diff options
| author | Nick Bofferding <bofferdn@us.ibm.com> | 2017-01-30 13:52:49 -0600 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-03-03 13:51:19 -0500 |
| commit | a9eefaa1086c7a3cc51e374c52a7c04397968fd5 (patch) | |
| tree | b0f15275d1fab88785d6efe8c47d3ad6ea3bc377 /src/usr/secureboot/trusted/trustedboot.C | |
| parent | a0437b216feaa77f81cfa3738844a0b761a9e99d (diff) | |
| download | talos-hostboot-a9eefaa1086c7a3cc51e374c52a7c04397968fd5.tar.gz talos-hostboot-a9eefaa1086c7a3cc51e374c52a7c04397968fd5.zip | |
Support DRTM RIT protection
- Added mailbox scratch register 7 definition
- Added DRTM functions
- Added set/clear security switch register functions
- Added additional security switch bit definitions
- Added secureboot extended library to host DRTM functions
- Inhibited TPM start command in DRTM flow
- Added new config options for DRTM and DRTM RIT protection
- Added new DRTM attribute to indicate if DRTM is active
- Added new DRTM attribute to hold DRTM payload address
- Added new DRTM attribute to initiate DRTM in lieu of loading payload
- Updated target service init to determine DRTM settings
- Updated host start payload step to initiate DRTM if conditions are met
- Updated host MPIPL service to verify DRTM payload and clean up DRTM HW state
- Updated host gard step to verify DRTM HW state
- Rerouted PCR extensions to PCR 17 in DRTM boot
- Use locality 2 for all PCR extensions in DRTM boot
- Inhibit extension logging (for now) in DRTM boot
- Only extend seperator to PCR 17 in DRTM boot
Change-Id: Id52c36c3a64ca002571396d605caa308d9dc0199
RTC: 157140
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/35633
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Timothy R. Block <block@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr/secureboot/trusted/trustedboot.C')
| -rw-r--r-- | src/usr/secureboot/trusted/trustedboot.C | 103 |
1 files changed, 85 insertions, 18 deletions
diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C index b6bbd313b..2009ab07a 100644 --- a/src/usr/secureboot/trusted/trustedboot.C +++ b/src/usr/secureboot/trusted/trustedboot.C @@ -56,6 +56,9 @@ #include "tpmLogMgr.H" #include "base/trustedbootMsg.H" #include <secureboot/settings.H> +#ifdef CONFIG_DRTM +#include <secureboot/drtm.H> +#endif namespace TRUSTEDBOOT { @@ -375,10 +378,18 @@ void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target) io_target.initAttempted = true; io_target.failed = false; - bool drtm = false; - /// @todo #157140 Add ability to check for DRTM + bool sendStartup = true; + +#ifdef CONFIG_DRTM + bool drtmMpipl = false; + (void)SECUREBOOT::DRTM::isDrtmMpipl(drtmMpipl); + if(drtmMpipl) + { + sendStartup = false; + } +#endif // Don't run STARTUP during DRTM - if (!drtm) + if (sendStartup) { // TPM_STARTUP err = tpmCmdStartup(&io_target); @@ -395,11 +406,13 @@ void tpmInitialize(TRUSTEDBOOT::TpmTarget & io_target) break; } +#ifdef CONFIG_DRTM // For a DRTM we need to reset PCRs 17-22 - if (drtm) + if (drtmMpipl) { - /// @todo Implement PCR reset + /// @TODO RTC 167667 Implement PCR reset } +#endif } while ( 0 ); @@ -596,7 +609,7 @@ errlHndl_t tpmLogConfigEntries(TRUSTEDBOOT::TpmTarget & io_target) } void pcrExtendSingleTpm(TpmTarget & io_target, - TPM_Pcr i_pcr, + const TPM_Pcr i_pcr, TPM_Alg_Id i_algId, const uint8_t* i_digest, size_t i_digestSize, @@ -606,6 +619,26 @@ void pcrExtendSingleTpm(TpmTarget & io_target, TCG_PCR_EVENT2 eventLog; bool unlock = false; + TPM_Pcr pcr = i_pcr; + bool useStaticLog = true; + +#ifdef CONFIG_DRTM + // In a DRTM flow, all extensions must be re-rerouted to PCR 17 + // (which will end up using locality 2). + bool drtmMpipl = false; + (void)SECUREBOOT::DRTM::isDrtmMpipl(drtmMpipl); + if(drtmMpipl) + { + TRACFCOMP(g_trac_trustedboot, + INFO_MRK " pcrExtendSingleTpm(): DRTM active; re-routing PCR %d " + "extend to PCR 17", + i_pcr); + + pcr = PCR_DRTM_17; + useStaticLog = false; + } +#endif + memset(&eventLog, 0, sizeof(eventLog)); do { @@ -617,22 +650,29 @@ void pcrExtendSingleTpm(TpmTarget & io_target, !io_target.failed) { // Fill in TCG_PCR_EVENT2 and add to log - eventLog = TpmLogMgr_genLogEventPcrExtend(i_pcr, + eventLog = TpmLogMgr_genLogEventPcrExtend(pcr, i_algId, i_digest, i_digestSize, TPM_ALG_SHA1, i_digest, i_digestSize, i_logMsg); - err = TpmLogMgr_addEvent(io_target.logMgr,&eventLog); - if (NULL != err) + if(useStaticLog) { - break; + err = TpmLogMgr_addEvent(io_target.logMgr,&eventLog); + if (NULL != err) + { + break; + } } + // TODO: RTC 145689: Add DRTM support for using dynamic + // log instead of static log; until then, inhibit DRTM logging + // entirely + // Perform the requested extension and also force into the // SHA1 bank err = tpmCmdPcrExtend2Hash(&io_target, - i_pcr, + pcr, i_algId, i_digest, i_digestSize, @@ -685,16 +725,34 @@ void pcrExtendSeparator(TpmTarget & io_target) mutex_lock( &io_target.tpmMutex ); unlock = true; - for (TPM_Pcr curPcr = PCR_0; curPcr <= PCR_7; - curPcr = static_cast<TPM_Pcr>(curPcr + 1)) + std::vector<TPM_Pcr> pcrs = + {PCR_0,PCR_1,PCR_2,PCR_3,PCR_4,PCR_5,PCR_6,PCR_7}; + bool useStaticLog = true; + +#ifdef CONFIG_DRTM + // In a DRTM flow, all extensions must be re-rerouted to PCR 17 + // (which will end up using locality 2). + bool drtmMpipl = false; + (void)SECUREBOOT::DRTM::isDrtmMpipl(drtmMpipl); + if(drtmMpipl) { + TRACFCOMP(g_trac_trustedboot, + INFO_MRK " pcrExtendSeparator(): DRTM active; extending " + "separator to PCR 17 instead of PCR 0..7."); + + pcrs = { PCR_DRTM_17 }; + useStaticLog = false; + } +#endif + for (const auto &pcr : pcrs) + { // Log the separator if (io_target.available && !io_target.failed) { // Fill in TCG_PCR_EVENT2 and add to log - eventLog = TpmLogMgr_genLogEventPcrExtend(curPcr, + eventLog = TpmLogMgr_genLogEventPcrExtend(pcr, TPM_ALG_SHA1, sha1_digest, sizeof(sha1_digest), @@ -702,15 +760,24 @@ void pcrExtendSeparator(TpmTarget & io_target) sha256_digest, sizeof(sha256_digest), logMsg); - err = TpmLogMgr_addEvent(io_target.logMgr,&eventLog); - if (NULL != err) + + if(useStaticLog) { - break; + err = TpmLogMgr_addEvent(io_target.logMgr,&eventLog); + if (NULL != err) + { + break; + } } + // TODO: RTC 145689: Add DRTM support for using dynamic + // log (which will happen any time useStaticLog is false). + // Until then, we cannot log DRTM events, since they are only + // allowed to go to the dynamic log + // Perform the requested extension err = tpmCmdPcrExtend2Hash(&io_target, - curPcr, + pcr, TPM_ALG_SHA1, sha1_digest, sizeof(sha1_digest), |
