diff options
| author | Stephen Cprek <smcprek@us.ibm.com> | 2017-05-18 13:10:15 -0500 |
|---|---|---|
| committer | William G. Hoffa <wghoffa@us.ibm.com> | 2017-06-06 00:43:51 -0400 |
| commit | d6edfb5f14ce156929ead04874972c5e40f5f19b (patch) | |
| tree | 3f0869ed032df47b165d0262c9305d1d93d0169c /src/usr/secureboot/base/securerommgr.C | |
| parent | 24aed9157a24f7ce3e3cb6570fb69494415a78ec (diff) | |
| download | blackbird-hostboot-d6edfb5f14ce156929ead04874972c5e40f5f19b.tar.gz blackbird-hostboot-d6edfb5f14ce156929ead04874972c5e40f5f19b.zip | |
Create map of SecureROM function types, versions, and offsets
Done to audit different algorithm versions and provide easy
lookup to simplify filling in HDAT
Change-Id: Iee1514efca9deb1af1341c2557c543b2ced81845
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/40776
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot/base/securerommgr.C')
| -rw-r--r-- | src/usr/secureboot/base/securerommgr.C | 103 |
1 files changed, 95 insertions, 8 deletions
diff --git a/src/usr/secureboot/base/securerommgr.C b/src/usr/secureboot/base/securerommgr.C index 28d254d2c..3c9e28db6 100644 --- a/src/usr/secureboot/base/securerommgr.C +++ b/src/usr/secureboot/base/securerommgr.C @@ -39,11 +39,19 @@ #include <secureboot/settings.H> #include <config.h> #include <console/consoleif.H> +#include <array> // Quick change for unit testing //#define TRACUCOMP(args...) TRACFCOMP(args) #define TRACUCOMP(args...) +// Definition in ROM.H +const std::array<sbFuncType_t, SB_FUNC_TYPES::MAX_TYPES> SecRomFuncTypes = +{ + SB_FUNC_TYPES::SHA512, + SB_FUNC_TYPES::ECDSA521 +}; + namespace SECUREBOOT { @@ -113,6 +121,18 @@ void getHwKeyHash(sha2_hash_t o_hash) } } +sbFuncVer_t getSecRomFuncVersion(const sbFuncType_t i_funcType) +{ + return Singleton<SecureRomManager>::instance(). + getSecRomFuncVersion(i_funcType); +} + +uint64_t getSecRomFuncOffset(const sbFuncType_t i_funcType) +{ + return Singleton<SecureRomManager>::instance(). + getSecRomFuncOffset(i_funcType); +} + }; //end SECUREBOOT namespace /******************** @@ -218,8 +238,24 @@ errlHndl_t SecureRomManager::initialize() /***************************************************************/ SecureRomManager::getHwKeyHash(); + TRACDCOMP(g_trac_secure,INFO_MRK"SecureRomManager::initialize(): SUCCESSFUL:" - " iv_securerom=%p", iv_securerom); + " iv_securerom=%p", iv_securerom); + +#ifdef HOSTBOOT_DEBUG + TRACFCOMP(g_trac_secure,">> iv_SecRomFuncTypeOffset Map"); + for (auto const &funcType : iv_SecRomFuncTypeOffset) + { + TRACFCOMP(g_trac_secure,">>>> Func Type = 0x%X", + funcType.first); + for (auto const &version : funcType.second) + { + TRACFCOMP(g_trac_secure,">>>>>> Version = 0x%X, Offset = 0x%X", + version.first, version.second); + } + } + TRACFCOMP(g_trac_secure,"<<<< iv_SecRomFuncTypeOffset map"); +#endif }while(0); @@ -282,9 +318,8 @@ errlHndl_t SecureRomManager::verifyContainer(void * i_container, // Set startAddr to ROM_verify() function at an offset of Secure ROM uint64_t l_rom_verify_startAddr = - reinterpret_cast<uint64_t>(iv_securerom) - + g_BlToHbDataManager.getBranchtableOffset() - + ROM_VERIFY_FUNCTION_OFFSET; + reinterpret_cast<uint64_t>(iv_securerom) + + getSecRomFuncOffset(SB_FUNC_TYPES::ECDSA521); TRACUCOMP(g_trac_secure,"SecureRomManager::verifyContainer(): " " Calling ROM_verify() via call_rom_verify: l_rc=0x%x, " @@ -292,7 +327,8 @@ errlHndl_t SecureRomManager::verifyContainer(void * i_container, l_rc, l_hw_parms.log, &l_hw_parms, l_rom_verify_startAddr, iv_securerom); - ROM_container_raw* l_container = reinterpret_cast<ROM_container_raw*>(i_container); + ROM_container_raw* l_container = reinterpret_cast<ROM_container_raw*>( + i_container); l_rc = call_rom_verify(reinterpret_cast<void*> (l_rom_verify_startAddr), l_container, @@ -366,9 +402,8 @@ void SecureRomManager::hashBlob(const void * i_blob, size_t i_size, SHA512_t o_b // Set startAddr to ROM_SHA512() function at an offset of Secure ROM uint64_t l_rom_SHA512_startAddr = - reinterpret_cast<uint64_t>(iv_securerom) - + g_BlToHbDataManager.getBranchtableOffset() - + SHA512_HASH_FUNCTION_OFFSET; + reinterpret_cast<uint64_t>(iv_securerom) + + getSecRomFuncOffset(SB_FUNC_TYPES::SHA512); call_rom_SHA512(reinterpret_cast<void*>(l_rom_SHA512_startAddr), reinterpret_cast<const sha2_byte*>(i_blob), @@ -441,3 +476,55 @@ void SecureRomManager::getHwKeyHash(sha2_hash_t o_hash) memcpy(o_hash, iv_key_hash, sizeof(sha2_hash_t)); } } + +const SecureRomManager::SecRomFuncTypeOffsetMap_t + SecureRomManager::iv_SecRomFuncTypeOffset = +{ + // SHA512 Hash Function + { SB_FUNC_TYPES::SHA512, + { + { SB_FUNC_VERS::SHA512_INIT, + g_BlToHbDataManager.getBranchtableOffset() + + SHA512_HASH_FUNCTION_OFFSET + } + } + } , + // ECDSA521 Verify Function + { SB_FUNC_TYPES::ECDSA521, + { + { SB_FUNC_VERS::ECDSA521_INIT, + g_BlToHbDataManager.getBranchtableOffset() + + ROM_VERIFY_FUNCTION_OFFSET + } + } + } +}; + +sbFuncVer_t SecureRomManager::getSecRomFuncVersion(const sbFuncType_t + i_funcType) const +{ + sbFuncVer_t l_funcVer = SB_FUNC_TYPES::INVALID; + + switch (i_funcType) + { + case SB_FUNC_TYPES::SHA512: + l_funcVer = iv_curSHA512Ver; + break; + case SB_FUNC_TYPES::ECDSA521: + l_funcVer = iv_curECDSA521Ver; + break; + default: + assert(false, "getCurFuncVer:: Function type 0x%X not supported", i_funcType); + break; + } + + return l_funcVer; +} + +uint64_t SecureRomManager::getSecRomFuncOffset(const sbFuncType_t i_funcType) + const +{ + sbFuncVer_t l_funcVer = getSecRomFuncVersion(i_funcType); + + return iv_SecRomFuncTypeOffset.at(i_funcType).at(l_funcVer); +} |
