diff options
| author | Mike Baiocchi <mbaiocch@us.ibm.com> | 2017-03-13 08:46:46 -0500 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-03-21 09:45:24 -0400 |
| commit | afd8387b9c5f1583046820aba9a632bb4acaf767 (patch) | |
| tree | 032093e231cca8dd99bcc75df2cf2109c447c2f0 /src/usr/secureboot/common | |
| parent | 5c40d7f2798087751e0f3c6a507107e540126b69 (diff) | |
| download | talos-hostboot-afd8387b9c5f1583046820aba9a632bb4acaf767.tar.gz talos-hostboot-afd8387b9c5f1583046820aba9a632bb4acaf767.zip | |
Trace HwKeyHash and Add Errorlog Parser Infrastructure to Secureboot
This commit traces the HwKeyHash to Secureboot-specific error logs. It also
adds the infrastucture necessary to parse secureboot-specific errorlog user
data sections. It includes 2 new custom sections: one which is used in this
commit, and another which will be used in a future commit.
Change-Id: Id5fb115ad1214f956e5256d3641236021e4642ab
RTC:165205
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/37901
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot/common')
| -rw-r--r-- | src/usr/secureboot/common/common.mk | 4 | ||||
| -rw-r--r-- | src/usr/secureboot/common/errlud_secure.C | 125 | ||||
| -rw-r--r-- | src/usr/secureboot/common/errlud_secure.H | 131 | ||||
| -rw-r--r-- | src/usr/secureboot/common/plugins/SECURE_COMP_ID_Parse.C | 29 | ||||
| -rw-r--r-- | src/usr/secureboot/common/plugins/errludP_secure.H | 172 | ||||
| -rw-r--r-- | src/usr/secureboot/common/plugins/secureUdParserFactory.H | 55 | ||||
| -rw-r--r-- | src/usr/secureboot/common/securetrace.H | 5 |
7 files changed, 518 insertions, 3 deletions
diff --git a/src/usr/secureboot/common/common.mk b/src/usr/secureboot/common/common.mk index 3d9701a40..8e2b4f8d4 100644 --- a/src/usr/secureboot/common/common.mk +++ b/src/usr/secureboot/common/common.mk @@ -5,7 +5,7 @@ # # OpenPOWER HostBoot Project # -# Contributors Listed Below - COPYRIGHT 2016 +# Contributors Listed Below - COPYRIGHT 2016,2017 # [+] International Business Machines Corp. # # @@ -24,3 +24,5 @@ # IBM_PROLOG_END_TAG SECUREBOOT_COMMON_OBJS += securetrace.o +SECUREBOOT_COMMON_OBJS += errlud_secure.o + diff --git a/src/usr/secureboot/common/errlud_secure.C b/src/usr/secureboot/common/errlud_secure.C new file mode 100644 index 000000000..660038b8e --- /dev/null +++ b/src/usr/secureboot/common/errlud_secure.C @@ -0,0 +1,125 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/usr/secureboot/common/errlud_secure.C $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2014,2017 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ +/** + * @file errlud_secure.C + * + * @brief Implementation of classes to log SECUREBOOT FFDC + */ +#include <secureboot/service.H> +#include <secureboot/secure_reasoncodes.H> +#include "errlud_secure.H" + +namespace SECUREBOOT +{ + +//------------------------------------------------------------------------------ +// Enum defining MAGIC NUMBERS used for checks below +//------------------------------------------------------------------------------ +enum { + PARSER_SIZEOF_SHA512_t = 64, + PARSER_SIZEOF_UINT32_t = 4, + PARSER_SIZEOF_UINT8_t = 1, + PARSER_SIZEOF_TARGET_HKH_SECTION = 69, +}; + +//------------------------------------------------------------------------------ +// SECURE System HW Keys Hash User Details +//------------------------------------------------------------------------------ +UdSystemHwKeyHash::UdSystemHwKeyHash(const SHA512_t i_hash) +{ + // Set up Ud instance variables + iv_CompId = SECURE_COMP_ID; + iv_Version = SECURE_UDT_VERSION_1; + iv_SubSection = SECURE_UDT_SYSTEM_HW_KEY_HASH; + + //***** Memory Layout ***** + // 64 bytes : SHA512_t of Target HW Key Hash + + static_assert(sizeof(SHA512_t) == PARSER_SIZEOF_SHA512_t, "Expected SHA512_t size is 64 bytes"); + + char * l_pBuf = reinterpret_cast<char *>( + reallocUsrBuf(sizeof(SHA512_t)) ); + + memcpy(l_pBuf, i_hash, sizeof(SHA512_t)); + l_pBuf += sizeof(SHA512_t); +} + +//------------------------------------------------------------------------------ +UdSystemHwKeyHash::~UdSystemHwKeyHash() +{ + +} + +//------------------------------------------------------------------------------ +// SECURE Target HW Keys Hash User Details +//------------------------------------------------------------------------------ +UdTargetHwKeyHash::UdTargetHwKeyHash(const TARGETING::Target * i_target, + const uint8_t i_side, + const SHA512_t i_hash) +{ + // Set up Ud instance variables + iv_CompId = SECURE_COMP_ID; + iv_Version = SECURE_UDT_VERSION_1; + iv_SubSection = SECURE_UDT_TARGET_HW_KEY_HASH; + + //***** Memory Layout ***** + // 4 bytes : Target HUID + // 1 byte : SBE EEPROM (Primary or Backup) + // 64 bytes : SHA512_t of Target HW Key Hash + + static_assert(sizeof(uint32_t)==PARSER_SIZEOF_UINT32_t, "Expected sizeof(uint32_t) is 4"); + static_assert(sizeof(uint8_t)==PARSER_SIZEOF_UINT8_t, "Expected sizeof(uint8_t) is 1"); + static_assert(sizeof(SHA512_t) == PARSER_SIZEOF_SHA512_t, "Expected SHA512_t size is 64 bytes"); + static_assert((sizeof(uint32_t) + sizeof(uint8_t) + sizeof(SHA512_t)) == PARSER_SIZEOF_TARGET_HKH_SECTION, + "Expected Buffer length is 69 bytes"); + + char * l_pBuf = reinterpret_cast<char *>( + reallocUsrBuf(sizeof(uint32_t) + +sizeof(uint8_t) + +sizeof(SHA512_t))); + + uint32_t tmp32 = 0; + uint8_t tmp8 = 0; + + tmp32 = TARGETING::get_huid(i_target); + memcpy(l_pBuf, &tmp32, sizeof(tmp32)); + l_pBuf += sizeof(tmp32); + + tmp8 = static_cast<uint8_t>(i_side); + memcpy(l_pBuf, &tmp8, sizeof(tmp8)); + l_pBuf += sizeof(tmp8); + + memcpy(l_pBuf, i_hash, sizeof(SHA512_t)); + l_pBuf += sizeof(SHA512_t); +} + +//------------------------------------------------------------------------------ +UdTargetHwKeyHash::~UdTargetHwKeyHash() +{ + +} + +} // end SECUREBOOT namespace + diff --git a/src/usr/secureboot/common/errlud_secure.H b/src/usr/secureboot/common/errlud_secure.H new file mode 100644 index 000000000..60572ad69 --- /dev/null +++ b/src/usr/secureboot/common/errlud_secure.H @@ -0,0 +1,131 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/usr/secureboot/common/errlud_secure.H $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2017 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ +#ifndef ERRL_UD_SECURE_H +#define ERRL_UD_SECURE_H + +/** + * @file errlud_secure.H + * + * Defines the classes that logs and parses various Secureboot data + */ + +#include <secureboot/service.H> +#include <errl/errluserdetails.H> + +namespace SECUREBOOT +{ + +/** + * @class UdSystemHwKeyHash + * + * Adds System HW Keys Hash to an error log as user detail data + */ +class UdSystemHwKeyHash : public ERRORLOG::ErrlUserDetails +{ + public: + /** + * @brief Constructor + * + * @param i_hash System HW Keys Hash represented by SHA512 + */ + UdSystemHwKeyHash(const SHA512_t i_hash); + + /** + * @brief Destructor + */ + virtual ~UdSystemHwKeyHash(); + + /** + * Delete Copy Constructor + */ + UdSystemHwKeyHash(const UdSystemHwKeyHash&) = delete; + + /** + * Delete Copy Assignment + */ + UdSystemHwKeyHash& operator= (const UdSystemHwKeyHash&) = delete; + + /** + * Delete Move Constructor + */ + UdSystemHwKeyHash (UdSystemHwKeyHash&&) = delete; + + /** + * Delete Move Assignment + */ + UdSystemHwKeyHash& operator = (UdSystemHwKeyHash&&) = delete; + +}; + +/** + * @class UdTargetHwKeyHash + * + * Adds Target HW Keys Hash to an error log as user detail data + */ +class UdTargetHwKeyHash : public ERRORLOG::ErrlUserDetails +{ + public: + /** + * @brief Constructor + * + * @param i_target Processor Target containing HW Keys Hash + * @param i_side SEEPROM side used on the target: + * 0=SBE_PRIMARY, 1=SBE_BACKUP + * @param i_hash Target HW Keys Hash represented by SHA512 + */ + UdTargetHwKeyHash(const TARGETING::Target * i_target, + const uint8_t i_buflen, + const SHA512_t i_hash); + + /** + * @brief Destructor + */ + virtual ~UdTargetHwKeyHash(); + + /** + * Delete Copy Constructor + */ + UdTargetHwKeyHash(const UdTargetHwKeyHash&) = delete; + + /** + * Delete Copy Assignment + */ + UdTargetHwKeyHash& operator= (const UdTargetHwKeyHash&) = delete; + + /** + * Delete Move Constructor + */ + UdTargetHwKeyHash (UdTargetHwKeyHash&&) = delete; + + /** + * Delete Move Assignment + */ + UdTargetHwKeyHash& operator = (UdTargetHwKeyHash&&) = delete; +}; + + +} // end SECUREBOOT namespace + +#endif diff --git a/src/usr/secureboot/common/plugins/SECURE_COMP_ID_Parse.C b/src/usr/secureboot/common/plugins/SECURE_COMP_ID_Parse.C new file mode 100644 index 000000000..63d2d8952 --- /dev/null +++ b/src/usr/secureboot/common/plugins/SECURE_COMP_ID_Parse.C @@ -0,0 +1,29 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/usr/secureboot/common/plugins/SECURE_COMP_ID_Parse.C $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2017 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ +#include "errludparser.H" +#include "secureUdParserFactory.H" + +ERRL_MAKE_UD_PARSER(SECUREBOOT::UserDetailsParserFactory, hbfw::SECURE_COMP_ID) + diff --git a/src/usr/secureboot/common/plugins/errludP_secure.H b/src/usr/secureboot/common/plugins/errludP_secure.H new file mode 100644 index 000000000..02305a4c1 --- /dev/null +++ b/src/usr/secureboot/common/plugins/errludP_secure.H @@ -0,0 +1,172 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/usr/secureboot/common/plugins/errludP_secure.H $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2017 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ +#ifndef ERRL_UDP_SECURE_H +#define ERRL_UDP_SECURE_H + +/** + * @file errludP_secure.H + * + * Defines the ErrlUserDetailsParser classes that parse SECURE FFDC + */ + +#include "errluserdetails.H" +#include <string.h> + +/** + * Some macros to manipulate data types cleanly + */ +#define TO_UINT8(ptr) (*(reinterpret_cast<uint8_t*>(ptr))) +#define TO_UINT32(ptr) (ntohl(*(reinterpret_cast<uint32_t*>(ptr)))) + +namespace SECUREBOOT +{ +/** + * Enum defining MAGIC NUMBER used below + */ +enum { + UDPARSER_SIZEOF_SHA512_t = 64, +}; + +/** + * @class UdParserSystemHwKeyHash + * + * Parses UdSystemHwKeyHash + */ +class UdParserSystemHwKeyHash : public ERRORLOG::ErrlUserDetailsParser +{ +public: + /** + * @brief Constructor + */ + UdParserSystemHwKeyHash() {} + + /** + * @brief Destructor + */ + virtual ~UdParserSystemHwKeyHash() {} + + /** + * @brief Parses string user detail data from an error log + * + * @param i_version Version of the data + * @param i_parse ErrlUsrParser object for outputting information + * @param i_pBuffer Pointer to buffer containing detail data + * @param i_buflen Length of the buffer + */ + virtual void parse(errlver_t i_version, + ErrlUsrParser & i_parser, + void * i_pBuffer, + const uint32_t i_buflen) const + { + const char* l_databuf = static_cast<char*>(i_pBuffer); + i_parser.PrintHeading("System HW Key Hash"); + + //***** Memory Layout ***** + // 64 bytes : SHA512_t of System HW Key Hash + + i_parser.PrintHexDump(l_databuf, UDPARSER_SIZEOF_SHA512_t); + l_databuf += UDPARSER_SIZEOF_SHA512_t; + } + +private: + // Disabled + UdParserSystemHwKeyHash(const UdParserSystemHwKeyHash&); + UdParserSystemHwKeyHash & operator=(const UdParserSystemHwKeyHash&); +}; + + +/** + * @class UdParserTargetHwKeyHash + * + * Parses UdTargetHwKeyHash + */ +class UdParserTargetHwKeyHash : public ERRORLOG::ErrlUserDetailsParser +{ +public: + /** + * @brief Constructor + */ + UdParserTargetHwKeyHash() {} + + /** + * @brief Destructor + */ + virtual ~UdParserTargetHwKeyHash() {} + + /** + * @brief Parses string user detail data from an error log + * + * @param i_version Version of the data + * @param i_parse ErrlUsrParser object for outputting information + * @param i_pBuffer Pointer to buffer containing detail data + * @param i_buflen Length of the buffer + */ + virtual void parse(errlver_t i_version, + ErrlUsrParser & i_parser, + void * i_pBuffer, + const uint32_t i_buflen) const + { + char* l_databuf = static_cast<char*>(i_pBuffer); + i_parser.PrintHeading("Target HW Key Hash"); + + //***** Memory Layout ***** + // 4 bytes : Target HUID + // 1 byte : SBE SEEPROM (Primary or Backup) + // 64 bytes : SHA512_t of Target HW Key Hash + + i_parser.PrintNumber("Target HUID","%.8lX",TO_UINT32(l_databuf)); + l_databuf += sizeof(uint32_t); + + uint8_t side = TO_UINT8(l_databuf); + l_databuf += sizeof(uint8_t); + + if( side == 0 ) + { + i_parser.PrintNumber("SBE_PRIMARY","%.2X",side); + } + else if( side == 1 ) + { + i_parser.PrintNumber("SBE_BACKUP","%.2X",side); + } + else + { + i_parser.PrintNumber("Unknown SBE","%.2X",side); + } + + i_parser.PrintHexDump(l_databuf, UDPARSER_SIZEOF_SHA512_t); + l_databuf += UDPARSER_SIZEOF_SHA512_t; + } + +private: + // Disabled + UdParserTargetHwKeyHash(const UdParserTargetHwKeyHash&); + UdParserTargetHwKeyHash & operator=(const UdParserTargetHwKeyHash&); +}; + + + +} // end SECUREBOOT namespace + +#endif diff --git a/src/usr/secureboot/common/plugins/secureUdParserFactory.H b/src/usr/secureboot/common/plugins/secureUdParserFactory.H new file mode 100644 index 000000000..e3ab91d48 --- /dev/null +++ b/src/usr/secureboot/common/plugins/secureUdParserFactory.H @@ -0,0 +1,55 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/usr/secureboot/common/plugins/secureUdParserFactory.H $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2017 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ +#if !defined(_SECUREUDPARSERFACTORY_H) +#define _SECUREUDPARSERFACTORY_H + +#include "errludparserfactory.H" +#include "errludP_secure.H" + +namespace SECUREBOOT +{ + class UserDetailsParserFactory + : public ERRORLOG::ErrlUserDetailsParserFactory + { + public: + UserDetailsParserFactory() + { + registerParser<SECUREBOOT::UdParserSystemHwKeyHash> + (SECURE_UDT_SYSTEM_HW_KEY_HASH); + + registerParser<SECUREBOOT::UdParserTargetHwKeyHash> + (SECURE_UDT_TARGET_HW_KEY_HASH); + } + + private: + + UserDetailsParserFactory(const UserDetailsParserFactory &); + UserDetailsParserFactory & operator= + (const UserDetailsParserFactory &); + }; +}; + +#endif + diff --git a/src/usr/secureboot/common/securetrace.H b/src/usr/secureboot/common/securetrace.H index 7c7accb54..4152f5aa7 100644 --- a/src/usr/secureboot/common/securetrace.H +++ b/src/usr/secureboot/common/securetrace.H @@ -38,9 +38,10 @@ namespace SECUREBOOT extern trace_desc_t* g_trac_secure; -// symbolic constant for the trace size +// symbolic constants for the trace size enum { - ERROR_TRACE_SIZE = 256, + ERROR_TRACE_SIZE = 256, // normal + MAX_ERROR_TRACE_SIZE = 512, // max }; } |
