From 89c19d7e3a5b6f2781636ca5373672f38d8f0a13 Mon Sep 17 00:00:00 2001 From: Stephen Cprek Date: Wed, 27 Sep 2017 16:22:04 -0500 Subject: Process Components in Master Container Lid Change-Id: I31523494f462c88addb51973f605b2ed72674e97 RTC: 125304 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/46840 Tested-by: Jenkins Server Reviewed-by: Nicholas E. Bofferding Tested-by: Jenkins OP Build CI Tested-by: Jenkins OP HW Reviewed-by: Michael Baiocchi Reviewed-by: Marshall J. Wilks Tested-by: FSP CI Jenkins Reviewed-by: William G. Hoffa --- src/usr/util/test/testmclmgr.H | 105 +++++++++- src/usr/util/utillidmgr.C | 2 +- src/usr/util/utilmclmgr.C | 459 ++++++++++++++++++++++++++++++++++++++++- 3 files changed, 546 insertions(+), 20 deletions(-) (limited to 'src/usr/util') diff --git a/src/usr/util/test/testmclmgr.H b/src/usr/util/test/testmclmgr.H index d5ce9eec5..9f425a285 100644 --- a/src/usr/util/test/testmclmgr.H +++ b/src/usr/util/test/testmclmgr.H @@ -31,15 +31,22 @@ #include #include "../utilbase.H" #include +#include namespace MCL { -// Defines to simplify list initialzer syntax -#define COMP_TEST1 {0x54,0x45,0x53,0x54,0x31} -#define COMP_TEST2 {0x54,0x45,0x53,0x54,0x32} -#define COMP_TEST3 {0x54,0x45,0x53,0x54,0x33} -#define COMP_TEST4 {0x54,0x45,0x53,0x54,0x34} +// Constants to simplify code +const ComponentID COMP_TEST1 {"TEST1"}; +const ComponentID COMP_TEST2 {"TEST2"}; +const ComponentID COMP_TEST3 {"TEST3"}; +// Component ids are not null terminated. So test a 16 byte comp ID +// NOTE: You cannot use a CHAR initializer list equal to the size of the array +// as the compiler expects a space for the null terminator. +// So setting the hex values directly. +// ASCII: TESTMAXSIZEOFSTR +const ComponentID COMP_TEST4 {0x54,0x45,0x53,0x54,0x4d,0x41,0x58,0x53, + 0x49,0x5a,0x45,0x4f,0x46,0x53,0x54,0x52}; // Define deault vectors to simplify syntax const std::vector defaultLids {0xA1234567, 0x89ABCDEF, 0x13579246}; @@ -92,7 +99,7 @@ public: initMcl(); } - TestMcl(std::vector& i_lids) + TestMcl(const std::vector& i_lids) : iv_size(0),iv_bufferCur(nullptr),iv_bufferStart(nullptr), iv_pHeader(nullptr), iv_compInfoCache{}, iv_testLids{i_lids}, iv_testComps{defaultComps} @@ -100,8 +107,8 @@ public: initMcl(); } - TestMcl(std::vector& i_lids, - std::vector >& i_comps) + TestMcl(const std::vector& i_lids, + const std::vector >& i_comps) : iv_size(0),iv_bufferCur(nullptr),iv_bufferStart(nullptr), iv_pHeader(nullptr), iv_compInfoCache{}, iv_testLids{i_lids}, iv_testComps{i_comps} @@ -235,6 +242,88 @@ public: UTIL_FT(EXIT_MRK"testMCLparser complete"); } + + void testProcessMclComponents() + { + UTIL_FT(ENTER_MRK"testProcessMclComponents start" ); + + errlHndl_t l_errl = nullptr; + + // Generate test MCL with test lids + TestMcl l_TestMcl { {Util::TEST_LIDID, Util::TEST_LIDID}, + {{COMP_TEST1,false}} + }; + + // Pass test MCL to MCL manager + MasterContainerLidMgr l_mcl(l_TestMcl.iv_bufferStart, + l_TestMcl.iv_size); + + // Ensure the Comp Info Caches match + if (l_TestMcl.iv_compInfoCache != l_mcl.iv_compInfoCache) + { + TS_FAIL("testProcessMclComponents> Comp Info Caches do not match"); + } + + PreVerifiedLidMgr::initLock(PREVERLIDMGR_TEST_ADDR); + + // Get Instance of Pre-Verified lid manager + auto l_preVerLidMgr = PreVerifiedLidMgr::getInstance(); + + // Clear lids loaded cache as other test cases fill it in. + l_preVerLidMgr.cv_lidsLoaded.clear(); + + l_errl = l_mcl.processComponents(); + if(l_errl) + { + errlCommit(l_errl,UTIL_COMP_ID); + TS_FAIL("testProcessMclComponents> processComponents failed"); + } + + PreVerifiedLidMgr::unlock(); + + UTIL_FT(EXIT_MRK"testProcessMclComponents complete"); + } + + void testProcessSecureMclComponents() + { + UTIL_FT(ENTER_MRK"testProcessSecureMclComponents start" ); + + errlHndl_t l_errl = nullptr; + + // Generate test MCL with Secure Lids + TestMcl l_TestMcl { {Util::TEST_LIDID, Util::TEST_LIDID}, + {{COMP_TEST2,true}} + }; + + // Pass test MCL to MCL manager + MasterContainerLidMgr l_mcl(l_TestMcl.iv_bufferStart, + l_TestMcl.iv_size); + + // Ensure the Comp Info Caches match + if (l_TestMcl.iv_compInfoCache != l_mcl.iv_compInfoCache) + { + TS_FAIL("testProcessSecureMclComponents> Comp Info Caches do not match"); + } + + PreVerifiedLidMgr::initLock(PREVERLIDMGR_TEST_ADDR); + + // Get Instance of Pre-Verified lid manager + auto l_preVerLidMgr = PreVerifiedLidMgr::getInstance(); + + // Clear lids loaded cache as other test cases fill it in. + l_preVerLidMgr.cv_lidsLoaded.clear(); + + l_errl = l_mcl.processComponents(); + if(l_errl) + { + errlCommit(l_errl,UTIL_COMP_ID); + TS_FAIL("testProcessSecureMclComponents> processComponents failed"); + } + + PreVerifiedLidMgr::unlock(); + + UTIL_FT(EXIT_MRK"testProcessSecureMclComponents complete"); + } }; #endif \ No newline at end of file diff --git a/src/usr/util/utillidmgr.C b/src/usr/util/utillidmgr.C index f8ef376e0..6ab0751f8 100644 --- a/src/usr/util/utillidmgr.C +++ b/src/usr/util/utillidmgr.C @@ -830,7 +830,7 @@ void UtilLidMgr::updateLid(uint32_t i_lidId) //different extension. sprintf(iv_lidFileName, "%x.lidbin", iv_lidId); iv_isLidInPnor = getLidPnorSectionInfo(iv_lidId, iv_lidPnorInfo); - UTIL_FT(INFO_MRK "UtilLidMgr: LID 0x%.8X in pnor: %d", + UTIL_DT(INFO_MRK "UtilLidMgr: LID 0x%.8X in pnor: %d", iv_lidId ,iv_isLidInPnor); iv_isLidInVFS = VFS::module_exists(iv_lidFileName); diff --git a/src/usr/util/utilmclmgr.C b/src/usr/util/utilmclmgr.C index a3f9077ff..79e527621 100644 --- a/src/usr/util/utilmclmgr.C +++ b/src/usr/util/utilmclmgr.C @@ -30,17 +30,33 @@ #include #include #include +#include +#include +#include namespace MCL { const size_t MclCompSectionPadSize = 16; -// Defines to simplify list initialzer syntax -#define COMP_MSTCONT {0x4d,0x53,0x54,0x43,0x4f,0x4e,0x54} -#define COMP_POWERVM {0x50,0x4f,0x57,0x45,0x52,0x56,0x4d} -const ComponentID g_MclCompId = COMP_MSTCONT; -const ComponentID g_PowervmCompId = COMP_POWERVM; +const ComponentID g_MclCompId {"MSTCONT"}; +const ComponentID g_PowervmCompId {"POWERVM"}; + +void compIdToString(const ComponentID i_compId, CompIdString o_compIdStr) +{ + memcpy(o_compIdStr, + i_compId.data(), + sizeof(ComponentID)); +} + +uint64_t compIdToInt(const ComponentID i_compId) +{ + uint64_t l_compId {}; + + memcpy(&l_compId, i_compId.data(), sizeof(l_compId)); + + return l_compId; +} //////////////////////////////////////////////////////////////////////////////// // CompInfo @@ -66,8 +82,9 @@ void CompInfo::print() const MasterContainerLidMgr::MasterContainerLidMgr() : iv_mclAddr(MCL_ADDR), iv_mclSize(MCL_SIZE), iv_tmpAddr(MCL_TMP_ADDR), - iv_tmpSize(MCL_TMP_SIZE), iv_pMclVaddr(nullptr), iv_pTempVaddr(nullptr), - iv_compInfoCache{} + iv_tmpSize(MCL_TMP_SIZE), iv_maxSize(0), iv_pMclVaddr(nullptr), + iv_pTempVaddr(nullptr), iv_pVaddr(nullptr), iv_compInfoCache{}, + iv_hasHeader(true) { initMcl(); } @@ -75,8 +92,9 @@ MasterContainerLidMgr::MasterContainerLidMgr() MasterContainerLidMgr::MasterContainerLidMgr(const void* i_pMcl, const size_t i_size) : iv_mclAddr(MCL_ADDR), iv_mclSize(MCL_SIZE), iv_tmpAddr(MCL_TMP_ADDR), - iv_tmpSize(MCL_TMP_SIZE), iv_pMclVaddr(nullptr), iv_pTempVaddr(nullptr), - iv_compInfoCache{} + iv_tmpSize(MCL_TMP_SIZE), iv_maxSize(0), iv_pMclVaddr(nullptr), + iv_pTempVaddr(nullptr), iv_pVaddr(nullptr), iv_compInfoCache{}, + iv_hasHeader(false) { initMcl(i_pMcl, i_size); } @@ -84,6 +102,7 @@ MasterContainerLidMgr::MasterContainerLidMgr(const void* i_pMcl, MasterContainerLidMgr::~MasterContainerLidMgr() { // Release all address spaces + releaseMem(iv_tmpAddr, iv_pMclVaddr); releaseMem(iv_tmpAddr, iv_pTempVaddr); } @@ -91,15 +110,24 @@ void MasterContainerLidMgr::initMcl(const void* i_pMcl, const size_t i_mclSize) { UTIL_FT(ENTER_MRK"MasterContainerLidMgr::initMcl"); + errlHndl_t l_errl = nullptr; + // Add MCL itself to Cache but don't add to comp order CompInfo l_compHdrInfo(CompFlags::SIGNED_PRE_VERIFY); LidInfo l_hdrLidInfo(Util::MCL_LIDID); l_compHdrInfo.lidIds.push_back(l_hdrLidInfo); iv_compInfoCache.insert(std::make_pair(g_MclCompId, l_compHdrInfo)); + // Cache Component ID string + compIdToString(g_MclCompId, iv_curCompIdStr); + // Initialize MCL address space initMem(iv_mclAddr, iv_mclSize, iv_pMclVaddr); + // Use MCL address and size for parsing + iv_pVaddr = iv_pMclVaddr; + iv_maxSize = iv_mclSize; + if(i_pMcl != nullptr) { // set cached MCL pointer with custom MCL @@ -107,15 +135,29 @@ void MasterContainerLidMgr::initMcl(const void* i_pMcl, const size_t i_mclSize) } else { - // Load Lid + // No custom MCL, load default way + l_errl = processComponent(g_MclCompId, + iv_compInfoCache.at(g_MclCompId)); + if (l_errl) + { + uint64_t l_reasonCode = l_errl->reasonCode(); + UTIL_FT(ERR_MRK"MasterContainerLidMgr::initMcl failed to process MCL shutting down rc=0x%08X", + l_reasonCode); + errlCommit(l_errl,UTIL_COMP_ID); + INITSERVICE::doShutdown(l_reasonCode); + } } // Parse all Components in MCL parseMcl(); - // Initialize temporary space for processing lids + // Initialize temporary space for processing other components initMem(iv_tmpAddr, iv_tmpSize, iv_pTempVaddr); + // Switch to temp address and size for all other components + iv_pVaddr = iv_pTempVaddr; + iv_maxSize = iv_tmpSize; + UTIL_FT(EXIT_MRK"MasterContainerLidMgr::initMcl"); } @@ -161,6 +203,8 @@ void MasterContainerLidMgr::releaseMem(const uint64_t i_physAddr, if (l_errl) { uint64_t l_reasonCode = l_errl->reasonCode(); + UTIL_FT(ERR_MRK"MasterContainerLidMgr::releaseMem failed to release memory rc=0x%08X", + l_reasonCode); errlCommit(l_errl,UTIL_COMP_ID); INITSERVICE::doShutdown(l_reasonCode); } @@ -212,6 +256,8 @@ void MasterContainerLidMgr::initMem(const uint64_t i_physAddr, if (l_errl) { uint64_t l_reasonCode = l_errl->reasonCode(); + UTIL_FT(ERR_MRK"MasterContainerLidMgr::initMem failed to initialize memory rc=0x%08X", + l_reasonCode); errlCommit(l_errl,UTIL_COMP_ID); INITSERVICE::doShutdown(l_reasonCode); } @@ -227,6 +273,12 @@ void MasterContainerLidMgr::parseMcl() auto l_pMcl = reinterpret_cast(iv_pMclVaddr); + // If MCL has a header make sure to skip over it for parsing + if (iv_hasHeader) + { + l_pMcl += PAGESIZE; + } + // Parse MCL header auto l_pMclHdr = reinterpret_cast(l_pMcl); uint8_t l_totalComponents = l_pMclHdr->numComponents; @@ -272,4 +324,389 @@ void MasterContainerLidMgr::printCompInfoCache() } } +errlHndl_t MasterContainerLidMgr::processComponents() +{ + errlHndl_t l_errl = nullptr; + + for (auto & compInfoPair : iv_compInfoCache) + { + // Skip the MCL itself as it's already been processed + if (compInfoPair.first == g_MclCompId) + { + continue; + } + + // Cache Component ID string + compIdToString(compInfoPair.first, iv_curCompIdStr); + + l_errl = processComponent(compInfoPair.first, compInfoPair.second); + if (l_errl) + { + UTIL_FT(ERR_MRK"MasterContainerLidMgr::processComponents - failed for componentId %s", + iv_curCompIdStr); + break; + } + // Print Comp Info after loading lid and verifying + iv_compInfoCache.at(compInfoPair.first).print(); + } + + return l_errl; +} + +errlHndl_t MasterContainerLidMgr::processComponent(const ComponentID& i_compId, + CompInfo& io_compInfo) +{ + UTIL_FT(ENTER_MRK"MasterContainerLidMgr::processComponent %s", + iv_curCompIdStr); + + errlHndl_t l_errl = nullptr; + bool l_skipLoad = false; + + do { + + // @TODO RTC:125304 Provide support for a preloaded PHYP + // Check if Component is POWERVM + bool isPhypComp = (i_compId == g_PowervmCompId) ? true : false; + // Still skip PHYP if (!isTCEmode) + if (isPhypComp) + { + // Skip Lid loading if PHYP component and in TCEmode + l_skipLoad = true; + // Only Skip PHYP if not in TCEmode + UTIL_FT("MasterContainerLidMgr::processComponent skipping POWERVM compoenent"); + break; + } + + // Only process compoenents if they are marked PRE_VERIFY + if( (io_compInfo.flags & CompFlags::PRE_VERIFY) != + CompFlags::PRE_VERIFY) + { + UTIL_FT("MasterContainerLidMgr::processComponent not a pre-verify section skipping..."); + break; + } + + // Total size of all Lids in component reoprted by the FSP + size_t l_reportedSize = 0; + if (!l_skipLoad) + { + // Load lids into temp mainstore memory + l_errl = loadLids(io_compInfo, l_reportedSize); + if (l_errl) + { + break; + } + } + // Set total size of component. + // Note: It will be reassigned later if a secure header is present + io_compInfo.totalSize = l_reportedSize; + + // Verify component's lids + l_errl = verifyExtend(i_compId, io_compInfo); + if (l_errl) + { + break; + } + + // Ensure the total size of all lids fit in the mainstore memory region + if (io_compInfo.totalSize > iv_maxSize) + { + UTIL_FT(ERR_MRK"MasterContainerLidMgr::processComponent - Invalid size. Component total size=0x%X, max size =0x%X", + io_compInfo.totalSize, iv_maxSize); + /*@ + * @errortype + * @moduleid Util::UTIL_MCL_PROCESS_COMP + * @reasoncode Util::UTIL_LIDMGR_INVAL_SIZE + * @userdata1[0:31] Total Size of Component + * @userdata1[32:63] Max size of memory region + * @userdata2 Component ID [truncated to 8 bytes] + * @devdesc Error processing component for Mcl Mgr + * @custdesc Firmware Error + */ + l_errl = new ERRORLOG::ErrlEntry( + ERRORLOG::ERRL_SEV_UNRECOVERABLE, + Util::UTIL_MCL_PROCESS_COMP, + Util::UTIL_LIDMGR_INVAL_SIZE, + TWO_UINT32_TO_UINT64( + TO_UINT32(io_compInfo.totalSize), + TO_UINT32(iv_maxSize)), + compIdToInt(i_compId), + true); //software callout + l_errl->collectTrace(UTIL_COMP_NAME); + break; + } + + // Ensure what was read by the FSP matches the total size found in the + // Secure Header. If there is no secure header, this path should not be hit. + // *NOTE: Skip check if lid loading was skipped + if ( !l_skipLoad && (io_compInfo.totalSize != l_reportedSize)) + { + UTIL_FT(ERR_MRK"MasterContainerLidMgr::processComponent - Size Mismatch. Component total size=0x%X, size read by FSP=0x%X", + io_compInfo.totalSize, l_reportedSize); + /*@ + * @errortype + * @moduleid Util::UTIL_MCL_PROCESS_COMP + * @reasoncode Util::UTIL_MCL_SIZE_MISMATCH + * @userdata1[0:31] Total Size of Component + * @userdata1[32:63] Size read by FSP + * @userdata2 Component ID [truncated to 8 bytes] + * @devdesc Error processing component for Mcl Mgr + * @custdesc Firmware Error + */ + l_errl = new ERRORLOG::ErrlEntry( + ERRORLOG::ERRL_SEV_UNRECOVERABLE, + Util::UTIL_MCL_PROCESS_COMP, + Util::UTIL_MCL_SIZE_MISMATCH, + TWO_UINT32_TO_UINT64( + TO_UINT32(io_compInfo.totalSize), + TO_UINT32(l_reportedSize)), + compIdToInt(i_compId), + true); //software callout + l_errl->collectTrace(UTIL_COMP_NAME); + break; + } + + // Clear unused memory + if (io_compInfo.totalSize < iv_maxSize) + { + // Get pointer to end of used space + uint8_t* l_pUnused = reinterpret_cast(iv_pVaddr) + + io_compInfo.totalSize; + memset(l_pUnused, 0, iv_maxSize - io_compInfo.totalSize); + } + + // Only load lids into HB reserved memory if component is preverified + if( (io_compInfo.flags & CompFlags::PRE_VERIFY) == + CompFlags::PRE_VERIFY) + { + auto l_curAddr = reinterpret_cast(iv_pVaddr); + bool l_firstLid = true; + for (auto & lidInfo : io_compInfo.lidIds) + { + uint64_t l_addr = 0; + // Load Pnor section into HB reserved memory + l_errl = PreVerifiedLidMgr::loadFromMCL(lidInfo.id, + l_curAddr, + lidInfo.size, + isPhypComp, + l_addr); + if(l_errl) + { + break; + } + // Increment tmp address by lid size + l_curAddr += lidInfo.size; + + // Save starting address of entire component, not each lid + if (l_firstLid) + { + // Set mainstore memory address in cache + io_compInfo.mainstoreAddr = l_addr; + l_firstLid = false; + } + } + if(l_errl) + { + break; + } + } + + } while(0); + + UTIL_FT(EXIT_MRK"MasterContainerLidMgr::processComponent"); + + return l_errl; +} + +errlHndl_t MasterContainerLidMgr::loadLids(CompInfo& io_compInfo, + size_t& o_totalSize) +{ + UTIL_FT(ENTER_MRK"MasterContainerLidMgr::loadLids"); + errlHndl_t l_errl = nullptr; + + // Force total size to zero + o_totalSize = 0; + // Pointer to mainstore memory temp space + uint8_t* l_pLidVaddr = reinterpret_cast(iv_pVaddr); + // Remaining size to load lids into + size_t l_remainSize = iv_maxSize; + + // Iterate through all Lids associated with a component + // NOTE: iterate by reference to update lidInfo + for (auto & lidInfo : io_compInfo.lidIds) + { + // Get Lid from FSP + UtilLidMgr l_lidMgr(lidInfo.id); + // Get size of current lid to be loaded + size_t l_lidSize = 0; + l_errl = l_lidMgr.getLidSize(l_lidSize); + if(l_errl) + { + UTIL_FT(ERR_MRK"MasterContainerLidMgr::loadLids - Error getting size of lidId=0x%.8x", + lidInfo.id); + break; + } + // Update lid size + lidInfo.size = l_lidSize; + + // Load lid into vaddr location. API will check if remaining size is + // enough; throwing an error if not. + l_errl = l_lidMgr.getLid(reinterpret_cast(l_pLidVaddr), + l_remainSize); + if(l_errl) + { + UTIL_FT(ERR_MRK"MasterContainerLidMgr::loadLids - Error getting lidId=0x%.8x", + lidInfo.id); + break; + } + + // Increment vaddr pointer + l_pLidVaddr += l_lidSize; + + // Decrement size remaining in mainstore memory temp space + if (l_lidSize >= l_remainSize) + { + l_remainSize = 0; + } + else + { + l_remainSize -= l_lidSize; + } + + // Increment total size + o_totalSize += l_lidSize; + } + + UTIL_FT(EXIT_MRK"MasterContainerLidMgr::loadLids"); + + return l_errl; +} + +errlHndl_t MasterContainerLidMgr::verifyExtend(const ComponentID& i_compId, + CompInfo& io_compInfo) +{ + UTIL_FT(ENTER_MRK"MasterContainerLidMgr::verifyExtend"); + + errlHndl_t l_errl = nullptr; + + do { + // Only Verify and Extend if Component is Signed and Preverified + if( (io_compInfo.flags & CompFlags::SIGNED_PRE_VERIFY) == + CompFlags::SIGNED_PRE_VERIFY) + { + // Only verify the lids if in secure mode + if (SECUREBOOT::enabled()) + { + // Verify Container - some combination of Lids + l_errl = SECUREBOOT::verifyContainer(iv_pVaddr); + if (l_errl) + { + UTIL_FT(ERR_MRK"MasterContainerLidMgr::verifyExtend - failed verifyContainer"); + SECUREBOOT::handleSecurebootFailure(l_errl); + assert(false,"Bug! handleSecurebootFailure shouldn't return!"); + } + } + + // Parse Container Header + SECUREBOOT::ContainerHeader l_conHdr(iv_pVaddr); + + // Cache size stats into comp info cache + // @TODO RTC:125304 re-enable when total size is supported correctly + //io_compInfo.totalSize = l_conHdr.totalContainerSize(); + io_compInfo.protectedSize = l_conHdr.payloadTextSize(); + //io_compInfo.unprotectedSize = l_conHdr.totalContainerSize() - + // l_conHdr.payloadTextSize(); + + // @TODO RTC:125304 re-enable when component id is supported in lids + if (0)// memcmp(l_conHdr.componentId(), i_compId.data(), + // SW_HDR_COMP_ID_SIZE_BYTES) != 0 ) + { + uint64_t l_secHdrCompId {}; + uint64_t l_mclCompId {}; + memcpy(&l_secHdrCompId, l_conHdr.componentId(), SW_HDR_COMP_ID_SIZE_BYTES); + memcpy(&l_mclCompId, i_compId.data(), SW_HDR_COMP_ID_SIZE_BYTES); + + UTIL_FT(ERR_MRK"MasterContainerLidMgr::verifyExtend - ComponentID mismatch between secure header = %.16llX and master container lid %.16llX", + l_secHdrCompId, l_mclCompId); + /*@ + * @errortype + * @moduleid Util::UTIL_MCL_VERIFY_EXT + * @reasoncode Util::UTIL_MCL_COMPID_MISMATCH + * @userdata1 Secure Header Comp ID + * @userdata2 Master Container Lid Comp ID + * @devdesc Error processing component for Mcl Mgr + * @custdesc Firmware Error + */ + l_errl = new ERRORLOG::ErrlEntry( + ERRORLOG::ERRL_SEV_UNRECOVERABLE, + Util::UTIL_MCL_VERIFY_EXT, + Util::UTIL_MCL_COMPID_MISMATCH, + l_secHdrCompId, + l_mclCompId, + true); //software callout + l_errl->collectTrace(UTIL_COMP_NAME); + break; + } + + tpmExtend(i_compId, l_conHdr); + } + } while(0); + + UTIL_FT(EXIT_MRK"MasterContainerLidMgr::verifyExtend"); + + return l_errl; +} + +errlHndl_t MasterContainerLidMgr::tpmExtend(const ComponentID& i_compId, + const SECUREBOOT::ContainerHeader& i_conHdr) const +{ + UTIL_FT(ENTER_MRK"MasterContainerLidMgr::tpmExtend"); + + errlHndl_t l_errl = nullptr; + + // PCR 4 Message + char pcr4Msg[sizeof(ComponentID)+1]; + memset(pcr4Msg, 0, sizeof(pcr4Msg)); + memcpy(pcr4Msg, &i_compId, sizeof(ComponentID)); + + // PCR 5 Message + char pcr5Msg[sizeof(ComponentID)+strlen(TRUSTEDBOOT::FW_KEY_HASH_EXT)+1]; + memset(pcr5Msg, 0, sizeof(pcr5Msg)); + strcat(pcr5Msg,pcr4Msg); + strcat(pcr5Msg,TRUSTEDBOOT::FW_KEY_HASH_EXT); + + do { + + // Extend protected payload hash + l_errl = TRUSTEDBOOT::pcrExtend(TRUSTEDBOOT::PCR_4, + TRUSTEDBOOT::EV_COMPACT_HASH, + reinterpret_cast(i_conHdr.payloadTextHash()), + sizeof(SHA512_t), + pcr4Msg); + if (l_errl) + { + UTIL_FT(ERR_MRK "MasterContainerLidMgr::tpmExtend - pcrExtend() (payload text hash) failed for component %s", + iv_curCompIdStr); + break; + } + + // Extend SW keys hash + l_errl = TRUSTEDBOOT::pcrExtend(TRUSTEDBOOT::PCR_5, + TRUSTEDBOOT::EV_COMPACT_HASH, + reinterpret_cast(i_conHdr.swKeyHash()), + sizeof(SHA512_t), + pcr5Msg); + if (l_errl) + { + UTIL_FT(ERR_MRK "MasterContainerLidMgr::tpmExtend - pcrExtend() (FW key hash) failed for component %s", + iv_curCompIdStr); + break; + } + + } while(0); + + UTIL_FT(EXIT_MRK"MasterContainerLidMgr::tpmExtend"); + + return l_errl; +} + } // end namespace MCL -- cgit v1.2.1