From 07d75753d59419ea6ba9ee3bd930e0aa8e7e7fd5 Mon Sep 17 00:00:00 2001 From: Nick Bofferding Date: Fri, 20 Oct 2017 21:13:34 -0500 Subject: Secure Boot: Enforce PNOR section component IDs - In secure mode, bootloader will enforce that HBB component ID is set - In secure mode, Hostboot will enforce that PNOR component IDs are set Change-Id: I04f3bbc45417b3229003c56e1083e1fc31c01cd7 RTC: 179422 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/48711 Reviewed-by: Michael Baiocchi Tested-by: Jenkins Server Reviewed-by: Marshall J. Wilks Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Reviewed-by: Stephen M. Cprek Tested-by: FSP CI Jenkins Reviewed-by: William G. Hoffa --- src/bootloader/bootloader.C | 87 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 86 insertions(+), 1 deletion(-) (limited to 'src/bootloader') diff --git a/src/bootloader/bootloader.C b/src/bootloader/bootloader.C index 99ac0b1ec..745e33c5d 100644 --- a/src/bootloader/bootloader.C +++ b/src/bootloader/bootloader.C @@ -177,6 +177,89 @@ namespace Bootloader{ sizeof(BlToHbData)); } + /** + * @brief Verify container's component ID against a reference + * component ID. Up to 8 ASCII characters, not including NULL, will be + * compared (thus, it is critical that all components are unique with + * respect to the first 8 bytes). + * + * @param[in] i_pHeader Void pointer to start of the container's secure + * header. Must not be nullptr or function will assert. + * @param[in] i_pComponentId Reference component ID to compare to. Must + * not be nullptr or function will assert. + */ + void verifyComponent( + const void* const i_pHeader, + const char* const i_pComponentId) + { + assert(i_pHeader != nullptr); + assert(i_pComponentId != nullptr); + + const auto* const pHwPrefix = + reinterpret_cast( + reinterpret_cast(i_pHeader) + + offsetof(ROM_container_raw,prefix)); + const auto swKeyCount = pHwPrefix->sw_key_count; + const auto ecidCount = pHwPrefix->ecid_count; + + const char* const pCompIdInContainer = + reinterpret_cast(i_pHeader) + + offsetof(ROM_container_raw,prefix) + + offsetof(ROM_prefix_header_raw,ecid) + + ecidCount*ECID_SIZE + + offsetof(ROM_prefix_data_raw,sw_pkey_p) + + swKeyCount*sizeof(ecc_key_t) + + offsetof(ROM_sw_header_raw,component_id); + + if(strncmp(pCompIdInContainer, + i_pComponentId, + sizeof(ROM_sw_header_raw::component_id)) != 0) + { + char pTruncatedComponentId[ + sizeof(ROM_sw_header_raw::component_id) + + sizeof(uint8_t)]={0}; + strncpy(pTruncatedComponentId, + i_pComponentId, + sizeof(ROM_sw_header_raw::component_id)); + + BOOTLOADER_TRACE(BTLDR_TRC_COMP_ID_VERIFY_FAILED); + + // Read SBE HB shared data + const auto pBlConfigData = reinterpret_cast< + BootloaderConfigData_t *>(SBE_HB_COMM_ADDR); + + /*@ + * @errortype + * @moduleid Bootloader::MOD_BOOTLOADER_VERIFY_COMP_ID + * @reasoncode SECUREBOOT::RC_ROM_VERIFY + * @userdata1[0:15] TI_WITH_SRC + * @userdata1[16:31] TI_BOOTLOADER + * @userdata1[32:63] Failing address = 0 + * @userdata2[0:31] First 4 bytes of observed component ID + * @userdata2[32:63] Last 4 bytes of observed component ID + * @errorInfo[0:15] SBE boot side + * @errorInfo[16:31] Unused + * @devdesc Container component ID verification failed. + * @custdesc Platform security violation detected + */ + bl_terminate( + MOD_BOOTLOADER_VERIFY_COMP_ID, + SECUREBOOT::RC_ROM_VERIFY, + *reinterpret_cast( + pCompIdInContainer), + *reinterpret_cast( + pCompIdInContainer+sizeof(uint32_t)), + true, + 0, + TWO_UINT16_TO_UINT32( + pBlConfigData->sbeBootSide,0)); + } + else + { + BOOTLOADER_TRACE(BTLDR_TRC_COMP_ID_VERIFY_SUCCESS); + } + } + /** * @brief Verify Container against system hash keys * @@ -298,11 +381,13 @@ namespace Bootloader{ } BOOTLOADER_TRACE(BTLDR_TRC_MAIN_VERIFY_SUCCESS); + + verifyComponent(i_pContainer, + PNOR::SectionIdToString(PNOR::HB_BASE_CODE)); } #endif } - /** Bootloader main function to work with and start HBB. * * @return 0. -- cgit v1.2.1