diff options
author | Jaymes Wilks <mjwilks@us.ibm.com> | 2016-11-04 10:53:04 -0500 |
---|---|---|
committer | Matthew A. Ploetz <maploetz@us.ibm.com> | 2016-12-12 18:00:15 -0500 |
commit | 3cc8333f39c18fc836a9b8fcf84535d6748d0b1e (patch) | |
tree | c71b28c77d0df0da33ac0e2d1b87d2bfcf4290cc /src/usr/pnor/spnorrp.C | |
parent | 8f2f91b900739efa6acf737f720dfeb7059b30ba (diff) | |
download | talos-hostboot-3cc8333f39c18fc836a9b8fcf84535d6748d0b1e.tar.gz talos-hostboot-3cc8333f39c18fc836a9b8fcf84535d6748d0b1e.zip |
Secure PNORRP port resync from p8
Brings SPNORRP p9 up to date with the latest changes from p8.
Change-Id: I9e80199ffad1b3082339069264560029e83a3d78
RTC:163078
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/32260
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Matthew A. Ploetz <maploetz@us.ibm.com>
Diffstat (limited to 'src/usr/pnor/spnorrp.C')
-rw-r--r-- | src/usr/pnor/spnorrp.C | 68 |
1 files changed, 41 insertions, 27 deletions
diff --git a/src/usr/pnor/spnorrp.C b/src/usr/pnor/spnorrp.C index 71de27578..8fdd5d4e0 100644 --- a/src/usr/pnor/spnorrp.C +++ b/src/usr/pnor/spnorrp.C @@ -261,11 +261,12 @@ void SPnorRP::initDaemon() /** * @brief Load secure sections into temporary address space and verify them */ -void SPnorRP::verifySections(LoadRecord* o_rec, SectionId i_id) +uint64_t SPnorRP::verifySections(SectionId i_id, LoadRecord* o_rec) { SectionInfo_t l_info; errlHndl_t l_errhdl = NULL; bool failedVerify = false; + uint64_t l_rc = 0; do { l_errhdl = getSectionInfo(i_id, l_info); @@ -450,20 +451,23 @@ void SPnorRP::verifySections(LoadRecord* o_rec, SectionId i_id) if( l_errhdl ) { + l_rc = EACCES; uint32_t l_errPlid = l_errhdl->plid(); iv_startupRC = l_errhdl->reasonCode(); TRACFCOMP(g_trac_pnor,ERR_MRK"SPnorRP::verifySections there was an error"); if (failedVerify) { TRACFCOMP(g_trac_pnor,ERR_MRK"SPnorRP::verifySections failed verify"); - SECUREBOOT::handleSecurebootFailure(l_errhdl); + SECUREBOOT::handleSecurebootFailure(l_errhdl,false); } else { errlCommit(l_errhdl,PNOR_COMP_ID); - INITSERVICE::doShutdown(l_errPlid); + INITSERVICE::doShutdown(l_errPlid, true); } } + + return l_rc; } @@ -590,15 +594,25 @@ void SPnorRP::waitForMessage() { SectionId l_id = static_cast<SectionId>(message->data[0]); - if (iv_loadedSections[l_id] == NULL) + do { - LoadRecord* l_record = new LoadRecord; - verifySections(l_record,l_id); - iv_loadedSections[l_id] = l_record; + if (iv_loadedSections[l_id] == NULL) + { + LoadRecord* l_record = new LoadRecord; + uint64_t l_rc = verifySections(l_id, l_record); + if (l_rc) + { + delete l_record; + l_record = NULL; + status_rc = -l_rc; + break; + } + iv_loadedSections[l_id] = l_record; - // cache the record to use fields later as hints - l_rec = *l_record; - } + // cache the record to use fields later as hints + l_rec = *l_record; + } + } while (0); } break; @@ -718,16 +732,18 @@ errlHndl_t PNOR::loadSecureSection(const SectionId i_section) // err = reinterpret_cast<errlHndl_t>(msg->data[1]); //} //else remove the if clause below at some point - if (rc != 0) + if (rc != 0 || msg->data[1]) { + // Use rc if non-zero, msg data[1] otherwise. + uint64_t l_rc = (rc) ? rc : msg->data[1]; - TRACFCOMP(g_trac_pnor,ERR_MRK"PNOR::loadSecureSection> Error from msg_sendrecv rc=%d", - rc ); + TRACFCOMP(g_trac_pnor,ERR_MRK"PNOR::loadSecureSection> Error from msg_sendrecv or msg->data[1] rc=0x%X", + l_rc ); /* @errorlog * @severity ERRL_SEV_CRITICAL_SYS_TERM * @moduleid MOD_PNORRP_LOADSECURESECTION * @reasoncode RC_EXTERNAL_ERROR - * @userdata1 returncode from msg_sendrecv() + * @userdata1 returncode from msg_sendrecv() or msg->data[1] * @userdata2[0:31] SPNOR message type [LOAD | UNLOAD] * @userdata2[32:63] Section ID * @devdesc Could not load/unload section. @@ -738,14 +754,14 @@ errlHndl_t PNOR::loadSecureSection(const SectionId i_section) ERRORLOG::ERRL_SEV_CRITICAL_SYS_TERM, MOD_PNORRP_LOADSECURESECTION, RC_EXTERNAL_ERROR, - rc, + l_rc, TWO_UINT32_TO_UINT64(PNOR::MSG_LOAD_SECTION, i_section), true /* Add HB Software Callout */); err->collectTrace(PNOR_COMP_NAME); + err->collectTrace(SECURE_COMP_NAME); } msg_free(msg); - return err; } @@ -779,9 +795,9 @@ errlHndl_t SPnorRP::miscSectionVerification(const uint8_t *i_vaddr, l_errl = baseExtVersCheck((i_vaddr + PAGESIZE)); break; case SBKT: - // Ensure the SBKT partition has a valid key transition container - // Add PAGESIZE to skip outer container - l_errl = keyTransitionCheck((i_vaddr + PAGESIZE)); + // Ensure the outer container of the SBKT partition has a valid key + // transition container + l_errl = keyTransitionCheck((i_vaddr)); break; default: break; @@ -806,7 +822,6 @@ errlHndl_t SPnorRP::baseExtVersCheck(const uint8_t *i_vaddr) const // Calculate hash of HBB's sw signatures SHA512_t l_hashSwSigs = {0}; - SECUREBOOT::hashBlob(l_hbbContainerHeader.sw_sigs(), l_hbbContainerHeader.totalSwKeysSize(), l_hashSwSigs); @@ -864,8 +879,8 @@ errlHndl_t SPnorRP::keyTransitionCheck(const uint8_t *i_vaddr) const do { // Check if the header flags have the key transition bit set - SECUREBOOT::ContainerHeader l_nestedConHdr(i_vaddr); - if (!l_nestedConHdr.sb_flags()->hw_key_transition) + SECUREBOOT::ContainerHeader l_outerConHdr(i_vaddr); + if (!l_outerConHdr.sb_flags()->hw_key_transition) { TRACFCOMP( g_trac_pnor, ERR_MRK"SPnorRP::keyTransitionCheck() - Key transition flag not set"); /*@ @@ -875,7 +890,7 @@ errlHndl_t SPnorRP::keyTransitionCheck(const uint8_t *i_vaddr) const * @reasoncode RC_KEY_TRAN_FLAG_UNSET * @userdata1 0 * @userdata2 0 - * @devdesc Key transition flag not set in nested SBKT container containing new hw keys + * @devdesc Key transition flag not set in outer SBKT container containing new hw keys * @custdesc Secureboot key transition failure */ l_errl = new ERRORLOG::ErrlEntry( ERRORLOG::ERRL_SEV_CRITICAL_SYS_TERM, @@ -889,17 +904,16 @@ errlHndl_t SPnorRP::keyTransitionCheck(const uint8_t *i_vaddr) const break; } -// TODO securebootp9 - remove the following #if 0 and address issues -#if 1 // Validate nested container is properly signed using new hw keys - l_errl = SECUREBOOT::verifyContainer(const_cast<uint8_t*>(i_vaddr), + uint8_t * l_nestedVaddr = const_cast<uint8_t*>(i_vaddr) + PAGESIZE; + SECUREBOOT::ContainerHeader l_nestedConHdr(l_nestedVaddr); + l_errl = SECUREBOOT::verifyContainer(l_nestedVaddr, l_nestedConHdr.hwKeyHash()); if (l_errl) { TRACFCOMP( g_trac_pnor, ERR_MRK"SPnorRP::keyTransitionCheck() - failed verifyContainer"); break; } -#endif }while(0); return l_errl; |