diff options
author | Nick Bofferding <bofferdn@us.ibm.com> | 2017-10-20 21:13:34 -0500 |
---|---|---|
committer | William G. Hoffa <wghoffa@us.ibm.com> | 2017-11-03 09:45:20 -0400 |
commit | 07d75753d59419ea6ba9ee3bd930e0aa8e7e7fd5 (patch) | |
tree | 78633da60312ff8cfd54807f787219036e976621 /src/bootloader | |
parent | 47f275a6bd3b2104a82d9786122afd6fe25f05de (diff) | |
download | talos-hostboot-07d75753d59419ea6ba9ee3bd930e0aa8e7e7fd5.tar.gz talos-hostboot-07d75753d59419ea6ba9ee3bd930e0aa8e7e7fd5.zip |
Secure Boot: Enforce PNOR section component IDs
- In secure mode, bootloader will enforce that HBB component ID is set
- In secure mode, Hostboot will enforce that PNOR component IDs are set
Change-Id: I04f3bbc45417b3229003c56e1083e1fc31c01cd7
RTC: 179422
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/48711
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Diffstat (limited to 'src/bootloader')
-rw-r--r-- | src/bootloader/bootloader.C | 87 |
1 files changed, 86 insertions, 1 deletions
diff --git a/src/bootloader/bootloader.C b/src/bootloader/bootloader.C index 99ac0b1ec..745e33c5d 100644 --- a/src/bootloader/bootloader.C +++ b/src/bootloader/bootloader.C @@ -178,6 +178,89 @@ namespace Bootloader{ } /** + * @brief Verify container's component ID against a reference + * component ID. Up to 8 ASCII characters, not including NULL, will be + * compared (thus, it is critical that all components are unique with + * respect to the first 8 bytes). + * + * @param[in] i_pHeader Void pointer to start of the container's secure + * header. Must not be nullptr or function will assert. + * @param[in] i_pComponentId Reference component ID to compare to. Must + * not be nullptr or function will assert. + */ + void verifyComponent( + const void* const i_pHeader, + const char* const i_pComponentId) + { + assert(i_pHeader != nullptr); + assert(i_pComponentId != nullptr); + + const auto* const pHwPrefix = + reinterpret_cast<const ROM_prefix_header_raw* const>( + reinterpret_cast<const uint8_t* const>(i_pHeader) + + offsetof(ROM_container_raw,prefix)); + const auto swKeyCount = pHwPrefix->sw_key_count; + const auto ecidCount = pHwPrefix->ecid_count; + + const char* const pCompIdInContainer = + reinterpret_cast<const char* const>(i_pHeader) + + offsetof(ROM_container_raw,prefix) + + offsetof(ROM_prefix_header_raw,ecid) + + ecidCount*ECID_SIZE + + offsetof(ROM_prefix_data_raw,sw_pkey_p) + + swKeyCount*sizeof(ecc_key_t) + + offsetof(ROM_sw_header_raw,component_id); + + if(strncmp(pCompIdInContainer, + i_pComponentId, + sizeof(ROM_sw_header_raw::component_id)) != 0) + { + char pTruncatedComponentId[ + sizeof(ROM_sw_header_raw::component_id) + + sizeof(uint8_t)]={0}; + strncpy(pTruncatedComponentId, + i_pComponentId, + sizeof(ROM_sw_header_raw::component_id)); + + BOOTLOADER_TRACE(BTLDR_TRC_COMP_ID_VERIFY_FAILED); + + // Read SBE HB shared data + const auto pBlConfigData = reinterpret_cast< + BootloaderConfigData_t *>(SBE_HB_COMM_ADDR); + + /*@ + * @errortype + * @moduleid Bootloader::MOD_BOOTLOADER_VERIFY_COMP_ID + * @reasoncode SECUREBOOT::RC_ROM_VERIFY + * @userdata1[0:15] TI_WITH_SRC + * @userdata1[16:31] TI_BOOTLOADER + * @userdata1[32:63] Failing address = 0 + * @userdata2[0:31] First 4 bytes of observed component ID + * @userdata2[32:63] Last 4 bytes of observed component ID + * @errorInfo[0:15] SBE boot side + * @errorInfo[16:31] Unused + * @devdesc Container component ID verification failed. + * @custdesc Platform security violation detected + */ + bl_terminate( + MOD_BOOTLOADER_VERIFY_COMP_ID, + SECUREBOOT::RC_ROM_VERIFY, + *reinterpret_cast<const uint32_t*>( + pCompIdInContainer), + *reinterpret_cast<const uint32_t*>( + pCompIdInContainer+sizeof(uint32_t)), + true, + 0, + TWO_UINT16_TO_UINT32( + pBlConfigData->sbeBootSide,0)); + } + else + { + BOOTLOADER_TRACE(BTLDR_TRC_COMP_ID_VERIFY_SUCCESS); + } + } + + /** * @brief Verify Container against system hash keys * * @param[in] i_pContainer Void pointer to effective address @@ -298,11 +381,13 @@ namespace Bootloader{ } BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_SUCCESS); + + verifyComponent(i_pContainer, + PNOR::SectionIdToString(PNOR::HB_BASE_CODE)); } #endif } - /** Bootloader main function to work with and start HBB. * * @return 0. |