TPM less issue

[lili-lilili]

The Rainier machine cannot start without TPM card.
We would like to do some development to implement this feature.

We encountered some issues with MSBE during the development:

1. When use op-build to build fw, it seem's that the MSBE binary is not generated by the MSBE source code.

2. We attempted to modify the configuration to compile the SBE source code
Modify https://github.com/open-power/sbe/blob/release-fw1030/src/build/power_defs.mk File, change the measurement_ IMAGE_ Modify the SUPPORTED variable to 1.
After modification, compiling op build will compile the source code of MSBE, but a syntax error will be reported; It can be compiled after Syntax error is modified.

The detailed modifications are as follows:

Diff -- git a/src/sbefw/requirement/sbemthreadrouting. C b/src/sbefw/requirement/sbemthreadrouting. C

Index 21184dc Fccb26f 100644

---A/src/sbefw/requirement/sbemthreadrouting. C

+++B/src/sbefw/requirement/sbemthreadrouting. C

@@-231,7+231,10 @ @ void sbemthreadroute (void * i_pArg)

}



//Load. sb_ Verification section into PIBMEM

-P9XipHeader * hdr=getXipHdr();

+Uint8_ T buf [sizeof (P9XipHeader)]__ Attribute__ (aligned (8))={0};

+//P9XipHeader * hdr=getXipHdr();

+GetXipHdr (buf);

+P9XipHeader * hdr=(P9XipHeader *) buf;

P9XipSection * pSection=&hdr ->iv_ Section [P9_XIP_SECTION_SBE_SB_Verification];

Uint32_ T dsize=pSection ->iv_ Size;

If (dsize)

Diff -- git a/src/sbefw/measurement/sbemutil. C b/src/sbefw/measurement/sbemutil. C

Index 743cd29.9790904 100644

---A/src/sbefw/measurement/sbemutil. C

+++B/src/sbefw/measurement/sbemutil. C

@@-22,6+22,7@@

/*Permissions and limitations under the License*/

/**/

/*IBM_ PROLOG_ END_ TAG*/

+#Include "sbevtrace. H"

#Include "sbemutil. H"

#Include "fapi2. H"

#Include "sbemtrace. H"

@@-54,8+55,9 @ @ void jump2verificationImage (uint32_t i_pkBootAddr, uint32_t i_ivprAddr)

Int32_ T loadSectionForVerification (uint64_t * i_srcAddr, uint64_t * i_destAddr)

{

Uint32_ T rc=0;

+Uint8_ T * destAddr_ Tmp=(uint8_t *) i_ DestAddr;

Do{

-Uint8_ T rc=decompress (uint8_t *) i_ SrcAddr, (uint8_t *) i_ DestAddr);

+Uint8_ T rc=decompress (uint8_t *) i_ SrcAddr,&destAddr_ Tmp);

If (rc!=0)

Break;

}While (0);

3. Upgrade the modified fw to Rainier machine, wait for the SBE update finish. The modification did not take effect

As mentioned earlier, our goal is to develop TPM less function, but we suspect that the modified code has not taken effect.
For the convenience of communication, the modify was limited to a minimum range.

Diff -- git a/src/sbefw/requirement/sbemthreadrouting. C b/src/sbefw/requirement/sbemthreadrouting. C

Index fccb26f Fa528ee 100644

---A/src/sbefw/requirement/sbemthreadrouting. C

+++B/src/sbefw/requirement/sbemthreadrouting. C

@@-78,6+78,10 @ @ void sbemthreadroute (void * i_pArg)

//Reset the MAILBOX_ SCRATCH_ REG_ eleven

PPE_ STVD (0x50182, data);



+//Update the Code Flow status in messaging register 50009

+ScratchMsgReg=(uint64_t) (SBE_CODE_Measurement_SHA5112_COMPLETE)<<32;

+PPE_ STVD (0x50009, scratchMsgReg);

+

//Startup TPM Sequence for Master Chip, Poison for Alt master and Deconfig Bit for Secondary chips

Rc=performTPMSequences (g_sbeRole);

If (rc)

According to my understanding, if the TPM card is removed from the machine, MSBE will fail to boot.
We can reading the FSI register 0x2809 from the BMC side to get the boot code of MSBE.
Before we make any modifications, MSBE should fails to start, the boot code should stop at 0x08 (SBE_CODE_Measurement_TPM_INIT_SEQUENCE-MSG);
After modification, MSBE should fails to start, the boot code should stop at 0x09 (SBE_CODE_Measurement_SHA512COMPLETE);
However, in actual testing, the boot code remains at 0x08 (SBE_CODE_Measurement_TPM_INIT_SEQUENCE-MSG) with or without our modification.

[xuxinsss]

SBE can run without tpm when extending the timeout time of the obmc. SBE print "TPM TDP Bit set; will not perform TPM ops". But hostboot only updates proc0 sbe side，with the information " isChipPowerbusOff(): Power bus not established to chip 0x50001, not performing update". So why does hostboot only updates proc0 sbe side without tpm?