Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/629161/?format=api
{ "id": 629161, "url": "http://patchwork.ozlabs.org/api/patches/629161/?format=api", "web_url": "http://patchwork.ozlabs.org/project/petitboot/patch/1464861418-19709-4-git-send-email-nayna@linux.vnet.ibm.com/", "project": { "id": 53, "url": "http://patchwork.ozlabs.org/api/projects/53/?format=api", "name": "Petitboot development", "link_name": "petitboot", "list_id": "petitboot.lists.ozlabs.org", "list_email": "petitboot@lists.ozlabs.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<1464861418-19709-4-git-send-email-nayna@linux.vnet.ibm.com>", "list_archive_url": null, "date": "2016-06-02T09:56:58", "name": "[3/3] discover/pb-discover.c:Initialize security context.", "commit_ref": null, "pull_url": null, "state": "rfc", "archived": false, "hash": "edb67f60685dc7732b05c0f3e3f4fd0adaa2ef62", "submitter": { "id": 69141, "url": "http://patchwork.ozlabs.org/api/people/69141/?format=api", "name": "Nayna", "email": "nayna@linux.vnet.ibm.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/petitboot/patch/1464861418-19709-4-git-send-email-nayna@linux.vnet.ibm.com/mbox/", "series": [], "comments": "http://patchwork.ozlabs.org/api/patches/629161/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/629161/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "petitboot@lists.ozlabs.org" ], "Delivered-To": [ "patchwork-incoming@bilbo.ozlabs.org", "petitboot@lists.ozlabs.org" ], "Received": [ "from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3rL3013Ylkz9t0r\n\tfor <incoming@patchwork.ozlabs.org>;\n\tThu, 2 Jun 2016 20:10:57 +1000 (AEST)", "from ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])\n\tby lists.ozlabs.org (Postfix) with ESMTP id 3rL3012TLYzDvfj\n\tfor <incoming@patchwork.ozlabs.org>;\n\tThu, 2 Jun 2016 20:10:57 +1000 (AEST)", "from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com\n\t[148.163.156.1])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby lists.ozlabs.org (Postfix) with ESMTPS id 3rL2hy1ChyzDqxv\n\tfor <petitboot@lists.ozlabs.org>;\n\tThu, 2 Jun 2016 19:57:53 +1000 (AEST)", "from pps.filterd (m0082756.ppops.net [127.0.0.1])\n\tby mx0a-001b2d01.pphosted.com (8.16.0.11/8.16.0.11) with SMTP id\n\tu529upoS008139\n\tfor <petitboot@lists.ozlabs.org>; Thu, 2 Jun 2016 05:57:52 -0400", "from e23smtp01.au.ibm.com (e23smtp01.au.ibm.com [202.81.31.143])\n\tby mx0a-001b2d01.pphosted.com with ESMTP id 23ag2m4hjy-1\n\t(version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT)\n\tfor <petitboot@lists.ozlabs.org>; Thu, 02 Jun 2016 05:57:52 -0400", "from localhost\n\tby e23smtp01.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use\n\tOnly! Violators will be prosecuted\n\tfor <petitboot@lists.ozlabs.org> from <nayna@linux.vnet.ibm.com>;\n\tThu, 2 Jun 2016 19:57:49 +1000", "from d23dlp02.au.ibm.com (202.81.31.213)\n\tby e23smtp01.au.ibm.com (202.81.31.207) with IBM ESMTP SMTP Gateway:\n\tAuthorized Use Only! Violators will be prosecuted; \n\tThu, 2 Jun 2016 19:57:46 +1000", "from d23relay07.au.ibm.com (d23relay07.au.ibm.com [9.190.26.37])\n\tby d23dlp02.au.ibm.com (Postfix) with ESMTP id 82F6A2BB0054\n\tfor <petitboot@lists.ozlabs.org>;\n\tThu, 2 Jun 2016 19:57:30 +1000 (EST)", "from d23av06.au.ibm.com (d23av06.au.ibm.com [9.190.235.151])\n\tby d23relay07.au.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id\n\tu529vK1X66453508\n\tfor <petitboot@lists.ozlabs.org>; Thu, 2 Jun 2016 19:57:25 +1000", "from d23av06.au.ibm.com (localhost [127.0.0.1])\n\tby d23av06.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id\n\tu529vJKf019695\n\tfor <petitboot@lists.ozlabs.org>; Thu, 2 Jun 2016 19:57:20 +1000", "from c365f16u1b3.pok.stglabs.ibm.com\n\t(c365f16u1b3.pok.stglabs.ibm.com [9.47.77.42])\n\tby d23av06.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id\n\tu529v6cS019479; Thu, 2 Jun 2016 19:57:18 +1000" ], "X-IBM-Helo": "d23dlp02.au.ibm.com", "X-IBM-MailFrom": "nayna@linux.vnet.ibm.com", "X-IBM-RcptTo": "petitboot@lists.ozlabs.org", "From": "Nayna Jain <nayna@linux.vnet.ibm.com>", "To": "petitboot@lists.ozlabs.org", "Subject": "[PATCH 3/3] discover/pb-discover.c:Initialize security context.", "Date": "Thu, 2 Jun 2016 05:56:58 -0400", "X-Mailer": "git-send-email 2.5.0", "In-Reply-To": "<1464861418-19709-1-git-send-email-nayna@linux.vnet.ibm.com>", "References": "<1464861418-19709-1-git-send-email-nayna@linux.vnet.ibm.com>", "X-TM-AS-MML": "disable", "X-Content-Scanned": "Fidelis XPS MAILER", "x-cbid": "16060209-1617-0000-0000-00000127B623", "X-IBM-AV-DETECTION": "SAVI=unused REMOTE=unused XFE=unused", "x-cbparentid": "16060209-1618-0000-0000-000045FCF721", "Message-Id": "<1464861418-19709-4-git-send-email-nayna@linux.vnet.ibm.com>", "X-Proofpoint-Virus-Version": "vendor=fsecure engine=2.50.10432:, ,\n\tdefinitions=2016-06-02_04:, , signatures=0", "X-Proofpoint-Spam-Details": "rule=outbound_notspam policy=outbound score=0\n\tspamscore=0 suspectscore=1\n\tmalwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam\n\tadjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000\n\tdefinitions=main-1606020110", "X-BeenThere": "petitboot@lists.ozlabs.org", "X-Mailman-Version": "2.1.22", "Precedence": "list", "List-Id": "Petitboot bootloader development <petitboot.lists.ozlabs.org>", "List-Unsubscribe": "<https://lists.ozlabs.org/options/petitboot>,\n\t<mailto:petitboot-request@lists.ozlabs.org?subject=unsubscribe>", "List-Archive": "<http://lists.ozlabs.org/pipermail/petitboot/>", "List-Post": "<mailto:petitboot@lists.ozlabs.org>", "List-Help": "<mailto:petitboot-request@lists.ozlabs.org?subject=help>", "List-Subscribe": "<https://lists.ozlabs.org/listinfo/petitboot>,\n\t<mailto:petitboot-request@lists.ozlabs.org?subject=subscribe>", "Cc": "hellerda@us.ibm.com, gcwilson@us.ibm.com", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=\"utf-8\"", "Content-Transfer-Encoding": "base64", "Errors-To": "petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org", "Sender": "\"Petitboot\"\n\t<petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>" }, "content": "Modifies discover/pb-discover.c to initialize trusted\nboot.\nAdd discover/pb-secure.c to keep security initialization\nseparate from other functionality.\n\nSigned-off-by: Nayna Jain <nayna@linux.vnet.ibm.com>\n---\n discover/Makefile.am | 4 ++-\n discover/pb-discover.c | 9 +++++++\n discover/pb-secure.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++\n discover/pb-secure.h | 17 +++++++++++++\n 4 files changed, 98 insertions(+), 1 deletion(-)\n create mode 100644 discover/pb-secure.c\n create mode 100644 discover/pb-secure.h", "diff": "diff --git a/discover/Makefile.am b/discover/Makefile.am\nindex 899c9a6..2fd5872 100644\n--- a/discover/Makefile.am\n+++ b/discover/Makefile.am\n@@ -52,7 +52,9 @@ discover_pb_discover_SOURCES = \\\n \tdiscover/user-event.h \\\n \tdiscover/kboot-parser.c \\\n \tdiscover/yaboot-parser.c \\\n-\tdiscover/pxe-parser.c\n+\tdiscover/pxe-parser.c \\\n+\tdiscover/pb-secure.c \\\n+\tdiscover/pb-secure.h\n \n discover_pb_discover_LDADD = \\\n \tdiscover/grub2/grub2-parser.ro \\\ndiff --git a/discover/pb-discover.c b/discover/pb-discover.c\nindex fd37068..bfe165b 100644\n--- a/discover/pb-discover.c\n+++ b/discover/pb-discover.c\n@@ -19,6 +19,7 @@\n #include \"device-handler.h\"\n #include \"sysinfo.h\"\n #include \"platform.h\"\n+#include \"pb-secure.h\"\n \n static void print_version(void)\n {\n@@ -127,6 +128,7 @@ int main(int argc, char *argv[])\n \tstruct procset *procset;\n \tstruct opts opts;\n \tFILE *log;\n+\tint rc = 0;\n \n \tsetlocale(LC_ALL, \"\");\n \tbindtextdomain(PACKAGE, LOCALEDIR);\n@@ -188,6 +190,13 @@ int main(int argc, char *argv[])\n \tif (config_get()->debug)\n \t\tpb_log_set_debug(true);\n \n+\trc = secure_and_trusted_init();\n+\tif (rc == -1)\n+\t{\n+\t\tpb_log(\"Failed to initialize trust\\n\");\n+\t\t//Yet to finalize for action on failure of initializing trust\\n\");\n+\t}\n+\n \tsystem_info_init(server);\n \n \thandler = device_handler_init(server, waitset, opts.dry_run == opt_yes);\ndiff --git a/discover/pb-secure.c b/discover/pb-secure.c\nnew file mode 100644\nindex 0000000..edb4ccc\n--- /dev/null\n+++ b/discover/pb-secure.c\n@@ -0,0 +1,69 @@\n+#include <string.h>\n+\n+#include <log/log.h>\n+#include <util/util.h>\n+#include <types/types.h>\n+#include <security/crypto.h>\n+#include <security/tpmOperations.h>\n+\n+#include \"platform.h\"\n+#include \"pb-secure.h\"\n+\n+int secure_and_trusted_init()\n+{\n+ int rc = 0;\n+ rc = measure_boot_policy();\n+ return rc;\n+}\n+\n+int measure_boot_policy()\n+{\n+\tconst struct config* config;\n+\tunsigned char* config_str = 0;\n+\n+\tuint8_t digest[SHA256_DIGEST_SIZE];\n+\tint rc = 0;\n+\tunsigned int i = 0;\n+\n+\tconfig = config_get();\n+\n+\t//Record ipmi boot params\n+\tconfig_str = get_ipmi_boot_policy_as_string(config);\n+\n+ memset(digest, 0, SHA256_DIGEST_SIZE);\n+ rc = calc_digest(\"sha256\", config_str, digest);\n+ if (rc == -1)\n+ return rc;\n+\n+\tfor (i=0; i < sizeof(digest); i++)\n+ {\n+ pb_log(\"%02x \", digest[i]);\n+ }\n+\n+\tpb_log(\"\\n\");\n+ rc = tpm_extend(5, \"sha256\", digest, SHA256_DIGEST_SIZE);\n+\tif (rc == -1)\n+\t\treturn rc;\n+\n+\n+\t//Record nvram boot params\n+\tconfig_str = get_nvram_boot_policy_as_string(config);\n+\n+ memset(digest, 0, SHA256_DIGEST_SIZE);\n+ rc = calc_digest(\"sha256\", config_str, digest);\n+ if (rc == -1)\n+ return rc;\n+\n+\tfor (i=0; i < sizeof(digest); i++)\n+ {\n+ pb_log(\"%02x \", digest[i]);\n+ }\n+\n+\tpb_log(\"\\n\");\n+ rc = tpm_extend(5, \"sha256\", digest, SHA256_DIGEST_SIZE);\n+\n+\tif (rc == -1)\n+\t\treturn rc;\n+\treturn 0;\n+\n+}\ndiff --git a/discover/pb-secure.h b/discover/pb-secure.h\nnew file mode 100644\nindex 0000000..f71aab1\n--- /dev/null\n+++ b/discover/pb-secure.h\n@@ -0,0 +1,17 @@\n+#ifndef _PB_SECURE_H\n+#define _PB_SECURE_H\n+\n+/**\n+ * Setups and performs any security related operations or calls.\n+ * Currently it just calls measure_boot_policy.\n+ */\n+int secure_and_trusted_init(void);\n+\n+/**\n+ * Reads the boot policy, calculates the digest and extends to\n+ * TPM to measure and record boot policy config values.\n+ * It extends ipmi and nvram boot policy separately.\n+ */\n+int measure_boot_policy(void);\n+\n+#endif /* _PB_SECURE_H */\n", "prefixes": [ "3/3" ] }