Secure Boot: Introduce key transition state node attribute

Key transitioning on FSP-based systems is problematic because the key transition process quiesces both SBEs then TIs, which prevents the FSP TI handler from being able to determine the TI reason when secure mode is enabled. This change introduces a new key transition state node attribute and enum which later commits will will use to inform FSP of status in the key transition flow Change-Id: I9f40a2b8aa2c797fffd437f20615fedf82ca3f99 CQ: SW418697 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/56676 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: ILYA SMIRNOV <ismirno@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
open-power · Apr 5, 2018 · db9ded1 · db9ded1
1 parent fef105c
commit db9ded1
Show file tree

Hide file tree

Showing 2 changed files with 60 additions and 0 deletions.
diff --git a/src/usr/targeting/common/xmltohb/attribute_types.xml b/src/usr/targeting/common/xmltohb/attribute_types.xml
@@ -6294,6 +6294,63 @@
     </enumerator>
 </enumerationType>
 
+<enumerationType>
+    <id>KEY_TRANSITION_STATE</id>
+    <description>
+        Enum indicating the current Secure Boot key transition state for the
+        node.
+    </description>
+    <enumerator>
+        <description>
+            Secure Boot key transition not yet requested for the node
+        </description>
+        <name>KEY_TRANSITION_NOT_REQUESTED</name>
+        <value>0</value>
+    </enumerator>
+    <enumerator>
+        <description>
+            About to write new system Secure Boot key to first SBE SEEPROM
+            side in the node
+        </description>
+        <name>KEY_TRANSITION_STARTED</name>
+        <value>1</value>
+    </enumerator>
+    <enumerator>
+        <description>
+            Failed to apply new system Secure Boot key to one or more functional
+            SBE SEEPROM sides in the node
+        </description>
+        <name>KEY_TRANSITION_FAILED</name>
+        <value>2</value>
+    </enumerator>
+    <enumerator>
+        <description>
+            Successfully applied new system Secure Boot key to every functional
+            SBE SEEPROM side in the node
+        </description>
+        <name>KEY_TRANSITION_SUCCEEDED</name>
+        <value>3</value>
+    </enumerator>
+</enumerationType>
+
+<attribute>
+  <description>
+    Attribute indicating the status of the Secure Boot key transition for
+    the node
+  </description>
+  <hasStringConversion></hasStringConversion>
+  <id>KEY_TRANSITION_STATE</id>
+  <persistency>volatile-zeroed</persistency>
+  <readable/>
+  <writeable/>
+  <simpleType>
+    <enumeration>
+      <id>KEY_TRANSITION_STATE</id>
+      <default>KEY_TRANSITION_NOT_REQUESTED</default>
+    </enumeration>
+  </simpleType>
+</attribute>
+
 <attribute>
     <id>FUSED_CORE_MODE_HB</id>
     <description>

diff --git a/src/usr/targeting/common/xmltohb/target_types.xml b/src/usr/targeting/common/xmltohb/target_types.xml
@@ -996,6 +996,9 @@
   <attribute>
     <id>FRU_ID</id>
   </attribute>
+  <attribute>
+    <id>KEY_TRANSITION_STATE</id>
+  </attribute>
   <attribute>
     <id>EEPROM_VPD_PRIMARY_INFO</id>
   </attribute>