summaryrefslogtreecommitdiffstats
path: root/src/usr
diff options
context:
space:
mode:
authorMike Baiocchi <mbaiocch@us.ibm.com>2017-03-27 08:13:15 -0500
committerDaniel M. Crowell <dcrowell@us.ibm.com>2017-04-03 11:22:19 -0400
commit5284cb4636143bc16ce06c10f40133639e35a3be (patch)
tree989ee196c2e86f855069a5944ef1a90793b18d12 /src/usr
parent3eac7d61c5a1f78006c1c4b0e9621d91e2dbf47f (diff)
downloadtalos-hostboot-5284cb4636143bc16ce06c10f40133639e35a3be.tar.gz
talos-hostboot-5284cb4636143bc16ce06c10f40133639e35a3be.zip
Read the HW Key Hash from a Processor's SBE Seeprom
This commit adds an interface to read the HW Key Hash located in the HBBL section of each Processor's two SBE Seeproms. Change-Id: I906434269746c296c646f7b0594575c58b145294 RTC: 167585 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38465 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src/usr')
-rw-r--r--src/usr/sbe/sbe_update.C280
-rw-r--r--src/usr/sbe/test/sbeupdatetest.H31
-rw-r--r--src/usr/secureboot/common/errlud_secure.H2
3 files changed, 308 insertions, 5 deletions
diff --git a/src/usr/sbe/sbe_update.C b/src/usr/sbe/sbe_update.C
index ce1795537..c602fbf9b 100644
--- a/src/usr/sbe/sbe_update.C
+++ b/src/usr/sbe/sbe_update.C
@@ -72,7 +72,8 @@
#include <p9_perv_scom_addresses.H>
#include <initservice/mboxRegs.H>
#include <bootloader/bootloaderif.H>
-
+#include <secureboot/service.H>
+#include <assert.h>
// ----------------------------------------------
// Trace definitions
@@ -270,7 +271,6 @@ namespace SBE
for(uint32_t i=0; i<procList.size(); i++)
{
-
/*********************************************/
/* Collect SBE Information for this Target */
/*********************************************/
@@ -707,7 +707,6 @@ namespace SBE
(reinterpret_cast<char*>(hdr_Ptr)+0x1000);
}
-
if(NULL != o_version)
{
err = readPNORVersion(hdr_Ptr,
@@ -1810,7 +1809,7 @@ namespace SBE
/* Get PNOR HBBL Information */
/*******************************************/
- // Get SBE PNOR section info from PNOR RP
+ // Get HBBL PNOR section info from PNOR RP
PNOR::SectionInfo_t pnorInfo;
err = getSectionInfo( PNOR::HB_BOOTLOADER, pnorInfo );
if(err)
@@ -1828,6 +1827,7 @@ namespace SBE
"hbblPnorPtr=%p, hbblMaxSize=0x%08X (%d)",
hbblPnorPtr, MAX_HBBL_SIZE, MAX_HBBL_SIZE);
+
/*******************************************/
/* Append HBBL Image from PNOR to SBE */
/* Image from PNOR */
@@ -4710,4 +4710,276 @@ errlHndl_t sbeDoReboot( void )
return err;
}
+/////////////////////////////////////////////////////////////////////
+errlHndl_t getHwKeyHashFromSbeSeeprom(
+ TARGETING::Target* const i_target,
+ const EEPROM::eeprom_chip_types_t i_seeprom,
+ SHA512_t o_hash)
+{
+ errlHndl_t err = nullptr;
+ TRACFCOMP( g_trac_sbe, ENTER_MRK"getHwKeyHashFromSbeSeeprom: "
+ "i_target=0x%X, i_seeprom=%d",
+ get_huid(i_target), i_seeprom);
+
+ // Check Input Parameters
+ assert(i_target != nullptr,"getHwKeyHashFromSbeSeeprom i_target can't be NULL");
+ assert(i_target->getAttr<TARGETING::ATTR_TYPE>() == TARGETING::TYPE_PROC, "getHwKeyHashFromSbeSeeprom i_target must be TYPE_PROC");
+ assert(((i_seeprom == EEPROM::SBE_PRIMARY) || (i_seeprom == EEPROM::SBE_BACKUP)), "getHwKeyHashFromSbeSeeprom i_seeprom=%d is invalid", i_seeprom);
+
+ // Code Assumptions
+ static_assert((sizeof(P9XipHeader) % 8) == 0, "getHwKeyHashFromSbeSeeprom(): sizeof(P9XipHeader) is not 8-byte-aligned");
+ static_assert((sizeof(P9XipHeader().iv_magic) % 8) == 0, "getHwKeyHashFromSbeSeeprom(): sizeof(P9XipHeader().iv_magic) is not 8-byte-aligned");
+ static_assert((sizeof(SHA512_t) % 8) == 0, "getHwKeyHashFromSbeSeeprom(): sizeof(SHA512_t) is not 8-byte-aligned");
+
+ // Local variables used to capture ECC FFDC
+ PNOR::ECC::eccStatus eccStatus = PNOR::ECC::CLEAN;
+ size_t seeprom_offset = 0;
+ size_t remove_ECC_size = 0;
+
+ // Create buffers for read operations and removing ECC
+ const size_t max_buffer_size = PNOR::ECC::sizeWithEcc(
+ (std::max(sizeof(P9XipHeader), sizeof(SHA512_t))));
+
+ uint8_t tmp_data[max_buffer_size] = {0};
+ uint8_t tmp_data_ECC[max_buffer_size] = {0};
+
+ do{
+ // Calculate amount of data to read
+ size_t size = PNOR::ECC::sizeWithEcc(sizeof(P9XipHeader));
+ size_t expected_size = size;
+
+ // P9XipHeader is at the start of the SBE Image
+ seeprom_offset = 0;
+
+ //Read SBE Versions
+ err = deviceRead( i_target,
+ tmp_data_ECC,
+ size,
+ DEVICE_EEPROM_ADDRESS(i_seeprom,
+ seeprom_offset));
+ if(err)
+ {
+ TRACFCOMP( g_trac_sbe, ERR_MRK"getHwKeyHashFromSbeSeeprom() "
+ "Error getting SBE Data from Tgt=0x%X SEEPROM (0x%X), "
+ "RC=0x%X, PLID=0x%X",
+ get_huid(i_target),
+ EEPROM::SBE_BACKUP,
+ ERRL_GETRC_SAFE(err),
+ ERRL_GETPLID_SAFE(err));
+
+ err->collectTrace(SBE_COMP_NAME);
+
+ break;
+ }
+ assert(size==expected_size, "getHwKeyHashFromSbeSeeprom: size 0x%X returned form reading P9XipHeader does not equal expected_size=0x%X", size, expected_size);
+
+ remove_ECC_size = sizeof(P9XipHeader);
+ eccStatus = removeECC( tmp_data_ECC,
+ tmp_data,
+ remove_ECC_size,
+ seeprom_offset,
+ SBE_SEEPROM_SIZE);
+
+ if ( eccStatus == PNOR::ECC::UNCORRECTABLE )
+ {
+ TRACFCOMP( g_trac_sbe, "getHwKeyHashFromSbeSeeprom(): "
+ "Uncorrectable eccStatus from reading P9XipHeader: %d",
+ eccStatus);
+
+ // Break here - error log will be created after do-while loop
+ break;
+ }
+
+ TRACDBIN( g_trac_sbe,
+ "getHwKeyHashFromSbeSeeprom: P9XipHeader with ECC",
+ tmp_data_ECC,
+ PNOR::ECC::sizeWithEcc(sizeof(P9XipHeader().iv_magic) ) );
+
+ TRACDBIN( g_trac_sbe,
+ "getHwKeyHashFromSbeSeeprom: P9XipHeader no ECC",
+ tmp_data,
+ sizeof(P9XipHeader().iv_magic) ) ;
+
+ // After reading out P9XipHeader, call p9_xip_find to find HBBL image
+ // in SBE Image
+ P9XipSection l_xipSection = {0};
+
+ // Call p9_xip_find to find HBBL image in SBE image
+ auto l_sectionId = P9_XIP_SECTION_SBE_HBBL;
+
+ int xip_rc = p9_xip_get_section( tmp_data, l_sectionId, &l_xipSection );
+
+ TRACUCOMP( g_trac_sbe, "getHwKeyHashFromSbeSeeprom: xip_rc=%d: "
+ "Section iv_offset=0x%X, iv_size=0x%X, iv_alignment=0x%X",
+ xip_rc, l_xipSection.iv_offset, l_xipSection.iv_size,
+ l_xipSection.iv_alignment);
+
+ // Check the return code
+ if( ( xip_rc != 0 ) ||
+ ( l_xipSection.iv_offset == 0 ) ||
+ ( l_xipSection.iv_size == 0 ) )
+ {
+ TRACFCOMP( g_trac_sbe, "getHwKeyHashFromSbeSeeprom: Error from "
+ "p9_xip_get_section: xip_rc=%d: Section iv_offset=0x%X, "
+ "iv_size=0x%X, iv_alignment=0x%X",
+ xip_rc, l_xipSection.iv_offset, l_xipSection.iv_size,
+ l_xipSection.iv_alignment);
+
+ /*@
+ * @errortype
+ * @moduleid SBE_GET_HW_KEY_HASH
+ * @reasoncode ERROR_FROM_XIP_FIND
+ * @userdata1[0:31] Target HUID
+ * @userdata1[32:63] Seeprom Side
+ * @userdata2[0:15] Offset of HBBL Section in Seeprom Image
+ * @userdata2[16:31] Size of HBBL Section in Seeprom Image
+ * @userdata2[32:63] Return Code from p9_xip_get_section
+ * @devdesc Error Associated with Target's SBE Seeprom
+ * @custdesc A problem occurred with processor seeprom
+ */
+ err = new ErrlEntry(ERRL_SEV_UNRECOVERABLE,
+ SBE_GET_HW_KEY_HASH,
+ ERROR_FROM_XIP_FIND,
+ TWO_UINT32_TO_UINT64(
+ TARGETING::get_huid(i_target),
+ i_seeprom),
+ TWO_UINT16_ONE_UINT32_TO_UINT64(
+ l_xipSection.iv_offset,
+ l_xipSection.iv_size,
+ xip_rc));
+
+ err->addPartCallout(i_target,
+ HWAS::SBE_SEEPROM_PART_TYPE,
+ HWAS::SRCI_PRIORITY_HIGH,
+ HWAS::NO_DECONFIG,
+ HWAS::GARD_NULL );
+
+ ErrlUserDetailsTarget(i_target,"Target").addToLog(err);
+
+ err->collectTrace(SBE_COMP_NAME);
+
+ break;
+ }
+
+
+ // Math to convert Image offset to Seeprom(with ECC) Offset
+ // -- Raw Image Offset -- HW Key Hash is at end of HBBL section
+ seeprom_offset = setECCSize(l_xipSection.iv_offset +
+ HBBL_HW_KEY_HASH_LOCATION);
+
+ // Clear buffers and set size to SHA512_t+ECC
+ memset( tmp_data_ECC, 0, max_buffer_size );
+ memset( tmp_data, 0, max_buffer_size );
+ size = PNOR::ECC::sizeWithEcc(sizeof(SHA512_t));
+ expected_size = size;
+
+ TRACUCOMP( g_trac_sbe, "getHwKeyHashFromSbeSeeprom: seeprom_offset "
+ "= 0x%X, size = 0x%X",
+ seeprom_offset, size);
+
+ //Read SBE Versions
+ err = deviceRead( i_target,
+ tmp_data_ECC,
+ size,
+ DEVICE_EEPROM_ADDRESS(
+ i_seeprom,
+ seeprom_offset));
+ if(err)
+ {
+ TRACFCOMP( g_trac_sbe, ERR_MRK"getHwKeyHashFromSbeSeeprom() "
+ "Error getting HKH from SEEPROM (0x%X), "
+ "RC=0x%X, PLID=0x%X",
+ EEPROM::SBE_BACKUP,
+ ERRL_GETRC_SAFE(err),
+ ERRL_GETPLID_SAFE(err));
+
+ err->collectTrace(SBE_COMP_NAME);
+
+ break;
+ }
+ assert(size==expected_size, "getHwKeyHashFromSbeSeeprom: size 0x%X returned form reading HW Key Hash does not equal expected_size=0x%X", size, expected_size);
+
+ remove_ECC_size = sizeof(SHA512_t);
+ eccStatus = removeECC( tmp_data_ECC,
+ tmp_data,
+ remove_ECC_size,
+ seeprom_offset,
+ SBE_SEEPROM_SIZE);
+
+ if ( eccStatus == PNOR::ECC::UNCORRECTABLE )
+ {
+ TRACFCOMP( g_trac_sbe, "getHwKeyHashFromSbeSeeprom(): "
+ "Uncorrectable eccStatus from reading HW Key Hash: %d",
+ eccStatus);
+
+ // Break here - error log will be created after do-while loop
+ break;
+ }
+
+ TRACDBIN( g_trac_sbe,
+ "getHwKeyHashFromSbeSeeprom: ECC",
+ tmp_data_ECC,
+ expected_size ) ;
+
+ TRACDBIN( g_trac_sbe,
+ "getHwKeyHashFromSbeSeeprom: no ECC",
+ tmp_data,
+ sizeof(SHA512_t) ) ;
+
+ // If we made it here, HW Key Hash was found successfully
+ TRACUCOMP( g_trac_sbe, INFO_MRK"getHwKeyHashFromSbeSeeprom(): hash "
+ "found successfully - setting o_hash");
+ memcpy(o_hash, tmp_data, sizeof(SHA512_t));
+
+ }while(0);
+
+ // Create error log here for ECC fails
+ if ( (eccStatus == PNOR::ECC::UNCORRECTABLE)
+ && ( err == nullptr ) )
+ {
+ // Trace above; create error log here
+
+ /*@
+ * @errortype
+ * @moduleid SBE_GET_HW_KEY_HASH
+ * @reasoncode SBE_ECC_FAIL
+ * @userdata1[0:31] Target HUID
+ * @userdata1[32:63] Seeprom Side
+ * @userdata2[0:15] ECC Status
+ * @userdata2[16:31] No-ECC Data Size
+ * @userdata2[32:63] Offset into Seeprom Data Came From
+ * @devdesc Error Associated with Updating this Target
+ * @custdesc A problem occurred with processor seeprom
+ */
+ err = new ErrlEntry(ERRL_SEV_UNRECOVERABLE,
+ SBE_GET_HW_KEY_HASH,
+ SBE_ECC_FAIL,
+ TWO_UINT32_TO_UINT64(
+ TARGETING::get_huid(i_target),
+ i_seeprom),
+ TWO_UINT16_ONE_UINT32_TO_UINT64(
+ eccStatus,
+ remove_ECC_size,
+ seeprom_offset));
+
+ err->addPartCallout(i_target,
+ HWAS::SBE_SEEPROM_PART_TYPE,
+ HWAS::SRCI_PRIORITY_HIGH,
+ HWAS::NO_DECONFIG,
+ HWAS::GARD_NULL );
+
+ ErrlUserDetailsTarget(i_target,"Target").addToLog(err);
+
+ err->collectTrace(SBE_COMP_NAME);
+ }
+
+
+ TRACFCOMP( g_trac_sbe, EXIT_MRK"getHwKeyHashFromSbeSeeprom: "
+ "err rc=0x%X, plid=0x%X",
+ ERRL_GETRC_SAFE(err), ERRL_GETPLID_SAFE(err));
+
+ return err;
+}
+
+
} //end SBE Namespace
diff --git a/src/usr/sbe/test/sbeupdatetest.H b/src/usr/sbe/test/sbeupdatetest.H
index e9210b102..876b8e874 100644
--- a/src/usr/sbe/test/sbeupdatetest.H
+++ b/src/usr/sbe/test/sbeupdatetest.H
@@ -41,6 +41,7 @@
#include <config.h>
#include <sbe/sbeif.H>
#include "../sbe_update.H"
+#include <secureboot/service.H>
extern trace_desc_t* g_trac_sbe;
@@ -830,6 +831,36 @@ class SBEUpdateTest: public CxxTest::TestSuite
break;
}
+ total++;
+ SHA512_t hash = {0};
+ err = getHwKeyHashFromSbeSeeprom(sbeState.target,
+ EEPROM::SBE_BACKUP,
+ hash);
+
+ if(err)
+ {
+ fails++;
+ TS_FAIL("testSbeUpdateTarget() - getHwKeyHashFromSbeSeeprom() failed.");
+ break;
+ }
+
+ // Make sure that the HW Key Hash returned is the system hash
+ SHA512_t sys_hash = {0};
+ SECUREBOOT::getHwKeyHash(sys_hash);
+ if ( memcmp(hash, sys_hash, sizeof(SHA512_t)) != 0 )
+ {
+ TRACFCOMP( g_trac_sbe, ERR_MRK"testSbeUpdateTarget(): "
+ "HW Key Hashes do not match!");
+ fails++;
+ TS_FAIL("testSbeUpdateTarget() - getHwKeyHashFromSbeSeeprom() did not return system hash");
+
+ TRACFBIN( g_trac_sbe, "testSbeUpdateTarget() hash",
+ hash, sizeof(SHA512_t));
+ TRACFBIN( g_trac_sbe, "testSbeUpdateTarget() sys_hash",
+ sys_hash, sizeof(SHA512_t));
+
+ break;
+ }
}while(0);
diff --git a/src/usr/secureboot/common/errlud_secure.H b/src/usr/secureboot/common/errlud_secure.H
index 60572ad69..a3247597b 100644
--- a/src/usr/secureboot/common/errlud_secure.H
+++ b/src/usr/secureboot/common/errlud_secure.H
@@ -96,7 +96,7 @@ class UdTargetHwKeyHash : public ERRORLOG::ErrlUserDetails
* @param i_hash Target HW Keys Hash represented by SHA512
*/
UdTargetHwKeyHash(const TARGETING::Target * i_target,
- const uint8_t i_buflen,
+ const uint8_t i_side,
const SHA512_t i_hash);
/**
OpenPOWER on IntegriCloud