diff options
| author | Jaymes Wilks <mjwilks@us.ibm.com> | 2017-07-25 16:08:02 -0500 |
|---|---|---|
| committer | Daniel M. Crowell <dcrowell@us.ibm.com> | 2017-08-04 09:53:51 -0400 |
| commit | 0914d87ae57960ef859886a67b5ae1187aa82474 (patch) | |
| tree | ad0c445fa7b0294150e0a5ff3aadc955ea40ca89 /src | |
| parent | 69b38d2b257691fb31347ef0ab1ffab9f74d8ab7 (diff) | |
| download | talos-hostboot-0914d87ae57960ef859886a67b5ae1187aa82474.tar.gz talos-hostboot-0914d87ae57960ef859886a67b5ae1187aa82474.zip | |
Fix duplicate sha512 definitions
All instances for sha2_hash_t have been replaced with SHA512_t and
the SHA512_t typedef is now in securerom/contrib/sha512.H in place
of the old definition.
Change-Id: I32524524d755eb3b0264881317d9be5a294dc9a7
RTC:172333
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/43610
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/bootloader/bootloader.C | 2 | ||||
| -rw-r--r-- | src/include/securerom/ROM.H | 18 | ||||
| -rw-r--r-- | src/include/securerom/contrib/sha512.H | 8 | ||||
| -rw-r--r-- | src/include/securerom/hw_utils.H | 2 | ||||
| -rw-r--r-- | src/include/usr/secureboot/service.H | 8 | ||||
| -rw-r--r-- | src/securerom/ROM.C | 8 | ||||
| -rw-r--r-- | src/securerom/contrib/sha512.C | 6 | ||||
| -rw-r--r-- | src/usr/secureboot/base/securerommgr.C | 20 | ||||
| -rw-r--r-- | src/usr/secureboot/base/securerommgr.H | 8 | ||||
| -rw-r--r-- | src/usr/secureboot/base/test/securerommgrtest.H | 2 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/trustedboot.C | 4 |
11 files changed, 42 insertions, 44 deletions
diff --git a/src/bootloader/bootloader.C b/src/bootloader/bootloader.C index 5b0048af5..f3ba3d525 100644 --- a/src/bootloader/bootloader.C +++ b/src/bootloader/bootloader.C @@ -207,7 +207,7 @@ namespace Bootloader{ // Use current hw hash key memcpy (&l_hw_parms.hw_key_hash, g_blData->blToHbData.hwKeysHash, - sizeof(sha2_hash_t)); + sizeof(SHA512_t)); const auto l_container = reinterpret_cast<const ROM_container_raw*> (i_pContainer); diff --git a/src/include/securerom/ROM.H b/src/include/securerom/ROM.H index fbfbae3e0..efd90b970 100644 --- a/src/include/securerom/ROM.H +++ b/src/include/securerom/ROM.H @@ -68,7 +68,7 @@ typedef struct uint32_t flags; uint8_t sw_key_count; uint64_t payload_size; - sha2_hash_t payload_hash; + SHA512_t payload_hash; uint8_t ecid_count; // optional ecid place holder ecid_count * ecid_size(128 bits) uint8_t ecid[ECID_SIZE]; @@ -96,7 +96,7 @@ typedef struct uint32_t flags; uint8_t reserved_0; uint64_t payload_size; - sha2_hash_t payload_hash; + SHA512_t payload_hash; uint8_t ecid_count; // optional ecid place holder ecid_count * ecid_size(128 bits) uint8_t ecid[ECID_SIZE]; @@ -120,10 +120,10 @@ typedef enum { ROM_DONE, ROM_FAILED } ROM_response; typedef struct { - sha2_hash_t hw_key_hash; - uint8_t my_ecid[ECID_SIZE]; - uint64_t entry_point; - uint64_t log; + SHA512_t hw_key_hash; + uint8_t my_ecid[ECID_SIZE]; + uint64_t entry_point; + uint64_t log; }__attribute__((packed)) ROM_hw_params; extern void ROM_sreset (void); @@ -220,11 +220,11 @@ ROM_response call_rom_verify(void*, const ROM_container_raw*, ROM_hw_params*); * @param[in] void* Address of function offset into Secure ROM * @param[in] sha2_byte* Pointer to effective address of blob to hash * @param[in] size_t Size of blob to hash - * @param[in/out] sha2_hash_t* Pointer to resulting hash value + * @param[in/out] SHA512_t* Pointer to resulting hash value * * @return N/A */ -void call_rom_SHA512(void*, const sha2_byte *, size_t, sha2_hash_t*); +void call_rom_SHA512(void*, const sha2_byte *, size_t, SHA512_t*); #ifdef __cplusplus } @@ -306,7 +306,7 @@ enum SB_FUNC_VERS : sbFuncVer_t // rom_entry.S // SHA512 Hash function definition(s) per version - SHA512_INIT = 0x0001, // void call_rom_SHA512(void*, const sha2_byte *, size_t, sha2_hash_t*); + SHA512_INIT = 0x0001, // void call_rom_SHA512(void*, const sha2_byte *, size_t, SHA512_t*); // ECDSA521 function definition(s) per version ECDSA521_INIT = 0x0001, // ROM_response call_rom_verify(void*, const ROM_container_raw*, ROM_hw_params*); diff --git a/src/include/securerom/contrib/sha512.H b/src/include/securerom/contrib/sha512.H index 9ae4310f8..c273fb050 100644 --- a/src/include/securerom/contrib/sha512.H +++ b/src/include/securerom/contrib/sha512.H @@ -59,8 +59,7 @@ #include <stdlib.h> -typedef uint8_t __attribute__((aligned(8))) \ - sha2_hash_t[ SHA512_DIGEST_LENGTH / sizeof(uint8_t) ]; +typedef uint8_t SHA512_t[SHA512_DIGEST_LENGTH]; typedef uint8_t sha2_byte; /* Exactly 1 byte */ typedef uint32_t sha2_word32; /* Exactly 4 bytes */ @@ -73,13 +72,14 @@ typedef struct _SHA512_CTX uint8_t buffer[SHA512_BLOCK_LENGTH]; } SHA512_CTX; + extern "C" void SHA512_Init(SHA512_CTX* context); extern "C" void SHA512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len); extern "C" -void SHA512_Final(SHA512_CTX* context, sha2_hash_t *result); +void SHA512_Final(SHA512_CTX* context, SHA512_t *result); extern "C" -void SHA512_Hash(const sha2_byte *data, size_t len, sha2_hash_t *result); +void SHA512_Hash(const sha2_byte *data, size_t len, SHA512_t *result); #endif diff --git a/src/include/securerom/hw_utils.H b/src/include/securerom/hw_utils.H index 014d82d20..54cae61fd 100644 --- a/src/include/securerom/hw_utils.H +++ b/src/include/securerom/hw_utils.H @@ -78,7 +78,7 @@ typedef struct uint64_t mask; } FSP_BAR; uint8_t ECID[ECID_SIZE]; - sha2_hash_t PIBMEM_HW_KEY_HASH; + SHA512_t PIBMEM_HW_KEY_HASH; uint8_t* data; // 64M+4K malloc/mmap uint8_t* memory; // 64M (4K aligned) int mfd; diff --git a/src/include/usr/secureboot/service.H b/src/include/usr/secureboot/service.H index 0baa3a70e..2f0430d83 100644 --- a/src/include/usr/secureboot/service.H +++ b/src/include/usr/secureboot/service.H @@ -33,8 +33,6 @@ #include <securerom/sha512.H> #include <securerom/ROM.H> -typedef uint8_t SHA512_t[SHA512_DIGEST_LENGTH]; - /* * @brief Used to capture the first 4 bytes of the hash for tracing purposes */ @@ -222,7 +220,7 @@ namespace SECUREBOOT * @return errlHndl_t NULL on success */ errlHndl_t verifyContainer(void * i_container, - const sha2_hash_t* i_hwKeyHash = nullptr); + const SHA512_t* i_hwKeyHash = nullptr); /** * @brief Hash Signed Blob @@ -238,10 +236,10 @@ namespace SECUREBOOT /** * @brief Retrieve the internal hardware keys' hash used to validate * containers - * @param[out] o_hash Reference to the sha2_hash_t array to copy the + * @param[out] o_hash Reference to the SHA512_t array to copy the * hash to. */ - void getHwKeyHash(sha2_hash_t o_hash); + void getHwKeyHash(SHA512_t o_hash); /* * @brief Hash the concatenation of N Blobs diff --git a/src/securerom/ROM.C b/src/securerom/ROM.C index 97fe1f479..129052680 100644 --- a/src/securerom/ROM.C +++ b/src/securerom/ROM.C @@ -121,7 +121,7 @@ asm(".globl .L.ROM_verify"); ROM_response ROM_verify( ROM_container_raw* container, ROM_hw_params* params ) { - sha2_hash_t digest; + SHA512_t digest; ROM_prefix_header_raw* prefix; ROM_prefix_data_raw* hw_data; ROM_sw_header_raw* header; @@ -140,7 +140,7 @@ ROM_response ROM_verify( ROM_container_raw* container, // process hw keys // test for valid hw keys SHA512_Hash(container->hw_pkey_a, HW_KEY_COUNT*sizeof(ecc_key_t), &digest); - if(memcmp(params->hw_key_hash, digest, sizeof(sha2_hash_t))) + if(memcmp(params->hw_key_hash, digest, sizeof(SHA512_t))) { FAILED(HW_KEY_HASH_TEST,"invalid hw keys"); } @@ -169,7 +169,7 @@ ROM_response ROM_verify( ROM_container_raw* container, // test for valid prefix payload hash size = GET64(prefix->payload_size); SHA512_Hash(hw_data->sw_pkey_p, size, &digest); - if(memcmp(prefix->payload_hash, digest, sizeof(sha2_hash_t))) + if(memcmp(prefix->payload_hash, digest, sizeof(SHA512_t))) { FAILED(PREFIX_HASH_TEST,"invalid prefix payload hash"); } @@ -223,7 +223,7 @@ ROM_response ROM_verify( ROM_container_raw* container, // begin test for valid sw payload hash SHA512_Hash((uint8_t*)container + 4096, size, &digest); - if(memcmp(header->payload_hash, digest, sizeof(sha2_hash_t))) + if(memcmp(header->payload_hash, digest, sizeof(SHA512_t))) { FAILED(HEADER_HASH_TEST,"invalid sw payload hash"); } diff --git a/src/securerom/contrib/sha512.C b/src/securerom/contrib/sha512.C index 6ce16ce1c..65d29cbac 100644 --- a/src/securerom/contrib/sha512.C +++ b/src/securerom/contrib/sha512.C @@ -406,7 +406,7 @@ static void SHA512_Last(SHA512_CTX* context) } asm(".globl .L.SHA512_Final"); -void SHA512_Final(SHA512_CTX* context, sha2_hash_t *result) { +void SHA512_Final(SHA512_CTX* context, SHA512_t *result) { /* Sanity check: */ //assert(context != (SHA512_CTX*)0); @@ -421,10 +421,10 @@ void SHA512_Final(SHA512_CTX* context, sha2_hash_t *result) { } asm(".globl .L.SHA512_Hash"); -void SHA512_Hash(const sha2_byte* data, size_t len, sha2_hash_t *result) { +void SHA512_Hash(const sha2_byte* data, size_t len, SHA512_t *result) { SHA512_CTX context; SHA512_Init(&context); SHA512_Update(&context, data, len); SHA512_Final(&context, result); -}
\ No newline at end of file +} diff --git a/src/usr/secureboot/base/securerommgr.C b/src/usr/secureboot/base/securerommgr.C index 3c9e28db6..dc8e6155c 100644 --- a/src/usr/secureboot/base/securerommgr.C +++ b/src/usr/secureboot/base/securerommgr.C @@ -67,7 +67,7 @@ errlHndl_t initializeSecureRomManager(void) /** * @brief Verify Signed Container */ -errlHndl_t verifyContainer(void * i_container, const sha2_hash_t* i_hwKeyHash) +errlHndl_t verifyContainer(void * i_container, const SHA512_t* i_hwKeyHash) { errlHndl_t l_errl = nullptr; @@ -112,7 +112,7 @@ void hashConcatBlobs(const blobPair_t &i_blobs, SHA512_t o_buf) /* * @brief Externally available hardware keys' hash retrieval function */ -void getHwKeyHash(sha2_hash_t o_hash) +void getHwKeyHash(SHA512_t o_hash) { // @TODO RTC:170136 remove isValid check if(Singleton<SecureRomManager>::instance().isValid()) @@ -269,7 +269,7 @@ errlHndl_t SecureRomManager::initialize() * @brief Verify Container against system hash keys */ errlHndl_t SecureRomManager::verifyContainer(void * i_container, - const sha2_hash_t* i_hwKeyHash) + const SHA512_t* i_hwKeyHash) { TRACDCOMP(g_trac_secure,ENTER_MRK"SecureRomManager::verifyContainer(): " "i_container=%p", i_container); @@ -300,16 +300,16 @@ errlHndl_t SecureRomManager::verifyContainer(void * i_container, // struct elements my_ecid, entry_point and log memset(&l_hw_parms, 0, sizeof(ROM_hw_params)); - // Now set hw_key_hash, which is of type sha2_hash_t, to iv_key_hash + // Now set hw_key_hash, which is of type SHA512_t, to iv_key_hash if (i_hwKeyHash == nullptr) { // Use current hw hash key - memcpy (&l_hw_parms.hw_key_hash, iv_key_hash, sizeof(sha2_hash_t)); + memcpy (&l_hw_parms.hw_key_hash, iv_key_hash, sizeof(SHA512_t)); } else { // Use custom hw hash key - memcpy (&l_hw_parms.hw_key_hash, i_hwKeyHash, sizeof(sha2_hash_t)); + memcpy (&l_hw_parms.hw_key_hash, i_hwKeyHash, sizeof(SHA512_t)); } /*******************************************************************/ @@ -408,7 +408,7 @@ void SecureRomManager::hashBlob(const void * i_blob, size_t i_size, SHA512_t o_b call_rom_SHA512(reinterpret_cast<void*>(l_rom_SHA512_startAddr), reinterpret_cast<const sha2_byte*>(i_blob), i_size, - reinterpret_cast<sha2_hash_t*>(o_buf)); + reinterpret_cast<SHA512_t*>(o_buf)); TRACUCOMP(g_trac_secure,"SecureRomManager::hashBlob(): " "call_rom_SHA512: blob=%p size=0x%X addr=%p (iv_d_p=%p)", @@ -460,7 +460,7 @@ void SecureRomManager::getHwKeyHash() // Check if secureboot data is valid. if (iv_secureromValid) { - iv_key_hash = reinterpret_cast<const sha2_hash_t*>( + iv_key_hash = reinterpret_cast<const SHA512_t*>( g_BlToHbDataManager.getHwKeysHash()); } } @@ -468,12 +468,12 @@ void SecureRomManager::getHwKeyHash() /** * @brief Retrieve the internal hardware keys' hash from secure ROM object. */ -void SecureRomManager::getHwKeyHash(sha2_hash_t o_hash) +void SecureRomManager::getHwKeyHash(SHA512_t o_hash) { // Check if secureboot data is valid. if (iv_secureromValid) { - memcpy(o_hash, iv_key_hash, sizeof(sha2_hash_t)); + memcpy(o_hash, iv_key_hash, sizeof(SHA512_t)); } } diff --git a/src/usr/secureboot/base/securerommgr.H b/src/usr/secureboot/base/securerommgr.H index 5b3d1ce50..bf8812342 100644 --- a/src/usr/secureboot/base/securerommgr.H +++ b/src/usr/secureboot/base/securerommgr.H @@ -59,7 +59,7 @@ class SecureRomManager * @return errlHndl_t NULL on success */ errlHndl_t verifyContainer(void * i_container, - const sha2_hash_t* i_hwKeyHash = nullptr); + const SHA512_t* i_hwKeyHash = nullptr); /** * @brief Hash Blob @@ -77,10 +77,10 @@ class SecureRomManager * @brief Retrieve the internal hardware keys' hash from secure ROM * object. * - * @param[out] o_hash Reference to the sha2_hash_t array to copy the + * @param[out] o_hash Reference to the SHA512_t array to copy the * hash to. */ - void getHwKeyHash(sha2_hash_t o_hash); + void getHwKeyHash(SHA512_t o_hash); /* * @brief Hash the concatenation of N Blobs @@ -158,7 +158,7 @@ class SecureRomManager /** * HW key' hash retrieved from system */ - const sha2_hash_t* iv_key_hash; + const SHA512_t* iv_key_hash; /** * @brief Map to find verify SecureROM function types and their diff --git a/src/usr/secureboot/base/test/securerommgrtest.H b/src/usr/secureboot/base/test/securerommgrtest.H index a26b18b96..7db0dc2cc 100644 --- a/src/usr/secureboot/base/test/securerommgrtest.H +++ b/src/usr/secureboot/base/test/securerommgrtest.H @@ -69,7 +69,7 @@ void unloadSignedFile( void * & io_signedFile_pageAddr, // secureboot_signed_container was generated using this hw hash key. If another // key is in the HBBL, this test will always fail. -const sha2_hash_t hw_key_hash = +const SHA512_t hw_key_hash = { 0x40,0xd4,0x87,0xff,0x73,0x80,0xed,0x6a, 0xd5,0x47,0x75,0xd5,0x79,0x5f,0xea,0x0d, diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C index 20a099adb..6682bf829 100644 --- a/src/usr/secureboot/trusted/trustedboot.C +++ b/src/usr/secureboot/trusted/trustedboot.C @@ -703,11 +703,11 @@ errlHndl_t tpmLogConfigEntries(TRUSTEDBOOT::TpmTarget* const i_pTpm) } // HW Key Hash - sha2_hash_t l_hw_key_hash; + SHA512_t l_hw_key_hash; SECUREBOOT::getHwKeyHash(l_hw_key_hash); l_err = pcrExtend(PCR_1, EV_PLATFORM_CONFIG_FLAGS, l_hw_key_hash, - sizeof(sha2_hash_t),"HW KEY HASH"); + sizeof(SHA512_t),"HW KEY HASH"); if (l_err) { break; |
