diff options
| author | Nick Bofferding <bofferdn@us.ibm.com> | 2016-06-21 14:49:31 -0500 |
|---|---|---|
| committer | William G. Hoffa <wghoffa@us.ibm.com> | 2016-07-07 10:11:39 -0400 |
| commit | f25ca35cf10693ccc45753231f171b453228b82e (patch) | |
| tree | e5391105c40d7557e63a49ef6d33d8635a2fd2bb /src | |
| parent | b18f35fb5748bb6caf7c81f3080a02bdc33e0347 (diff) | |
| download | talos-hostboot-f25ca35cf10693ccc45753231f171b453228b82e.tar.gz talos-hostboot-f25ca35cf10693ccc45753231f171b453228b82e.zip | |
Register verify_container runtime interface
- Added verify_container API to runtime interface for secureboot
- Added testcase to test API registration
- Created common secureboot tracing files
Change-Id: If755644ff6507f14fd0463f4accf05301fc91832
RTC: 156119
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/26104
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Christopher J. Engel <cjengel@us.ibm.com>
Reviewed-by: William G. Hoffa <wghoffa@us.ibm.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/runtime/interface.h | 42 | ||||
| -rw-r--r-- | src/makefile | 2 | ||||
| -rw-r--r-- | src/usr/secureboot/common/common.mk | 26 | ||||
| -rw-r--r-- | src/usr/secureboot/common/securetrace.C | 43 | ||||
| -rw-r--r-- | src/usr/secureboot/common/securetrace.H | 64 | ||||
| -rw-r--r-- | src/usr/secureboot/makefile | 3 | ||||
| -rw-r--r-- | src/usr/secureboot/runtime/makefile | 41 | ||||
| -rw-r--r-- | src/usr/secureboot/runtime/rt_secureboot.C | 79 | ||||
| -rw-r--r-- | src/usr/secureboot/runtime/test/makefile | 36 | ||||
| -rw-r--r-- | src/usr/secureboot/runtime/test/testsecureboot_rt.H | 102 |
10 files changed, 437 insertions, 1 deletions
diff --git a/src/include/runtime/interface.h b/src/include/runtime/interface.h index 03fb92ce1..2140f69a2 100644 --- a/src/include/runtime/interface.h +++ b/src/include/runtime/interface.h @@ -624,7 +624,49 @@ typedef struct runtimeInterfaces const char** argv, char** o_outString ); + /** + * @brief Verify integrity of a secure container + * @param[in] i_pContainer Pointer to a valid secure container, + * Must not be NULL. Container is assumed to be stripped of any ECC + * and must start with a valid secure header (which contains the + * container size information) + * @param[in] i_pHwHashKey Pointer to a valid hardware hash key. + * Must not be NULL. + * @param[in] i_hwHashKeySize Size of the hardware hash key. + * A value which incorrectly states the size of the hardware hash key + * will be detected as a verification error or worse, an illegal memory + * access. Must not be 0. + * @note If secureboot is compiled out, the function pointer will be set to + * NULL. If caller's secureboot support is compiled in and secureboot + * is enabled by policy, then caller should treat a NULL pointer as a + * verification failure. + * @return Integer error code indicating success or failure + * @retval 0 Container verified correctly + * @retval !0 API error or otherwise failed to verify container + * @platform FSP, OpenPOWER + */ + int (*verify_container)( + const void* i_pContainer, + const void* i_pHwHashKey, + size_t i_hwHashKeySize); + // Reserve some space for future growth. + // do NOT ever change this number, even if you add functions. + // + // The value of 32 was somewhat arbitrarily chosen. + // + // If either side modifies the interface.h file we're suppose to be able to + // tolerate the other side not supporting the function yet. The function + // pointer can be NULL. So if we require a new interface from OPAL, like + // "read_iic", we need to be able to tolerate that function pointer being + // NULL and do something sane (and erroring out is not consider sane). + // + // The purpose of this is to give us the ability to update Hostboot and + // OPAL independently. It is pretty rare that we both have function ready + // at the same time. The "reserve" is there so that the structures are + // allocated with sufficient space and populated with NULL function + // pointers. 32 is big enough that we should not likely add that many + // functions from either direction in between any two levels of support. void (*reserved[32])(void); } runtimeInterfaces_t; diff --git a/src/makefile b/src/makefile index cc682328b..a703fb2bc 100644 --- a/src/makefile +++ b/src/makefile @@ -273,6 +273,7 @@ RUNTIME_MODULES += $(if $(CONFIG_BMC_IPMI),ipmi_rt) RUNTIME_MODULES += pm_rt RUNTIME_MODULES += pnor_rt RUNTIME_MODULES += fapi2_rt +RUNTIME_MODULES += secureboot_rt RUNTIME_DATA_MODULES += RUNTIME_TESTCASE_MODULES += cxxtest_rt @@ -288,6 +289,7 @@ RUNTIME_TESTCASE_MODULES += $(if $(CONFIG_HBRT_PRD),testattn_rt) RUNTIME_TESTCASE_MODULES += $(if $(CONFIG_BMC_IPMI),testipmi_rt) RUNTIME_TESTCASE_MODULES += testpnor_rt RUNTIME_TESTCASE_MODULES += testfapi2_rt +RUNTIME_TESTCASE_MODULES += testsecureboot_rt RELOCATABLE_IMAGE_LDFLAGS = -pie --export-dynamic diff --git a/src/usr/secureboot/common/common.mk b/src/usr/secureboot/common/common.mk new file mode 100644 index 000000000..3d9701a40 --- /dev/null +++ b/src/usr/secureboot/common/common.mk @@ -0,0 +1,26 @@ +# IBM_PROLOG_BEGIN_TAG +# This is an automatically generated prolog. +# +# $Source: src/usr/secureboot/common/common.mk $ +# +# OpenPOWER HostBoot Project +# +# Contributors Listed Below - COPYRIGHT 2016 +# [+] International Business Machines Corp. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. +# +# IBM_PROLOG_END_TAG + +SECUREBOOT_COMMON_OBJS += securetrace.o diff --git a/src/usr/secureboot/common/securetrace.C b/src/usr/secureboot/common/securetrace.C new file mode 100644 index 000000000..0eeb12bfd --- /dev/null +++ b/src/usr/secureboot/common/securetrace.C @@ -0,0 +1,43 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/usr/secureboot/common/securetrace.C $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2016 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ + +/** + * @file securetrace.C + * @brief Implements secureboot trace descriptor and initialization + */ + +#include <hbotcompid.H> +#include <limits.h> + +#include "securetrace.H" + +namespace SECUREBOOT +{ + +trace_desc_t* g_trac_secure = nullptr; + +TRAC_INIT(&g_trac_secure, SECURE_COMP_NAME, KILOBYTE); + +} diff --git a/src/usr/secureboot/common/securetrace.H b/src/usr/secureboot/common/securetrace.H new file mode 100644 index 000000000..17c6988c7 --- /dev/null +++ b/src/usr/secureboot/common/securetrace.H @@ -0,0 +1,64 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/usr/secureboot/common/securetrace.H $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2016 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ + +/** + * @file securetrace.H + * @brief Provides trace interface for secureboot + */ + +#ifndef __SECURETRACE_H +#define __SECURETRACE_H + +#include <trace/interface.H> + +namespace SECUREBOOT +{ + +extern trace_desc_t* g_trac_secure; + +} + +#define SB_ENTER(args...) \ + TRACFCOMP(SECUREBOOT::g_trac_secure,ENTER_MRK " " args) + +#define SB_EXIT(args...) \ + TRACFCOMP(SECUREBOOT::g_trac_secure,EXIT_MRK " " args) + +#define SB_ERR(args...) \ + TRACFCOMP(SECUREBOOT::g_trac_secure,ERR_MRK " " args) + +#define SB_INF(args...) \ + TRACFCOMP(SECUREBOOT::g_trac_secure,INFO_MRK " " args) + +#define SB_DBG(args...) \ + TRACDCOMP(SECUREBOOT::g_trac_secure,INFO_MRK " " args) + +#define SB_INF_BIN(args...) \ + TRACFBIN(SECUREBOOT::g_trac_secure,args) + +#define SB_DBG_BIN(args...) \ + TRACDBIN(SECUREBOOT::g_trac_secure,args) + +#endif diff --git a/src/usr/secureboot/makefile b/src/usr/secureboot/makefile index 2195cabb2..5ac61aba7 100644 --- a/src/usr/secureboot/makefile +++ b/src/usr/secureboot/makefile @@ -5,7 +5,7 @@ # # OpenPOWER HostBoot Project # -# Contributors Listed Below - COPYRIGHT 2013,2015 +# Contributors Listed Below - COPYRIGHT 2013,2016 # [+] International Business Machines Corp. # # @@ -27,5 +27,6 @@ ROOTPATH = ../../.. SUBDIRS += base.d SUBDIRS += ext.d SUBDIRS += trusted.d +SUBDIRS += runtime.d include ${ROOTPATH}/config.mk diff --git a/src/usr/secureboot/runtime/makefile b/src/usr/secureboot/runtime/makefile new file mode 100644 index 000000000..fe42e65ea --- /dev/null +++ b/src/usr/secureboot/runtime/makefile @@ -0,0 +1,41 @@ +# IBM_PROLOG_BEGIN_TAG +# This is an automatically generated prolog. +# +# $Source: src/usr/secureboot/runtime/makefile $ +# +# OpenPOWER HostBoot Project +# +# Contributors Listed Below - COPYRIGHT 2016 +# [+] International Business Machines Corp. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. +# +# IBM_PROLOG_END_TAG + +HOSTBOOT_RUNTIME = 1 +ROOTPATH = ../../../.. + +MODULE = secureboot_rt + +include ../common/common.mk +CFLAGS += -iquote${ROOTPATH}/src/usr/secureboot + +SUBDIRS += test.d + +OBJS += ${SECUREBOOT_COMMON_OBJS} +OBJS += rt_secureboot.o + +VPATH += ../common + +include $(ROOTPATH)/config.mk diff --git a/src/usr/secureboot/runtime/rt_secureboot.C b/src/usr/secureboot/runtime/rt_secureboot.C new file mode 100644 index 000000000..8ab6d5e51 --- /dev/null +++ b/src/usr/secureboot/runtime/rt_secureboot.C @@ -0,0 +1,79 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/usr/secureboot/runtime/rt_secureboot.C $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2016 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ + +/** + * @file rt_secureboot.C + * @brief Provides runtime API for secure container verification + */ + +#include <runtime/interface.h> +#include <config.h> + +#include "common/securetrace.H" + +namespace SECUREBOOT +{ + +int verify_container( + const void* i_pContainer, + const void* i_pHwHashKey, + const size_t i_hwHashKeySize) +{ + int rc = 0; + + SB_ENTER( + "verify_container: " + "container ptr = %p, " + "HW hash key ptr = %p, " + "HW hash key size = %d", + i_pContainer,i_pHwHashKey,i_hwHashKeySize); + + // TODO: RTC 156485 + // Implement guts of verify_container + + SB_EXIT( + "verify_container: rc = %d",rc); + + return rc; +} + +struct registerSecurebootRt +{ + registerSecurebootRt() + { + auto pRtIntf = getRuntimeInterfaces(); +#ifdef CONFIG_SECUREBOOT + pRtIntf->verify_container = &verify_container; +#else + pRtIntf->verify_container = nullptr; +#endif + } +}; + +registerSecurebootRt g_registerSecurebootRt; + +} // end of SECUREBOOT namespace + + diff --git a/src/usr/secureboot/runtime/test/makefile b/src/usr/secureboot/runtime/test/makefile new file mode 100644 index 000000000..b824cd9e9 --- /dev/null +++ b/src/usr/secureboot/runtime/test/makefile @@ -0,0 +1,36 @@ +# IBM_PROLOG_BEGIN_TAG +# This is an automatically generated prolog. +# +# $Source: src/usr/secureboot/runtime/test/makefile $ +# +# OpenPOWER HostBoot Project +# +# Contributors Listed Below - COPYRIGHT 2016 +# [+] International Business Machines Corp. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. +# +# IBM_PROLOG_END_TAG + +HOSTBOOT_RUNTIME = 1 + +ROOTPATH = ../../../../.. + +CFLAGS += -iquote${ROOTPATH}/src/usr/secureboot + +MODULE = testsecureboot_rt + +TESTS = *.H + +include ${ROOTPATH}/config.mk diff --git a/src/usr/secureboot/runtime/test/testsecureboot_rt.H b/src/usr/secureboot/runtime/test/testsecureboot_rt.H new file mode 100644 index 000000000..ef9a641a9 --- /dev/null +++ b/src/usr/secureboot/runtime/test/testsecureboot_rt.H @@ -0,0 +1,102 @@ +/* IBM_PROLOG_BEGIN_TAG */ +/* This is an automatically generated prolog. */ +/* */ +/* $Source: src/usr/secureboot/runtime/test/testsecureboot_rt.H $ */ +/* */ +/* OpenPOWER HostBoot Project */ +/* */ +/* Contributors Listed Below - COPYRIGHT 2016 */ +/* [+] International Business Machines Corp. */ +/* */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); */ +/* you may not use this file except in compliance with the License. */ +/* You may obtain a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */ +/* implied. See the License for the specific language governing */ +/* permissions and limitations under the License. */ +/* */ +/* IBM_PROLOG_END_TAG */ + +/** + * @file testsecureboot_rt.H + * @brief Test secureboot runtime functions + */ + +#ifndef __TESTSECUREBOOT_RT_H +#define __TESTSECUREBOOT_RT_H + +#include <cxxtest/TestSuite.H> +#include <runtime/interface.h> +#include <config.h> + +#include "common/securetrace.H" + +class SecurebootRtTestSuite: public CxxTest::TestSuite +{ + public: + + void testVerifyContainer() + { + SB_ENTER("SecurebootRtTestSuite::testVerifyContainer"); + + do { + + auto pRtIntf = getRuntimeInterfaces(); + if (nullptr == pRtIntf) + { + TS_FAIL("testVerifyContainer: runtime interfaces pointer " + "not set"); + break; + } + +#ifndef CONFIG_SECUREBOOT + + if (nullptr != pRtIntf->verify_container) + { + TS_FAIL("testVerifyContainer: verify_container function pointer " + "set unexpectedly with secureboot compiled out"); + break; + } + +#else + + if (nullptr == pRtIntf->verify_container) + { + TS_FAIL("testVerifyContainer: verify_container function pointer " + "not set with secureboot compiled in"); + break; + } + + // If secureboot is compiled in, perform various API tests + + // TODO: RTC 156485 For now, function is a no op; add real tests here + // when verify_container is fully implemented + auto rc = pRtIntf->verify_container( + nullptr,nullptr,0); + if(rc != 0) + { + TS_FAIL("testVerifyContainer: expected verify_container to succeed " + "when secureboot is compiled in -and- verify_container is not " + "fully implemented, but it failed with rc = %d", + rc); + break; + } + +#endif + + } while(0); + + SB_EXIT("SecurebootRtTestSuite::testVerifyContainer"); + } + + private: + +}; + +#endif |
