Verify ComponentID and Extend PAYLOAD

While verifying the PAYLOAD in memory before moving it to its final location, this commit parses the PAYLOAD's header and verifies that it has the correct componentId. It also extends the PAYLOAD information to the TPM. Change-Id: Ie333d1ba5919b36919b207f25ad60806359ed710 RTC:168745 Backport: release-fips910 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/52837 Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
author: Mike Baiocchi <mbaiocch@us.ibm.com> 2018-01-26 17:51:38 -0600
committer: Daniel M. Crowell <dcrowell@us.ibm.com> 2018-02-01 17:59:52 -0500
commit: 1d437c8dc54886f43ab77447f0456c49f5b69c04 (patch)
tree: d44fb64613a6b23e25c99f31daa6b0e2436c325e
parent: 4046ab053d85e0a531532f1a40894efb9361c83c (diff)
download: talos-hostboot-1d437c8dc54886f43ab77447f0456c49f5b69c04.tar.gz
talos-hostboot-1d437c8dc54886f43ab77447f0456c49f5b69c04.zip
5 files changed, 94 insertions, 42 deletions
diff --git a/src/include/usr/util/utilmclmgr.H b/src/include/usr/util/utilmclmgr.H
index 1d47523b4..82ef6f2ed 100644
--- a/src/include/usr/util/utilmclmgr.H
+++ b/src/include/usr/util/utilmclmgr.H
@@ -48,6 +48,7 @@ typedef char CompIdString[17];
 // Constants to simplify checking for the MCL and POWERVM comp ids
 extern const ComponentID g_MclCompId;
 extern const ComponentID g_PowervmCompId;
+extern const ComponentID g_OpalCompId;
 
 // @enum Permission Types for MCL Component
 enum class CompFlags : uint16_t
@@ -255,6 +256,17 @@ class MasterContainerLidMgr
      */
     errlHndl_t processComponents();
 
+    /**
+     * @brief TPM extend information for secure components
+     *
+     * @param[in] i_compId - Component Id
+     * @param[in] i_conHdr - Container header with information to extend
+     *
+     * @return Error handle if error
+     */
+    static errlHndl_t tpmExtend(const ComponentID& i_compId,
+                                const SECUREBOOT::ContainerHeader& i_conHdr);
+
     protected:
 
     /**
@@ -358,17 +370,6 @@ class MasterContainerLidMgr
     errlHndl_t verifyExtend(const ComponentID& i_compId,
                             CompInfo& io_compInfo);
 
-    /**
-     * @brief TPM extend information for secure components
-     *
-     * @param[in] i_compId - Component Id
-     * @param[in] i_conHdr - Container header with information to extend
-     *
-     * @return Error handle if error
-     */
-    errlHndl_t tpmExtend(const ComponentID& i_compId,
-                         const SECUREBOOT::ContainerHeader& i_conHdr) const;
-
     // Physical addresses reserved for the MCL itself
     uint64_t iv_mclAddr;
 
@@ -408,4 +409,4 @@ class MasterContainerLidMgr
 
 } // end namespace MCL
 
-#endif
-\ No newline at end of file
+#endif
diff --git a/src/usr/isteps/istep21/call_host_runtime_setup.C b/src/usr/isteps/istep21/call_host_runtime_setup.C
index 73bf8cd26..b91e83fd3 100644
--- a/src/usr/isteps/istep21/call_host_runtime_setup.C
+++ b/src/usr/isteps/istep21/call_host_runtime_setup.C
@@ -38,9 +38,11 @@
 #include <targeting/common/util.H>
 #include <vpd/vpd_if.H>
 #include <util/utiltce.H>
+#include <util/utilmclmgr.H>
 #include <map>
 
 #include <secureboot/service.H>
+#include <secureboot/containerheader.H>
 #include <sys/mm.h>
 //SBE interfacing
 #include    <sbeio/sbeioif.H>
@@ -115,6 +117,12 @@ errlHndl_t verifyAndMovePayload(void)
         break;
     }
 
+    // Setup componend IDs and strings
+    const MCL::ComponentID l_compId = is_phyp ? MCL::g_PowervmCompId
+                                              : MCL::g_OpalCompId;
+    MCL::CompIdString l_IdStr = {};
+    MCL::compIdToString(l_compId, l_IdStr);
+
     // Get Temporary Virtual Address To Payload
     uint64_t payload_tmp_phys_addr = MCL_TMP_ADDR;
     uint64_t payload_size          = MCL_TMP_SIZE;
@@ -136,9 +144,23 @@ errlHndl_t verifyAndMovePayload(void)
     }
 
     TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace,"verifyAndMovePayload() "
-               "Processing PAYLOAD_KIND = %d (is_phyp=%d): "
+               "Processing PAYLOAD_KIND = %d (Id='%s') (is_phyp=%d): "
                "physAddr=0x%.16llX, virtAddr=0x%.16llX",
-               payload_kind, is_phyp, payload_tmp_phys_addr, payload_tmp_virt_addr );
+               payload_kind, l_IdStr, is_phyp, payload_tmp_phys_addr,
+               payload_tmp_virt_addr );
+
+
+    // Parse Container Header
+    SECUREBOOT::ContainerHeader l_conHdr;
+    l_err = l_conHdr.setHeader(payload_tmp_virt_addr);
+    if (l_err)
+    {
+        TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace,
+                   ERR_MRK"verifyAndMovePayload(): Fail to parse container "
+                   "header at payload_tmp_virt_addr = 0x%.16llX",
+                   payload_tmp_virt_addr);
+        break;
+    }
 
     // If in Secure Mode Verify PHYP at Temporary TCE-related Memory Location
     if (SECUREBOOT::enabled() && is_phyp)
@@ -147,6 +169,7 @@ errlHndl_t verifyAndMovePayload(void)
                    "Verifying PAYLOAD: physAddr=0x%.16llX, virtAddr=0x%.16llX",
                    payload_tmp_phys_addr, payload_tmp_virt_addr );
 
+        // Verify Container
         l_err = SECUREBOOT::verifyContainer(payload_tmp_virt_addr);
         if (l_err)
         {
@@ -156,12 +179,35 @@ errlHndl_t verifyAndMovePayload(void)
             SECUREBOOT::handleSecurebootFailure(l_err);
             assert(false,"Bug! handleSecurebootFailure shouldn't return!");
         }
+
+        // Get PAYLOAD size from verified Header
+        payload_size = l_conHdr.payloadTextSize() + PAGESIZE;
+        assert(payload_size <= MCL_TMP_SIZE, "verifyAndMovePayload payload_size 0x%X must be <= MCL_TMP_SIZE (0x%X)", payload_size, MCL_TMP_SIZE );
+
+        // Verify ASCII Component Id in the Secure Header matches expected value
+        l_err = SECUREBOOT::verifyComponentId(l_conHdr, l_IdStr);
+        if (l_err)
+        {
+            TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace,
+                       ERR_MRK"verifyAndMovePayload(): Fail to verify component"
+                       "Id %s in header at payload_tmp_virt_addr = 0x%.16llX",
+                       l_IdStr, payload_tmp_virt_addr);
+            break;
+        }
     }
 
-    // @TODO RTC 168745 - Verify Component ID with ASCII
-    // @TODO RTC 168745 - Extend PAYLOAD
+    // Extend PAYLOAD
+    l_err = MCL::MasterContainerLidMgr::tpmExtend(l_compId, l_conHdr);
+    if (l_err)
+    {
+        TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace,
+                   ERR_MRK"verifyAndMovePayload(): Fail to tpmExend "
+                   "Id %s in header at payload_tmp_virt_addr = 0x%.16llX",
+                   l_IdStr, payload_tmp_virt_addr);
+        break;
+    }
 
-    // Move PHYP to Final Location
+    // Move PAYLOAD to Final Location
     // Get Target Service, and the system target.
     TargetService& tS = targetService();
     TARGETING::Target* sys = nullptr;
@@ -186,7 +232,6 @@ errlHndl_t verifyAndMovePayload(void)
         payload_size -= PAGESIZE;
     }
 
-    // @TODO RTC 168745 - Use ContainerHeader to get accurate payload size
     payloadBase_virt_addr = mm_block_map(
                                reinterpret_cast<void*>(payloadBase),
                                payload_size);
diff --git a/src/usr/secureboot/base/securerommgr.C b/src/usr/secureboot/base/securerommgr.C
index 02eca6293..17becb6b6 100644
--- a/src/usr/secureboot/base/securerommgr.C
+++ b/src/usr/secureboot/base/securerommgr.C
@@ -104,7 +104,7 @@ errlHndl_t verifyComponentId(
         TRACFCOMP(g_trac_secure,ERR_MRK"SECUREROM::verifyComponentId: "
             "Secure Boot verification failure; container's component ID of "
             "[%s] does not match expected component ID of [%s] (truncated "
-            "from [%s]",
+            "from [%s])",
             i_containerHeader.componentId(),
             pTruncatedComponentId,
             i_pComponentId);
diff --git a/src/usr/secureboot/trusted/tpmLogMgr.C b/src/usr/secureboot/trusted/tpmLogMgr.C
index 625c6261a..855d02b5a 100644
--- a/src/usr/secureboot/trusted/tpmLogMgr.C
+++ b/src/usr/secureboot/trusted/tpmLogMgr.C
@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2015,2017                        */
+/* Contributors Listed Below - COPYRIGHT 2015,2018                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -595,6 +595,7 @@ namespace TRUSTEDBOOT
         memset(i_val->eventLogInMem, 0, i_maxSize);
         memcpy(i_val->eventLogInMem, i_val->eventLog, i_val->logSize);
         i_val->newEventPtr = i_val->eventLogInMem + i_val->logSize;
+        i_val->logMaxSize = i_maxSize;
 
         mutex_unlock( &i_val->logMutex );
 
diff --git a/src/usr/util/utilmclmgr.C b/src/usr/util/utilmclmgr.C
index bcf0432bb..a89c124b8 100644
--- a/src/usr/util/utilmclmgr.C
+++ b/src/usr/util/utilmclmgr.C
@@ -42,6 +42,7 @@ const size_t MclCompSectionPadSize = 16;
 
 const ComponentID g_MclCompId {"MSTCONT"};
 const ComponentID g_PowervmCompId {"POWERVM"};
+const ComponentID g_OpalCompId {"OPAL"};
 
 void compIdToString(const ComponentID i_compId, CompIdString o_compIdStr)
 {
@@ -605,21 +606,6 @@ errlHndl_t MasterContainerLidMgr::verifyExtend(const ComponentID& i_compId,
     if( (io_compInfo.flags & CompFlags::SIGNED_PRE_VERIFY) ==
          CompFlags::SIGNED_PRE_VERIFY)
     {
-        // Only verify the lids if in secure mode
-        if (SECUREBOOT::enabled())
-        {
-            // Verify Container - some combination of Lids
-
-            l_errl = SECUREBOOT::verifyContainer(iv_pVaddr,
-                                             extractLidIds(io_compInfo.lidIds));
-            if (l_errl)
-            {
-                UTIL_FT(ERR_MRK"MasterContainerLidMgr::verifyExtend - failed verifyContainer");
-                SECUREBOOT::handleSecurebootFailure(l_errl);
-                assert(false,"Bug! handleSecurebootFailure shouldn't return!");
-            }
-        }
-
         // Parse Container Header
         SECUREBOOT::ContainerHeader l_conHdr;
         l_errl = l_conHdr.setHeader(iv_pVaddr);
@@ -635,15 +621,34 @@ errlHndl_t MasterContainerLidMgr::verifyExtend(const ComponentID& i_compId,
         io_compInfo.unprotectedSize = l_conHdr.totalContainerSize() -
                                       l_conHdr.payloadTextSize();
 
-        // Verify the component in the Secure Header matches the MCL
-        l_errl = SECUREBOOT::verifyComponentId(l_conHdr, iv_curCompIdStr);
+        // Only verify the lids if in secure mode
+        if (SECUREBOOT::enabled())
+        {
+            // Verify Container - some combination of Lids
+            l_errl = SECUREBOOT::verifyContainer(iv_pVaddr,
+                                             extractLidIds(io_compInfo.lidIds));
+            if (l_errl)
+            {
+                UTIL_FT(ERR_MRK"MasterContainerLidMgr::verifyExtend - failed verifyContainer");
+                SECUREBOOT::handleSecurebootFailure(l_errl);
+                assert(false,"Bug! handleSecurebootFailure shouldn't return!");
+            }
+
+            // Verify the component in the Secure Header matches the MCL
+            l_errl = SECUREBOOT::verifyComponentId(l_conHdr, iv_curCompIdStr);
+            if (l_errl)
+            {
+                l_errl->collectTrace(UTIL_COMP_NAME);
+                break;
+            }
+        }
+
+        l_errl = tpmExtend(i_compId, l_conHdr);
         if (l_errl)
         {
             l_errl->collectTrace(UTIL_COMP_NAME);
             break;
         }
-
-        tpmExtend(i_compId, l_conHdr);
     }
     } while(0);
 
@@ -653,7 +658,7 @@ errlHndl_t MasterContainerLidMgr::verifyExtend(const ComponentID& i_compId,
 }
 
 errlHndl_t MasterContainerLidMgr::tpmExtend(const ComponentID& i_compId,
-                            const SECUREBOOT::ContainerHeader& i_conHdr) const
+                            const SECUREBOOT::ContainerHeader& i_conHdr)
 {
     UTIL_DT(ENTER_MRK"MasterContainerLidMgr::tpmExtend");
 
@@ -681,7 +686,7 @@ errlHndl_t MasterContainerLidMgr::tpmExtend(const ComponentID& i_compId,
     if (l_errl)
     {
         UTIL_FT(ERR_MRK "MasterContainerLidMgr::tpmExtend - pcrExtend() (payload text hash) failed for component %s",
-                  iv_curCompIdStr);
+                  i_conHdr.componentId());
         break;
     }
 
@@ -694,7 +699,7 @@ errlHndl_t MasterContainerLidMgr::tpmExtend(const ComponentID& i_compId,
     if (l_errl)
     {
         UTIL_FT(ERR_MRK "MasterContainerLidMgr::tpmExtend - pcrExtend() (FW key hash) failed for component %s",
-                iv_curCompIdStr);
+                i_conHdr.componentId());
         break;
     }
author	Mike Baiocchi <mbaiocch@us.ibm.com>	2018-01-26 17:51:38 -0600
committer	Daniel M. Crowell <dcrowell@us.ibm.com>	2018-02-01 17:59:52 -0500
commit	1d437c8dc54886f43ab77447f0456c49f5b69c04 (patch)
tree	d44fb64613a6b23e25c99f31daa6b0e2436c325e
parent	4046ab053d85e0a531532f1a40894efb9361c83c (diff)
download	talos-hostboot-1d437c8dc54886f43ab77447f0456c49f5b69c04.tar.gz talos-hostboot-1d437c8dc54886f43ab77447f0456c49f5b69c04.zip