diff options
| author | Nick Bofferding <bofferdn@us.ibm.com> | 2016-06-21 14:49:31 -0500 |
|---|---|---|
| committer | William G. Hoffa <wghoffa@us.ibm.com> | 2016-07-07 10:11:39 -0400 |
| commit | f25ca35cf10693ccc45753231f171b453228b82e (patch) | |
| tree | e5391105c40d7557e63a49ef6d33d8635a2fd2bb /src/usr/secureboot/runtime | |
| parent | b18f35fb5748bb6caf7c81f3080a02bdc33e0347 (diff) | |
| download | talos-hostboot-f25ca35cf10693ccc45753231f171b453228b82e.tar.gz talos-hostboot-f25ca35cf10693ccc45753231f171b453228b82e.zip | |
Register verify_container runtime interface
- Added verify_container API to runtime interface for secureboot
- Added testcase to test API registration
- Created common secureboot tracing files
Change-Id: If755644ff6507f14fd0463f4accf05301fc91832
RTC: 156119
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/26104
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot/runtime')
| -rw-r--r-- | src/usr/secureboot/runtime/makefile | 41 | ||||
| -rw-r--r-- | src/usr/secureboot/runtime/rt_secureboot.C | 79 | ||||
| -rw-r--r-- | src/usr/secureboot/runtime/test/makefile | 36 | ||||
| -rw-r--r-- | src/usr/secureboot/runtime/test/testsecureboot_rt.H | 102 |
4 files changed, 258 insertions, 0 deletions
diff --git a/src/usr/secureboot/runtime/makefile b/src/usr/secureboot/runtime/makefile new file mode 100644 index 000000000..fe42e65ea --- /dev/null +++ b/src/usr/secureboot/runtime/makefile @@ -0,0 +1,41 @@ +# IBM_PROLOG_BEGIN_TAG +# This is an automatically generated prolog. +# +# $Source: src/usr/secureboot/runtime/makefile $ +# +# OpenPOWER HostBoot Project +# +# Contributors Listed Below - COPYRIGHT 2016 +# [+] International Business Machines Corp. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. +# +# IBM_PROLOG_END_TAG + +HOSTBOOT_RUNTIME = 1 +ROOTPATH = ../../../.. + +MODULE = secureboot_rt + +include ../common/common.mk +CFLAGS += -iquote${ROOTPATH}/src/usr/secureboot + +SUBDIRS += test.d + +OBJS += ${SECUREBOOT_COMMON_OBJS} +OBJS += rt_secureboot.o + +VPATH += ../common + +include $(ROOTPATH)/config.mk diff --git a/src/usr/secureboot/runtime/rt_secureboot.C b/src/usr/secureboot/runtime/rt_secureboot.C new file mode 100644 index 000000000..8ab6d5e51 --- /dev/null +++ b/src/usr/secureboot/runtime/rt_secureboot.C @@ -0,0 +1,79 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/usr/secureboot/runtime/rt_secureboot.C $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2016 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ + +/** + * @file rt_secureboot.C + * @brief Provides runtime API for secure container verification + */ + +#include <runtime/interface.h> +#include <config.h> + +#include "common/securetrace.H" + +namespace SECUREBOOT +{ + +int verify_container( + const void* i_pContainer, + const void* i_pHwHashKey, + const size_t i_hwHashKeySize) +{ + int rc = 0; + + SB_ENTER( + "verify_container: " + "container ptr = %p, " + "HW hash key ptr = %p, " + "HW hash key size = %d", + i_pContainer,i_pHwHashKey,i_hwHashKeySize); + + // TODO: RTC 156485 + // Implement guts of verify_container + + SB_EXIT( + "verify_container: rc = %d",rc); + + return rc; +} + +struct registerSecurebootRt +{ + registerSecurebootRt() + { + auto pRtIntf = getRuntimeInterfaces(); +#ifdef CONFIG_SECUREBOOT + pRtIntf->verify_container = &verify_container; +#else + pRtIntf->verify_container = nullptr; +#endif + } +}; + +registerSecurebootRt g_registerSecurebootRt; + +} // end of SECUREBOOT namespace + + diff --git a/src/usr/secureboot/runtime/test/makefile b/src/usr/secureboot/runtime/test/makefile new file mode 100644 index 000000000..b824cd9e9 --- /dev/null +++ b/src/usr/secureboot/runtime/test/makefile @@ -0,0 +1,36 @@ +# IBM_PROLOG_BEGIN_TAG +# This is an automatically generated prolog. +# +# $Source: src/usr/secureboot/runtime/test/makefile $ +# +# OpenPOWER HostBoot Project +# +# Contributors Listed Below - COPYRIGHT 2016 +# [+] International Business Machines Corp. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. +# +# IBM_PROLOG_END_TAG + +HOSTBOOT_RUNTIME = 1 + +ROOTPATH = ../../../../.. + +CFLAGS += -iquote${ROOTPATH}/src/usr/secureboot + +MODULE = testsecureboot_rt + +TESTS = *.H + +include ${ROOTPATH}/config.mk diff --git a/src/usr/secureboot/runtime/test/testsecureboot_rt.H b/src/usr/secureboot/runtime/test/testsecureboot_rt.H new file mode 100644 index 000000000..ef9a641a9 --- /dev/null +++ b/src/usr/secureboot/runtime/test/testsecureboot_rt.H @@ -0,0 +1,102 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/usr/secureboot/runtime/test/testsecureboot_rt.H $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2016 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ + +/** + * @file testsecureboot_rt.H + * @brief Test secureboot runtime functions + */ + +#ifndef __TESTSECUREBOOT_RT_H +#define __TESTSECUREBOOT_RT_H + +#include <cxxtest/TestSuite.H> +#include <runtime/interface.h> +#include <config.h> + +#include "common/securetrace.H" + +class SecurebootRtTestSuite: public CxxTest::TestSuite +{ + public: + + void testVerifyContainer() + { + SB_ENTER("SecurebootRtTestSuite::testVerifyContainer"); + + do { + + auto pRtIntf = getRuntimeInterfaces(); + if (nullptr == pRtIntf) + { + TS_FAIL("testVerifyContainer: runtime interfaces pointer " + "not set"); + break; + } + +#ifndef CONFIG_SECUREBOOT + + if (nullptr != pRtIntf->verify_container) + { + TS_FAIL("testVerifyContainer: verify_container function pointer " + "set unexpectedly with secureboot compiled out"); + break; + } + +#else + + if (nullptr == pRtIntf->verify_container) + { + TS_FAIL("testVerifyContainer: verify_container function pointer " + "not set with secureboot compiled in"); + break; + } + + // If secureboot is compiled in, perform various API tests + + // TODO: RTC 156485 For now, function is a no op; add real tests here + // when verify_container is fully implemented + auto rc = pRtIntf->verify_container( + nullptr,nullptr,0); + if(rc != 0) + { + TS_FAIL("testVerifyContainer: expected verify_container to succeed " + "when secureboot is compiled in -and- verify_container is not " + "fully implemented, but it failed with rc = %d", + rc); + break; + } + +#endif + + } while(0); + + SB_EXIT("SecurebootRtTestSuite::testVerifyContainer"); + } + + private: + +}; + +#endif |
