1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
/* IBM_PROLOG_BEGIN_TAG */
/* This is an automatically generated prolog. */
/* */
/* $Source: src/usr/secureboot/runtime/rt_secureboot.C $ */
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2016,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
/* Licensed under the Apache License, Version 2.0 (the "License"); */
/* you may not use this file except in compliance with the License. */
/* You may obtain a copy of the License at */
/* */
/* http://www.apache.org/licenses/LICENSE-2.0 */
/* */
/* Unless required by applicable law or agreed to in writing, software */
/* distributed under the License is distributed on an "AS IS" BASIS, */
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */
/* implied. See the License for the specific language governing */
/* permissions and limitations under the License. */
/* */
/* IBM_PROLOG_END_TAG */
/**
* @file rt_secureboot.C
* @brief Provides runtime API for secure container verification
*/
#include <runtime/interface.h>
#include <config.h>
#include "common/securetrace.H"
#include <secureboot/service.H>
#include <secureboot/secure_reasoncodes.H>
#include <errl/errlmanager.H>
#include <runtime/rt_targeting.H>
#include <targeting/common/commontargeting.H>
#include <targeting/common/targetservice.H>
#include <devicefw/userif.H>
namespace SECUREBOOT
{
using namespace TARGETING;
#if defined(CONFIG_SECUREBOOT) && defined(__HOSTBOOT_RUNTIME)
bool enabled()
{
errlHndl_t l_errl = nullptr;
uint64_t l_regValue = 0;
size_t l_size = sizeof(l_regValue);
TargetService& tS = targetService();
Target* masterProcChipTargetHandle = nullptr;
do
{
l_errl = tS.queryMasterProcChipTargetHandle(
masterProcChipTargetHandle);
if (l_errl)
{
errlCommit(l_errl, SECURE_COMP_ID);
break;
}
l_errl = deviceRead(masterProcChipTargetHandle,
&l_regValue, l_size,
DEVICE_SCOM_ADDRESS(
static_cast<uint64_t>(ProcSecurity::SwitchRegister)));
if (l_errl)
{
errlCommit(l_errl, SECURE_COMP_ID);
break;
}
assert(l_size == sizeof(l_regValue));
} while (0);
// if there was an error l_regValue is zero, so we return false.
// Unfortunately this is all we can do. These shouldn't fail.
return l_regValue & static_cast<uint64_t>(ProcSecurity::SabBit);
}
#endif
#ifdef __HOSTBOOT_RUNTIME
bool allowAttrOverrides()
{
bool retVal = false;
if (enabled())
{
// Check attribute to see if overrides are allowed in secure mode
TARGETING::TargetService& tS = TARGETING::targetService();
TARGETING::Target* sys = nullptr;
(void) tS.getTopLevelTarget( sys );
assert(sys, "SECUREBOOT::allowAttrOverrides() system target is NULL");
retVal = sys->getAttr<
TARGETING::ATTR_ALLOW_ATTR_OVERRIDES_IN_SECURE_MODE>();
SB_INF("SECUREBOOT::allowAttrOverrides: Inside Attr check: retVal=0x%X",
retVal);
}
else
{
// Allow Attribute Overrides in unsecure mode
retVal = true;
}
return retVal;
}
#endif
int verify_container(
const void* i_pContainer,
const void* i_pHwKeyHash,
const size_t i_hwKeyHashSize)
{
int rc = 0;
SB_ENTER(
"verify_container: "
"container ptr = %p, "
"HW keys' hash ptr = %p, "
"HW keys' hash size = %d",
i_pContainer,i_pHwKeyHash,i_hwKeyHashSize);
// TODO: RTC 156485
// Implement guts of verify_container
SB_EXIT(
"verify_container: rc = %d",rc);
return rc;
}
struct registerSecurebootRt
{
registerSecurebootRt()
{
auto pRtIntf = getRuntimeInterfaces();
#ifdef CONFIG_SECUREBOOT
pRtIntf->verify_container = &verify_container;
#else
pRtIntf->verify_container = nullptr;
#endif
}
};
registerSecurebootRt g_registerSecurebootRt;
} // end of SECUREBOOT namespace
|