diff options
| author | Stephen Cprek <smcprek@us.ibm.com> | 2017-11-20 16:56:44 -0600 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-12-18 17:27:59 -0500 |
| commit | 9ae6e9595f9773d295b7e3ade47088f554c1ed48 (patch) | |
| tree | f33427b681154991423fb9faad3476bf4aa17ff4 /src/usr/pnor | |
| parent | 8392e4f606607e505bb99de2a8d229ae69be5efe (diff) | |
| download | talos-hostboot-9ae6e9595f9773d295b7e3ade47088f554c1ed48.tar.gz talos-hostboot-9ae6e9595f9773d295b7e3ade47088f554c1ed48.zip | |
Remove Secure Boot workarounds
- Removing the magic number checks that would block sb functionality
if things didn't appear secure
- Remove Best Effort Policy and all of its related code
- Remove the legacy PCR extension
- Remove the non-secure header preservation path.
- Always load HB base image header from the bl to hb data path
vs settings unsecurely out of pnor
Change-Id: Ie638384ac50ed47850985c959ea7a32e5757d64e
RTC: 178520
RTC: 155374
RTC: 173489
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/49925
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/pnor')
| -rw-r--r-- | src/usr/pnor/pnor_common.C | 159 | ||||
| -rw-r--r-- | src/usr/pnor/pnor_common.H | 18 | ||||
| -rw-r--r-- | src/usr/pnor/pnor_utils.C | 48 | ||||
| -rw-r--r-- | src/usr/pnor/pnor_utils.H | 10 | ||||
| -rw-r--r-- | src/usr/pnor/pnorrp.C | 79 | ||||
| -rw-r--r-- | src/usr/pnor/runtime/rt_pnor.C | 20 | ||||
| -rw-r--r-- | src/usr/pnor/runtime/rt_pnor.H | 17 | ||||
| -rw-r--r-- | src/usr/pnor/spnorrp.C | 71 |
8 files changed, 37 insertions, 385 deletions
diff --git a/src/usr/pnor/pnor_common.C b/src/usr/pnor/pnor_common.C index 20772964d..d262ebe82 100644 --- a/src/usr/pnor/pnor_common.C +++ b/src/usr/pnor/pnor_common.C @@ -303,32 +303,6 @@ errlHndl_t PNOR::parseTOC( uint8_t* i_tocBuffer,SectionData_t * o_TOC) cur_entry->name); } - -#ifndef __HOSTBOOT_RUNTIME - if (PNOR::hasNonSecureHeader(o_TOC[l_secId])) - { - // Never extend the base image through this path, it will be - // handled elsewhere - if(l_secId != PNOR::HB_BASE_CODE) - { - // For non-secure sections with a SHA512 header, the - // flash address has incremented past the header, so - // back up by the header size (accounting for ECC) in order - // to extend the header - auto addr = o_TOC[l_secId].flashAddr; - size_t headerSize = - (o_TOC[l_secId].integrity == FFS_INTEG_ECC_PROTECT) ? - PAGESIZE_PLUS_ECC : PAGESIZE; - addr -= headerSize; - - l_errhdl = PNOR::extendHash(addr, headerSize, l_secId); - if (l_errhdl) - { - break; - } - } - } -#endif } for(int tmpId = 0; @@ -346,50 +320,6 @@ errlHndl_t PNOR::parseTOC( uint8_t* i_tocBuffer,SectionData_t * o_TOC) return l_errhdl; } -#ifndef __HOSTBOOT_RUNTIME -errlHndl_t PNOR::extendHash(uint64_t i_addr, size_t i_size, - const PNOR::SectionId i_sectionId) -{ - errlHndl_t l_errhdl = NULL; - - do { - - const char* l_name = PNOR::SectionIdToString(i_sectionId); - - // Read data from the PNOR DD - uint8_t* l_buf = new uint8_t[i_size](); - TARGETING::Target* l_target = TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL; - l_errhdl = DeviceFW::deviceRead(l_target, l_buf, i_size, - DEVICE_PNOR_ADDRESS(0,i_addr)); - if (l_errhdl) - { - break; - } - - SHA512_t l_hash = {0}; - SECUREBOOT::hashBlob(l_buf, i_size, l_hash); - l_errhdl = TRUSTEDBOOT::pcrExtend(TRUSTEDBOOT::PCR_0, - PNOR::PAYLOAD == i_sectionId? - TRUSTEDBOOT::EV_COMPACT_HASH: - (PNOR::isCoreRootOfTrustSection(i_sectionId)? - TRUSTEDBOOT::EV_S_CRTM_CONTENTS: - TRUSTEDBOOT::EV_POST_CODE), - l_hash, - sizeof(SHA512_t), - l_name); - delete[] l_buf; - - if (l_errhdl) - { - break; - } - - } while(0); - - return l_errhdl; -} -#endif - bool PNOR::isInhibitedSection(const uint32_t i_section) { #ifdef CONFIG_SECUREBOOT @@ -444,95 +374,6 @@ bool PNOR::isInhibitedSection(const uint32_t i_section) #endif } - -errlHndl_t PNOR::setSecure(const uint32_t i_secId, - PNOR::SectionData_t* io_TOC) -{ - errlHndl_t l_errhdl = nullptr; - - assert(io_TOC != nullptr, "PNOR::setSecure received a NULL toc to modify"); - - do { - - // Set secure field based on enforced policy - io_TOC[i_secId].secure = PNOR::isEnforcedSecureSection(i_secId); - - // HBRT does not support best effort policy. Use enforced secure policy only. -#ifndef __HOSTBOOT_RUNTIME - if(SECUREBOOT::bestEffortPolicy()) - { - if (io_TOC[i_secId].secure) - { - // Apply best effort policy by checking if the section appears to have a - // secure header - size_t l_size = sizeof(ROM_MAGIC_NUMBER); - uint8_t l_buf[l_size] = {0}; - auto l_target = TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL; - // Read first 4 bytes of section data from the PNOR DD - // Note: Do not need to worry about ECC as the 9th byte is the first - // ECC byte. - l_errhdl = DeviceFW::deviceRead(l_target, l_buf, l_size, - DEVICE_PNOR_ADDRESS(0,io_TOC[i_secId].flashAddr)); - if (l_errhdl) - { - break; - } - - // Check if first 4 bytes match the Secureboot Magic Number - io_TOC[i_secId].secure &= PNOR::cmpSecurebootMagicNumber(l_buf); - } - } -#endif - - } while (0); - - return l_errhdl; -} - -// @TODO RTC 173489 -// Remove API once FSP fully supports signing of PNOR sections that did not -// previously have a sha512 header -errlHndl_t PNOR::hasKnownHeader( - const PNOR::SectionId i_secId, - const PNOR::SectionData_t& i_TOC, - bool& o_knownHeader) -{ - errlHndl_t pError = nullptr; - bool knownHeader = true; - - do { - - // Left symbolic constant defined in the function so it's easier to strip - // out later and nothing becomes dependent on it - const char VERSION_MAGIC[] = "VERSION"; - const auto versionMagicSize = sizeof(VERSION_MAGIC); - const auto secureMagicSize = sizeof(ROM_MAGIC_NUMBER); - auto size = std::max(versionMagicSize,secureMagicSize); - assert(size <= sizeof(uint64_t),"non-ECC request size exceeded. " - "Expected size of <= %d but got %d",sizeof(uint64_t),size); - uint8_t buf[size] = {0}; - - pError = readHeaderMagic(i_secId,i_TOC,size,buf); - if(pError) - { - break; - } - - auto secureHeader = PNOR::cmpSecurebootMagicNumber(buf); - decltype(secureHeader) versionHeader = - (memcmp(buf,VERSION_MAGIC,versionMagicSize) == 0); - if(!secureHeader && !versionHeader) - { - knownHeader = false; - } - - o_knownHeader = knownHeader; - - } while (0); - - return pError; -} - bool PNOR::isSectionEmpty(const PNOR::SectionId i_section) { errlHndl_t l_errhdl = nullptr; diff --git a/src/usr/pnor/pnor_common.H b/src/usr/pnor/pnor_common.H index 448d44cc5..8ada2c03b 100644 --- a/src/usr/pnor/pnor_common.H +++ b/src/usr/pnor/pnor_common.H @@ -73,24 +73,6 @@ namespace PNOR { void physicalToMmioOffset(uint64_t i_hbbAddress, uint64_t& o_mmioOffset); - // @TODO RTC 178520 Remove legacy extensions when all secure sections - // are supported - /** - * @brief Reads version header of section, hashes it, and extends to tpm - * buffer list. - * - * @parm i_addr Offset into flash to read - * @parm i_size Number of bytes to read - * @parm i_sectionId Section ID of PNOR section - * - * @return Error from operation - */ -#ifndef __HOSTBOOT_RUNTIME - errlHndl_t extendHash(uint64_t i_addr, - size_t i_size, - const PNOR::SectionId i_sectionId); -#endif - } #endif diff --git a/src/usr/pnor/pnor_utils.C b/src/usr/pnor/pnor_utils.C index bf8a195c2..9e0753066 100644 --- a/src/usr/pnor/pnor_utils.C +++ b/src/usr/pnor/pnor_utils.C @@ -321,42 +321,21 @@ PNOR::parseEntries (ffs_hdr* i_ffs_hdr, ((io_TOC[secId].size * 8 ) / 9); } - // @TODO RTC 173489 - // Remove once FSP fully supports signing of PNOR sections that did - // not previously have a sha512 header. Until then, turn off the SHA512 - // bit if it doesn't match known header types -#ifndef BOOTLOADER - if(io_TOC[secId].version & FFS_VERS_SHA512) - { - bool hasKnownHeader = true; - l_errhdl = PNOR::hasKnownHeader(static_cast<SectionId>(secId), - io_TOC[secId],hasKnownHeader); - if(l_errhdl) - { - break; - } - - if(!hasKnownHeader) - { - io_TOC[secId].version &= ~FFS_VERS_SHA512; - } - } -#endif - -#ifdef BOOTLOADER + // isEnforcedSecureSection should always handle SB compiled in or not, + // but if that ever changes, force flag to false in PNOR TOC. +#ifdef CONFIG_SECUREBOOT io_TOC[secId].secure = PNOR::isEnforcedSecureSection(secId); #else - // Check if PNOR section has a secureHeader or not. - l_errhdl = PNOR::setSecure(secId, io_TOC); - if (l_errhdl) - { - break; - } + io_TOC[secId].secure = false; #endif - if (PNOR::hasNonSecureHeader(io_TOC[secId])) + // If secureboot is compiled in, skip header if not a secure section + // Otherwise always skip header as the secure flag is always false and + // SpnorRp will not handle skipping the header if one is indicated in PNOR + if ( (io_TOC[secId].version & FFS_VERS_SHA512) + && !io_TOC[secId].secure) { - //increment flash addr for sha header + //increment flash addr for sha header if (io_TOC[secId].integrity == FFS_INTEG_ECC_PROTECT) { io_TOC[secId].flashAddr += PAGESIZE_PLUS_ECC ; @@ -370,6 +349,7 @@ PNOR::parseEntries (ffs_hdr* i_ffs_hdr, // adjust the size to reflect that io_TOC[secId].size -= PAGESIZE; } + } // For TOC Entries #ifndef BOOTLOADER @@ -510,9 +490,3 @@ bool PNOR::cmpSecurebootMagicNumber(const uint8_t* i_vaddr) return memcmp(&ROM_MAGIC_NUMBER, i_vaddr, sizeof(ROM_MAGIC_NUMBER))==0; } - -bool PNOR::hasNonSecureHeader(const PNOR::SectionData_t& i_secInfo) -{ - return (i_secInfo.version & FFS_VERS_SHA512) && - !i_secInfo.secure; -} diff --git a/src/usr/pnor/pnor_utils.H b/src/usr/pnor/pnor_utils.H index a608234fb..338f2595b 100644 --- a/src/usr/pnor/pnor_utils.H +++ b/src/usr/pnor/pnor_utils.H @@ -237,16 +237,6 @@ bool isEnforcedSecureSection(const uint32_t i_section); */ bool isCoreRootOfTrustSection(const PNOR::SectionId i_section); -/** - * @brief Determines if a section has a Header and that it is not a Secure Header - * - * @param[out] i_secInfo PNOR information of section - * - * @return True if it appears to not have a secure header - * False otherwise - */ -bool hasNonSecureHeader(const PNOR::SectionData_t& i_secInfo); - } // End namespace PNOR diff --git a/src/usr/pnor/pnorrp.C b/src/usr/pnor/pnorrp.C index da2548ebc..a874d3735 100644 --- a/src/usr/pnor/pnorrp.C +++ b/src/usr/pnor/pnorrp.C @@ -160,36 +160,6 @@ errlHndl_t PNOR::fixECC(PNOR::SectionId i_section) return Singleton<PnorRP>::instance().fixECC(i_section); } -// @TODO RTC 173489 -// Remove API once FSP fully supports signing of PNOR sections that did not -// previously have a sha512 header -errlHndl_t PNOR::readHeaderMagic( - const PNOR::SectionId i_secId, - const PNOR::SectionData_t& i_TOC, - const size_t i_size, - void* const o_pData) -{ - errlHndl_t pError = nullptr; - assert(o_pData != nullptr,"Output buffer pointer was nullptr"); - - do { - - size_t size = i_size; - auto pTarget = TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL; - // Read first <=8 bytes of section data from the PNOR DD - // Note: Do not need to worry about ECC as the 9th byte is the first - // ECC byte. - pError = DeviceFW::deviceRead(pTarget, o_pData, size, - DEVICE_PNOR_ADDRESS(0,i_TOC.flashAddr)); - if (pError) - { - break; - } - - } while(0); - - return pError; -} /** * STATIC @@ -369,55 +339,6 @@ void PnorRP::initDaemon() break; } - // @TODO RTC 178520 Remove the non-secure extension path and - // always used the converged HBB extension path. - - // If secured, extend base image (HBB) when Hostboot first starts. - // Since HBB is never re-loaded, inhibit extending this image in - // runtime code. - #ifndef __HOSTBOOT_RUNTIME - #ifdef CONFIG_SECUREBOOT - if(!SECUREBOOT::enabled()) - { - // If compliant bootloader was present, it saved the HBB header - // to a known location accessible to HBB. Until that bootloader - // is widely distributed, when in non-secure mode in lab, - // manufacturing, etc., read the header directly from PNOR. - PNOR::SideInfo_t pnorInfo = {PNOR::WORKING}; - l_errhdl = PnorRP::getSideInfo(PNOR::WORKING, pnorInfo); - if(l_errhdl != nullptr) - { - break; - } - - const SectionData_t* const pHbb = &iv_TOC[PNOR::HB_BASE_CODE]; - const bool ecc = (pHbb->integrity == FFS_INTEG_ECC_PROTECT) ? - true :false; - - uint8_t pHeader[PAGESIZE] = {0}; - uint64_t fatalError = 0; - l_errhdl = readFromDevice( - pnorInfo.hbbAddress, - pHbb->chip, - ecc, - pHeader, - fatalError); - - // If fatalError != 0 there is an uncorrectable ECC error (UE). - // In that case, continue on with inaccurate data, as - // readFromDevice API will initiate a shutdown - if(l_errhdl != nullptr) - { - break; - } - - // Cache the header - (void)SECUREBOOT::baseHeader().setNonSecurely( - pHeader); - } - #endif - #endif - // start task to wait on the queue task_create( wait_for_message, NULL ); } while(0); diff --git a/src/usr/pnor/runtime/rt_pnor.C b/src/usr/pnor/runtime/rt_pnor.C index 16707f774..276691003 100644 --- a/src/usr/pnor/runtime/rt_pnor.C +++ b/src/usr/pnor/runtime/rt_pnor.C @@ -86,24 +86,6 @@ errlHndl_t PNOR::clearSection(PNOR::SectionId i_section) return Singleton<RtPnor>::instance().clearSection(i_section); } -// @TODO RTC 173489 -// Remove API once FSP fully supports signing of PNOR sections that did not -// previously have a sha512 header -errlHndl_t PNOR::readHeaderMagic( - const PNOR::SectionId i_secId, - const PNOR::SectionData_t& i_TOC, - const size_t i_size, - void* const o_pData) -{ - errlHndl_t pError = RtPnor::readFromDevice (RtPnor::iv_masterProcId, - i_secId, - 0, - i_size, - false, - o_pData); - return pError; -} - void PNOR::getPnorInfo( PnorInfo_t& o_pnorInfo ) { o_pnorInfo.mmioOffset = LPC_SFC_MMIO_OFFSET | LPC_FW_SPACE; @@ -409,7 +391,7 @@ errlHndl_t RtPnor::readFromDevice (uint64_t i_procId, uint64_t i_offset, size_t i_size, bool i_ecc, - void* o_data) + void* o_data) const { TRACFCOMP(g_trac_pnor, ENTER_MRK"RtPnor::readFromDevice: i_offset=0x%X, " "i_procId=%d sec=%d size=0x%X ecc=%d", i_offset, i_procId, i_section, diff --git a/src/usr/pnor/runtime/rt_pnor.H b/src/usr/pnor/runtime/rt_pnor.H index b2433a19f..ab612bebd 100644 --- a/src/usr/pnor/runtime/rt_pnor.H +++ b/src/usr/pnor/runtime/rt_pnor.H @@ -131,25 +131,12 @@ class RtPnor * * @return Error from device */ - // @TODO RTC 173489 - // Remove static once FSP fully supports signing of PNOR sections that - // did not previously have a sha512 header. Also add the const method - // qualifier back in - static errlHndl_t readFromDevice (uint64_t i_procId, + errlHndl_t readFromDevice (uint64_t i_procId, PNOR::SectionId i_section, uint64_t i_offset, size_t i_size, bool i_ecc, - void* o_data); - - // @TODO RTC 173489 - // Remove API once FSP fully supports signing of PNOR sections that did - // not previously have a sha512 header - friend errlHndl_t PNOR::readHeaderMagic( - PNOR::SectionId i_secId, - const PNOR::SectionData_t& i_TOC, - size_t i_size, - void* const o_pData); + void* o_data) const; /** * @brief Write data back to the PNOR device diff --git a/src/usr/pnor/spnorrp.C b/src/usr/pnor/spnorrp.C index 90c53d712..29dd6de64 100644 --- a/src/usr/pnor/spnorrp.C +++ b/src/usr/pnor/spnorrp.C @@ -328,38 +328,30 @@ uint64_t SPnorRP::verifySections(SectionId i_id, if (!l_info.secure) { - if(SECUREBOOT::bestEffortPolicy()) - { - TRACFCOMP(g_trac_pnor,"PNOR::verifySections> called on unsecured section - Best effort policy skipping"); - break; - } - else - { - TRACFCOMP(g_trac_pnor,ERR_MRK"PNOR::verifySections> called on " + TRACFCOMP(g_trac_pnor,ERR_MRK"PNOR::verifySections> called on " "unsecured section"); - /*@ - * @errortype - * @severity ERRL_SEV_CRITICAL_SYS_TERM - * @moduleid PNOR::MOD_SPNORRP_VERIFYSECTIONS - * @reasoncode PNOR::RC_UNSIGNED_PNOR_SECTION - * @userdata1 PNOR section requested to verify - * @userdata2 0 - * @devdesc Cannot verify unsigned PNOR section - * @custdesc Security failure: unable to securely load - * requested firmware. - */ - l_errhdl = new ERRORLOG::ErrlEntry( - ERRORLOG::ERRL_SEV_CRITICAL_SYS_TERM, - PNOR::MOD_SPNORRP_VERIFYSECTIONS, - PNOR::RC_UNSIGNED_PNOR_SECTION, - TO_UINT64(i_id), - 0, - true /*Add HB SW Callout*/); - l_errhdl->collectTrace(PNOR_COMP_NAME); - l_errhdl->collectTrace(SECURE_COMP_NAME); - break; - } + /*@ + * @errortype + * @severity ERRL_SEV_CRITICAL_SYS_TERM + * @moduleid PNOR::MOD_SPNORRP_VERIFYSECTIONS + * @reasoncode PNOR::RC_UNSIGNED_PNOR_SECTION + * @userdata1 PNOR section requested to verify + * @userdata2 0 + * @devdesc Cannot verify unsigned PNOR section + * @custdesc Security failure: unable to securely load + * requested firmware. + */ + l_errhdl = new ERRORLOG::ErrlEntry( + ERRORLOG::ERRL_SEV_CRITICAL_SYS_TERM, + PNOR::MOD_SPNORRP_VERIFYSECTIONS, + PNOR::RC_UNSIGNED_PNOR_SECTION, + TO_UINT64(i_id), + 0, + true /*Add HB SW Callout*/); + l_errhdl->collectTrace(PNOR_COMP_NAME); + l_errhdl->collectTrace(SECURE_COMP_NAME); + break; } else { @@ -881,16 +873,8 @@ void SPnorRP::waitForMessage() size_t l_sizeWithHdr = PAGESIZE + l_rec->textSize; - bool l_wasLoadedAsBestEffort = false; - if (l_rec->textSize == 0 && - SECUREBOOT::bestEffortPolicy()) - { - // indicate that this section had been loaded - // as "best effort" - l_wasLoadedAsBestEffort = true; - } // if the section has an unsecured portion - else if (l_sizeWithHdr != l_rec->infoSize) + if (l_sizeWithHdr != l_rec->infoSize) { TRACFCOMP( g_trac_pnor, ERR_MRK"SPnorRP::waitForMessage> Attempting to unload an unsupported section: 0x%X textsize+hdr: 0x%llX infosize: 0x%llX (the two sizes must be equal)", l_id, l_sizeWithHdr, l_rec->infoSize); /*@ @@ -922,15 +906,6 @@ void SPnorRP::waitForMessage() break; } - if (l_wasLoadedAsBestEffort) - { - l_rec->secAddr = nullptr; - l_rec->textSize = 0; - l_rec->infoSize = 0; - l_rec->refCount = 0; - break; - } - l_errhdl = removePages(l_rec->secAddr, l_sizeWithHdr); if (l_errhdl) |
