From 07d75753d59419ea6ba9ee3bd930e0aa8e7e7fd5 Mon Sep 17 00:00:00 2001 From: Nick Bofferding Date: Fri, 20 Oct 2017 21:13:34 -0500 Subject: Secure Boot: Enforce PNOR section component IDs - In secure mode, bootloader will enforce that HBB component ID is set - In secure mode, Hostboot will enforce that PNOR component IDs are set Change-Id: I04f3bbc45417b3229003c56e1083e1fc31c01cd7 RTC: 179422 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/48711 Reviewed-by: Michael Baiocchi Tested-by: Jenkins Server Reviewed-by: Marshall J. Wilks Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Reviewed-by: Stephen M. Cprek Tested-by: FSP CI Jenkins Reviewed-by: William G. Hoffa --- src/include/bootloader/bootloader_trace.H | 6 +++ src/include/bootloader/hbblreasoncodes.H | 1 + src/include/string.h | 3 +- src/include/usr/errl/errlreasoncodes.H | 9 +++- src/include/usr/errl/errludstring.H | 62 +++++++++++++++++++++++-- src/include/usr/secureboot/secure_reasoncodes.H | 1 + src/include/usr/secureboot/service.H | 20 ++++++++ 7 files changed, 95 insertions(+), 7 deletions(-) mode change 100755 => 100644 src/include/string.h (limited to 'src/include') diff --git a/src/include/bootloader/bootloader_trace.H b/src/include/bootloader/bootloader_trace.H index 129b9a303..3b3fa262a 100644 --- a/src/include/bootloader/bootloader_trace.H +++ b/src/include/bootloader/bootloader_trace.H @@ -77,6 +77,12 @@ enum BootloaderTraces /** Bootloader main verifyContainer skip verification - SAB unset */ BTLDR_TRC_MAIN_VERIFY_SAB_UNSET = 0x19, + /** Bootloader main verifyComponent succeeded */ + BTLDR_TRC_COMP_ID_VERIFY_SUCCESS = 0x1A, + + /** Bootloader main verifyComponent failed */ + BTLDR_TRC_COMP_ID_VERIFY_FAILED = 0x1B, + /** Bootloader handleMMIO started */ BTLDR_TRC_HANDLEMMIO_START = 0x20, diff --git a/src/include/bootloader/hbblreasoncodes.H b/src/include/bootloader/hbblreasoncodes.H index 392b7e4b3..1a4dbc98f 100644 --- a/src/include/bootloader/hbblreasoncodes.H +++ b/src/include/bootloader/hbblreasoncodes.H @@ -49,6 +49,7 @@ namespace Bootloader MOD_PNORACC_GETHBBSECT = 0x04, /**< bl_pnorAccess.C : get HBB sect */ MOD_BOOTLOADER_VERIFY = 0x05, /**< bootloader.C : verifyContainer */ MOD_BOOTLOADER_ASSERT = 0x06, /**< bootloader.H assert */ + MOD_BOOTLOADER_VERIFY_COMP_ID = 0x07, /**< bootloader.C : verifyComponent */ }; /** diff --git a/src/include/string.h b/src/include/string.h old mode 100755 new mode 100644 index 589507c06..ca1a0ba4c --- a/src/include/string.h +++ b/src/include/string.h @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2010,2014 */ +/* Contributors Listed Below - COPYRIGHT 2010,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -42,6 +42,7 @@ extern "C" char* strcpy(char* d, const char* s); char* strncpy(char* d, const char* s, size_t l); int strcmp(const char* s1, const char* s2) __attribute__((pure)); + int strncmp(const char* s1, const char* s2, size_t l) __attribute__((pure)); size_t strlen(const char* s1) __attribute__((pure)); size_t strnlen(const char* s1, size_t n) __attribute__((pure)); diff --git a/src/include/usr/errl/errlreasoncodes.H b/src/include/usr/errl/errlreasoncodes.H index 1e7f2ea77..f9d03c246 100644 --- a/src/include/usr/errl/errlreasoncodes.H +++ b/src/include/usr/errl/errlreasoncodes.H @@ -62,7 +62,7 @@ namespace ERRORLOG ERRL_LAST_ERR = ERRL_COMP_ID | 0xFF }; - // Identifiers for ERRL user data sections. + // Identifiers for ERRL user data subsections. enum errlUserDetailDataSubsection { ERRL_UDT_NOFORMAT = 0x00, @@ -74,6 +74,13 @@ namespace ERRORLOG ERRL_UDT_CALLOUT = 0x06, ERRL_UDT_PRINTK = 0x07, ERRL_UDT_SENSOR = 0x08, + ERRL_UDT_STRING_SET = 0x09, + }; + + // Identifiers for ERRL user data subsection versions + enum errlUserDetailDataSubsectionVersion + { + ERRL_UDT_STRING_SET_VER_1 = 0x01, }; }; diff --git a/src/include/usr/errl/errludstring.H b/src/include/usr/errl/errludstring.H index f8e4cd3d7..c3d8ecdee 100644 --- a/src/include/usr/errl/errludstring.H +++ b/src/include/usr/errl/errludstring.H @@ -5,7 +5,9 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* COPYRIGHT International Business Machines Corp. 2012,2014 */ +/* Contributors Listed Below - COPYRIGHT 2012,2017 */ +/* [+] International Business Machines Corp. */ +/* */ /* */ /* Licensed under the Apache License, Version 2.0 (the "License"); */ /* you may not use this file except in compliance with the License. */ @@ -57,10 +59,60 @@ public: */ virtual ~ErrlUserDetailsString(); -private: - // Disabled - ErrlUserDetailsString(const ErrlUserDetailsString &); - ErrlUserDetailsString & operator=(const ErrlUserDetailsString &); + private: + + // Disable compiler provided default functions + ErrlUserDetailsString( + const ErrlUserDetailsString &); + ErrlUserDetailsString & operator=( + const ErrlUserDetailsString &); + ErrlUserDetailsString ( + ErrlUserDetailsString&&) = delete; + ErrlUserDetailsString& operator = ( + ErrlUserDetailsString&&) = delete; +}; + +/** + * @class ErrlUserDetailsStringSet + * + * @brief Adds multiple, tagged FFDC strings to an error log as user details + * data + */ +class ErrlUserDetailsStringSet : public ErrlUserDetails +{ + + public: + + /** + * @brief Constructor; creates the object + */ + ErrlUserDetailsStringSet(); + + /** + * @brief Adds a new tagged string to the object's string cache + * + * @param[in] i_pDescriptionString Description of the string to add. Must + * not be nullptr or function will substitute an error message. + * @param[in] i_pString The string to add. Must not be nullptr or function + * will substitute an error message. + */ + void add(const char* i_pDescriptionString, + const char* i_pString); + + /** + * @brief Destructor + */ + virtual ~ErrlUserDetailsStringSet(); + + // Disable compiler provided default functions + ErrlUserDetailsStringSet( + const ErrlUserDetailsStringSet&) = delete; + ErrlUserDetailsStringSet& operator=( + const ErrlUserDetailsStringSet&) = delete; + ErrlUserDetailsStringSet ( + ErrlUserDetailsStringSet&&) = delete; + ErrlUserDetailsStringSet& operator = ( + ErrlUserDetailsStringSet&&) = delete; }; } diff --git a/src/include/usr/secureboot/secure_reasoncodes.H b/src/include/usr/secureboot/secure_reasoncodes.H index 98fe38d3c..f633ef7b2 100644 --- a/src/include/usr/secureboot/secure_reasoncodes.H +++ b/src/include/usr/secureboot/secure_reasoncodes.H @@ -40,6 +40,7 @@ namespace SECUREBOOT MOD_SECURE_READ_REG = 0x06, MOD_SECURE_WRITE_REG = 0x07, MOD_SECURE_SETTINGS_INIT = 0x08, + MOD_SECURE_VERIFY_COMPONENT = 0x09, }; enum SECUREReasonCode diff --git a/src/include/usr/secureboot/service.H b/src/include/usr/secureboot/service.H index 4c4d43d3c..c4dc31334 100644 --- a/src/include/usr/secureboot/service.H +++ b/src/include/usr/secureboot/service.H @@ -58,6 +58,8 @@ typedef uint8_t PAGE_TABLE_ENTRY_t[HASH_PAGE_TABLE_ENTRY_SIZE]; namespace SECUREBOOT { + class ContainerHeader; + /** @brief Perform initialization of Secureboot for the Base image. * * - Copy secure header from original location. @@ -222,6 +224,24 @@ namespace SECUREBOOT errlHndl_t verifyContainer(void * i_container, const SHA512_t* i_hwKeyHash = nullptr); + /** + * @brief Verify component ID in a container header against a reference + * component ID. Up to 8 ASCII characters, not including NULL, will be + * compared (thus, it is critical that all components are unique with + * respect to the first 8 bytes). + * + * @param[in] i_containerHeader Verified container's header + * @param[in] i_pComponentString Reference component ID string; must not be + * nullptr or function will assert. + * + * @return errlHndl_t Error log handle + * @retval nullptr Component ID verification succeeded + * @retval !nullptr Error; component ID verification failed + */ + errlHndl_t verifyComponent( + const ContainerHeader& i_containerHeader, + const char* i_pComponentId); + /** * @brief Hash Signed Blob * -- cgit v1.2.1