Secure Boot: Enforce PNOR section component IDs

- In secure mode, bootloader will enforce that HBB component ID is set
- In secure mode, Hostboot will enforce that PNOR component IDs are set

Change-Id: I04f3bbc45417b3229003c56e1083e1fc31c01cd7
RTC: 179422
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/48711
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>

2 files changed, 186 insertions, 2 deletions

diff --git a/src/usr/secureboot/base/securerommgr.C b/src/usr/secureboot/base/securerommgr.C
index 072fcf950..7e517c31d 100644
--- a/src/usr/secureboot/base/securerommgr.C
+++ b/src/usr/secureboot/base/securerommgr.C
@@ -34,12 +34,14 @@
 #include <errl/errlmanager.H>
 #include "../common/securetrace.H"
 #include <kernel/bltohbdatamgr.H>
+#include <errl/errludstring.H>
+#include <string.h>
 
 #include "securerommgr.H"
 #include <secureboot/settings.H>
 #include <config.h>
 #include <console/consoleif.H>
-#include <array>
+#include <secureboot/containerheader.H>
 
 // Quick change for unit testing
 //#define TRACUCOMP(args...)  TRACFCOMP(args)
@@ -85,6 +87,61 @@ errlHndl_t verifyContainer(void * i_container, const SHA512_t* i_hwKeyHash)
     return l_errl;
 }
 
+errlHndl_t verifyComponent(
+    const ContainerHeader& i_containerHeader,
+    const char* const      i_pComponentId)
+{
+    assert(i_pComponentId != nullptr,"BUG! Component ID string was nullptr");
+
+    errlHndl_t pError = nullptr;
+
+    if(strncmp(i_containerHeader.componentId(),
+               i_pComponentId,
+               sizeof(ROM_sw_header_raw::component_id)) != 0)
+    {
+        char pTruncatedComponentId[sizeof(ROM_sw_header_raw::component_id)+
+                                  sizeof(uint8_t)]={0};
+        strncpy(pTruncatedComponentId,
+                i_pComponentId,
+                sizeof(ROM_sw_header_raw::component_id));
+
+        TRACFCOMP(g_trac_secure,ERR_MRK"SECUREROM::verifyComponent: "
+            "Secure Boot verification failure; container's component ID of "
+            "[%s] does not match expected component ID of [%s] (truncated "
+            "from [%s]",
+            i_containerHeader.componentId(),
+            pTruncatedComponentId,
+            i_pComponentId);
+
+        /*@
+         * @errortype
+         * @severity     ERRL_SEV_UNRECOVERABLE
+         * @moduleid     SECUREBOOT::MOD_SECURE_VERIFY_COMPONENT
+         * @reasoncode   SECUREBOOT::RC_ROM_VERIFY
+         * @devdesc      Container's component ID does not match expected
+         *               component ID
+         * @custdesc     Secure Boot firmware validation failed
+         */
+        pError = new ERRORLOG::ErrlEntry(
+            ERRORLOG::ERRL_SEV_UNRECOVERABLE,
+            SECUREBOOT::MOD_SECURE_VERIFY_COMPONENT,
+            SECUREBOOT::RC_ROM_VERIFY,
+            0,
+            0,
+            true /*Add HB Software Callout*/ );
+
+        ERRORLOG::ErrlUserDetailsStringSet stringSet;
+        stringSet.add("Actual component ID",i_containerHeader.componentId());
+        stringSet.add("Expected ID (truncated)",pTruncatedComponentId);
+        stringSet.add("Expected ID (full)",i_pComponentId);
+        stringSet.addToLog(pError);
+
+        pError->collectTrace(SECURE_COMP_NAME,ERROR_TRACE_SIZE);
+    }
+
+    return pError;
+}
+
 /**
  * @brief Hash Signed Blob
  *
diff --git a/src/usr/secureboot/base/test/securerommgrtest.H b/src/usr/secureboot/base/test/securerommgrtest.H
index 7db0dc2cc..4a445b52f 100644
--- a/src/usr/secureboot/base/test/securerommgrtest.H
+++ b/src/usr/secureboot/base/test/securerommgrtest.H
@@ -25,7 +25,7 @@
 #ifndef __SECUREROMMANAGERTEST_H
 #define __SECUREROMMANAGERTEST_H
 
-
+#include <array>
 #include <sys/mm.h>
 #include <sys/mmio.h>
 #include <vfs/vfs.H>
@@ -35,6 +35,7 @@
 #include <secureboot/service.H>
 #include <secureboot/secure_reasoncodes.H>
 #include <kernel/bltohbdatamgr.H>
+#include <stddef.h>
 
 #include "../securerommgr.H"
 
@@ -398,6 +399,132 @@ class SecureRomManagerTest : public CxxTest::TestSuite
         TRACFCOMP(g_trac_secure,EXIT_MRK"SecureRomManagerTest::test_hash_page_table_verify");
     }
 
+    void test_verifyComponent(void)
+    {
+        errlHndl_t pError = nullptr;
+
+        // Signed file variables
+        const char* signedFile_name = "secureboot_signed_container";
+        void*  signedFile_pageAddr  = nullptr;
+        size_t  signedFile_size     = 0;
+        uint64_t signedFile_vaddr   = 0;
+
+        do {
+
+        struct verifyComponentTest
+        {
+            const char* pActualCompId;
+            const char* pRefCompId;
+            bool shouldPass;
+        };
+
+        const std::vector<verifyComponentTest> tests =
+            { {"ABCD1234","ABCD12345", true },
+              {"ABCD1234","ABCD1234" , true },
+              {"ABCD1234","ABCD123"  , false},
+              {"ABCD123" ,"ABCD12345", false},
+              {"ABCD123" ,"ABCD1234" , false},
+              {"ABCD123" ,"ABCD123"  , true },
+              {"A"       ,"A"        , true },
+              {"A"       ,"B"        , false},
+              {"A"       ,"AB"       , false},
+              {"A"       ,""         , false},
+              {""        ,"A"        , false},
+              {""        ,""         , true } };
+
+        // Call utility function
+        pError = loadSignedFile( signedFile_name,
+                                 signedFile_pageAddr,
+                                 signedFile_size,
+                                 signedFile_vaddr);
+
+        if (pError)
+        {
+            TS_FAIL("SecureRomManagerTest::test_verifyComponent: "
+                "loadSignedFile() Failed");
+            errlCommit(pError, SECURE_COMP_ID);
+            break;
+        }
+
+        char pHeader[MAX_SECURE_HEADER_SIZE]={0};
+        memcpy(pHeader,signedFile_pageAddr,sizeof(pHeader));
+
+        char* const pCompIdInContainer = pHeader
+            + offsetof(ROM_container_raw,prefix)
+            + offsetof(ROM_prefix_header_raw,ecid)
+            + offsetof(ROM_prefix_data_raw,sw_pkey_q)
+            + offsetof(ROM_sw_header_raw,component_id);
+
+        const size_t compIdSize = sizeof(ROM_sw_header_raw::component_id);
+
+        for(const auto& test : tests)
+        {
+            memset(pCompIdInContainer,0x00,compIdSize);
+            strncpy(pCompIdInContainer,test.pActualCompId,compIdSize);
+            SECUREBOOT::ContainerHeader containerHeader(pHeader);
+
+            pError = SECUREBOOT::verifyComponent(
+                containerHeader,
+                test.pRefCompId);
+            if(pError)
+            {
+                if(test.shouldPass)
+                {
+                    TS_FAIL("SecureRomManagerTest::test_verifyContainer: "
+                        "Expected SECUREBOOT::verifyComponent to pass, but it "
+                        "failed.  Actual component ID was [%s], reference "
+                        "component ID was [%s]",
+                        test.pActualCompId,
+                        test.pRefCompId);
+                    errlCommit(pError, SECURE_COMP_ID);
+                }
+                else // Should fail
+                {
+                    // But verify it's the right fail
+                    if(   (   pError->reasonCode()
+                           != SECUREBOOT::RC_ROM_VERIFY)
+                       || (   pError->moduleId()
+                           !=  SECUREBOOT::MOD_SECURE_VERIFY_COMPONENT))
+                    {
+                        TS_FAIL("SecureRomManagerTest::test_verifyContainer: "
+                            "Expected SECUREBOOT::verifyComponent to fail with "
+                            "reason code of 0x%04X and module ID of 0x%02, but "
+                            "failed with reason code of 0x%04X and module ID "
+                            "of 0x%02X.  Actual component ID was [%s], "
+                            "reference component ID was [%s]",
+                            SECUREBOOT::RC_ROM_VERIFY,
+                            SECUREBOOT::MOD_SECURE_VERIFY_COMPONENT,
+                            pError->reasonCode(),
+                            pError->moduleId(),
+                            test.pActualCompId,
+                            test.pRefCompId);
+                        errlCommit(pError, SECURE_COMP_ID);
+                    }
+                    else
+                    {
+                        delete pError;
+                        pError = nullptr;
+                    }
+                }
+            }
+            else if(!test.shouldPass)
+            {
+                TS_FAIL("SecureRomManagerTest::test_verifyContainer: "
+                    "Expected SECUREBOOT::verifyComponent to fail, but it "
+                    "passed.  Actual component ID was [%s], reference "
+                    "component ID was [%s]",
+                    test.pActualCompId,
+                    test.pRefCompId);
+            }
+        }
+
+        } while(0);
+
+        if ( signedFile_pageAddr != nullptr   )
+        {
+            unloadSignedFile( signedFile_pageAddr, signedFile_size);
+        }
+    }
 };
 
 /**********************************************************************/