Collect better FFDC on ROM verification errors

Collect both the UTIL and RUNTIME component traces on a ROM verify failure Added a new Errlog User Details sections "Verify Info" containing the component name, ID(s), measured, and expected hashes Change-Id: I0d0408128e05807bb906be5ee365d56d1416693f CQ:SW413889 Backport:release-fips910 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/52593 Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
author: Stephen Cprek <smcprek@us.ibm.com> 2018-01-23 14:27:17 -0600
committer: Daniel M. Crowell <dcrowell@us.ibm.com> 2018-01-31 11:09:11 -0500
commit: 8443a65a3599f433bd47c2ea03e863240db28b89 (patch)
tree: 1fb9f8b5fedaf2d6e8fe371ed3f0f46dd5e85f9d /src/usr/secureboot/common/plugins
parent: d999ed144f949e318fbd0523f0dfaa56d291596f (diff)
download: talos-hostboot-8443a65a3599f433bd47c2ea03e863240db28b89.tar.gz
talos-hostboot-8443a65a3599f433bd47c2ea03e863240db28b89.zip
2 files changed, 109 insertions, 2 deletions
diff --git a/src/usr/secureboot/common/plugins/errludP_secure.H b/src/usr/secureboot/common/plugins/errludP_secure.H
index 39a8126d6..817967bbf 100644
--- a/src/usr/secureboot/common/plugins/errludP_secure.H
+++ b/src/usr/secureboot/common/plugins/errludP_secure.H
@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2017                             */
+/* Contributors Listed Below - COPYRIGHT 2017,2018                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -33,12 +33,15 @@
 
 #include "errluserdetails.H"
 #include <string.h>
+#include <utilmem.H>
 
 /**
  * Some macros to manipulate data types cleanly
  */
 #define TO_UINT8(ptr)   (*(reinterpret_cast<uint8_t*>(ptr)))
+#define TO_UINT16(ptr)  (ntohs(*(reinterpret_cast<uint16_t*>(ptr))))
 #define TO_UINT32(ptr)  (ntohl(*(reinterpret_cast<uint32_t*>(ptr))))
+#define TO_UINT64(ptr)  (ntohll(*(reinterpret_cast<uint64_t*>(ptr))))
 
 namespace SECUREBOOT
 {
@@ -47,6 +50,7 @@ namespace SECUREBOOT
  */
 enum {
     UDPARSER_SIZEOF_SHA512_t           = 64,
+    UDPARSER_SIZEOF_MAX_VERIFY_IDS     = 50,
 };
 
 /**
@@ -229,6 +233,106 @@ class UdParserSecuritySettings : public ERRORLOG::ErrlUserDetailsParser
     };
 };
 
+/**
+ * @class UdParserVerifyInfo
+ *
+ * Parses UdSecureVerifyInfo
+ */
+class UdParserVerifyInfo : public ERRORLOG::ErrlUserDetailsParser
+{
+  public:
+    /**
+     *  @brief Constructor
+     */
+    UdParserVerifyInfo() {}
+
+    /**
+     *  @brief Destructor
+     */
+    virtual ~UdParserVerifyInfo() {}
+
+    /**
+     *  @brief Parses verify container user detail data from an error log
+     *
+     *  @param  i_version Version of the data
+     *  @param  i_parse   ErrlUsrParser object for outputting information
+     *  @param  i_pBuffer Pointer to buffer containing detail data
+     *  @param  i_buflen  Length of the buffer
+     */
+    virtual void parse(errlver_t i_version,
+                       ErrlUsrParser & i_parser,
+                       void * i_pBuffer,
+                       const uint32_t i_buflen) const
+    {
+        //***** Version 1 Memory Layout *****
+        // 9 bytes Max : Component ID (8 byte string + NULL) use strlen
+        // 8 bytes     : Protected Payload Size
+        // 4 bytes     : Number of IDs
+        // 4*N bytes   : IDs (PNOR id or LidID) multiplied by number of ids
+        // 64 bytes    : Measured Hash
+        // 64 bytes    : Expected Hash
+
+        char* l_databuf = static_cast<char*>(i_pBuffer);
+        bool l_parseError = false;
+
+        do {
+        i_parser.PrintHeading("Secure Verify Info");
+        if (i_version >= 1)
+        {
+            // Component ID
+            i_parser.PrintString("Component ID", l_databuf);
+            // Skip string plus 1 byte for null termination
+            l_databuf += strlen(l_databuf)+1;
+
+            // Number of IDs
+            uint64_t l_protectedSize = TO_UINT64(l_databuf);
+            i_parser.PrintNumberUint64("Protected Payload Size","0x%016llX",
+                                        l_protectedSize);
+            l_databuf += sizeof(l_protectedSize);
+
+            // Number of IDs
+            uint32_t l_numIds = TO_UINT32(l_databuf);
+            i_parser.PrintNumber("Number of IDs","%d", l_numIds);
+            l_databuf += sizeof(l_numIds);
+
+            // IDs
+            i_parser.PrintHeading("ID(s)");
+            for (uint32_t i = 0; i < l_numIds; ++i)
+            {
+                i_parser.PrintNumber("ID","0x%08lX", TO_UINT32(l_databuf));
+                l_databuf += sizeof(uint32_t);
+                // In case of bad format, don't go past max size
+                if(i >= UDPARSER_SIZEOF_MAX_VERIFY_IDS)
+                {
+                    l_parseError = true;
+                    break;
+                }
+            }
+            // In case of bad format, don't continue to parse section
+            if(l_parseError)
+            {
+                break;
+            }
+
+            // Measured Hash
+            i_parser.PrintHeading("Measured Hash");
+            i_parser.PrintHexDump(l_databuf, UDPARSER_SIZEOF_SHA512_t);
+            l_databuf += UDPARSER_SIZEOF_SHA512_t;
+
+            /// Expected Hash
+            i_parser.PrintHeading("Expected Hash");
+            i_parser.PrintHexDump(l_databuf, UDPARSER_SIZEOF_SHA512_t);
+            l_databuf += UDPARSER_SIZEOF_SHA512_t;
+        }
+        } while(0);
+
+    }
+
+  private:
+    // Disabled
+    UdParserVerifyInfo(const UdParserVerifyInfo&);
+    UdParserVerifyInfo & operator=(const UdParserVerifyInfo&);
+};
 
 
 } // end SECUREBOOT namespace
diff --git a/src/usr/secureboot/common/plugins/secureUdParserFactory.H b/src/usr/secureboot/common/plugins/secureUdParserFactory.H
index 5b6d540fa..d720c1ce1 100644
--- a/src/usr/secureboot/common/plugins/secureUdParserFactory.H
+++ b/src/usr/secureboot/common/plugins/secureUdParserFactory.H
@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2017                             */
+/* Contributors Listed Below - COPYRIGHT 2017,2018                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -44,6 +44,9 @@ namespace SECUREBOOT
 
                 registerParser<SECUREBOOT::UdParserSecuritySettings>
                   (SECURE_UDT_SECURITY_SETTINGS);
+
+                registerParser<SECUREBOOT::UdParserVerifyInfo>
+                  (SECURE_UDT_VERIFY_INFO);
             }
 
         private:
author	Stephen Cprek <smcprek@us.ibm.com>	2018-01-23 14:27:17 -0600
committer	Daniel M. Crowell <dcrowell@us.ibm.com>	2018-01-31 11:09:11 -0500
commit	8443a65a3599f433bd47c2ea03e863240db28b89 (patch)
tree	1fb9f8b5fedaf2d6e8fe371ed3f0f46dd5e85f9d /src/usr/secureboot/common/plugins
parent	d999ed144f949e318fbd0523f0dfaa56d291596f (diff)
download	talos-hostboot-8443a65a3599f433bd47c2ea03e863240db28b89.tar.gz talos-hostboot-8443a65a3599f433bd47c2ea03e863240db28b89.zip