMP_ID | 0x32,
RC_NCT_INITIATION_MISMATCH = SECURE_COMP_ID | 0x33,
RC_NCEX_NO_FUNCTIONAL_PRIMARY_TPM = SECURE_COMP_ID | 0x34,

// Reason codes 0xA0 - 0xEF reserved for trustedboot_reasoncodes.H
};
Expand Down
14 changes: 11 additions & 3 deletions src/usr/i2c/tpmdd.C
View file
Original file line number Diff line number Diff line change
Expand Up @@ -693,7 +693,8 @@ bool tpmPresence (TARGETING::Target* i_pTpm)

ERRORLOG::ErrlUserDetailsTarget(i_pTpm).addToLog(pError);

const auto plid = pError->plid();
const auto original_eid = pError->eid();
const auto original_plid = pError->plid();
pError->setSev(ERRORLOG::ERRL_SEV_UNRECOVERABLE);
errlCommit(pError,TPMDD_COMP_ID);

Expand Down Expand Up @@ -721,9 +722,16 @@ bool tpmPresence (TARGETING::Target* i_pTpm)
get_huid(i_pTpm),
0,
ERRORLOG::ErrlEntry::NO_SW_CALLOUT);
pError->plid(plid);
pError->plid(original_plid);
ERRORLOG::ErrlUserDetailsTarget(i_pTpm).addToLog(pError);

TRACFCOMP(g_trac_tpmdd, ERR_MRK
"tpmPresence: Due to Error eid=0x%.8X plid=0x%.8X involving "
"TPM with HUID=0x%08X, committing Unrecoverable Error "
"eid=0x%.8X with same plid=0x%.8X",
original_eid, original_plid, TARGETING::get_huid(i_pTpm),
pError->eid(), pError->plid());

// Hardware/Procedure callouts/trace should have been added to the
// original log but the main HW/SW callouts/traces are replicated here
// just in case.
Expand Down Expand Up @@ -1852,7 +1860,7 @@ errlHndl_t tpmReadAttributes ( TARGETING::Target * i_target,

// Printing mux info separately, if combined, nothing is displayed
char* l_muxPath = io_tpmInfo.i2cMuxPath.toString();
TRACFCOMP(g_trac_tpmdd, "tpmReadAttributes(): "
TRACUCOMP(g_trac_tpmdd, "tpmReadAttributes(): "
"muxSelector=0x%X, muxPath=%s",
io_tpmInfo.i2cMuxBusSelector,
l_muxPath);
Expand Down
28 changes: 26 additions & 2 deletions src/usr/secureboot/node_comm/node_comm_dd.C
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,8 +108,32 @@ errlHndl_t nodeCommPerformOp( DeviceFW::OperationType i_opType,
do
{

// Verify OP type
if ( (i_opType != DeviceFW::READ) &&
(i_opType != DeviceFW::WRITE) )
{
TRACFCOMP( g_trac_nc,ERR_MRK"nodeCommPerformOp: Invalid opType: 0x%X",
i_opType);
/*@
* @errortype
* @moduleid MOD_NCDD_PERFORM_OP
* @reasoncode RC_NCDD_INVALID_OP_TYPE
* @userdata1 Operation type
* @userdata2 Input Target HUID
* @devdesc NodeComm DD invalid operation type
* @custdesc Trusted Boot failure
*/
err = new ERRORLOG::ErrlEntry(
ERRORLOG::ERRL_SEV_UNRECOVERABLE,
MOD_NCDD_PERFORM_OP,
RC_NCDD_INVALID_OP_TYPE,
i_opType,
node_comm_args.tgt_huid,
ERRORLOG::ErrlEntry::ADD_SW_CALLOUT);
break;
}

// Check other input parameters
// @TODO RTC 203642 add check that i_opType is only READ or WRITE
const auto max_linkId = (mode==NCDD_MODE_ABUS)
? NCDD_MAX_ABUS_LINK_ID
: NCDD_MAX_XBUS_LINK_ID;
Expand Down Expand Up @@ -149,7 +173,7 @@ errlHndl_t nodeCommPerformOp( DeviceFW::OperationType i_opType,
node_comm_args.mboxId),
reinterpret_cast<uint64_t>(
node_comm_args.data_ptr),
true /*Add HB SW Callout*/ );
ERRORLOG::ErrlEntry::ADD_SW_CALLOUT );
break;
}

Expand Down
89 changes: 54 additions & 35 deletions src/usr/secureboot/node_comm/node_comm_exchange.C
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,49 +134,61 @@ errlHndl_t nodeCommAbusGetRandom(uint64_t & o_nonce)
errlHndl_t err = nullptr;
o_nonce = NODE_COMM_DEFAULT_NONCE;
Target* tpm_tgt = nullptr;
TargetHandleList tpmTargetList;

TRACUCOMP(g_trac_nc,ENTER_MRK"nodeCommAbusGetRandom:");

do
{

// Get all possible functional TPMs
TRUSTEDBOOT::getTPMs(tpmTargetList);
// Can only use the functional Primary TPM
// This function call requires the CONFIG check for compilation purposes,
// but no extra error handling is needed as it should not have gotten this
// far if CONFIG_TPMDD wasn't set
#ifdef CONFIG_TPMDD
TRUSTEDBOOT::getPrimaryTpm(tpm_tgt);
#endif
HwasState hwasState{};
if(tpm_tgt)
{
hwasState = tpm_tgt->getAttr<TARGETING::ATTR_HWAS_STATE>();
TRACUCOMP(g_trac_nc,INFO_MRK
"TPM HUID 0x%08X has state of {present=%d, "
"functional=%d}",
get_huid(tpm_tgt),
hwasState.present,hwasState.functional);

if (tpmTargetList.size() == 0)
}

if ((tpm_tgt == nullptr) ||
(hwasState.functional == false))
{
TRACFCOMP(g_trac_nc,ERR_MRK"nodeCommAbusGetRandom: no functional "
"TPMs found - tpmTargetList.size() = %d - Committing "
"predictive error. Continuing using default nonce=0x%.16llX",
tpmTargetList.size(), o_nonce);
"Primary TPM: huid=0x%.08X: functional=%d",
get_huid(tpm_tgt), hwasState.functional);

/*@
* @errortype
* @reasoncode RC_NCEX_NO_FUNCTIONAL_TPMS
* @reasoncode RC_NCEX_NO_FUNCTIONAL_PRIMARY_TPM
* @moduleid MOD_NCEX_GET_RANDOM
* @userdata1 <Unused>
* @userdata2 <Unused>
* @devdesc No functional TPMs were found
* @userdata1 TPM Target HUID
* @userdata2[0:31] TPM Target HWAS State Present
* @userdata2[31:63] TPM Target HWAS State Functional
* @devdesc Functional Primary TPM was not found
* @custdesc Trusted Boot failure
*/
err = new ERRORLOG::ErrlEntry( ERRORLOG::ERRL_SEV_PREDICTIVE,
MOD_NCEX_GET_RANDOM,
RC_NCEX_NO_FUNCTIONAL_TPMS,
0,
0,
true /*Add HB SW Callout*/ );

// err commited outside of do-while loop below
RC_NCEX_NO_FUNCTIONAL_PRIMARY_TPM,
get_huid(tpm_tgt),
TWO_UINT32_TO_UINT64(
hwasState.present,
hwasState.functional),
ERRORLOG::ErrlEntry::ADD_SW_CALLOUT );

// break here to skip calling GetRandom() below
break;
}

// Use first of functional TPM target list
// @TODO RTC 203642 Update this to use Primary TPM
tpm_tgt = tpmTargetList[0];

// This function call requires the CONFIG check for compilation purposes,
// but no extra error handling is needed as it should not have gotten this
// far if CONFIG_TPMDD wasn't set
Expand Down Expand Up @@ -206,10 +218,8 @@ errlHndl_t nodeCommAbusGetRandom(uint64_t & o_nonce)

if (err)
{
err->collectTrace(SECURE_COMP_NAME);
err->collectTrace(NODECOMM_TRACE_NAME);
err->collectTrace(TRBOOT_COMP_NAME);
errlCommit(err, SECURE_COMP_ID);
err->collectTrace(NODECOMM_TRACE_NAME);
}

TRACFCOMP(g_trac_nc,EXIT_MRK"nodeCommAbusGetRandom: "
Expand Down Expand Up @@ -591,6 +601,10 @@ errlHndl_t nodeCommGenSlaveQuoteResponse(const MasterQuoteRequestBlob* const i_r
{
// There was some error; allocate the output buffer just big enough
// for an eye catcher and node ID
TRACFCOMP(g_trac_nc,ERR_MRK"nodeCommGenSlaveQuoteResponse: An error "
"occurred during slave quote composition. Sending NDNOTPM_ "
"back Master Node after poisoning all TPMs on this node");

NCEyeCatcher_t l_badEyeCatcher = NDNOTPM_;
o_resp = new uint8_t[sizeof(l_badEyeCatcher) + sizeof(l_nodeId)]{};
memcpy(o_resp, &l_badEyeCatcher, sizeof(l_badEyeCatcher));
Expand Down Expand Up @@ -888,10 +902,10 @@ errlHndl_t nodeCommAbusExchangeMaster(const master_proc_info_t & i_mProcInfo,

TRACFCOMP(g_trac_nc,INFO_MRK"nodeCommAbusExchangeMaster: Loop 1: "
"my: linkId=%d, mboxId=%d, ObusInstance=%d. "
"expected peer: linkId=%d, mboxId=%d, ObusInstance=%d.",
"expected peer: n%d linkId=%d, mboxId=%d, ObusInstance=%d",
my_linkId, my_mboxId, l_obus.myObusInstance,
expected_peer_linkId, expected_peer_mboxId,
l_obus.peerObusInstance);
l_obus.peerNodeInstance, expected_peer_linkId,
expected_peer_mboxId, l_obus.peerObusInstance);

// Get random number from TPM
msg_format_t msg_data;
Expand All @@ -916,6 +930,7 @@ errlHndl_t nodeCommAbusExchangeMaster(const master_proc_info_t & i_mProcInfo,
err = nodeCommTransferSend(i_mProcInfo.tgt,
my_linkId,
my_mboxId,
l_obus.peerNodeInstance,
NCT_TRANSFER_SBID,
reinterpret_cast<uint8_t*>
(&(msg_data.value)),
Expand All @@ -924,7 +939,7 @@ errlHndl_t nodeCommAbusExchangeMaster(const master_proc_info_t & i_mProcInfo,
if (err)
{
TRACFCOMP(g_trac_nc,ERR_MRK"nodeCommAbusExchangeMaster: Loop 1: "
"nodeCommAbusTransferSend returned an error");
"nodeCommTransferSend returned an error");
break;
}

Expand All @@ -949,6 +964,7 @@ errlHndl_t nodeCommAbusExchangeMaster(const master_proc_info_t & i_mProcInfo,
err = nodeCommTransferRecv(i_mProcInfo.tgt,
my_linkId,
my_mboxId,
l_obus.peerNodeInstance,
NCT_TRANSFER_SBID,
data_rcv_buffer,
data_rcv_size);
Expand All @@ -963,7 +979,6 @@ errlHndl_t nodeCommAbusExchangeMaster(const master_proc_info_t & i_mProcInfo,
assert(data_rcv_buffer!=nullptr,"nodeCommAbusExchangeMaster: Loop 1: data_rcv_buffer returned as nullptr");

// Add receiver Link Id to the message data
// @TODO RTC 203642 Check that data_rcv_size == sizeof(uint64_t)
// here and in other places where SBID is handled
memcpy(&(msg_data.value), data_rcv_buffer, data_rcv_size);
msg_data.receiver_linkId = my_linkId;
Expand Down Expand Up @@ -1033,6 +1048,7 @@ errlHndl_t nodeCommAbusExchangeMaster(const master_proc_info_t & i_mProcInfo,
err = nodeCommTransferSend(i_mProcInfo.tgt,
my_linkId,
my_mboxId,
l_obus.peerNodeInstance,
NCT_TRANSFER_QUOTE_REQUEST,
reinterpret_cast<uint8_t*>
(&quote_request),
Expand All @@ -1041,7 +1057,7 @@ errlHndl_t nodeCommAbusExchangeMaster(const master_proc_info_t & i_mProcInfo,
if (err)
{
TRACFCOMP(g_trac_nc,ERR_MRK"nodeCommAbusExchangeMaster: Loop 2: "
"nodeCommAbusTransferSend returned an error");
"nodeCommTransferSend returned an error");
break;
}

Expand All @@ -1055,6 +1071,7 @@ errlHndl_t nodeCommAbusExchangeMaster(const master_proc_info_t & i_mProcInfo,
err = nodeCommTransferRecv(i_mProcInfo.tgt,
my_linkId,
my_mboxId,
l_obus.peerNodeInstance,
NCT_TRANSFER_QUOTE_RESPONSE,
data_rcv_buffer,
data_rcv_size);
Expand Down Expand Up @@ -1155,6 +1172,7 @@ errlHndl_t nodeCommAbusExchangeSlave(const master_proc_info_t & i_mProcInfo,
err = nodeCommTransferRecv(i_mProcInfo.tgt,
my_linkId,
my_mboxId,
i_obus_instance.peerNodeInstance,
NCT_TRANSFER_SBID,
data_buffer,
data_size);
Expand Down Expand Up @@ -1221,6 +1239,7 @@ errlHndl_t nodeCommAbusExchangeSlave(const master_proc_info_t & i_mProcInfo,
err = nodeCommTransferSend(i_mProcInfo.tgt,
my_linkId,
my_mboxId,
i_obus_instance.peerNodeInstance,
NCT_TRANSFER_SBID,
reinterpret_cast<uint8_t*>
(&(msg_data.value)),
Expand Down Expand Up @@ -1254,6 +1273,7 @@ errlHndl_t nodeCommAbusExchangeSlave(const master_proc_info_t & i_mProcInfo,
err = nodeCommTransferRecv(i_mProcInfo.tgt,
my_linkId,
my_mboxId,
i_obus_instance.peerNodeInstance,
NCT_TRANSFER_QUOTE_REQUEST,
data_buffer,
data_size);
Expand All @@ -1267,8 +1287,6 @@ errlHndl_t nodeCommAbusExchangeSlave(const master_proc_info_t & i_mProcInfo,
// sanity check here to be certain
assert(data_buffer!=nullptr,"nodeCommAbusExchangeSlave: data_buffer returned as nullptr");

// @TODO 203642 check that size back is size of MasterQuoteRequestBlob

// Cast the data received into a MasterQuoteRequestBlob
MasterQuoteRequestBlob quote_request{};
memcpy(&quote_request, data_buffer, data_size);
Expand Down Expand Up @@ -1297,14 +1315,15 @@ errlHndl_t nodeCommAbusExchangeSlave(const master_proc_info_t & i_mProcInfo,
err = nodeCommTransferSend(i_mProcInfo.tgt,
my_linkId,
my_mboxId,
i_obus_instance.peerNodeInstance,
NCT_TRANSFER_QUOTE_RESPONSE,
data_buffer,
data_size);

if (err)
{
TRACFCOMP(g_trac_nc,ERR_MRK"nodeCommAbusExchangeSlave: "
"nodeCommAbusTransferSend returned an error");
"nodeCommTransferSend returned an error");
break;
}

Expand Down Expand Up @@ -1431,7 +1450,7 @@ errlHndl_t nodeCommAbusExchange(void)
RC_NCEX_INVALID_PHYS_PATH,
get_huid(mProcInfo.tgt),
0,
true /*Add HB SW Callout*/ );
ERRORLOG::ErrlEntry::ADD_SW_CALLOUT );

ERRORLOG::ErrlUserDetailsStringSet path;
path.add("mProc PHYS Entity Path", l_phys_path_str);
Expand Down Expand Up @@ -1654,7 +1673,7 @@ errlHndl_t nodeCommAbusExchange(void)
TWO_UINT32_TO_UINT64(
obus_instances.size(),
total_nodes),
true /*Add HB SW Callout*/ );
ERRORLOG::ErrlEntry::ADD_SW_CALLOUT );

break;
}
Expand Down

0 comments on commit d74d393

Please sign in to comment.