[Skiboot] [PATCH v2 16/20] hdata/tpmrel.c: add firmware event log info to the tpm node

Claudio Carvalho cclaudio at linux.vnet.ibm.com
Sat Dec 9 15:52:30 AEDT 2017


This parses the firmware event log information from the
secureboot_tpm_info HDAT structure and add it to the tpm device tree
node.

There can be multiple secureboot_tpm_info entries with each entry
corresponding to a master processor that has a tpm device, however,
multiple tpm is not supported.

Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
---
 hdata/Makefile.inc       |   2 +-
 hdata/hdata.h            |   1 +
 hdata/spira.c            |   4 ++
 hdata/spira.h            |  33 ++++++++++++++
 hdata/test/hdata_to_dt.c |   1 +
 hdata/tpmrel.c           | 116 +++++++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 156 insertions(+), 1 deletion(-)
 create mode 100644 hdata/tpmrel.c

diff --git a/hdata/Makefile.inc b/hdata/Makefile.inc
index 5b79dfe..c17b04f 100644
--- a/hdata/Makefile.inc
+++ b/hdata/Makefile.inc
@@ -2,7 +2,7 @@
 
 SUBDIRS += hdata
 HDATA_OBJS = spira.o paca.o pcia.o hdif.o memory.o fsp.o iohub.o vpd.o slca.o
-HDATA_OBJS += cpu-common.o vpd-common.o hostservices.o i2c.o
+HDATA_OBJS += cpu-common.o vpd-common.o hostservices.o i2c.o tpmrel.o
 DEVSRC_OBJ = hdata/built-in.o
 
 $(DEVSRC_OBJ): $(HDATA_OBJS:%=hdata/%)
diff --git a/hdata/hdata.h b/hdata/hdata.h
index ce3719a..981affd 100644
--- a/hdata/hdata.h
+++ b/hdata/hdata.h
@@ -54,6 +54,7 @@ extern void slca_dt_add_sai_node(void);
 extern bool hservices_from_hdat(const void *fdt, size_t size);
 int parse_i2c_devs(const struct HDIF_common_hdr *hdr, int idata_index,
 	struct dt_node *xscom);
+extern void node_stb_parse(void);
 
 /* used to look up the device-tree node representing a slot */
 struct dt_node *find_slot_entry_node(struct dt_node *root, u32 entry_id);
diff --git a/hdata/spira.c b/hdata/spira.c
index f3976bd..a7a5176 100644
--- a/hdata/spira.c
+++ b/hdata/spira.c
@@ -1664,6 +1664,10 @@ int parse_hdat(bool is_opal)
 
 	add_stop_levels();
 
+	/* Parse node secure and trusted boot data */
+	if (proc_gen >= proc_gen_p9)
+		node_stb_parse();
+
 	prlog(PR_DEBUG, "Parsing HDAT...done\n");
 
 	return 0;
diff --git a/hdata/spira.h b/hdata/spira.h
index 17c6a2a..e2d45ab 100644
--- a/hdata/spira.h
+++ b/hdata/spira.h
@@ -1226,6 +1226,39 @@ struct ipmi_sensors {
 /* Idata index 1 : LED - sensors ID mapping data */
 #define IPMI_SENSORS_IDATA_LED		1
 
+/*
+ * Node Secure and Trusted Boot Related Data
+ */
+#define STB_HDIF_SIG	"TPMREL"
+
+/*
+ * Idata index 0 : Secure Boot and TPM Instance Info
+ *
+ * There can be multiple entries with each entry corresponding to
+ * a master processor that has a TPM device
+ */
+#define TPMREL_IDATA_SECUREBOOT_TPM_INFO	0
+
+struct secureboot_tpm_info {
+	__be32 chip_id;
+	__be32 dbob_id;
+	uint8_t locality1;
+	uint8_t locality2;
+	uint8_t locality3;
+	uint8_t locality4;
+#define TPM_PRESENT_AND_FUNCTIONAL	0x01
+#define TPM_PRESENT_AND_NOT_FUNCTIONAL	0x02
+#define TPM_NOT_PRESENT			0x03
+	uint8_t tpm_status;
+	uint8_t reserved[3];
+	/* zero indicates no tpm log data */
+	__be32 srtm_log_offset;
+	__be32 srtm_log_size;
+	/* zero indicates no tpm log data */
+	__be32 drtm_log_offset;
+	__be32 drtm_log_size;
+} __packed;
+
 static inline const char *cpu_state(u32 flags)
 {
 	switch ((flags & CPU_ID_VERIFY_MASK) >> CPU_ID_VERIFY_SHIFT) {
diff --git a/hdata/test/hdata_to_dt.c b/hdata/test/hdata_to_dt.c
index f597914..09e192e 100644
--- a/hdata/test/hdata_to_dt.c
+++ b/hdata/test/hdata_to_dt.c
@@ -139,6 +139,7 @@ static bool spira_check_ptr(const void *ptr, const char *file, unsigned int line
 #include "../slca.c"
 #include "../hostservices.c"
 #include "../i2c.c"
+#include "../tpmrel.c"
 #include "../../core/vpd.c"
 #include "../../core/device.c"
 #include "../../core/chip.c"
diff --git a/hdata/tpmrel.c b/hdata/tpmrel.c
new file mode 100644
index 0000000..5b6731f
--- /dev/null
+++ b/hdata/tpmrel.c
@@ -0,0 +1,116 @@
+/* Copyright 2013-2017 IBM Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * 	http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef pr_fmt
+#define pr_fmt(fmt) "TPMREL: " fmt
+#endif
+
+#include <skiboot.h>
+#include <device.h>
+
+#include "spira.h"
+#include "hdata.h"
+#include "hdif.h"
+
+static void tpmrel_add_firmware_event_log(const struct HDIF_common_hdr *hdif_hdr)
+{
+	const struct secureboot_tpm_info *stinfo;
+	struct dt_node *xscom, *node;
+	uint64_t addr;
+	int count, i;
+	unsigned int asize;
+
+	/* Are the hdat values populated? */
+	if (!HDIF_get_idata(hdif_hdr, TPMREL_IDATA_SECUREBOOT_TPM_INFO, &asize))
+		return;
+	if (asize < sizeof(struct HDIF_array_hdr)) {
+		prlog(PR_ERR, "secureboot_tpm_info idata not populated\n");
+		return;
+	}
+
+	count = HDIF_get_iarray_size(hdif_hdr, TPMREL_IDATA_SECUREBOOT_TPM_INFO);
+	if (count > 1) {
+		prlog(PR_ERR, "multiple TPM not supported, count=%d\n", count);
+		return;
+	}
+
+	/*
+	 * There can be multiple secureboot_tpm_info entries with each entry
+	 * corresponding to a master processor that has a tpm device.
+	 * This looks for the tpm node that supposedly exists under the xscom
+	 * node associated with the respective chip_id.
+	 */
+	for (i = 0; i < count; i++) {
+
+		stinfo = HDIF_get_iarray_item(hdif_hdr,
+					      TPMREL_IDATA_SECUREBOOT_TPM_INFO,
+					      i, NULL);
+
+		xscom = find_xscom_for_chip(be32_to_cpu(stinfo->chip_id));
+		if (xscom) {
+			dt_for_each_node(xscom, node) {
+				if (dt_has_node_property(node, "label", "tpm"))
+					break;
+			}
+
+			if (node) {
+				addr = (uint64_t) stinfo +
+					be32_to_cpu(stinfo->srtm_log_offset);
+				dt_add_property_u64s(node, "linux,sml-base", addr);
+				dt_add_property_cells(node, "linux,sml-size",
+						      be32_to_cpu(stinfo->srtm_log_size));
+
+				if (stinfo->tpm_status == TPM_PRESENT_AND_NOT_FUNCTIONAL)
+					dt_add_property_string(node, "status", "disabled");
+			} else {
+				/**
+				 * @fwts-label HDATNoTpmForChipId
+				 * @fwts-advice HDAT secureboot_tpm_info
+				 * structure described a chip id, but no tpm
+				 * node was found under that xscom chip id.
+				 * This is most certainly a hostboot bug.
+				 */
+				prlog(PR_ERR, "TPM node not found for "
+				      "chip_id=%d (HB bug)\n", stinfo->chip_id);
+				continue;
+			}
+		} else {
+			/**
+			 * @fwts-label HDATBadChipIdForTPM
+			 * @fwts-advice HDAT secureboot_tpm_info structure
+			 * described a chip id, but the xscom node for the
+			 * chip_id was not found.
+			 * This is most certainly a firmware bug.
+			 */
+			prlog(PR_ERR, "xscom node not found for chip_id=%d\n",
+			      stinfo->chip_id);
+			continue;
+		}
+	}
+}
+
+void node_stb_parse(void)
+{
+	struct HDIF_common_hdr *hdif_hdr;
+
+	hdif_hdr = get_hdif(&spira.ntuples.node_stb_data, "TPMREL");
+	if (!hdif_hdr) {
+		prlog(PR_DEBUG, "TPMREL data not found\n");
+		return;
+	}
+
+	tpmrel_add_firmware_event_log(hdif_hdr);
+}
-- 
2.7.4



More information about the Skiboot mailing list