Create map of SecureROM function types, versions, and offsets

Done to audit different algorithm versions and provide easy
lookup to simplify filling in HDAT

Change-Id: Iee1514efca9deb1af1341c2557c543b2ced81845
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/40776
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>

2 files changed, 138 insertions, 10 deletions

diff --git a/src/usr/secureboot/base/securerommgr.C b/src/usr/secureboot/base/securerommgr.C
index 28d254d2c..3c9e28db6 100644
--- a/src/usr/secureboot/base/securerommgr.C
+++ b/src/usr/secureboot/base/securerommgr.C
@@ -39,11 +39,19 @@
 #include <secureboot/settings.H>
 #include <config.h>
 #include <console/consoleif.H>
+#include <array>
 
 // Quick change for unit testing
 //#define TRACUCOMP(args...)  TRACFCOMP(args)
 #define TRACUCOMP(args...)
 
+// Definition in ROM.H
+const std::array<sbFuncType_t, SB_FUNC_TYPES::MAX_TYPES> SecRomFuncTypes =
+{
+    SB_FUNC_TYPES::SHA512,
+    SB_FUNC_TYPES::ECDSA521
+};
+
 namespace SECUREBOOT
 {
 
@@ -113,6 +121,18 @@ void getHwKeyHash(sha2_hash_t o_hash)
     }
 }
 
+sbFuncVer_t getSecRomFuncVersion(const sbFuncType_t i_funcType)
+{
+    return Singleton<SecureRomManager>::instance().
+                                               getSecRomFuncVersion(i_funcType);
+}
+
+uint64_t getSecRomFuncOffset(const sbFuncType_t i_funcType)
+{
+    return Singleton<SecureRomManager>::instance().
+                                                getSecRomFuncOffset(i_funcType);
+}
+
 }; //end SECUREBOOT namespace
 
 /********************
@@ -218,8 +238,24 @@ errlHndl_t SecureRomManager::initialize()
         /***************************************************************/
         SecureRomManager::getHwKeyHash();
 
+
         TRACDCOMP(g_trac_secure,INFO_MRK"SecureRomManager::initialize(): SUCCESSFUL:"
-        " iv_securerom=%p", iv_securerom);
+                  " iv_securerom=%p", iv_securerom);
+
+#ifdef HOSTBOOT_DEBUG
+        TRACFCOMP(g_trac_secure,">> iv_SecRomFuncTypeOffset Map");
+        for (auto const &funcType : iv_SecRomFuncTypeOffset)
+        {
+            TRACFCOMP(g_trac_secure,">>>> Func Type = 0x%X",
+                      funcType.first);
+            for (auto const &version : funcType.second)
+            {
+                TRACFCOMP(g_trac_secure,">>>>>> Version = 0x%X, Offset = 0x%X",
+                          version.first, version.second);
+            }
+        }
+        TRACFCOMP(g_trac_secure,"<<<< iv_SecRomFuncTypeOffset map");
+#endif
 
     }while(0);
 
@@ -282,9 +318,8 @@ errlHndl_t SecureRomManager::verifyContainer(void * i_container,
 
         // Set startAddr to ROM_verify() function at an offset of Secure ROM
         uint64_t l_rom_verify_startAddr =
-                                reinterpret_cast<uint64_t>(iv_securerom)
-                                + g_BlToHbDataManager.getBranchtableOffset()
-                                + ROM_VERIFY_FUNCTION_OFFSET;
+                                reinterpret_cast<uint64_t>(iv_securerom) +
+                                getSecRomFuncOffset(SB_FUNC_TYPES::ECDSA521);
 
         TRACUCOMP(g_trac_secure,"SecureRomManager::verifyContainer(): "
                   " Calling ROM_verify() via call_rom_verify: l_rc=0x%x, "
@@ -292,7 +327,8 @@ errlHndl_t SecureRomManager::verifyContainer(void * i_container,
                   l_rc, l_hw_parms.log, &l_hw_parms, l_rom_verify_startAddr,
                  iv_securerom);
 
-        ROM_container_raw* l_container = reinterpret_cast<ROM_container_raw*>(i_container);
+        ROM_container_raw* l_container = reinterpret_cast<ROM_container_raw*>(
+                                                                   i_container);
         l_rc = call_rom_verify(reinterpret_cast<void*>
                                (l_rom_verify_startAddr),
                                l_container,
@@ -366,9 +402,8 @@ void SecureRomManager::hashBlob(const void * i_blob, size_t i_size, SHA512_t o_b
 
         // Set startAddr to ROM_SHA512() function at an offset of Secure ROM
         uint64_t l_rom_SHA512_startAddr =
-                                    reinterpret_cast<uint64_t>(iv_securerom)
-                                    + g_BlToHbDataManager.getBranchtableOffset()
-                                    + SHA512_HASH_FUNCTION_OFFSET;
+                                    reinterpret_cast<uint64_t>(iv_securerom) +
+                                    getSecRomFuncOffset(SB_FUNC_TYPES::SHA512);
 
         call_rom_SHA512(reinterpret_cast<void*>(l_rom_SHA512_startAddr),
                         reinterpret_cast<const sha2_byte*>(i_blob),
@@ -441,3 +476,55 @@ void SecureRomManager::getHwKeyHash(sha2_hash_t o_hash)
         memcpy(o_hash, iv_key_hash, sizeof(sha2_hash_t));
     }
 }
+
+const SecureRomManager::SecRomFuncTypeOffsetMap_t
+            SecureRomManager::iv_SecRomFuncTypeOffset =
+{
+    // SHA512 Hash Function
+    { SB_FUNC_TYPES::SHA512,
+        {
+            { SB_FUNC_VERS::SHA512_INIT,
+              g_BlToHbDataManager.getBranchtableOffset() +
+                SHA512_HASH_FUNCTION_OFFSET
+            }
+        }
+    } ,
+    // ECDSA521 Verify Function
+    { SB_FUNC_TYPES::ECDSA521,
+        {
+            { SB_FUNC_VERS::ECDSA521_INIT,
+              g_BlToHbDataManager.getBranchtableOffset() +
+                ROM_VERIFY_FUNCTION_OFFSET
+            }
+        }
+    }
+};
+
+sbFuncVer_t SecureRomManager::getSecRomFuncVersion(const sbFuncType_t
+                                                         i_funcType) const
+{
+    sbFuncVer_t l_funcVer = SB_FUNC_TYPES::INVALID;
+
+    switch (i_funcType)
+    {
+        case SB_FUNC_TYPES::SHA512:
+            l_funcVer = iv_curSHA512Ver;
+            break;
+        case SB_FUNC_TYPES::ECDSA521:
+            l_funcVer = iv_curECDSA521Ver;
+            break;
+        default:
+            assert(false, "getCurFuncVer:: Function type 0x%X not supported", i_funcType);
+            break;
+    }
+
+    return l_funcVer;
+}
+
+uint64_t SecureRomManager::getSecRomFuncOffset(const sbFuncType_t i_funcType)
+                                                                           const
+{
+    sbFuncVer_t l_funcVer = getSecRomFuncVersion(i_funcType);
+
+    return iv_SecRomFuncTypeOffset.at(i_funcType).at(l_funcVer);
+}
diff --git a/src/usr/secureboot/base/securerommgr.H b/src/usr/secureboot/base/securerommgr.H
index 3cbd0fc77..5b3d1ce50 100644
--- a/src/usr/secureboot/base/securerommgr.H
+++ b/src/usr/secureboot/base/securerommgr.H
@@ -29,6 +29,7 @@
 #include <errl/errlentry.H>
 #include <securerom/ROM.H>
 #include <utility>
+#include <map>
 
 typedef std::vector< std::pair<void*,size_t> > blobPair_t;
 
@@ -47,7 +48,6 @@ class SecureRomManager
          */
         errlHndl_t initialize();
 
-
         /**
          * @brief Verify Container against system hash keys
          *
@@ -103,6 +103,26 @@ class SecureRomManager
          */
         bool isValid();
 
+        /*
+         * @brief Get offset of function from the start of the SecureROM
+         *
+         * @param[in]  i_funcType   Secure Boot function type to get version of
+         *
+         * @return uint64_t - offset of the function
+         */
+        sbFuncVer_t getSecRomFuncVersion(const sbFuncType_t i_funcType) const;
+
+        /*
+         * @brief Get offset of function from the start of the SecureROM
+         *
+         *
+         * @param[in]  i_funcType   Secure Boot function type to get offset of
+         *
+         * @return uint64_t - offset of the function
+         */
+        uint64_t getSecRomFuncOffset(const sbFuncType_t i_funcType) const;
+
+
     protected:
 
         /**
@@ -110,7 +130,9 @@ class SecureRomManager
          */
         SecureRomManager():iv_securerom(nullptr),
                            iv_secureromValid(false),
-                           iv_key_hash(nullptr) {}
+                           iv_key_hash(nullptr),
+                           iv_curSHA512Ver(SB_FUNC_VERS::SHA512_INIT),
+                           iv_curECDSA521Ver(SB_FUNC_VERS::ECDSA521_INIT) {}
 
         /**
          * @brief Destructor
@@ -138,6 +160,25 @@ class SecureRomManager
          */
         const sha2_hash_t* iv_key_hash;
 
+        /**
+         * @brief Map to find verify SecureROM function types and their
+         *        respective versions and offsets.
+         *
+         * Description: Nested Map where key is the function type and the
+         *              value is a map of versions to offsets
+         *
+         */
+        // Type of nest map in SecRomFuncTypeOffset
+        typedef std::map<sbFuncVer_t, uint64_t> FuncVerToOffsetMap_t;
+        typedef std::map<sbFuncType_t, FuncVerToOffsetMap_t > SecRomFuncTypeOffsetMap_t;
+        static const SecRomFuncTypeOffsetMap_t iv_SecRomFuncTypeOffset;
+
+        // SHA512 function version
+        sbFuncVer_t iv_curSHA512Ver;
+
+        // ECDSA521 function version
+        sbFuncVer_t iv_curECDSA521Ver;
+
         /********************************************
          * Private Functions
          ********************************************/