Secure Boot: Enforce PNOR section component IDs

- In secure mode, bootloader will enforce that HBB component ID is set - In secure mode, Hostboot will enforce that PNOR component IDs are set Change-Id: I04f3bbc45417b3229003c56e1083e1fc31c01cd7 RTC: 179422 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/48711 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
author: Nick Bofferding <bofferdn@us.ibm.com> 2017-10-20 21:13:34 -0500
committer: William G. Hoffa <wghoffa@us.ibm.com> 2017-11-03 09:45:20 -0400
commit: 07d75753d59419ea6ba9ee3bd930e0aa8e7e7fd5 (patch)
tree: 78633da60312ff8cfd54807f787219036e976621 /src/bootloader
parent: 47f275a6bd3b2104a82d9786122afd6fe25f05de (diff)
download: talos-hostboot-07d75753d59419ea6ba9ee3bd930e0aa8e7e7fd5.tar.gz
talos-hostboot-07d75753d59419ea6ba9ee3bd930e0aa8e7e7fd5.zip
1 files changed, 86 insertions, 1 deletions
diff --git a/src/bootloader/bootloader.C b/src/bootloader/bootloader.C
index 99ac0b1ec..745e33c5d 100644
--- a/src/bootloader/bootloader.C
+++ b/src/bootloader/bootloader.C
@@ -178,6 +178,89 @@ namespace Bootloader{
     }
 
     /**
+     *  @brief Verify container's component ID against a reference
+     *     component ID. Up to 8 ASCII characters, not including NULL, will be
+     *     compared (thus, it is critical that all components are unique with
+     *     respect to the first 8 bytes).
+     *
+     *  @param[in] i_pHeader Void pointer to start of the container's secure
+     *      header.  Must not be nullptr or function will assert.
+     *  @param[in] i_pComponentId Reference component ID to compare to.  Must
+     *      not be nullptr or function will assert.
+     */
+    void verifyComponent(
+        const void* const i_pHeader,
+        const char* const i_pComponentId)
+    {
+        assert(i_pHeader != nullptr);
+        assert(i_pComponentId != nullptr);
+
+        const auto* const pHwPrefix =
+            reinterpret_cast<const ROM_prefix_header_raw* const>(
+                  reinterpret_cast<const uint8_t* const>(i_pHeader)
+                + offsetof(ROM_container_raw,prefix));
+        const auto swKeyCount = pHwPrefix->sw_key_count;
+        const auto ecidCount = pHwPrefix->ecid_count;
+
+        const char* const pCompIdInContainer =
+              reinterpret_cast<const char* const>(i_pHeader)
+            + offsetof(ROM_container_raw,prefix)
+            + offsetof(ROM_prefix_header_raw,ecid)
+            + ecidCount*ECID_SIZE
+            + offsetof(ROM_prefix_data_raw,sw_pkey_p)
+            + swKeyCount*sizeof(ecc_key_t)
+            + offsetof(ROM_sw_header_raw,component_id);
+
+        if(strncmp(pCompIdInContainer,
+                   i_pComponentId,
+                   sizeof(ROM_sw_header_raw::component_id)) != 0)
+        {
+            char pTruncatedComponentId[
+                  sizeof(ROM_sw_header_raw::component_id)
+                + sizeof(uint8_t)]={0};
+            strncpy(pTruncatedComponentId,
+                    i_pComponentId,
+                    sizeof(ROM_sw_header_raw::component_id));
+
+            BOOTLOADER_TRACE(BTLDR_TRC_COMP_ID_VERIFY_FAILED);
+
+            // Read SBE HB shared data
+            const auto pBlConfigData = reinterpret_cast<
+                BootloaderConfigData_t *>(SBE_HB_COMM_ADDR);
+
+            /*@
+             * @errortype
+             * @moduleid         Bootloader::MOD_BOOTLOADER_VERIFY_COMP_ID
+             * @reasoncode       SECUREBOOT::RC_ROM_VERIFY
+             * @userdata1[0:15]  TI_WITH_SRC
+             * @userdata1[16:31] TI_BOOTLOADER
+             * @userdata1[32:63] Failing address = 0
+             * @userdata2[0:31]  First 4 bytes of observed component ID
+             * @userdata2[32:63] Last 4 bytes of observed component ID
+             * @errorInfo[0:15]  SBE boot side
+             * @errorInfo[16:31] Unused
+             * @devdesc          Container component ID verification failed.
+             * @custdesc         Platform security violation detected
+             */
+            bl_terminate(
+                MOD_BOOTLOADER_VERIFY_COMP_ID,
+                SECUREBOOT::RC_ROM_VERIFY,
+                *reinterpret_cast<const uint32_t*>(
+                   pCompIdInContainer),
+                *reinterpret_cast<const uint32_t*>(
+                   pCompIdInContainer+sizeof(uint32_t)),
+                true,
+                0,
+                TWO_UINT16_TO_UINT32(
+                    pBlConfigData->sbeBootSide,0));
+        }
+        else
+        {
+            BOOTLOADER_TRACE(BTLDR_TRC_COMP_ID_VERIFY_SUCCESS);
+        }
+    }
+
+    /**
      * @brief Verify Container against system hash keys
      *
      * @param[in] i_pContainer  Void pointer to effective address
@@ -298,11 +381,13 @@ namespace Bootloader{
             }
 
             BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_SUCCESS);
+
+            verifyComponent(i_pContainer,
+                            PNOR::SectionIdToString(PNOR::HB_BASE_CODE));
         }
 #endif
     }
 
-
     /** Bootloader main function to work with and start HBB.
      *
      * @return 0.
author	Nick Bofferding <bofferdn@us.ibm.com>	2017-10-20 21:13:34 -0500
committer	William G. Hoffa <wghoffa@us.ibm.com>	2017-11-03 09:45:20 -0400
commit	07d75753d59419ea6ba9ee3bd930e0aa8e7e7fd5 (patch)
tree	78633da60312ff8cfd54807f787219036e976621 /src/bootloader
parent	47f275a6bd3b2104a82d9786122afd6fe25f05de (diff)
download	talos-hostboot-07d75753d59419ea6ba9ee3bd930e0aa8e7e7fd5.tar.gz talos-hostboot-07d75753d59419ea6ba9ee3bd930e0aa8e7e7fd5.zip