diff options
| author | Chris Engel <cjengel@us.ibm.com> | 2016-09-21 14:15:26 -0500 |
|---|---|---|
| committer | William G. Hoffa <wghoffa@us.ibm.com> | 2016-10-31 07:58:51 -0400 |
| commit | a0575efc0dae3b41ee95e55d5a5e7acb12418c90 (patch) | |
| tree | b2180423aa48bf15ce4e07b2df6ce4292b7f7a60 | |
| parent | 777071e01eda3765370cfc3221d459f97026e233 (diff) | |
| download | talos-hostboot-a0575efc0dae3b41ee95e55d5a5e7acb12418c90.tar.gz talos-hostboot-a0575efc0dae3b41ee95e55d5a5e7acb12418c90.zip | |
Add a TPM separator during host start_payload
Change-Id: I11736ebe4b44e54584febc05e1dea50dd5304fa4
RTC: 155301
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/30996
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
| -rwxr-xr-x | src/build/tools/listdeps.pl | 1 | ||||
| -rw-r--r-- | src/include/usr/secureboot/trustedboot_reasoncodes.H | 5 | ||||
| -rw-r--r-- | src/include/usr/secureboot/trustedbootif.H | 11 | ||||
| -rw-r--r-- | src/usr/isteps/istep21/call_host_start_payload.C | 5 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/base/trustedbootMsg.H | 13 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/base/trustedboot_base.C | 86 | ||||
| -rwxr-xr-x | src/usr/secureboot/trusted/test/trustedbootTest.H | 9 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/tpmLogMgr.C | 174 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/tpmLogMgr.H | 50 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/trustedTypes.C | 1 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/trustedTypes.H | 1 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/trustedboot.C | 136 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/trustedboot.H | 5 |
13 files changed, 339 insertions, 158 deletions
diff --git a/src/build/tools/listdeps.pl b/src/build/tools/listdeps.pl index b5d37724f..26e4e5a0e 100755 --- a/src/build/tools/listdeps.pl +++ b/src/build/tools/listdeps.pl @@ -221,6 +221,7 @@ my $resident_modules = { "libsbeio.so" => '1', "libvpd.so" => '1', "libsecureboot_trusted.so" => '1', + "libsecureboot_base.so" => '1', }; # A list of the dependent libraries in each istep. diff --git a/src/include/usr/secureboot/trustedboot_reasoncodes.H b/src/include/usr/secureboot/trustedboot_reasoncodes.H index bc2031080..134dea900 100644 --- a/src/include/usr/secureboot/trustedboot_reasoncodes.H +++ b/src/include/usr/secureboot/trustedboot_reasoncodes.H @@ -56,6 +56,7 @@ namespace TRUSTEDBOOT MOD_TPM_PCREXTEND = 0x0A, MOD_TPM_TPMDAEMON = 0x0B, MOD_TPM_SYNCRESPONSE = 0x0C, + MOD_TPM_SEPARATOR = 0x0D, MOD_TPMLOGMGR_INITIALIZE = 0x10, MOD_TPMLOGMGR_ADDEVENT = 0x11, @@ -84,8 +85,8 @@ namespace TRUSTEDBOOT RC_TPM_COMMAND_FAIL = SECURE_COMP_ID | 0xAE, RC_TPM_INVALID_ARGS = SECURE_COMP_ID | 0xAF, RC_TPMLOGMGR_LOGWALKFAIL = SECURE_COMP_ID | 0xB0, - RC_PCREXTEND_SENDRECV_FAIL = SECURE_COMP_ID | 0xB1, - RC_PCREXTEND_SEND_FAIL = SECURE_COMP_ID | 0xB2, + RC_SENDRECV_FAIL = SECURE_COMP_ID | 0xB1, + RC_SEND_FAIL = SECURE_COMP_ID | 0xB2, RC_MSGRESPOND_FAIL = SECURE_COMP_ID | 0xB3, }; #ifdef __cplusplus diff --git a/src/include/usr/secureboot/trustedbootif.H b/src/include/usr/secureboot/trustedbootif.H index 21ab262a6..ae6d183af 100644 --- a/src/include/usr/secureboot/trustedbootif.H +++ b/src/include/usr/secureboot/trustedbootif.H @@ -71,9 +71,12 @@ namespace TRUSTEDBOOT { PCR_0 = 0, PCR_1 = 1, + PCR_2 = 2, + PCR_3 = 3, PCR_4 = 4, PCR_5 = 5, PCR_6 = 6, + PCR_7 = 7, PCR_DEBUG = 16, PLATFORM_PCR = 24, ///< The number of PCR required by the platform spec IMPLEMENTATION_PCR = 24, ///< The number of PCRs implemented by TPM @@ -109,6 +112,14 @@ namespace TRUSTEDBOOT bool i_sendAsync = true); /** + * @brief Extend a separator into the TPMs and log atomically + * @param[in] i_sendAsync Perform extension asynchronously, default true + * @return errlHndl_t NULL if successful, otherwise a pointer to the + * error log. + */ + errlHndl_t pcrExtendSeparator(bool i_sendAsync = true); + + /** * @brief Return a set of information related to every unique * functional TPM in the system * diff --git a/src/usr/isteps/istep21/call_host_start_payload.C b/src/usr/isteps/istep21/call_host_start_payload.C index cd48a87e7..c80ecf1e4 100644 --- a/src/usr/isteps/istep21/call_host_start_payload.C +++ b/src/usr/isteps/istep21/call_host_start_payload.C @@ -31,6 +31,7 @@ #include <isteps/istep_reasoncodes.H> #include <initservice/initserviceif.H> #include <initservice/istepdispatcherif.H> +#include <secureboot/trustedbootif.H> #include <sys/task.h> #include <initservice/extinitserviceif.H> #include <hbotcompid.H> @@ -128,6 +129,10 @@ void* call_host_start_payload (void *io_pArgs) TRACDCOMP( ISTEPS_TRACE::g_trac_isteps_trace, "call_host_start_payload entry" ); + // Place a separator in the TPM to indicate we are passing control + // to the next level of firmware in the stack + l_errl = TRUSTEDBOOT::pcrExtendSeparator(); + // For single-node systems, the non-master processors can be in a // different logical (powerbus) group. Need to migrate task to master. task_affinity_pin(); diff --git a/src/usr/secureboot/trusted/base/trustedbootMsg.H b/src/usr/secureboot/trusted/base/trustedbootMsg.H index 4fb4edeaf..79edde42e 100644 --- a/src/usr/secureboot/trusted/base/trustedbootMsg.H +++ b/src/usr/secureboot/trusted/base/trustedbootMsg.H @@ -52,6 +52,7 @@ namespace TRUSTEDBOOT { MSG_TYPE_NOOP, MSG_TYPE_PCREXTEND, + MSG_TYPE_SEPARATOR, MSG_TYPE_SHUTDOWN, MSG_TYPE_LAST = MSG_TYPE_SHUTDOWN }; @@ -94,9 +95,11 @@ namespace TRUSTEDBOOT /// @brief Message dtor virtual ~Message(void) { - // Do NOT delete[] iv_data here. For synchronous messages - // the caller wants this data and expects to delete[] it - // itself. For async messages it is deleted in the dtor + if (NULL != iv_data) + { + delete[] iv_data; + iv_data = NULL; + } // Do NOT delete iv_errl here. For synchronous messages // iv_errl is returned to the caller to commit and for @@ -137,8 +140,6 @@ namespace TRUSTEDBOOT /// @brief Dtor virtual ~SyncMessage(void) { - delete[] iv_data; - iv_data = NULL; } /// @brief complete the processing when a response arrives @@ -161,8 +162,6 @@ namespace TRUSTEDBOOT /// @brief Dtor virtual ~AsyncMessage(void) { - delete[] iv_data; - iv_data = NULL; } /// @brief complete the processing when a response arrives diff --git a/src/usr/secureboot/trusted/base/trustedboot_base.C b/src/usr/secureboot/trusted/base/trustedboot_base.C index e782e115f..687aeb9f0 100644 --- a/src/usr/secureboot/trusted/base/trustedboot_base.C +++ b/src/usr/secureboot/trusted/base/trustedboot_base.C @@ -73,6 +73,81 @@ TpmTarget::TpmTarget() #endif +errlHndl_t pcrExtendSeparator(bool i_sendAsync) +{ + errlHndl_t err = NULL; +#ifdef CONFIG_TPMDD + MessageMode mode = (i_sendAsync) ? MSG_MODE_ASYNC : MSG_MODE_SYNC; + + TRACUCOMP( g_trac_trustedboot, + ENTER_MRK"pcrExtendSeparator()"); + + Message* msg = Message::factory(MSG_TYPE_SEPARATOR, + 0, + NULL, + mode); + assert(msg !=NULL, "BUG! Message is NULL"); + if (!i_sendAsync) + { + int rc = msg_sendrecv(systemTpms.msgQ, msg->iv_msg); + if (0 == rc) + { + err = msg->iv_errl; + msg->iv_errl = NULL; + } + // Sendrecv failure + else + { + /*@ + * @errortype ERRL_SEV_UNRECOVERABLE + * @moduleid MOD_TPM_SEPARATOR + * @reasoncode RC_SENDRECV_FAIL + * @userdata1 rc from msq_sendrecv() + * @devdesc msg_sendrecv() failed + * @custdesc Firmware error during system boot + */ + err = new ERRORLOG::ErrlEntry(ERRORLOG::ERRL_SEV_UNRECOVERABLE, + MOD_TPM_SEPARATOR, + RC_SENDRECV_FAIL, + rc, + 0, + true); + err->collectTrace(SECURE_COMP_NAME); + } + delete msg; + msg = NULL; + } + else + { + int rc = msg_send(systemTpms.msgQ, msg->iv_msg); + if (rc) + { + /*@ + * @errortype ERRL_SEV_UNRECOVERABLE + * @moduleid MOD_TPM_SEPARATOR + * @reasoncode RC_SEND_FAIL + * @userdata1 rc from msq_send() + * @devdesc msg_send() failed + * @custdesc Firmware error during system boot + */ + err = new ERRORLOG::ErrlEntry(ERRORLOG::ERRL_SEV_UNRECOVERABLE, + MOD_TPM_SEPARATOR, + RC_SEND_FAIL, + rc, + 0, + true); + err->collectTrace(SECURE_COMP_NAME); + } + } + + TRACUCOMP( g_trac_trustedboot, + EXIT_MRK"pcrExtendSeparator() - %s", + ((NULL == err) ? "No Error" : "With Error") ); + +#endif + return err; +} + errlHndl_t pcrExtend(TPM_Pcr i_pcr, const uint8_t* i_digest, size_t i_digestSize, @@ -88,8 +163,7 @@ errlHndl_t pcrExtend(TPM_Pcr i_pcr, ENTER_MRK"pcrExtend() pcr=%d msg='%s'", i_pcr, i_logMsg); TRACUBIN(g_trac_trustedboot, "pcrExtend() digest:", i_digest, i_digestSize); - // msgData will be freed when message is processed for async - // or below for sync message + // msgData will be freed when message is freed PcrExtendMsgData* msgData = new PcrExtendMsgData; memset(msgData, 0, sizeof(PcrExtendMsgData)); msgData->mPcrIndex = i_pcr; @@ -134,14 +208,14 @@ errlHndl_t pcrExtend(TPM_Pcr i_pcr, /*@ * @errortype ERRL_SEV_UNRECOVERABLE * @moduleid MOD_TPM_PCREXTEND - * @reasoncode RC_PCREXTEND_SENDRECV_FAIL + * @reasoncode RC_SENDRECV_FAIL * @userdata1 rc from msq_sendrecv() * @devdesc msg_sendrecv() failed * @custdesc Firmware error during system boot */ err = new ERRORLOG::ErrlEntry(ERRORLOG::ERRL_SEV_UNRECOVERABLE, MOD_TPM_PCREXTEND, - RC_PCREXTEND_SENDRECV_FAIL, + RC_SENDRECV_FAIL, rc, 0, true); @@ -158,14 +232,14 @@ errlHndl_t pcrExtend(TPM_Pcr i_pcr, /*@ * @errortype ERRL_SEV_UNRECOVERABLE * @moduleid MOD_TPM_PCREXTEND - * @reasoncode RC_PCREXTEND_SEND_FAIL + * @reasoncode RC_SEND_FAIL * @userdata1 rc from msq_send() * @devdesc msg_send() failed * @custdesc Firmware error during system boot */ err = new ERRORLOG::ErrlEntry(ERRORLOG::ERRL_SEV_UNRECOVERABLE, MOD_TPM_PCREXTEND, - RC_PCREXTEND_SEND_FAIL, + RC_SEND_FAIL, rc, 0, true); diff --git a/src/usr/secureboot/trusted/test/trustedbootTest.H b/src/usr/secureboot/trusted/test/trustedbootTest.H index e46a8ff4f..635e695ca 100755 --- a/src/usr/secureboot/trusted/test/trustedbootTest.H +++ b/src/usr/secureboot/trusted/test/trustedbootTest.H @@ -750,10 +750,13 @@ class TrustedBootTest: public CxxTest::TestSuite { int64_t fails = 0, num_ops = 0; uint8_t digest[TPM_ALG_SHA256_SIZE]; + TpmLogMgr logMgr; TRACFCOMP( g_trac_trustedboot, "testExtendPCR - Start" ); TpmTarget target = getTestTarget(); + // Assign our log manager + target.logMgr = &logMgr; do { @@ -764,6 +767,8 @@ class TrustedBootTest: public CxxTest::TestSuite break; } + TpmLogMgr_initialize(&logMgr); + for (size_t idx = 0; idx < sizeof(digest); idx++) { digest[idx] = idx+1; @@ -798,10 +803,6 @@ class TrustedBootTest: public CxxTest::TestSuite "testExtendPCR - End: %d/%d fails", fails, num_ops ); - if (NULL != target.logMgr) - { - delete target.logMgr; - } } /** diff --git a/src/usr/secureboot/trusted/tpmLogMgr.C b/src/usr/secureboot/trusted/tpmLogMgr.C index 89ab41a8a..ecefe9e5b 100644 --- a/src/usr/secureboot/trusted/tpmLogMgr.C +++ b/src/usr/secureboot/trusted/tpmLogMgr.C @@ -36,6 +36,7 @@ // Includes // ---------------------------------------------- #include <string.h> +#include <endian.h> #include "tpmLogMgr.H" #ifdef __HOSTBOOT_MODULE #include <sys/mm.h> @@ -59,7 +60,7 @@ namespace TRUSTEDBOOT } #ifdef __HOSTBOOT_MODULE - errlHndl_t TpmLogMgr_initialize(TpmLogMgr* val) + errlHndl_t TpmLogMgr_initialize(TpmLogMgr* i_val) { errlHndl_t err = TB_SUCCESS; const char vendorInfo[] = "IBM"; @@ -70,7 +71,7 @@ namespace TRUSTEDBOOT TRACUCOMP( g_trac_trustedboot, ">>initialize()"); - if (NULL == val) + if (NULL == i_val) { TRACFCOMP( g_trac_trustedboot, "TPM LOG INIT FAIL"); @@ -92,15 +93,15 @@ namespace TRUSTEDBOOT else { - memset(val, 0, sizeof(TpmLogMgr)); - val->logMaxSize = TPMLOG_BUFFER_SIZE; + memset(i_val, 0, sizeof(TpmLogMgr)); + i_val->logMaxSize = TPMLOG_BUFFER_SIZE; - mutex_init( &val->logMutex ); - mutex_lock( &val->logMutex ); + mutex_init( &i_val->logMutex ); + mutex_lock( &i_val->logMutex ); // Assign our new event pointer to the start - val->newEventPtr = val->eventLog; - memset(val->eventLog, 0, TPMLOG_BUFFER_SIZE); + i_val->newEventPtr = i_val->eventLog; + memset(i_val->eventLog, 0, TPMLOG_BUFFER_SIZE); eventData = (TCG_EfiSpecIdEventStruct*) eventLogEntry.event; @@ -125,30 +126,30 @@ namespace TRUSTEDBOOT eventData->digestSizes[1].digestSize = htole16(TPM_ALG_SHA1_SIZE); eventData->vendorInfoSize = sizeof(vendorInfo); memcpy(eventData->vendorInfo, vendorInfo, sizeof(vendorInfo)); - val->newEventPtr = TCG_PCR_EVENT_logMarshal(&eventLogEntry, - val->newEventPtr); + i_val->newEventPtr = TCG_PCR_EVENT_logMarshal(&eventLogEntry, + i_val->newEventPtr); // Done, move our pointers - val->logSize += TCG_PCR_EVENT_marshalSize(&eventLogEntry); + i_val->logSize += TCG_PCR_EVENT_marshalSize(&eventLogEntry); - mutex_unlock( &val->logMutex ); + mutex_unlock( &i_val->logMutex ); // Debug display of raw data TRACUBIN(g_trac_trustedboot, "tpmInitialize: Header Entry", - val->eventLog, val->logSize); + i_val->eventLog, i_val->logSize); TRACUCOMP( g_trac_trustedboot, "<<initialize() LS:%d - %s", - val->logSize, + i_val->logSize, ((TB_SUCCESS == err) ? "No Error" : "With Error") ); } return err; } #endif - errlHndl_t TpmLogMgr_initializeUsingExistingLog(TpmLogMgr* val, - uint8_t* eventLogPtr, - uint32_t eventLogSize) + errlHndl_t TpmLogMgr_initializeUsingExistingLog(TpmLogMgr* i_val, + uint8_t* i_eventLogPtr, + uint32_t i_eventLogSize) { errlHndl_t err = TB_SUCCESS; TRACUCOMP( g_trac_trustedboot, @@ -157,16 +158,16 @@ namespace TRUSTEDBOOT do { - mutex_init( &val->logMutex ); - mutex_lock( &val->logMutex ); + mutex_init( &i_val->logMutex ); + mutex_lock( &i_val->logMutex ); - val->logMaxSize = eventLogSize; - val->eventLogInMem = eventLogPtr; + i_val->logMaxSize = i_eventLogSize; + i_val->eventLogInMem = i_eventLogPtr; // Ok, walk the log to figure out how big this is - val->logSize = TpmLogMgr_calcLogSize(val); + i_val->logSize = TpmLogMgr_calcLogSize(i_val); - if (0 == val->logSize) + if (0 == i_val->logSize) { TRACFCOMP( g_trac_trustedboot, "TPM LOG INIT WALK FAIL"); @@ -187,50 +188,52 @@ namespace TRUSTEDBOOT break; } // We are good, let's move the newEventLogPtr - val->newEventPtr = val->eventLogInMem + val->logSize; + i_val->newEventPtr = i_val->eventLogInMem + i_val->logSize; } while(0); if (TB_SUCCESS != err) { - val->eventLogInMem = NULL; - val->newEventPtr = NULL; - val->logMaxSize = 0; - val->logSize = 0; + i_val->eventLogInMem = NULL; + i_val->newEventPtr = NULL; + i_val->logMaxSize = 0; + i_val->logSize = 0; } - mutex_unlock( &val->logMutex ); + mutex_unlock( &i_val->logMutex ); return err; } - errlHndl_t TpmLogMgr_addEvent(TpmLogMgr* val, - TCG_PCR_EVENT2* logEvent) + errlHndl_t TpmLogMgr_addEvent(TpmLogMgr* i_val, + TCG_PCR_EVENT2* i_logEvent) { errlHndl_t err = TB_SUCCESS; - size_t newLogSize = TCG_PCR_EVENT2_marshalSize(logEvent); + size_t newLogSize = TCG_PCR_EVENT2_marshalSize(i_logEvent); TRACUCOMP( g_trac_trustedboot, ">>tpmAddEvent() PCR:%d Type:%d Size:%d", - logEvent->pcrIndex, logEvent->eventType, (int)newLogSize); + i_logEvent->pcrIndex, + i_logEvent->eventType, + (int)newLogSize); - mutex_lock( &val->logMutex ); + mutex_lock( &i_val->logMutex ); do { // Need to ensure we have room for the new event // We have to leave room for the log full event as well - if (NULL == val->newEventPtr || - val->logSize + newLogSize > val->logMaxSize) + if (NULL == i_val->newEventPtr || + i_val->logSize + newLogSize > i_val->logMaxSize) { TRACFCOMP( g_trac_trustedboot, "TPM LOG ADD FAIL PNULL(%d) LS(%d) New LS(%d)" " Max LS(%d)", - (NULL == val->newEventPtr ? 0 : 1), - (int)val->logSize, (int)newLogSize, - (int)val->logMaxSize); + (NULL == i_val->newEventPtr ? 0 : 1), + (int)i_val->logSize, (int)newLogSize, + (int)i_val->logMaxSize); /*@ * @errortype @@ -246,18 +249,18 @@ namespace TRUSTEDBOOT */ err = tpmCreateErrorLog( MOD_TPMLOGMGR_ADDEVENT, RC_TPMLOGMGR_ADDEVENT_FAIL, - (uint64_t)val->logMaxSize << 32 | - (NULL == val->newEventPtr ? 0 : 1), - (uint64_t)val->logSize << 32 | + (uint64_t)i_val->logMaxSize << 32 | + (NULL == i_val->newEventPtr ? 0 : 1), + (uint64_t)i_val->logSize << 32 | newLogSize); break; } - val->newEventPtr = TCG_PCR_EVENT2_logMarshal(logEvent, - val->newEventPtr); + i_val->newEventPtr = TCG_PCR_EVENT2_logMarshal(i_logEvent, + i_val->newEventPtr); - if (NULL == val->newEventPtr) + if (NULL == i_val->newEventPtr) { TRACFCOMP( g_trac_trustedboot, "TPM LOG MARSHAL Fail"); @@ -279,50 +282,50 @@ namespace TRUSTEDBOOT break; } - val->logSize += newLogSize; + i_val->logSize += newLogSize; } while ( 0 ); TRACUCOMP( g_trac_trustedboot, "<<tpmAddEvent() LS:%d - %s", - (int)val->logSize, + (int)i_val->logSize, ((TB_SUCCESS == err) ? "No Error" : "With Error") ); - mutex_unlock( &val->logMutex ); + mutex_unlock( &i_val->logMutex ); return err; } - uint32_t TpmLogMgr_getLogSize(TpmLogMgr* val) + uint32_t TpmLogMgr_getLogSize(TpmLogMgr* i_val) { - return val->logSize; + return i_val->logSize; } - void TpmLogMgr_dumpLog(TpmLogMgr* val) + void TpmLogMgr_dumpLog(TpmLogMgr* i_val) { // Debug display of raw data TRACUCOMP(g_trac_trustedboot, "tpmDumpLog Size : %d", - (int)val->logSize); + (int)i_val->logSize); #ifdef __HOSTBOOT_MODULE // Debug display of raw data - if (NULL == val->eventLogInMem) + if (NULL == i_val->eventLogInMem) { TRACUBIN(g_trac_trustedboot, "tpmDumpLog", - val->eventLog, val->logSize); + i_val->eventLog, i_val->logSize); } else { #endif TRACUBIN(g_trac_trustedboot, "tpmDumpLog From Memory", - val->eventLogInMem, val->logSize); + i_val->eventLogInMem, i_val->logSize); #ifdef __HOSTBOOT_MODULE } #endif } - uint32_t TpmLogMgr_calcLogSize(TpmLogMgr* val) + uint32_t TpmLogMgr_calcLogSize(TpmLogMgr* i_val) { uint32_t logSize = 0; TCG_PCR_EVENT event; @@ -334,7 +337,7 @@ namespace TRUSTEDBOOT TRACUCOMP( g_trac_trustedboot, ">>calcLogSize"); // Start walking events - prevLogHandle = TpmLogMgr_getLogStartPtr(val); + prevLogHandle = TpmLogMgr_getLogStartPtr(i_val); do { @@ -353,8 +356,8 @@ namespace TRUSTEDBOOT break; } - if (( nextLogHandle - TpmLogMgr_getLogStartPtr(val)) > - val->logMaxSize) + if (( nextLogHandle - TpmLogMgr_getLogStartPtr(i_val)) > + i_val->logMaxSize) { TRACFCOMP( g_trac_trustedboot, "calcLogSize overflow"); prevLogHandle = NULL; @@ -375,8 +378,8 @@ namespace TRUSTEDBOOT // Failed parsing so we must have hit the end of log break; } - if (( nextLogHandle - TpmLogMgr_getLogStartPtr(val)) > - val->logMaxSize) + if (( nextLogHandle - TpmLogMgr_getLogStartPtr(i_val)) > + i_val->logMaxSize) { TRACFCOMP( g_trac_trustedboot, "calcLogSize overflow"); prevLogHandle = NULL; @@ -393,28 +396,28 @@ namespace TRUSTEDBOOT } else { - logSize = (prevLogHandle - TpmLogMgr_getLogStartPtr(val)); + logSize = (prevLogHandle - TpmLogMgr_getLogStartPtr(i_val)); } TRACUCOMP( g_trac_trustedboot, "<<calcLogSize : %d", logSize); return logSize; } - const uint8_t* TpmLogMgr_getFirstEvent(TpmLogMgr* val) + const uint8_t* TpmLogMgr_getFirstEvent(TpmLogMgr* i_val) { TCG_PCR_EVENT event; bool err = false; const uint8_t* result = NULL; // Header event in the log is always first, we skip over that - const uint8_t* firstEvent = TpmLogMgr_getLogStartPtr(val); + const uint8_t* firstEvent = TpmLogMgr_getLogStartPtr(i_val); memset(&event, 0, sizeof(TCG_PCR_EVENT)); firstEvent = TCG_PCR_EVENT_logUnmarshal(&event, firstEvent, sizeof(TCG_PCR_EVENT), &err); if (NULL != firstEvent && !err && - firstEvent < val->newEventPtr) + firstEvent < i_val->newEventPtr) { result = firstEvent; } @@ -422,7 +425,7 @@ namespace TRUSTEDBOOT return result; } - const uint8_t* TpmLogMgr_getNextEvent(TpmLogMgr* val, + const uint8_t* TpmLogMgr_getNextEvent(TpmLogMgr* i_val, const uint8_t* i_handle, TCG_PCR_EVENT2* i_eventLog, bool* o_err) @@ -444,7 +447,7 @@ namespace TRUSTEDBOOT // An error was detected, ensure o_err is set *o_err = true; } - else if (l_resultPtr >= val->newEventPtr) + else if (l_resultPtr >= i_val->newEventPtr) { l_resultPtr = NULL; } @@ -505,18 +508,19 @@ namespace TRUSTEDBOOT } - uint8_t* TpmLogMgr_getLogStartPtr(TpmLogMgr* val) + uint8_t* TpmLogMgr_getLogStartPtr(TpmLogMgr* i_val) { #ifdef __HOSTBOOT_MODULE - return (val->eventLogInMem == NULL ? - reinterpret_cast<uint8_t*>(&(val->eventLog)) : val->eventLogInMem); + return (i_val->eventLogInMem == NULL ? + reinterpret_cast<uint8_t*>(&(i_val->eventLog)) : + i_val->eventLogInMem); #else - return val->eventLogInMem; + return i_val->eventLogInMem; #endif } #ifdef __HOSTBOOT_MODULE - errlHndl_t TpmLogMgr_getDevtreeInfo(TpmLogMgr* val, + errlHndl_t TpmLogMgr_getDevtreeInfo(TpmLogMgr* i_val, uint64_t & io_logAddr, size_t & o_allocationSize, uint64_t & o_xscomAddr, @@ -524,31 +528,31 @@ namespace TRUSTEDBOOT { errlHndl_t err = NULL; - mutex_lock( &val->logMutex ); + mutex_lock( &i_val->logMutex ); assert(io_logAddr != 0, "Invalid starting log address"); - assert(val->eventLogInMem == NULL, + assert(i_val->eventLogInMem == NULL, "getDevtreeInfo can only be called once"); io_logAddr -= ALIGN_PAGE(TPMLOG_DEVTREE_SIZE); // Align to 64KB for Opal io_logAddr = ALIGN_DOWN_X(io_logAddr,64*KILOBYTE); - val->inMemlogBaseAddr = io_logAddr; + i_val->inMemlogBaseAddr = io_logAddr; o_allocationSize = TPMLOG_DEVTREE_SIZE; - o_xscomAddr = val->devtreeXscomAddr; - o_i2cMasterOffset = val->devtreeI2cMasterOffset; + o_xscomAddr = i_val->devtreeXscomAddr; + o_i2cMasterOffset = i_val->devtreeI2cMasterOffset; // Copy image. - val->eventLogInMem = (uint8_t*)(mm_block_map( + i_val->eventLogInMem = (uint8_t*)(mm_block_map( (void*)(io_logAddr), ALIGN_PAGE(TPMLOG_DEVTREE_SIZE))); // Copy log into new location - memset(val->eventLogInMem, 0, TPMLOG_DEVTREE_SIZE); - memcpy(val->eventLogInMem, val->eventLog, val->logSize); - val->newEventPtr = val->eventLogInMem + val->logSize; + memset(i_val->eventLogInMem, 0, TPMLOG_DEVTREE_SIZE); + memcpy(i_val->eventLogInMem, i_val->eventLog, i_val->logSize); + i_val->newEventPtr = i_val->eventLogInMem + i_val->logSize; - mutex_unlock( &val->logMutex ); + mutex_unlock( &i_val->logMutex ); TRACUCOMP( g_trac_trustedboot, "<<getDevtreeInfo() Addr:%lX - %s", @@ -558,12 +562,12 @@ namespace TRUSTEDBOOT } - void TpmLogMgr_setTpmDevtreeInfo(TpmLogMgr* val, + void TpmLogMgr_setTpmDevtreeInfo(TpmLogMgr* i_val, uint64_t i_xscomAddr, uint32_t i_i2cMasterOffset) { - val->devtreeXscomAddr = i_xscomAddr; - val->devtreeI2cMasterOffset = i_i2cMasterOffset; + i_val->devtreeXscomAddr = i_xscomAddr; + i_val->devtreeI2cMasterOffset = i_i2cMasterOffset; } #endif diff --git a/src/usr/secureboot/trusted/tpmLogMgr.H b/src/usr/secureboot/trusted/tpmLogMgr.H index 5a44b9d48..5b248d35c 100644 --- a/src/usr/secureboot/trusted/tpmLogMgr.H +++ b/src/usr/secureboot/trusted/tpmLogMgr.H @@ -109,36 +109,37 @@ namespace TRUSTEDBOOT /** * @brief Initialize the log manager to use a pre-existing buffer - * @param[in] val TpmLogMgr structure - * @param[in] eventLogPtr Pointer to event log to use - * @param[in] eventLogSize Allocated log buffer size + * @param[in] i_val TpmLogMgr structure + * @param[in] i_eventLogPtr Pointer to event log to use + * @param[in] i_eventLogSize Allocated log buffer size * @return errlHndl_t NULL if successful, otherwise a pointer to the * error log. */ - errlHndl_t TpmLogMgr_initializeUsingExistingLog(TpmLogMgr* val, - uint8_t* eventLogPtr, - uint32_t eventLogSize); + errlHndl_t TpmLogMgr_initializeUsingExistingLog(TpmLogMgr* i_val, + uint8_t* i_eventLogPtr, + uint32_t i_eventLogSize); /** * @brief Add a new event to the log - * @param[in] val TpmLogMgr structure - * @param[in] logEvent Event log entry to add + * @param[in] i_val TpmLogMgr structure + * @param[in] i_logEvent Event log entry to add * @return errlHndl_t NULL if successful, otherwise a pointer to the * error log. */ - errlHndl_t TpmLogMgr_addEvent(TpmLogMgr* val, TCG_PCR_EVENT2* logEvent); + errlHndl_t TpmLogMgr_addEvent(TpmLogMgr* i_val, + TCG_PCR_EVENT2* i_logEvent); /** * @brief Get current log size in bytes - * @param[in] val TpmLogMgr structure + * @param[in] i_val TpmLogMgr structure * @return uint32_t Byte size of log */ - uint32_t TpmLogMgr_getLogSize(TpmLogMgr* val); + uint32_t TpmLogMgr_getLogSize(TpmLogMgr* i_val); #ifdef __HOSTBOOT_MODULE /** * @brief Retrieve devtree information - * @param[in] val TpmLogMgr structure + * @param[in] i_val TpmLogMgr structure * @param[in/out] io_logAddr TPM Log address * @param[out] o_allocationSize Total memory allocated for log * @param[out] o_xscomAddr Chip Xscom Address @@ -148,7 +149,7 @@ namespace TRUSTEDBOOT * Function will allocate a new region in memory to store log * for passing to opal */ - errlHndl_t TpmLogMgr_getDevtreeInfo(TpmLogMgr* val, + errlHndl_t TpmLogMgr_getDevtreeInfo(TpmLogMgr* i_val, uint64_t & io_logAddr, size_t & o_allocationSize, uint64_t & o_xscomAddr, @@ -156,11 +157,11 @@ namespace TRUSTEDBOOT /** * @brief Store TPM devtree node information - * @param[in] val TpmLogMgr structure + * @param[in] i_val TpmLogMgr structure * @param[in] i_xscomAddr Chip Xscom Address * @param[in] i_i2cMasterOffset i2c Master Offset */ - void TpmLogMgr_setTpmDevtreeInfo(TpmLogMgr* val, + void TpmLogMgr_setTpmDevtreeInfo(TpmLogMgr* i_val, uint64_t i_xscomAddr, uint32_t i_i2cMasterOffset); #endif @@ -168,24 +169,25 @@ namespace TRUSTEDBOOT /** * @brief Calculate the log size in bytes by walking the log - * @param[in] val TpmLogMgr structure + * @param[in] i_val TpmLogMgr structure * @return uint32_t Byte size of log */ - uint32_t TpmLogMgr_calcLogSize(TpmLogMgr* val); + uint32_t TpmLogMgr_calcLogSize(TpmLogMgr* i_val); /** * @brief Get pointer to first event in eventLog past the header event - * @param[in] val TpmLogMgr structure + * @param[in] i_val TpmLogMgr structure * @return uint8_t First event handle * @retval NULL On empty log * @retval !NULL First event handle */ - const uint8_t* TpmLogMgr_getFirstEvent(TpmLogMgr* val); + const uint8_t* TpmLogMgr_getFirstEvent(TpmLogMgr* i_val); /** * @brief Get pointer to next event in log and unmarshal log contents * into i_eventLog * + * @param[in] i_val TpmLogMgr structure * @param[in] i_handle Current event to unmarshal * @param[in] i_eventLog EVENT2 structure to populate * @param[in] o_err Indicates if an error occurred during @@ -195,7 +197,7 @@ namespace TRUSTEDBOOT * @retval NULL When val contains last entry in log * @retval !NULL When addition log entries available */ - const uint8_t* TpmLogMgr_getNextEvent(TpmLogMgr* val, + const uint8_t* TpmLogMgr_getNextEvent(TpmLogMgr* i_val, const uint8_t* i_handle, TCG_PCR_EVENT2* i_eventLog, bool* o_err); @@ -225,16 +227,16 @@ namespace TRUSTEDBOOT /** * @brief Dump contents of log to a trace - * @param[in] val TpmLogMgr structure + * @param[in] i_val TpmLogMgr structure */ - void TpmLogMgr_dumpLog(TpmLogMgr* val); + void TpmLogMgr_dumpLog(TpmLogMgr* i_val); /** * @brief Return a pointer to the start of the log - * @param[in] val TpmLogMgr structure + * @param[in] i_val TpmLogMgr structure * @return uint8_t* Pointer to the start of the TPM log */ - uint8_t* TpmLogMgr_getLogStartPtr(TpmLogMgr* val); + uint8_t* TpmLogMgr_getLogStartPtr(TpmLogMgr* i_val); #ifdef __cplusplus diff --git a/src/usr/secureboot/trusted/trustedTypes.C b/src/usr/secureboot/trusted/trustedTypes.C index edc0269cb..9e2581ef6 100644 --- a/src/usr/secureboot/trusted/trustedTypes.C +++ b/src/usr/secureboot/trusted/trustedTypes.C @@ -36,6 +36,7 @@ // Includes // ---------------------------------------------- #include <string.h> +#include <endian.h> #include "trustedboot.H" #include "trustedTypes.H" diff --git a/src/usr/secureboot/trusted/trustedTypes.H b/src/usr/secureboot/trusted/trustedTypes.H index dd42ccaae..104eeab99 100644 --- a/src/usr/secureboot/trusted/trustedTypes.H +++ b/src/usr/secureboot/trusted/trustedTypes.H @@ -62,7 +62,6 @@ namespace TRUSTEDBOOT typedef enum { - TPM_ALG_NUM_SUPPORTED = 1, ///< Number of algorithms supported TPM_ALG_SHA1_SIZE = 20, ///< SHA1 digest byte size TPM_ALG_SHA256_SIZE = 32, ///< SHA256 digest byte size TPM_ALG_INVALID_SIZE ///< Used for error checking diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C index 566cad335..a8d1f8adf 100644 --- a/src/usr/secureboot/trusted/trustedboot.C +++ b/src/usr/secureboot/trusted/trustedboot.C @@ -593,27 +593,9 @@ void pcrExtendSingleTpm(TpmTarget & io_target, mutex_lock( &io_target.tpmMutex ); unlock = true; - // Allocate the TPM log if it hasn't been already - if (!io_target.failed && - io_target.available && - NULL == io_target.logMgr) - { - io_target.logMgr = new TpmLogMgr; - err = TpmLogMgr_initialize(io_target.logMgr); - if (NULL != err) - { - break; - } - } - - // Log the event, we will do this in two scenarios - // - !initAttempted - prior to IPL of the TPM we log for replay - // - initAttempted && !failed - TPM is functional so we log - if ((io_target.available && - !io_target.initAttempted) || - (io_target.available && - io_target.initAttempted && - !io_target.failed)) + // Log the event + if (io_target.available && + !io_target.failed) { // Fill in TCG_PCR_EVENT2 and add to log eventLog = TpmLogMgr_genLogEventPcrExtend(i_pcr, @@ -627,14 +609,6 @@ void pcrExtendSingleTpm(TpmTarget & io_target, { break; } - } - - // If the TPM init has occurred and it is currently - // functional we will do our extension - if (io_target.available && - io_target.initAttempted && - !io_target.failed) - { // Perform the requested extension and also force into the // SHA1 bank @@ -665,6 +639,91 @@ void pcrExtendSingleTpm(TpmTarget & io_target, return; } +void pcrExtendSeparator(TpmTarget & io_target) +{ + errlHndl_t err = NULL; + TCG_PCR_EVENT2 eventLog; + bool unlock = false; + + // Separators are always the same values + // The digest is a sha1 hash of 0xFFFFFFFF + const uint8_t sha1_digest[] = { + 0xd9, 0xbe, 0x65, 0x24, 0xa5, 0xf5, 0x04, 0x7d, + 0xb5, 0x86, 0x68, 0x13, 0xac, 0xf3, 0x27, 0x78, + 0x92, 0xa7, 0xa3, 0x0a}; + // The digest is a sha256 hash of 0xFFFFFFFF + const uint8_t sha256_digest[] = { + 0xAD, 0x95, 0x13, 0x1B, 0xC0, 0xB7, 0x99, 0xC0, + 0xB1, 0xAF, 0x47, 0x7F, 0xB1, 0x4F, 0xCF, 0x26, + 0xA6, 0xA9, 0xF7, 0x60, 0x79, 0xE4, 0x8B, 0xF0, + 0x90, 0xAC, 0xB7, 0xE8, 0x36, 0x7B, 0xFD, 0x0E}; + // The event message is 0xFFFFFFFF + const char logMsg[] = { 0xFF, 0xFF, 0xFF, 0xFF, '\0'}; + + memset(&eventLog, 0, sizeof(eventLog)); + do + { + mutex_lock( &io_target.tpmMutex ); + unlock = true; + + for (TPM_Pcr curPcr = PCR_0; curPcr <= PCR_7; + curPcr = static_cast<TPM_Pcr>(curPcr + 1)) + { + + // Log the separator + if (io_target.available && + !io_target.failed) + { + // Fill in TCG_PCR_EVENT2 and add to log + eventLog = TpmLogMgr_genLogEventPcrExtend(curPcr, + TPM_ALG_SHA1, + sha1_digest, + sizeof(sha1_digest), + TPM_ALG_SHA256, + sha256_digest, + sizeof(sha256_digest), + logMsg); + err = TpmLogMgr_addEvent(io_target.logMgr,&eventLog); + if (NULL != err) + { + break; + } + + // Perform the requested extension + err = tpmCmdPcrExtend2Hash(&io_target, + curPcr, + TPM_ALG_SHA1, + sha1_digest, + sizeof(sha1_digest), + TPM_ALG_SHA256, + sha256_digest, + sizeof(sha256_digest)); + if (NULL != err) + { + break; + } + + } + } + + } while ( 0 ); + + if (NULL != err) + { + // We failed to extend to this TPM we can no longer use it + tpmMarkFailed(&io_target); + + // Log this failure + errlCommit(err, SECURE_COMP_ID); + } + + if (unlock) + { + mutex_unlock(&io_target.tpmMutex); + } + return; +} + void tpmMarkFailed(TpmTarget * io_target) { @@ -819,6 +878,25 @@ void* tpmDaemon(void* unused) TRUSTEDBOOT::tpmVerifyFunctionalTpmExists(); } break; + case TRUSTEDBOOT::MSG_TYPE_SEPARATOR: + { + tb_msg = static_cast<TRUSTEDBOOT::Message*>(msg->extra_data); + + for (size_t idx = 0; + idx < TRUSTEDBOOT::MAX_SYSTEM_TPMS; idx++) + { + // Add the separator to this TPM, + // if an error occurs the TPM will + // be marked as failed and the error log committed + TRUSTEDBOOT::pcrExtendSeparator( + TRUSTEDBOOT::systemTpms.tpm[idx]); + } + + // Lastly make sure we are in a state + // where we have a functional TPM + TRUSTEDBOOT::tpmVerifyFunctionalTpmExists(); + } + break; default: assert(false, "Invalid msg command"); diff --git a/src/usr/secureboot/trusted/trustedboot.H b/src/usr/secureboot/trusted/trustedboot.H index 70e257406..31dcfc2be 100644 --- a/src/usr/secureboot/trusted/trustedboot.H +++ b/src/usr/secureboot/trusted/trustedboot.H @@ -129,6 +129,11 @@ void pcrExtendSingleTpm(TpmTarget & io_target, size_t i_digestSize, const char* i_logMsg); +/** + * @brief Extend a separator into a TPM and log + * @param[in/out] io_target Current TPM target structure + */ +void pcrExtendSeparator(TpmTarget & io_target); /** * @brief Is the TPM_REQUIRED flag set such that the |
