From 8443a65a3599f433bd47c2ea03e863240db28b89 Mon Sep 17 00:00:00 2001 From: Stephen Cprek Date: Tue, 23 Jan 2018 14:27:17 -0600 Subject: Collect better FFDC on ROM verification errors Collect both the UTIL and RUNTIME component traces on a ROM verify failure Added a new Errlog User Details sections "Verify Info" containing the component name, ID(s), measured, and expected hashes Change-Id: I0d0408128e05807bb906be5ee365d56d1416693f CQ:SW413889 Backport:release-fips910 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/52593 Reviewed-by: Michael Baiocchi Reviewed-by: Nicholas E. Bofferding Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Marshall J. Wilks Reviewed-by: Daniel M. Crowell --- src/include/securerom/ROM.H | 9 ++++++++- src/include/usr/secureboot/secure_reasoncodes.H | 1 + src/include/usr/secureboot/service.H | 6 +++++- src/include/usr/util/utilmclmgr.H | 12 +++++++++++- 4 files changed, 25 insertions(+), 3 deletions(-) (limited to 'src/include') diff --git a/src/include/securerom/ROM.H b/src/include/securerom/ROM.H index 5b5e46635..f4cf76528 100644 --- a/src/include/securerom/ROM.H +++ b/src/include/securerom/ROM.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2016,2017 */ +/* Contributors Listed Below - COPYRIGHT 2016,2018 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -31,6 +31,7 @@ #include #include #include +#include /** * @brief Indicates container header section versions @@ -345,4 +346,10 @@ enum SB_FUNC_VERS : sbFuncVer_t */ extern const std::array SecRomFuncTypes; +/** + * @brief Vector of IDds (PNOR or Lid Id(s)) associated with the blob that is + * being verified. + */ +typedef std::vector RomVerifyIds; + #endif diff --git a/src/include/usr/secureboot/secure_reasoncodes.H b/src/include/usr/secureboot/secure_reasoncodes.H index 347907234..bee232ee7 100644 --- a/src/include/usr/secureboot/secure_reasoncodes.H +++ b/src/include/usr/secureboot/secure_reasoncodes.H @@ -84,6 +84,7 @@ namespace SECUREBOOT SECURE_UDT_SYSTEM_HW_KEY_HASH = 0x1, SECURE_UDT_TARGET_HW_KEY_HASH = 0x2, SECURE_UDT_SECURITY_SETTINGS = 0x3, + SECURE_UDT_VERIFY_INFO = 0x4, }; } diff --git a/src/include/usr/secureboot/service.H b/src/include/usr/secureboot/service.H index 7d8953cde..c467c3800 100644 --- a/src/include/usr/secureboot/service.H +++ b/src/include/usr/secureboot/service.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2013,2017 */ +/* Contributors Listed Below - COPYRIGHT 2013,2018 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -216,12 +216,16 @@ namespace SECUREBOOT * @brief Verify Signed Container * * @param[in] i_container Void pointer to effective address of container + * @param[in] i_ids Vector of IDs (PNOR or Lid Id(s)) associated with + * the blob that is being verified. + * [default = empty vector] * @param[in] i_hwKeyHash Custom hw keys' hash to test against * [default = nullptr, use current hw hash key] * * @return errlHndl_t NULL on success */ errlHndl_t verifyContainer(void * i_container, + const RomVerifyIds& i_ids = RomVerifyIds(), const SHA512_t* i_hwKeyHash = nullptr); /** diff --git a/src/include/usr/util/utilmclmgr.H b/src/include/usr/util/utilmclmgr.H index fd3c826de..1d47523b4 100644 --- a/src/include/usr/util/utilmclmgr.H +++ b/src/include/usr/util/utilmclmgr.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2017 */ +/* Contributors Listed Below - COPYRIGHT 2017,2018 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -30,6 +30,7 @@ #include #include #include +#include // Forward declarations class MasterContainerLidMgrTest; @@ -222,6 +223,15 @@ void compIdToString(const ComponentID i_compId, CompIdString o_compIdStr); */ uint64_t compIdToInt(const ComponentID i_compId); +/** + * @brief Extract list of lid ids from lid info vector + * + * @param[in] i_lidIds - Vector to pull lid ids out of + * + * @return RomVerifyIds - IDs associated with secure component + */ +RomVerifyIds extractLidIds(const std::vector& i_lidIds); + // @brief Class to manager the Master Container Lid provided by the FSP class MasterContainerLidMgr { -- cgit v1.2.1