diff options
Diffstat (limited to 'src/usr/secureboot/base/securerom.C')
-rw-r--r-- | src/usr/secureboot/base/securerom.C | 66 |
1 files changed, 48 insertions, 18 deletions
diff --git a/src/usr/secureboot/base/securerom.C b/src/usr/secureboot/base/securerom.C index dd1428f33..74c2a18bb 100644 --- a/src/usr/secureboot/base/securerom.C +++ b/src/usr/secureboot/base/securerom.C @@ -84,20 +84,27 @@ errlHndl_t verifyContainer(void * i_container, const sha2_hash_t* i_hwKeyHash) errlHndl_t hashBlob(const void * i_blob, size_t i_size, SHA512_t io_buf) { return Singleton<SecureROM>::instance().hashBlob(i_blob, i_size, io_buf); +} +/** + * @brief Hash concatenation of 2 Blobs + * + */ +errlHndl_t hashConcatBlobs(const blobPair_t &i_blobs, SHA512_t o_buf) +{ + return Singleton<SecureROM>::instance().hashConcatBlobs(i_blobs, o_buf); } /* - * @brief Externally available hardware hash key function + * @brief Externally available hardware keys' hash retrieval function */ -void getHwHashKeys(sha2_hash_t o_hash) +void getHwKeyHash(sha2_hash_t o_hash) { - return Singleton<SecureROM>::instance().getHwHashKeys(o_hash); + return Singleton<SecureROM>::instance().getHwKeyHash(o_hash); } }; //end SECUREBOOT namespace - /******************** Public Methods ********************/ @@ -259,13 +266,13 @@ errlHndl_t SecureROM::initialize() /* Retrieve HW Hash Keys From The System */ /***************************************************************/ - // @todo RTC:RTC:34080 - Support for SecureROM::getHwHashKeys() - l_errl = SecureROM::getHwHashKeys(); + // @todo RTC:RTC:34080 - Support for SecureROM::getHwKeyHash() + l_errl = SecureROM::getHwKeyHash(); if (l_errl != NULL) { TRACFCOMP(g_trac_secure,ERR_MRK"SecureROM::initialize():" - " SecureROM::getHwHashKeys() returned an error"); + " SecureROM::getHwKeyHash() returned an error"); l_errl->collectTrace(SECURE_COMP_NAME,256); break; @@ -329,8 +336,8 @@ errlHndl_t SecureROM::verifyContainer(void * i_container, // struct elements my_ecid, entry_point and log memset(&l_hw_parms, 0, sizeof(ROM_hw_params)); - // Now set hw_key_hash, which is of type sha2_hash_t, to iv_hash_key - memcpy (&l_hw_parms.hw_key_hash, &iv_hash_key, sizeof(sha2_hash_t)); + // Now set hw_key_hash, which is of type sha2_hash_t, to iv_key_hash + memcpy (&l_hw_parms.hw_key_hash, &iv_key_hash, sizeof(sha2_hash_t)); TRACFBIN(g_trac_secure,"SecureROM::verifyContainer(): hw_key_hash", l_hw_parms.hw_key_hash, sizeof(sha2_hash_t)); @@ -384,6 +391,7 @@ errlHndl_t SecureROM::verifyContainer(void * i_container, /*@ * @errortype + * @severity ERRL_SEV_UNRECOVERABLE * @moduleid SECUREBOOT::MOD_SECURE_ROM_VERIFY * @reasoncode SECUREBOOT::RC_ROM_VERIFY * @userdata1 l_rc @@ -457,6 +465,28 @@ errlHndl_t SecureROM::hashBlob(const void * i_blob, size_t i_size, SHA512_t io_b return l_errl; } +/** + * @brief Hash concatenation of N Blobs + */ +errlHndl_t SecureROM::hashConcatBlobs(const blobPair_t &i_blobs, + SHA512_t o_buf) const +{ + errlHndl_t pError = nullptr; + std::vector<uint8_t> concatBuf; + for (const auto &it : i_blobs) + { + assert(it.first != nullptr, "BUG! In SecureROM::hashConcatBlobs(), " + "User passed in nullptr blob pointer"); + const uint8_t* const blob = static_cast<const uint8_t*>(it.first); + const auto blobSize = it.second; + concatBuf.insert(concatBuf.end(), blob, blob + blobSize); + } + + // Call hash blob on new concatenated buffer + pError = hashBlob(concatBuf.data(),concatBuf.size(),o_buf); + + return pError; +} /******************** Internal Methods @@ -470,8 +500,8 @@ SecureROM::SecureROM() { TRACDCOMP(g_trac_secure, "SecureROM::SecureROM()>"); - // Clear out iv_hash_keys, which is of type sha2_hash_t - memset(&iv_hash_key, 0, sizeof(sha2_hash_t) ); + // Clear out iv_key_hash, which is of type sha2_hash_t + memset(&iv_key_hash, 0, sizeof(sha2_hash_t) ); } @@ -547,26 +577,26 @@ void SecureROM::_cleanup() /** - * @brief Retrieves HW Keys from the system + * @brief Retrieves HW keys' hash from the system */ -errlHndl_t SecureROM::getHwHashKeys() +errlHndl_t SecureROM::getHwKeyHash() { errlHndl_t l_errl = NULL; - TRACFCOMP(g_trac_secure,INFO_MRK"SecureROM::getHwHashKeys() NOT supported"); + TRACFCOMP(g_trac_secure,INFO_MRK"SecureROM::getHwKeyHash() NOT supported"); - // @todo RTC:34080 - Add support for getting HW Hash Keys from System + // @todo RTC:34080 - Add support for getting HW keys' hash from System return l_errl; } /** - * @brief Retrieve the internal hardware hash key from secure ROM object. + * @brief Retrieve the internal hardware keys' hash from secure ROM object. */ -void SecureROM::getHwHashKeys(sha2_hash_t o_hash) +void SecureROM::getHwKeyHash(sha2_hash_t o_hash) { - memcpy(o_hash, iv_hash_key, sizeof(sha2_hash_t)); + memcpy(o_hash, iv_key_hash, sizeof(sha2_hash_t)); } /** |