From e9eacec8bad1e2dade70ebed0fc3d00b5ab59232 Mon Sep 17 00:00:00 2001 From: Jaymes Wilks Date: Tue, 1 May 2018 15:33:32 -0500 Subject: Support TPM PCR Poisoning MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit To support Fleetwood secure inter-node communication, we need to “poison” the PCRs of all still functional non-master node TPMs just prior to transferring control to PHyp, and report that poisoned state to HDAT. Change-Id: Ic104ef2e44fc98895b9b435fdf8ba4c5e4972818 RTC:191001 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/58244 Tested-by: Jenkins Server Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Tested-by: FSP CI Jenkins Reviewed-by: Nicholas E. Bofferding Reviewed-by: Michael Baiocchi Reviewed-by: ILYA SMIRNOV Reviewed-by: Daniel M. Crowell --- src/usr/secureboot/trusted/base/trustedbootMsg.H | 14 ++-- src/usr/secureboot/trusted/base/trustedboot_base.C | 87 +++------------------- 2 files changed, 19 insertions(+), 82 deletions(-) (limited to 'src/usr/secureboot/trusted/base') diff --git a/src/usr/secureboot/trusted/base/trustedbootMsg.H b/src/usr/secureboot/trusted/base/trustedbootMsg.H index 260fe094a..ededabdcf 100644 --- a/src/usr/secureboot/trusted/base/trustedbootMsg.H +++ b/src/usr/secureboot/trusted/base/trustedbootMsg.H @@ -62,12 +62,14 @@ namespace TRUSTEDBOOT /// PCREXTEND message data struct PcrExtendMsgData { - TPM_Pcr mPcrIndex; - TPM_Alg_Id mAlgId; - EventTypes mEventType; - size_t mDigestSize; - uint8_t mDigest[TPM_ALG_SHA256_SIZE]; - char mLogMsg[MAX_TPM_LOG_MSG]; + TPM_Pcr mPcrIndex; + TPM_Alg_Id mAlgId; + EventTypes mEventType; + size_t mDigestSize; + uint8_t mDigest[TPM_ALG_SHA256_SIZE]; + char mLogMsg[MAX_TPM_LOG_MSG]; + const TpmTarget* mSingleTpm; + bool mMirrorToLog; }; struct GetRandomMsgData diff --git a/src/usr/secureboot/trusted/base/trustedboot_base.C b/src/usr/secureboot/trusted/base/trustedboot_base.C index 9aba765f5..5050c9a99 100644 --- a/src/usr/secureboot/trusted/base/trustedboot_base.C +++ b/src/usr/secureboot/trusted/base/trustedboot_base.C @@ -200,7 +200,9 @@ errlHndl_t pcrExtend(TPM_Pcr i_pcr, const uint8_t* i_digest, size_t i_digestSize, const char* i_logMsg, - bool i_sendAsync) + bool i_sendAsync, + const TpmTarget* i_pTpm, + const bool i_mirrorToLog) { errlHndl_t err = NULL; #ifdef CONFIG_TPMDD @@ -208,7 +210,8 @@ errlHndl_t pcrExtend(TPM_Pcr i_pcr, TRACDCOMP( g_trac_trustedboot, ENTER_MRK"pcrExtend()" ); TRACUCOMP( g_trac_trustedboot, - ENTER_MRK"pcrExtend() pcr=%d msg='%s'", i_pcr, i_logMsg); + ENTER_MRK"pcrExtend() pcr=%d msg='%s'", + i_pcr, i_logMsg? i_logMsg: "(null)"); TRACUBIN(g_trac_trustedboot, "pcrExtend() digest:", i_digest, i_digestSize); // msgData will be freed when message is freed @@ -219,16 +222,21 @@ errlHndl_t pcrExtend(TPM_Pcr i_pcr, msgData->mEventType = i_eventType; msgData->mDigestSize = (i_digestSize < sizeof(msgData->mDigest) ? i_digestSize : sizeof(msgData->mDigest)); + msgData->mSingleTpm = i_pTpm; + msgData->mMirrorToLog = i_mirrorToLog; // copy over the incoming digest and truncate to what we need memcpy(msgData->mDigest, i_digest, msgData->mDigestSize); // Truncate logMsg if required - memcpy(msgData->mLogMsg, i_logMsg, + if (i_logMsg) + { + memcpy(msgData->mLogMsg, i_logMsg, (strlen(i_logMsg) < sizeof(msgData->mLogMsg) ? strlen(i_logMsg) : sizeof(msgData->mLogMsg)-1) // Leave room for NULL termination ); + } if (!i_sendAsync) { @@ -794,77 +802,4 @@ errlHndl_t testCmpPrimaryAndBackupTpm() return l_err; } -#ifdef CONFIG_TPMDD -errlHndl_t GetRandom(const TpmTarget* i_pTpm, uint64_t& o_randNum) -{ - errlHndl_t err = nullptr; - Message* msg = nullptr; - - do { - - auto pData = new struct GetRandomMsgData; - memset(pData, 0, sizeof(*pData)); - - pData->i_pTpm = const_cast(i_pTpm); - - msg = Message::factory(MSG_TYPE_GETRANDOM, sizeof(*pData), - reinterpret_cast(pData), MSG_MODE_SYNC); - - assert(msg != nullptr, "BUG! Message is null"); - pData = nullptr; // Message owns msgData now - - int rc = msg_sendrecv(systemData.msgQ, msg->iv_msg); - if (0 == rc) - { - err = msg->iv_errl; - msg->iv_errl = nullptr; // taking over ownership of error log - if (err != nullptr) - { - break; - } - } - else // sendrecv failure - { - /*@ - * @errortype ERRL_SEV_UNRECOVERABLE - * @moduleid MOD_TPM_GETRANDOM - * @reasoncode RC_SENDRECV_FAIL - * @userdata1 rc from msq_sendrecv() - * @userdata2 TPM HUID if it's not nullptr - * @devdesc msg_sendrecv() failed - * @custdesc Trusted boot failure - */ - err = new ERRORLOG::ErrlEntry(ERRORLOG::ERRL_SEV_UNRECOVERABLE, - MOD_TPM_GETRANDOM, - RC_SENDRECV_FAIL, - rc, - TARGETING::get_huid(i_pTpm), - true); - break; - } - - pData = reinterpret_cast(msg->iv_data); - assert(pData != nullptr, - "BUG! Completed send/recv to random num generator has null data ptr!"); - - o_randNum = pData->o_randNum; - - } while (0); - - if (msg != nullptr) - { - delete msg; // also deletes the msg->iv_data - msg = nullptr; - } - - if (err) - { - err->collectTrace(SECURE_COMP_NAME); - err->collectTrace(TRBOOT_COMP_NAME); - } - - return err; -} -#endif // CONFIG_TPMDD - } // end TRUSTEDBOOT -- cgit v1.2.3