summaryrefslogtreecommitdiffstats
path: root/src/usr/secureboot/base
diff options
context:
space:
mode:
authorNick Bofferding <bofferdn@us.ibm.com>2017-01-25 13:10:08 -0600
committerWilliam G. Hoffa <wghoffa@us.ibm.com>2017-02-02 15:06:55 -0500
commita42bbccdd949bc4b78e856087019c73a126420d4 (patch)
tree5fdc402c77c9578d3ddbcd4095cfe887f0f44cf6 /src/usr/secureboot/base
parent31591a027b6d76be0cd081d3bcce2e746fdc7623 (diff)
downloadtalos-hostboot-a42bbccdd949bc4b78e856087019c73a126420d4.tar.gz
talos-hostboot-a42bbccdd949bc4b78e856087019c73a126420d4.zip
Support extending sections to PCRs
- Ported p8 secureboot PCR extension code Change-Id: I2bbf6ee6b2980c2fbe32dfb9cad25e9e2aba3285 RTC: 167581 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35632 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot/base')
-rw-r--r--src/usr/secureboot/base/header.C85
-rw-r--r--src/usr/secureboot/base/securerom.C66
-rw-r--r--src/usr/secureboot/base/securerom.H28
-rw-r--r--src/usr/secureboot/base/service.C2
-rw-r--r--src/usr/secureboot/base/test/secureromtest.H8
5 files changed, 123 insertions, 66 deletions
diff --git a/src/usr/secureboot/base/header.C b/src/usr/secureboot/base/header.C
index 37ba7ca72..4aba9481f 100644
--- a/src/usr/secureboot/base/header.C
+++ b/src/usr/secureboot/base/header.C
@@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
-/* Contributors Listed Below - COPYRIGHT 2013,2016 */
+/* Contributors Listed Below - COPYRIGHT 2013,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
@@ -26,6 +26,7 @@
#include <sys/mm.h>
#include <sys/mmio.h>
#include <kernel/console.H>
+#include <errno.h>
namespace SECUREBOOT
{
@@ -34,53 +35,65 @@ namespace SECUREBOOT
return Singleton<Header>::instance();
}
- // TODO securebootp9 this implementation native to p9 appears to be doing
- // approximately the same thing as p8's loadSecurely() method. We need to
- // confirm and merge together or leave separate and merely remove comment.
- void Header::loadBaseHeader()
+ // @TODO RTC 168021 Converge on a single method of reading the secure
+ // header
+ void Header::loadSecurely()
{
- // Calculate original address of the secureboot header.
- // Zero is purposefully not mapped into the VMM tables, so we
- // can't use that for the virtual-to-real translation. Since
- // this object is in the base image, EA = HRMOR | PA, so we can
- // use PA - EA to find the HRMOR.
- uint64_t addr = mm_virt_to_phys(this) -
- reinterpret_cast<uint64_t>(this);
- addr -= PAGESIZE;
-
- // Map in the header.
- void* origHeader = mm_block_map(reinterpret_cast<void*>(addr),
- PAGESIZE);
-
- // Copy header to a save area.
- // In the future we might want to just extract pieces of the
- // header. The header is important when we start updating
- // the TPM PCRs.
- iv_data = malloc(PAGESIZE);
- memcpy(iv_data, origHeader, PAGESIZE);
-
- // Unmap the header.
- mm_block_unmap(origHeader);
+ //@TODO RTC 167581
+ // When RTC 166848 is available, pull in real header
return;
}
- // TODO securebootp9 this implementation of the follwoing two methods need
- // to be added based on p8 code
- void Header::loadSecurely()
- {
- }
-
+ // @TODO RTC 168021 Converge on a single method of reading the secure
+ // header
void Header::setNonSecurely(
- const void* i_pHeader)
+ const void* const i_pHeader)
{
+ // Fatal code bug if already loaded
+ assert(iv_data == nullptr,"BUG! In setNonSecurely(), "
+ "a cached header is already present.");
+
+ // Fatal code bug if called with nullptr pointer
+ assert(i_pHeader != nullptr,"BUG! In setNonSecurely(), "
+ "caller passed a nullptr header.");
+
+ iv_data = calloc(1,PAGESIZE);
+ memcpy(iv_data,i_pHeader,PAGE_SIZE);
}
void Header::getHeader(
- const void*& o_pHeader ) const
+ const void*& o_pHeader) const
{
// Fatal code bug if queried before loaded
- assert(iv_data!=nullptr);
+ assert(iv_data!=nullptr,"BUG! In getHeader(), "
+ "header is not present.");
o_pHeader = iv_data;
}
+
+ void Header::_calcSecureLoadAddr(
+ const void*& o_pCode) const
+ {
+ //@TODO RTC 167581
+ // When RTC 166848 is available, pull in real header
+
+ // Determine the secure address where the HBB image was loaded by SBE.
+ // Regardless of whether security is enabled or not, HBB always ends up
+ // at the secure load address (which corresponds to the HRMOR).
+ //
+ // Zero is purposefully not mapped into the VMM tables, so we
+ // can't use that for the virtual-to-real translation. Since
+ // this object is in the base (HBB) image, PA = HRMOR | EA, so we can
+ // use PA - EA to find the HRMOR.
+ const void* hrmor = reinterpret_cast<const void*>(
+ mm_virt_to_phys(
+ const_cast<SECUREBOOT::Header*>(this)) -
+ reinterpret_cast<uint64_t>(this));
+
+ // HRMOR lookup should never fail
+ assert( reinterpret_cast<uint64_t>(hrmor)
+ != static_cast<uint64_t>(-EFAULT));
+
+ o_pCode = hrmor;
+ }
}
diff --git a/src/usr/secureboot/base/securerom.C b/src/usr/secureboot/base/securerom.C
index dd1428f33..74c2a18bb 100644
--- a/src/usr/secureboot/base/securerom.C
+++ b/src/usr/secureboot/base/securerom.C
@@ -84,20 +84,27 @@ errlHndl_t verifyContainer(void * i_container, const sha2_hash_t* i_hwKeyHash)
errlHndl_t hashBlob(const void * i_blob, size_t i_size, SHA512_t io_buf)
{
return Singleton<SecureROM>::instance().hashBlob(i_blob, i_size, io_buf);
+}
+/**
+ * @brief Hash concatenation of 2 Blobs
+ *
+ */
+errlHndl_t hashConcatBlobs(const blobPair_t &i_blobs, SHA512_t o_buf)
+{
+ return Singleton<SecureROM>::instance().hashConcatBlobs(i_blobs, o_buf);
}
/*
- * @brief Externally available hardware hash key function
+ * @brief Externally available hardware keys' hash retrieval function
*/
-void getHwHashKeys(sha2_hash_t o_hash)
+void getHwKeyHash(sha2_hash_t o_hash)
{
- return Singleton<SecureROM>::instance().getHwHashKeys(o_hash);
+ return Singleton<SecureROM>::instance().getHwKeyHash(o_hash);
}
}; //end SECUREBOOT namespace
-
/********************
Public Methods
********************/
@@ -259,13 +266,13 @@ errlHndl_t SecureROM::initialize()
/* Retrieve HW Hash Keys From The System */
/***************************************************************/
- // @todo RTC:RTC:34080 - Support for SecureROM::getHwHashKeys()
- l_errl = SecureROM::getHwHashKeys();
+ // @todo RTC:RTC:34080 - Support for SecureROM::getHwKeyHash()
+ l_errl = SecureROM::getHwKeyHash();
if (l_errl != NULL)
{
TRACFCOMP(g_trac_secure,ERR_MRK"SecureROM::initialize():"
- " SecureROM::getHwHashKeys() returned an error");
+ " SecureROM::getHwKeyHash() returned an error");
l_errl->collectTrace(SECURE_COMP_NAME,256);
break;
@@ -329,8 +336,8 @@ errlHndl_t SecureROM::verifyContainer(void * i_container,
// struct elements my_ecid, entry_point and log
memset(&l_hw_parms, 0, sizeof(ROM_hw_params));
- // Now set hw_key_hash, which is of type sha2_hash_t, to iv_hash_key
- memcpy (&l_hw_parms.hw_key_hash, &iv_hash_key, sizeof(sha2_hash_t));
+ // Now set hw_key_hash, which is of type sha2_hash_t, to iv_key_hash
+ memcpy (&l_hw_parms.hw_key_hash, &iv_key_hash, sizeof(sha2_hash_t));
TRACFBIN(g_trac_secure,"SecureROM::verifyContainer(): hw_key_hash",
l_hw_parms.hw_key_hash, sizeof(sha2_hash_t));
@@ -384,6 +391,7 @@ errlHndl_t SecureROM::verifyContainer(void * i_container,
/*@
* @errortype
+ * @severity ERRL_SEV_UNRECOVERABLE
* @moduleid SECUREBOOT::MOD_SECURE_ROM_VERIFY
* @reasoncode SECUREBOOT::RC_ROM_VERIFY
* @userdata1 l_rc
@@ -457,6 +465,28 @@ errlHndl_t SecureROM::hashBlob(const void * i_blob, size_t i_size, SHA512_t io_b
return l_errl;
}
+/**
+ * @brief Hash concatenation of N Blobs
+ */
+errlHndl_t SecureROM::hashConcatBlobs(const blobPair_t &i_blobs,
+ SHA512_t o_buf) const
+{
+ errlHndl_t pError = nullptr;
+ std::vector<uint8_t> concatBuf;
+ for (const auto &it : i_blobs)
+ {
+ assert(it.first != nullptr, "BUG! In SecureROM::hashConcatBlobs(), "
+ "User passed in nullptr blob pointer");
+ const uint8_t* const blob = static_cast<const uint8_t*>(it.first);
+ const auto blobSize = it.second;
+ concatBuf.insert(concatBuf.end(), blob, blob + blobSize);
+ }
+
+ // Call hash blob on new concatenated buffer
+ pError = hashBlob(concatBuf.data(),concatBuf.size(),o_buf);
+
+ return pError;
+}
/********************
Internal Methods
@@ -470,8 +500,8 @@ SecureROM::SecureROM()
{
TRACDCOMP(g_trac_secure, "SecureROM::SecureROM()>");
- // Clear out iv_hash_keys, which is of type sha2_hash_t
- memset(&iv_hash_key, 0, sizeof(sha2_hash_t) );
+ // Clear out iv_key_hash, which is of type sha2_hash_t
+ memset(&iv_key_hash, 0, sizeof(sha2_hash_t) );
}
@@ -547,26 +577,26 @@ void SecureROM::_cleanup()
/**
- * @brief Retrieves HW Keys from the system
+ * @brief Retrieves HW keys' hash from the system
*/
-errlHndl_t SecureROM::getHwHashKeys()
+errlHndl_t SecureROM::getHwKeyHash()
{
errlHndl_t l_errl = NULL;
- TRACFCOMP(g_trac_secure,INFO_MRK"SecureROM::getHwHashKeys() NOT supported");
+ TRACFCOMP(g_trac_secure,INFO_MRK"SecureROM::getHwKeyHash() NOT supported");
- // @todo RTC:34080 - Add support for getting HW Hash Keys from System
+ // @todo RTC:34080 - Add support for getting HW keys' hash from System
return l_errl;
}
/**
- * @brief Retrieve the internal hardware hash key from secure ROM object.
+ * @brief Retrieve the internal hardware keys' hash from secure ROM object.
*/
-void SecureROM::getHwHashKeys(sha2_hash_t o_hash)
+void SecureROM::getHwKeyHash(sha2_hash_t o_hash)
{
- memcpy(o_hash, iv_hash_key, sizeof(sha2_hash_t));
+ memcpy(o_hash, iv_key_hash, sizeof(sha2_hash_t));
}
/**
diff --git a/src/usr/secureboot/base/securerom.H b/src/usr/secureboot/base/securerom.H
index 4bb4fd54e..3704209d9 100644
--- a/src/usr/secureboot/base/securerom.H
+++ b/src/usr/secureboot/base/securerom.H
@@ -71,13 +71,28 @@ class SecureROM
errlHndl_t hashBlob(const void * i_blob, size_t i_size, SHA512_t io_buf) const;
/**
- * @brief Retrieve the internal hardware hash key from secure ROM
+ * @brief Retrieve the internal hardware keys' hash from secure ROM
* object.
*
* @param[out] o_hash Reference to the sha2_hash_t array to copy the
* hash to.
*/
- void getHwHashKeys(sha2_hash_t o_hash);
+ void getHwKeyHash(sha2_hash_t o_hash);
+
+ /*
+ * @brief Hash the concatenation of N Blobs
+ *
+ * Asserts if any blob pointer is NULL
+ *
+ * @param[in] i_blobs Vector of pairs composed of a void
+ * pointer to effective address and size
+ * of the blob to concatenate
+ * @param[out] o_buf SHA512 hash
+ *
+ * @return errlHndl_t NULL on success
+ */
+ errlHndl_t hashConcatBlobs (const blobPair_t &i_blobs,
+ SHA512_t o_buf) const;
protected:
@@ -104,21 +119,20 @@ class SecureROM
void * iv_device_ptr;
/**
- * Hash Key Retrieved From System
+ * HW key' hash retrieved from system
*/
- sha2_hash_t iv_hash_key;
-
+ sha2_hash_t iv_key_hash;
/********************************************
* Private Functions
********************************************/
/**
- * @brief Retrieves HW Keys from the system
+ * @brief Retrieves HW keys' hash from the system
*
* @return errlHndl_t NULL on success
*/
- errlHndl_t getHwHashKeys();
+ errlHndl_t getHwKeyHash();
/**
* @brief Static instance function for testcase only
diff --git a/src/usr/secureboot/base/service.C b/src/usr/secureboot/base/service.C
index beed71616..6a8a35935 100644
--- a/src/usr/secureboot/base/service.C
+++ b/src/usr/secureboot/base/service.C
@@ -68,7 +68,7 @@ void* initializeBase(void* unused)
// Load original secureboot header.
if (enabled())
{
- Singleton<Header>::instance().loadBaseHeader();
+ Singleton<Header>::instance().loadSecurely();
}
// Extend memory footprint into lower portion of cache.
diff --git a/src/usr/secureboot/base/test/secureromtest.H b/src/usr/secureboot/base/test/secureromtest.H
index 805b5bc2b..8a4ff4043 100644
--- a/src/usr/secureboot/base/test/secureromtest.H
+++ b/src/usr/secureboot/base/test/secureromtest.H
@@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
-/* Contributors Listed Below - COPYRIGHT 2013,2016 */
+/* Contributors Listed Below - COPYRIGHT 2013,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
@@ -62,7 +62,7 @@ void unloadSignedFile( void * & io_signedFile_pageAddr,
// secureboot_signed_container was generated using this hw hash key. If another
// key is in pibmem, this test will always fail.
-const uint64_t hw_hash_key[] =
+const uint64_t hw_key_hash[] =
{
0x40d487ff7380ed6a,
0xd54775d5795fea0d,
@@ -129,8 +129,8 @@ class SecureROMTest : public CxxTest::TestSuite
return;
}
- // Set hw hash key
- memcpy (& l_sRom.iv_hash_key, &hw_hash_key, sizeof(sha2_hash_t));
+ // Set hardware keys' hash
+ memcpy (& l_sRom.iv_key_hash, &hw_key_hash, sizeof(sha2_hash_t));
/*******************************************************************/
/* Call verify function */
OpenPOWER on IntegriCloud