diff options
| author | Stephen Cprek <smcprek@us.ibm.com> | 2017-01-11 16:18:58 -0600 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-02-01 17:27:23 -0500 |
| commit | 6c700217953dc6dca3222716a9a3a34356f10da1 (patch) | |
| tree | 245140c4918465e45ce0f2974eeb369299d63e62 /src | |
| parent | 2e898b1a6eb2c8322e8b50a206464addecfd6734 (diff) | |
| download | talos-hostboot-6c700217953dc6dca3222716a9a3a34356f10da1.tar.gz talos-hostboot-6c700217953dc6dca3222716a9a3a34356f10da1.zip | |
Put HW keys' hash in HBBL and extract that out to verify code
Change-Id: Ifb3193c43319b041d57727cdec4da57fa3c218a1
RTC:166847
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/34758
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Martin Gloff <mgloff@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/bootloader/bootloader.C | 33 | ||||
| -rwxr-xr-x | src/build/buildpnor/genPnorImages.pl | 41 | ||||
| -rw-r--r-- | src/build/buildpnor/imprintHwKeyHash | bin | 0 -> 64 bytes | |||
| -rw-r--r-- | src/build/debug/Hostboot/BlTrace.pm | 2 | ||||
| -rw-r--r-- | src/build/mkrules/dist.targets.mk | 2 | ||||
| -rwxr-xr-x | src/build/mkrules/hbfw/img/makefile | 8 | ||||
| -rw-r--r-- | src/include/bootloader/bootloader.H | 10 |
7 files changed, 74 insertions, 22 deletions
diff --git a/src/bootloader/bootloader.C b/src/bootloader/bootloader.C index 97805f87e..e1386189d 100644 --- a/src/bootloader/bootloader.C +++ b/src/bootloader/bootloader.C @@ -58,18 +58,16 @@ namespace Bootloader{ */ uint8_t *g_blScratchSpace = NULL; - // @TODO RTC:166847 - remove tmp_hw_key_hash and use actual hw key hash - const uint64_t tmp_hw_key_hash[] = + /** + * @brief Retrieve the internal hardware hash key from secure ROM object. + * @param[out] o_hash Reference to the sha2_hash_t array to copy the + * hash to. + */ + void setHwKeyHash(sha2_hash_t o_hash) { - 0x40d487ff7380ed6a, - 0xd54775d5795fea0d, - 0xe2f541fea9db06b8, - 0x466a42a320e65f75, - 0xb48665460017d907, - 0x515dc2a5f9fc5095, - 0x4d6ee0c9b67d219d, - 0xfb7085351d01d6d1 - }; + memcpy(o_hash, reinterpret_cast<void *>(HW_KEYS_HASH_ADDR), + sizeof(sha2_hash_t)); + } // @TODO RTC:167740 remove magic number check once fsp/op signs HBB /** @@ -95,7 +93,8 @@ namespace Bootloader{ * * @return N/A */ - void verifyContainer(const void * i_pContainer) + void verifyContainer(const void * i_pContainer, + const sha2_hash_t* i_hwKeyHash) { #ifdef CONFIG_SECUREBOOT // @TODO RTC:167740 remove magic number check once fsp/op signs HBB @@ -125,8 +124,9 @@ namespace Bootloader{ // struct elements my_ecid, entry_point and log memset(&l_hw_parms, 0, sizeof(ROM_hw_params)); + // Use current hw hash key - memcpy (&l_hw_parms.hw_key_hash, &tmp_hw_key_hash, sizeof(sha2_hash_t)); + memcpy (&l_hw_parms.hw_key_hash, i_hwKeyHash, sizeof(sha2_hash_t)); const ROM_container_raw* l_container = reinterpret_cast<const ROM_container_raw*>(i_pContainer); @@ -251,8 +251,13 @@ namespace Bootloader{ uint64_t *l_dest_addr = reinterpret_cast<uint64_t*>(HBB_RUNNING_ADDR | IGNORE_HRMOR_MASK); + + // Get HW keys hash + sha2_hash_t l_hwKeyHash{0}; + setHwKeyHash(l_hwKeyHash); + // ROM verification of HBB image - verifyContainer(l_src_addr); + verifyContainer(l_src_addr, &l_hwKeyHash); // Increment past secure header #ifdef CONFIG_SECUREBOOT diff --git a/src/build/buildpnor/genPnorImages.pl b/src/build/buildpnor/genPnorImages.pl index 911e56aaa..df2988b49 100755 --- a/src/build/buildpnor/genPnorImages.pl +++ b/src/build/buildpnor/genPnorImages.pl @@ -6,7 +6,7 @@ # # OpenPOWER HostBoot Project # -# Contributors Listed Below - COPYRIGHT 2016 +# Contributors Listed Below - COPYRIGHT 2016,2017 # [+] International Business Machines Corp. # # @@ -77,6 +77,8 @@ use constant OP_SIGNING_FLAG => " -flags "; use constant OP_BUILD_FLAG => 0x80000000; use constant FIPS_BUILD_FLAG => 0x40000000; use constant KEY_TRANSITION_FLAG => 0x00000001; +# Size of HW keys' Hash +use constant HW_KEYS_HASH_SIZE => 64; # TODO: RTC 163655 # Implement dynamic support for choosing FSP or op-build flag type. @@ -112,6 +114,7 @@ my $help = 0; my %partitionsToCorrupt = (); my $sign_mode = $DEVELOPMENT; my $sb_signing_config_file = ""; +my $hwKeyHashFile = ""; GetOptions("binDir:s" => \$bin_dir, "secureboot" => \$secureboot, @@ -124,6 +127,7 @@ GetOptions("binDir:s" => \$bin_dir, "corrupt:s" => \%partitionsToCorrupt, "sign-mode:s" => \$sign_mode, "sb-signing-config-file:s" => \$sb_signing_config_file, + "hwKeyHashFile:s" => \$hwKeyHashFile, "help" => \$help); if ($help) @@ -412,8 +416,9 @@ foreach my $header (keys %sb_hdrs) # If a dependency is not specified in the hash used, use default behavior. ################################################################################ # Hardcoded defined order that binfiles should be handled. -my %partitionDeps = ( HBB => 0, - HBI => 1); +my %partitionDeps = ( HBBL => 0, + HBB => 1, + HBI => 2); sub partitionDepSort { # If $a exists but $b does not, set $a < $b @@ -529,6 +534,31 @@ sub manipulateImages my $fsp_file = $bin_file; my $fsp_prefix = ""; + # HBBL + ROM combination + if ($eyeCatch eq "HBBL") + { + # Ensure there is enough room at the end of the HBBL partition + # to store the HW keys' hash. + my $hbblRawSize = (-s $bin_file or die "Cannot get size of file $bin_file"); + print "HBBL raw size (no padding/ecc) = $hbblRawSize/$size\n"; + if ($hbblRawSize > $size - HW_KEYS_HASH_SIZE) + { + die "HBBL cannot fit HW Keys' Hash (64 bytes) at the end without overwriting real data"; + } + + # Pad HBBL to max size + run_command("cp $bin_file $tempImages{TEMP_BIN}"); + run_command("dd if=$tempImages{TEMP_BIN} of=$bin_file ibs=$size conv=sync"); + + # Add HW key hash to end of HBBL - 64 Bytes + my $hwKeyHashStart = (-s $bin_file or die "Cannot get size of file $bin_file") + - HW_KEYS_HASH_SIZE; + + # dd used with seek to add the hw keys' hash at the end of the hbbl + # padded bin file + run_command("dd if=$hwKeyHashFile conv=notrunc of=$bin_file bs=1 seek=\$(($hwKeyHashStart))"); + } + # Header Phase if( ($sectionHash{$layoutKey}{sha512Version} eq "yes") || ($secureboot && $isSpecialSecure) ) @@ -700,6 +730,11 @@ sub manipulateImages # fully padded. Size adjustments made in checkSpaceConstraints run_command("dd if=$tempImages{HDR_PHASE} of=$tempImages{PAD_PHASE} ibs=4k conv=sync"); } + # HBBL was already padded + elsif ($eyeCatch eq "HBBL") + { + run_command("cp $tempImages{HDR_PHASE} $tempImages{PAD_PHASE}"); + } else { run_command("dd if=$tempImages{HDR_PHASE} of=$tempImages{PAD_PHASE} ibs=$size conv=sync"); diff --git a/src/build/buildpnor/imprintHwKeyHash b/src/build/buildpnor/imprintHwKeyHash Binary files differnew file mode 100644 index 000000000..f74ee4762 --- /dev/null +++ b/src/build/buildpnor/imprintHwKeyHash diff --git a/src/build/debug/Hostboot/BlTrace.pm b/src/build/debug/Hostboot/BlTrace.pm index ce8e526fd..5ce06d13c 100644 --- a/src/build/debug/Hostboot/BlTrace.pm +++ b/src/build/debug/Hostboot/BlTrace.pm @@ -64,7 +64,7 @@ my %traceText = ( "E6" => "Utils checkHeader header size invalid", "E7" => "Utils parseEntries invalid section", "F0" => "Main getHBBSection returned", - "F1" => "Main removeECC returned", + "F1" => "Main removeECC returned error", "F2" => "PNOR Access readTOC checkForNullBuffer null buffer", "F3" => "PNOR Access readTOC performHdrChecksum checksum error", "F4" => "PNOR Access readTOC checkHeader header error", diff --git a/src/build/mkrules/dist.targets.mk b/src/build/mkrules/dist.targets.mk index e7a3d99ca..16343c886 100644 --- a/src/build/mkrules/dist.targets.mk +++ b/src/build/mkrules/dist.targets.mk @@ -77,6 +77,7 @@ COPY_FILES = \ src/build/buildpnor/buildpnor.pl:openpower \ src/build/buildpnor/genPnorImages.pl:openpower \ src/build/buildpnor/PnorUtils.pm:openpower \ + src/build/buildpnor/imprintHwKeyHash:openpower \ src/usr/targeting/common/processMrw.pl:openpower \ src/usr/targeting/common/Targets.pm:openpower \ src/usr/targeting/common/filter_out_unwanted_attributes.pl:openpower \ @@ -227,6 +228,7 @@ fsp.tar_CONTENTS = \ src/build/buildpnor/buildpnor.pl \ src/build/buildpnor/genPnorImages.pl \ src/build/buildpnor/PnorUtils.pm \ + src/build/buildpnor/imprintHwKeyHash \ src/build/buildpnor/defaultPnorLayout.xml \ src/build/buildpnor/pnorLayoutFSP.xml \ $(if $(FAKEPNOR), src/build/buildpnor/pnorLayoutFake.xml, ) \ diff --git a/src/build/mkrules/hbfw/img/makefile b/src/build/mkrules/hbfw/img/makefile index 9420dfd02..967f78431 100755 --- a/src/build/mkrules/hbfw/img/makefile +++ b/src/build/mkrules/hbfw/img/makefile @@ -99,6 +99,9 @@ HB_TEMP_IMG = hb_temp.bin # Aggregate ALL_DEFAULT_IMAGES = ${DEFAULT_INPUT_IMAGES} ${FINAL_OUTPUT_IMAGES} +# Imprint hw keys' hash +IMPRINT_HW_KEY_HASH = ${imprintHwKeyHash:P} + # Script to manipulate bin files to prepare for buildpnor (install_all phase) # Note: sections with no input files are zero filled images and pass EMPTY as # their input file name. This is so the script knows it needs to generate @@ -114,7 +117,8 @@ GEN_PNOR_IMAGE_SCRIPT = ${genPnorImages.pl:P} GEN_DEFAULT_BIN_FILES = HBBL=${HBBL_IMG},HBB=${HBB_IMG},HBI=${HBI_IMG},HBRT=${HBRT_IMG},TEST=EMPTY,TESTRO=EMPTY,HBEL=EMPTY,GUARD=EMPTY,GLOBAL=EMPTY,PAYLOAD=EMPTY,CVPD=EMPTY,MVPD=EMPTY,DJVPD=EMPTY,RINGOVD=EMPTY,SBKT=EMPTY DEFAULT_PARAMS = --build-all ${TARGET_TEST:b--test} \ ${CONFIG_SECUREBOOT:b--secureboot} --systemBinFiles ${GEN_DEFAULT_BIN_FILES} \ - --pnorLayout ${DEFAULT_PNOR_LAYOUT} ${KEY_TRANSITION_PARAMS} ${CORRUPT_PARAMS} + --pnorLayout ${DEFAULT_PNOR_LAYOUT} ${KEY_TRANSITION_PARAMS} ${CORRUPT_PARAMS} \ + --hwKeyHashFile ${IMPRINT_HW_KEY_HASH} .else DEFAULT_PNOR_LAYOUT = ${pnorLayoutFake.xml:P} # Parameters passed into GEN_PNOR_IMAGE_SCRIPT. @@ -238,7 +242,7 @@ TEMP_IMG = temp.bin #@TODO RTC:163810 - Put SBEC back "--systemBinFile SBEC=${${SBEC_IMG}:P}" SYSTEM_SPECIFIC_PARAMS = ${TARGET_TEST:b--test} ${CONFIG_SECUREBOOT:b--secureboot} \ --pnorLayout ${DEFAULT_PNOR_LAYOUT} ${CORRUPT_PARAMS} \ - --systemBinFiles ${GEN_NIMBUS_BIN_FILES} + --systemBinFiles ${GEN_NIMBUS_BIN_FILES} --hwKeyHashFile ${IMPRINT_HW_KEY_HASH} .else # Parameters passed into GEN_PNOR_IMAGE_SCRIPT. #@TODO securebootp9 - Put `HBD=${${NIMBUS_VPO_HBD_IMG}:P}` back into genPnorImage parameters diff --git a/src/include/bootloader/bootloader.H b/src/include/bootloader/bootloader.H index 26f7f84df..ac10628fb 100644 --- a/src/include/bootloader/bootloader.H +++ b/src/include/bootloader/bootloader.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ +/* Contributors Listed Below - COPYRIGHT 2015,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -166,7 +166,13 @@ namespace Bootloader{ * HBB is copied to its running location and its execution is started. */ - + /** Max size of HBBL without ECC. Must match PNOR layout for eyeCatch HBBL*/ +#define MAX_HBBL_SIZE (20 * KILOBYTE) + /** Size of exception vector reserved space at start of the HBBL section*/ +#define HBBL_EXCEPTION_VECTOR_SIZE (12 * KILOBYTE) + /** HW Keys hash is placed in the last 64 bytes of the HBBL */ +#define HW_KEYS_HASH_ADDR (getHRMOR() + HBBL_EXCEPTION_VECTOR_SIZE \ + + MAX_HBBL_SIZE - 64) /** Location of working copy of HBB with ECC */ #define HBB_ECC_WORKING_ADDR (getHRMOR() - ( 1*MEGABYTE)) |
