diff options
author | Jaymes Wilks <mjwilks@us.ibm.com> | 2017-05-16 16:35:59 -0500 |
---|---|---|
committer | William G. Hoffa <wghoffa@us.ibm.com> | 2017-05-25 11:40:12 -0400 |
commit | 4d9e5a4a231d2a4a14231bc5a01d4590cb88d96d (patch) | |
tree | a6b574ee596fd12bc5c0ba3e9bf750fc6f46e2eb /src | |
parent | b0ebbd785a2357f2be093178c92bc9b59cd3530b (diff) | |
download | talos-hostboot-4d9e5a4a231d2a4a14231bc5a01d4590cb88d96d.tar.gz talos-hostboot-4d9e5a4a231d2a4a14231bc5a01d4590cb88d96d.zip |
Fix up Event Types for PCR Extend
Trusted Boot will now use correct event types when performing PCR
extend for PNOR sections that are meant to establish a core root of
trust.
Change-Id: I3cb62e2899083c898e1af6a2031cc8a0a365015e
RTC:172332
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/40601
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Timothy R. Block <block@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/usr/pnor/pnor_common.C | 22 | ||||
-rw-r--r-- | src/usr/pnor/pnor_common.H | 10 | ||||
-rw-r--r-- | src/usr/pnor/pnor_utils.C | 23 | ||||
-rw-r--r-- | src/usr/pnor/pnor_utils.H | 13 | ||||
-rw-r--r-- | src/usr/pnor/runtime/rt_pnor.C | 2 | ||||
-rw-r--r-- | src/usr/secureboot/trusted/base/trustedboot_base.C | 20 |
6 files changed, 66 insertions, 24 deletions
diff --git a/src/usr/pnor/pnor_common.C b/src/usr/pnor/pnor_common.C index 15e519f59..cc714db74 100644 --- a/src/usr/pnor/pnor_common.C +++ b/src/usr/pnor/pnor_common.C @@ -274,7 +274,7 @@ errlHndl_t PNOR::parseTOC( uint8_t* i_tocBuffer,SectionData_t * o_TOC) //Walk through all the entries in the table and record some info for(uint32_t i=0; i<l_ffs_hdr->entry_count; i++) { - uint32_t l_secId = PNOR::INVALID_SECTION; + PNOR::SectionId l_secId = PNOR::INVALID_SECTION; ffs_entry* cur_entry = &(l_ffs_hdr->entries[i]); TRACUCOMP(g_trac_pnor, "PNOR::parseTOC: TOC %d, Entry %d, name=%s, pointer=0x%X",l_tocBeingChecked, i,cur_entry->name, (uint64_t)cur_entry); @@ -314,8 +314,7 @@ errlHndl_t PNOR::parseTOC( uint8_t* i_tocBuffer,SectionData_t * o_TOC) PAGESIZE_PLUS_ECC : PAGESIZE; addr -= headerSize; - l_errhdl = PNOR::extendHash(addr, headerSize, - PNOR::SectionIdToString(l_secId)); + l_errhdl = PNOR::extendHash(addr, headerSize, l_secId); if (l_errhdl) { break; @@ -341,12 +340,16 @@ errlHndl_t PNOR::parseTOC( uint8_t* i_tocBuffer,SectionData_t * o_TOC) // @TODO RTC 168021 Remove legacy extensions when all secure sections are // supported -errlHndl_t PNOR::extendHash(uint64_t i_addr, size_t i_size, const char* i_name) +errlHndl_t PNOR::extendHash(uint64_t i_addr, + size_t i_size, + const PNOR::SectionId i_sectionId) { errlHndl_t l_errhdl = NULL; do { #ifndef __HOSTBOOT_RUNTIME + const char* l_name = PNOR::SectionIdToString(i_sectionId); + // Read data from the PNOR DD uint8_t* l_buf = new uint8_t[i_size](); TARGETING::Target* l_target = TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL; @@ -360,9 +363,14 @@ errlHndl_t PNOR::extendHash(uint64_t i_addr, size_t i_size, const char* i_name) SHA512_t l_hash = {0}; SECUREBOOT::hashBlob(l_buf, i_size, l_hash); l_errhdl = TRUSTEDBOOT::pcrExtend(TRUSTEDBOOT::PCR_0, - TRUSTEDBOOT::EV_S_CRTM_CONTENTS, - l_hash, - sizeof(SHA512_t), i_name); + PNOR::PAYLOAD == i_sectionId? + TRUSTEDBOOT::EV_COMPACT_HASH: + (PNOR::isCoreRootOfTrustSection(i_sectionId)? + TRUSTEDBOOT::EV_S_CRTM_CONTENTS: + TRUSTEDBOOT::EV_POST_CODE), + l_hash, + sizeof(SHA512_t), + l_name); delete[] l_buf; if (l_errhdl) diff --git a/src/usr/pnor/pnor_common.H b/src/usr/pnor/pnor_common.H index 497e85e83..fa7e037cc 100644 --- a/src/usr/pnor/pnor_common.H +++ b/src/usr/pnor/pnor_common.H @@ -80,13 +80,15 @@ namespace PNOR { * @brief Reads version header of section, hashes it, and extends to tpm * buffer list. * - * @parm i_addr Offset into flash to read - * @parm i_size Number of bytes to read - * @parm i_name Name of PNOR section + * @parm i_addr Offset into flash to read + * @parm i_size Number of bytes to read + * @parm i_sectionId Section ID of PNOR section * * @return Error from operation */ - errlHndl_t extendHash(uint64_t i_addr, size_t i_size, const char* i_name); + errlHndl_t extendHash(uint64_t i_addr, + size_t i_size, + const PNOR::SectionId i_sectionId); } diff --git a/src/usr/pnor/pnor_utils.C b/src/usr/pnor/pnor_utils.C index b211b375b..2a7552390 100644 --- a/src/usr/pnor/pnor_utils.C +++ b/src/usr/pnor/pnor_utils.C @@ -215,7 +215,7 @@ void PNOR::checkHeader (ffs_hdr* i_ffs_hdr, * title. */ void PNOR::getSectionEnum (const ffs_entry* i_entry, - uint32_t* o_secId) + SectionId* o_secId) { *o_secId = PNOR::INVALID_SECTION; //Figure out section enum @@ -224,7 +224,7 @@ void PNOR::getSectionEnum (const ffs_entry* i_entry, { if(strcmp(PNOR::SectionIdToString(eyeIndex),i_entry->name) == 0) { - *o_secId = eyeIndex; + *o_secId = SectionId(eyeIndex); break; } } @@ -253,7 +253,7 @@ PNOR::parseEntries (ffs_hdr* i_ffs_hdr, for(uint32_t i=0; i<i_ffs_hdr->entry_count; i++) { ffs_entry* cur_entry = (&i_ffs_hdr->entries[i]); - uint32_t secId = PNOR::INVALID_SECTION; + PNOR::SectionId secId = PNOR::INVALID_SECTION; // ffs entry check, 0 if checksums match if( PNOR::pnor_ffs_checksum(cur_entry, FFS_ENTRY_SIZE) != 0) @@ -400,6 +400,23 @@ bool PNOR::isEnforcedSecureSection(const uint32_t i_section) #endif } +bool PNOR::isCoreRootOfTrustSection(const PNOR::SectionId i_section) +{ +#ifdef CONFIG_SECUREBOOT + #ifdef BOOTLOADER + return i_section == HB_BASE_CODE; + #else + return i_section == HB_BOOTLOADER || + i_section == HB_EXT_CODE || + i_section == HB_DATA || + i_section == SBE_IPL || + i_section == HB_BASE_CODE; + #endif +#else + return false; +#endif +} + const char * PNOR::SectionIdToString( uint32_t i_secIdIndex ) { /** diff --git a/src/usr/pnor/pnor_utils.H b/src/usr/pnor/pnor_utils.H index 700820644..a608234fb 100644 --- a/src/usr/pnor/pnor_utils.H +++ b/src/usr/pnor/pnor_utils.H @@ -184,7 +184,7 @@ void checkHeader (ffs_hdr* i_ffs_hdr, * */ void getSectionEnum (const ffs_entry* i_entry, - uint32_t* o_secId); + SectionId* o_secId); /** * @brief Iterate through the entries, each which represent a section in pnor. * During the iteration we are checking that the entries are valid @@ -227,6 +227,17 @@ parseEntries (ffs_hdr* i_ffs_hdr, bool isEnforcedSecureSection(const uint32_t i_section); /** + * @brief Determines whether the given section is a "core root of trust" section + * for the purposes of trusted boot. The set of "core root of trust" + * sections are a distinct subset of secure sections that form the basis + * of security for the remaining secure sections. + * @param[in] i_section PNOR section to test. + * + * @return bool True if core root of test section, false otherwise + */ +bool isCoreRootOfTrustSection(const PNOR::SectionId i_section); + +/** * @brief Determines if a section has a Header and that it is not a Secure Header * * @param[out] i_secInfo PNOR information of section diff --git a/src/usr/pnor/runtime/rt_pnor.C b/src/usr/pnor/runtime/rt_pnor.C index d4f5f8400..6a1541721 100644 --- a/src/usr/pnor/runtime/rt_pnor.C +++ b/src/usr/pnor/runtime/rt_pnor.C @@ -743,7 +743,7 @@ errlHndl_t RtPnor::setSecure(const uint8_t* i_tocBuffer, auto const l_ffs_hdr = reinterpret_cast<const ffs_hdr*>(i_tocBuffer); for(uint32_t i=0; i<l_ffs_hdr->entry_count; ++i) { - uint32_t l_secId = PNOR::INVALID_SECTION; + PNOR::SectionId l_secId = PNOR::INVALID_SECTION; // Get current entry section id auto cur_entry = &(l_ffs_hdr->entries[i]); diff --git a/src/usr/secureboot/trusted/base/trustedboot_base.C b/src/usr/secureboot/trusted/base/trustedboot_base.C index 4d2815862..f8bee162b 100644 --- a/src/usr/secureboot/trusted/base/trustedboot_base.C +++ b/src/usr/secureboot/trusted/base/trustedboot_base.C @@ -49,6 +49,7 @@ #include "../trustedboot.H" #include "../trustedbootCmds.H" #include "../trustedbootUtils.H" +#include "../../pnor/pnor_utils.H" #include "trustedbootMsg.H" // ---------------------------------------------- @@ -331,11 +332,17 @@ errlHndl_t extendPnorSectionHash( TPM_Pcr pnorHashPcr = PCR_0; EventTypes swKeyHashEventType = TRUSTEDBOOT::EV_PLATFORM_CONFIG_FLAGS; + EventTypes pnorHashEventType = TRUSTEDBOOT::EV_POST_CODE; // PAYLOAD is the only section that needs its hash extended to PCR_4 if (i_sec == PNOR::PAYLOAD) { pnorHashPcr = PCR_4; swKeyHashEventType = TRUSTEDBOOT::EV_COMPACT_HASH; + pnorHashEventType = TRUSTEDBOOT::EV_COMPACT_HASH; + } + else if(PNOR::isCoreRootOfTrustSection(i_sec)) + { + pnorHashEventType = TRUSTEDBOOT::EV_S_CRTM_CONTENTS; } // Extend swKeyHash to the next PCR after the hash extension PCR. const TPM_Pcr swKeyHashPcr = static_cast<TPM_Pcr>(pnorHashPcr + 1); @@ -343,10 +350,8 @@ errlHndl_t extendPnorSectionHash( if (SECUREBOOT::enabled()) { // If secureboot is enabled, use protected hash in header - /// @todo RTC 172332 Update log type based on what is being extended - /// EV_POST_CODE or EV_S_CRTM_CONTENTS or EV_COMPACT_HASH pError = TRUSTEDBOOT::pcrExtend(pnorHashPcr, - TRUSTEDBOOT::EV_POST_CODE, + pnorHashEventType, reinterpret_cast<const uint8_t*>(i_conHdr.payloadTextHash()), sizeof(SHA512_t), sectionInfo.name); @@ -375,14 +380,13 @@ errlHndl_t extendPnorSectionHash( else { // If secureboot is not enabled, measure protected section - /// @todo RTC 172332 Update log type based on what is being extended - /// EV_POST_CODE or EV_S_CRTM_CONTENTS or EV_COMPACT_HASH SHA512_t hash = {0}; SECUREBOOT::hashBlob(i_vaddr, protectedSize, hash); pError = TRUSTEDBOOT::pcrExtend(pnorHashPcr, - TRUSTEDBOOT::EV_POST_CODE, - hash, sizeof(SHA512_t), - sectionInfo.name); + pnorHashEventType, + hash, + sizeof(SHA512_t), + sectionInfo.name); if (pError) { TRACFCOMP(g_trac_trustedboot, ERR_MRK " Failed in call to " |