diff options
| author | Ilya Smirnov <ismirno@us.ibm.com> | 2019-01-15 16:08:48 -0600 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2019-02-19 16:56:50 -0600 |
| commit | 00325c6de8baa143c8e06e9324d6ba997465aa1f (patch) | |
| tree | 819430f83cbfdb317e99878b05a6991734bd1852 /src/usr/secureboot/trusted/base | |
| parent | 6781c16acf6de4b08cbc55f2569062ba1c655592 (diff) | |
| download | talos-hostboot-00325c6de8baa143c8e06e9324d6ba997465aa1f.tar.gz talos-hostboot-00325c6de8baa143c8e06e9324d6ba997465aa1f.zip | |
Secureboot: Enhanced Multinode Comm: Slave Node
This commit introduces the logic to create the slave response
for the new enhanced multinode comm protocol. The slave response
consists of an eye catcher, node ID, quote and signature data
from TPM, PCR contents of the slave node TPM, Attestation Key
Certificate, and the TPM log. All of the above data is packaged
into a binary blob to be sent back to the master node.
Change-Id: I927c6ca937e6c07af4185cf54c782697c5d822f6
RTC: 203643
Reviewed-on: http://rchgit01.rchland.ibm.com/gerrit1/70791
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot/trusted/base')
| -rw-r--r-- | src/usr/secureboot/trusted/base/trustedbootMsg.H | 33 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/base/trustedboot_base.C | 64 |
2 files changed, 90 insertions, 7 deletions
diff --git a/src/usr/secureboot/trusted/base/trustedbootMsg.H b/src/usr/secureboot/trusted/base/trustedbootMsg.H index 9789c4fed..929233111 100644 --- a/src/usr/secureboot/trusted/base/trustedbootMsg.H +++ b/src/usr/secureboot/trusted/base/trustedbootMsg.H @@ -62,7 +62,8 @@ namespace TRUSTEDBOOT MSG_TYPE_READ_AK_CERT, MSG_TYPE_GEN_QUOTE, MSG_TYPE_FLUSH_CONTEXT, - MSG_TYPE_LAST = MSG_TYPE_FLUSH_CONTEXT, + MSG_TYPE_PCR_READ, + MSG_TYPE_LAST = MSG_TYPE_PCR_READ, }; /// PCREXTEND message data @@ -103,8 +104,8 @@ namespace TRUSTEDBOOT struct ReadAKCertData { TpmTarget* tpm; - AKCertificate_t* data; // The output of NVRAM read - ReadAKCertData(TpmTarget* i_tpm, AKCertificate_t* i_data) : + TPM2B_MAX_NV_BUFFER* data; // The output of NVRAM read + ReadAKCertData(TpmTarget* i_tpm, TPM2B_MAX_NV_BUFFER* i_data) : tpm(i_tpm), data(i_data) { } @@ -114,10 +115,10 @@ namespace TRUSTEDBOOT struct GenQuoteData { TpmTarget* tpm; - MasterTpmNonce_t* masterNonce; // 32-byte nonce value + const MasterTpmNonce_t* const masterNonce; // 32-byte nonce value QuoteDataOut* data; // Output - the quote and signature fields GenQuoteData(TpmTarget* i_tpm, - MasterTpmNonce_t* i_masterNonce, + const MasterTpmNonce_t* const i_masterNonce, QuoteDataOut* o_data) : tpm(i_tpm), masterNonce(i_masterNonce), @@ -126,6 +127,28 @@ namespace TRUSTEDBOOT } }; + // The struct used to read a PCR from TPM + struct PcrReadData + { + TpmTarget* tpm; // TPM target whose PCRs are to be read + TPM_Pcr pcr; // The PCR to read + TPM_Alg_Id alg; // The PCR bank to read + uint8_t* digest; // The buffer to hold the PCR contents + size_t digestSize; // The size of the digest buffer + PcrReadData(TpmTarget* i_tpm, + TPM_Pcr i_pcr, + TPM_Alg_Id i_alg, + uint8_t* o_digest, + size_t i_digestSize) : + tpm(i_tpm), + pcr(i_pcr), + alg(i_alg), + digest(o_digest), + digestSize(i_digestSize) + { + } + }; + // Trustedboot message class class Message { diff --git a/src/usr/secureboot/trusted/base/trustedboot_base.C b/src/usr/secureboot/trusted/base/trustedboot_base.C index 5c68e3c2f..e0170b164 100644 --- a/src/usr/secureboot/trusted/base/trustedboot_base.C +++ b/src/usr/secureboot/trusted/base/trustedboot_base.C @@ -902,7 +902,7 @@ errlHndl_t createAttestationKeys(TpmTarget* i_target) return l_errl; } -errlHndl_t readAKCertificate(TpmTarget* i_target, AKCertificate_t* o_data) +errlHndl_t readAKCertificate(TpmTarget* i_target, TPM2B_MAX_NV_BUFFER* o_data) { errlHndl_t l_errl = nullptr; #ifdef CONFIG_TPMDD @@ -955,7 +955,7 @@ errlHndl_t readAKCertificate(TpmTarget* i_target, AKCertificate_t* o_data) } errlHndl_t generateQuote(TpmTarget* i_target, - MasterTpmNonce_t* i_masterNonce, + const MasterTpmNonce_t* const i_masterNonce, QuoteDataOut* o_data) { errlHndl_t l_errl = nullptr; @@ -1060,4 +1060,64 @@ errlHndl_t flushContext(TpmTarget* i_target) return l_errl; } +errlHndl_t pcrRead(TpmTarget* i_target, + const TPM_Pcr i_pcr, + const TPM_Alg_Id i_algId, + const size_t i_digestSize, + uint8_t* const o_digest) +{ + errlHndl_t l_errl = nullptr; +#ifdef CONFIG_TPMDD + Message* l_msg = nullptr; + + PcrReadData* l_data = new PcrReadData{i_target, + i_pcr, + i_algId, + o_digest, + i_digestSize}; + + l_msg = Message::factory(MSG_TYPE_PCR_READ, + sizeof(*l_data), + reinterpret_cast<uint8_t*>(l_data), + MSG_MODE_SYNC); + assert(l_msg != nullptr, "pcrRead: l_msg is nullptr"); + l_data = nullptr; //l_msg now owns l_data + + int l_rc = msg_sendrecv(systemData.msgQ, l_msg->iv_msg); + if(l_rc) + { + /*@ + * @errortype ERRL_SEV_UNRECOVERABLE + * @moduleid MOD_PCR_READ + * @reasoncode RC_SENDRECV_FAIL + * @userdata1 rc from msg_sendrecv + * @userdata2 TPM HUID + * @devdesc msg_sendrecv failed for pcrRead + * @custdesc trustedboot failure + */ + l_errl = new ERRORLOG::ErrlEntry(ERRORLOG::ERRL_SEV_UNRECOVERABLE, + MOD_PCR_READ, + RC_SENDRECV_FAIL, + l_rc, + TARGETING::get_huid(i_target), + ERRORLOG::ErrlEntry::ADD_SW_CALLOUT); + l_errl->collectTrace(SECURE_COMP_NAME); + l_errl->collectTrace(TRBOOT_COMP_NAME); + } + else + { + l_errl = l_msg->iv_errl; + l_msg->iv_errl = nullptr; + } + + if(l_msg) + { + delete l_msg; + l_msg = nullptr; + } + +#endif + return l_errl; +} + } // end TRUSTEDBOOT |
