Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/808093/?format=api
{ "id": 808093, "url": "http://patchwork.ozlabs.org/api/patches/808093/?format=api", "web_url": "http://patchwork.ozlabs.org/project/skiboot/patch/1504164285-15095-5-git-send-email-cclaudio@linux.vnet.ibm.com/", "project": { "id": 44, "url": "http://patchwork.ozlabs.org/api/projects/44/?format=api", "name": "skiboot firmware development", "link_name": "skiboot", "list_id": "skiboot.lists.ozlabs.org", "list_email": "skiboot@lists.ozlabs.org", "web_url": "http://github.com/open-power/skiboot", "scm_url": "http://github.com/open-power/skiboot", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<1504164285-15095-5-git-send-email-cclaudio@linux.vnet.ibm.com>", "list_archive_url": null, "date": "2017-08-31T07:24:35", "name": "[v2,04/14] libstb/stb.c: change tb_measure() to use flash_lookup_resource_name()", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": false, "hash": "465354842f5e102e68fc64a2c810df73ee9f6ceb", "submitter": { "id": 69305, "url": "http://patchwork.ozlabs.org/api/people/69305/?format=api", "name": "Claudio Carvalho", "email": "cclaudio@linux.vnet.ibm.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/skiboot/patch/1504164285-15095-5-git-send-email-cclaudio@linux.vnet.ibm.com/mbox/", "series": [ { "id": 760, "url": "http://patchwork.ozlabs.org/api/series/760/?format=api", "web_url": "http://patchwork.ozlabs.org/project/skiboot/list/?series=760", "date": "2017-08-31T07:24:31", "name": "libstb: simplify the initialization of cvc drivers", "version": 2, "mbox": "http://patchwork.ozlabs.org/series/760/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/808093/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/808093/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "skiboot@lists.ozlabs.org" ], "Delivered-To": [ "patchwork-incoming@bilbo.ozlabs.org", "skiboot@lists.ozlabs.org" ], "Received": [ "from lists.ozlabs.org (lists.ozlabs.org [103.22.144.68])\n\t(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xjYpW2qs7z9sNc\n\tfor <incoming@patchwork.ozlabs.org>;\n\tThu, 31 Aug 2017 17:26:43 +1000 (AEST)", "from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])\n\tby lists.ozlabs.org (Postfix) with ESMTP id 3xjYpW1qtvzDqZ7\n\tfor <incoming@patchwork.ozlabs.org>;\n\tThu, 31 Aug 2017 17:26:43 +1000 (AEST)", "from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com\n\t[148.163.156.1])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby lists.ozlabs.org (Postfix) with ESMTPS id 3xjYmq0XwczDqXn\n\tfor <skiboot@lists.ozlabs.org>; Thu, 31 Aug 2017 17:25:14 +1000 (AEST)", "from pps.filterd (m0098396.ppops.net [127.0.0.1])\n\tby mx0a-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id\n\tv7V7ONDY086390\n\tfor <skiboot@lists.ozlabs.org>; Thu, 31 Aug 2017 03:25:13 -0400", "from e19.ny.us.ibm.com (e19.ny.us.ibm.com [129.33.205.209])\n\tby mx0a-001b2d01.pphosted.com with ESMTP id 2cpc4g7f3u-1\n\t(version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT)\n\tfor <skiboot@lists.ozlabs.org>; Thu, 31 Aug 2017 03:25:13 -0400", "from localhost\n\tby e19.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use\n\tOnly! Violators will be prosecuted\n\tfor <skiboot@lists.ozlabs.org> from <cclaudio@linux.vnet.ibm.com>;\n\tThu, 31 Aug 2017 03:25:12 -0400", "from b01cxnp23032.gho.pok.ibm.com (9.57.198.27)\n\tby e19.ny.us.ibm.com (146.89.104.206) with IBM ESMTP SMTP Gateway:\n\tAuthorized Use Only! Violators will be prosecuted; \n\tThu, 31 Aug 2017 03:25:11 -0400", "from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com\n\t[9.57.199.109])\n\tby b01cxnp23032.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP\n\tid v7V7PAwn25231364\n\tfor <skiboot@lists.ozlabs.org>; Thu, 31 Aug 2017 07:25:10 GMT", "from localhost (unknown [127.0.0.1])\n\tby IMSVA (Postfix) with SMTP id 32D24112056\n\tfor <skiboot@lists.ozlabs.org>; Thu, 31 Aug 2017 03:24:56 -0400 (EDT)", "from legolas.ibm.com (unknown [9.85.193.48])\n\tby b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP id 0D8DC112051;\n\tThu, 31 Aug 2017 03:24:44 -0400 (EDT)" ], "X-IMSS-HAND-OFF-DIRECTIVE": "127.0.0.1:10026", "From": "Claudio Carvalho <cclaudio@linux.vnet.ibm.com>", "To": "skiboot@lists.ozlabs.org", "Date": "Thu, 31 Aug 2017 04:24:35 -0300", "X-Mailer": "git-send-email 2.7.4", "In-Reply-To": "<1504164285-15095-1-git-send-email-cclaudio@linux.vnet.ibm.com>", "References": "<1504164285-15095-1-git-send-email-cclaudio@linux.vnet.ibm.com>", "X-TM-AS-GCONF": "00", "x-cbid": "17083107-0056-0000-0000-000003BF4006", "X-IBM-SpamModules-Scores": "", "X-IBM-SpamModules-Versions": "BY=3.00007640; HX=3.00000241; KW=3.00000007;\n\tPH=3.00000004; SC=3.00000226; SDB=6.00910097; UDB=6.00456510;\n\tIPR=6.00690378; \n\tBA=6.00005562; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009;\n\tZB=6.00000000; \n\tZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00016938;\n\tXFM=3.00000015; UTC=2017-08-31 07:25:11", "X-IBM-AV-DETECTION": "SAVI=unused REMOTE=unused XFE=unused", "x-cbparentid": "17083107-0057-0000-0000-000007F5713E", "Message-Id": "<1504164285-15095-5-git-send-email-cclaudio@linux.vnet.ibm.com>", "X-Proofpoint-Virus-Version": "vendor=fsecure engine=2.50.10432:, ,\n\tdefinitions=2017-08-31_02:, , signatures=0", "X-Proofpoint-Spam-Details": "rule=outbound_notspam policy=outbound score=0\n\tspamscore=0 suspectscore=1\n\tmalwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam\n\tadjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000\n\tdefinitions=main-1708310114", "Subject": "[Skiboot] [PATCH v2 04/14] libstb/stb.c: change tb_measure() to use\n\tflash_lookup_resource_name()", "X-BeenThere": "skiboot@lists.ozlabs.org", "X-Mailman-Version": "2.1.23", "Precedence": "list", "List-Id": "Mailing list for skiboot development <skiboot.lists.ozlabs.org>", "List-Unsubscribe": "<https://lists.ozlabs.org/options/skiboot>,\n\t<mailto:skiboot-request@lists.ozlabs.org?subject=unsubscribe>", "List-Archive": "<http://lists.ozlabs.org/pipermail/skiboot/>", "List-Post": "<mailto:skiboot@lists.ozlabs.org>", "List-Help": "<mailto:skiboot-request@lists.ozlabs.org?subject=help>", "List-Subscribe": "<https://lists.ozlabs.org/listinfo/skiboot>,\n\t<mailto:skiboot-request@lists.ozlabs.org?subject=subscribe>", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=\"utf-8\"", "Content-Transfer-Encoding": "base64", "Errors-To": "skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org", "Sender": "\"Skiboot\"\n\t<skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>" }, "content": "Trustedboot measures only images stored in known PNOR partitions. With\nthe flash_lookup_resource_name(), the PNOR partition information don't\nneed to be duplicated in libstb for trustedboot.\n\nAdditionally, an image can be measured to a PCR only if a PCR number has\nbeen mapped to the respective partition.\n\nThis adds the pcr_map() function and replaces stb_resource_lookup() by\nboth flash_lookup_resource_name() and pcr_map().\n\nSigned-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>\n---\n libstb/stb.c | 76 +++++++++++++++++++++++++++++-------------------------------\n 1 file changed, 37 insertions(+), 39 deletions(-)", "diff": "diff --git a/libstb/stb.c b/libstb/stb.c\nindex 949f81c..ed34c6a 100644\n--- a/libstb/stb.c\n+++ b/libstb/stb.c\n@@ -34,8 +34,6 @@ static bool trusted_mode = false;\n \n static struct rom_driver_ops *rom_driver = NULL;\n \n-#define MAX_RESOURCE_NAME\t15\n-\n /*\n * This maps a PCR for each resource we can measure. The PCR number is\n * mapped according to the TCG PC Client Platform Firmware Profile\n@@ -43,21 +41,23 @@ static struct rom_driver_ops *rom_driver = NULL;\n * Only resources included in this whitelist can be measured.\n */\n static struct {\n-\n-\t/* PNOR partition id */\n \tenum resource_id id;\n-\n-\t/* PCR mapping for the resource id */\n \tTPM_Pcr pcr;\n-\n-\t/* Resource name */\n-\tconst char name[MAX_RESOURCE_NAME+1];\n-\n-} resource_map[] = {\n-\t{ RESOURCE_ID_KERNEL, PCR_4, \"BOOTKERNEL\" },\n-\t{ RESOURCE_ID_CAPP, PCR_2, \"CAPP\"},\n+} resources[] = {\n+\t{ RESOURCE_ID_KERNEL, PCR_4 },\n+\t{ RESOURCE_ID_CAPP, PCR_2 },\n };\n \n+static TPM_Pcr map_pcr(enum resource_id id)\n+{\n+\tint i;\n+\tfor (i = 0; i < ARRAY_SIZE(resources); i++) {\n+\t\tif (resources[i].id == id)\n+\t\t\treturn resources[i].pcr;\n+\t}\n+\treturn -1;\n+}\n+\n struct event_hash {\n \tconst unsigned char *sha1;\n \tconst unsigned char *sha256;\n@@ -76,15 +76,6 @@ static struct event_hash evFF = {\n \t\t \"\\xfd\\x0e\"\n };\n \n-static int stb_resource_lookup(enum resource_id id)\n-{\n-\tint i;\n-\tfor (i = 0; i < ARRAY_SIZE(resource_map); i++)\n-\t\tif (resource_map[i].id == id)\n-\t\t\treturn i;\n-\treturn -1;\n-}\n-\n static void sb_enforce(void)\n {\n \t/*\n@@ -188,9 +179,10 @@ int stb_final(void)\n \n int tb_measure(enum resource_id id, void *buf, size_t len)\n {\n-\tint r;\n \tuint8_t digest[SHA512_DIGEST_LENGTH];\n \tconst uint8_t *digestp;\n+\tconst char *name;\n+\tTPM_Pcr pcr;\n \n \tdigestp = NULL;\n \tif (!trusted_mode) {\n@@ -198,17 +190,25 @@ int tb_measure(enum resource_id id, void *buf, size_t len)\n \t\t \"trusted_mode=0\\n\", __func__, id);\n \t\treturn STB_TRUSTED_MODE_DISABLED;\n \t}\n-\tr = stb_resource_lookup(id);\n-\tif (r == -1) {\n+\tname = flash_map_resource_name(id);\n+\tif (!name) {\n \t\t/**\n-\t\t * @fwts-label STBMeasureResourceNotMapped\n-\t\t * @fwts-advice The resource is not registered in the resource_map[]\n-\t\t * array, but it should be otherwise the resource cannot be\n-\t\t * measured if trusted mode is on.\n+\t\t * @fwts-label ResourceNotMeasuredUnknown\n+\t\t * @fwts-advice This is a bug in the tb_measure() caller, which\n+\t\t * is passing an unknown resource_id.\n \t\t */\n-\t\tprlog(PR_ERR, \"STB: %s failed, resource %d not mapped\\n\",\n-\t\t __func__, id);\n-\t\treturn STB_ARG_ERROR;\n+\t\tprerror(\"STB: resource NOT MEASURED, resource_id=%d unknown\\n\", id);\n+\t\treturn -1;\n+\t}\n+\tpcr = map_pcr(id);\n+\tif (pcr == -1) {\n+\t\t/**\n+\t\t * @fwts-label ResourceNotMappedToPCR\n+\t\t * @fwts-advice This is a bug. The resource cannot be measured\n+\t\t * because it is not mapped to a PCR in the resources[] array.\n+\t\t */\n+\t\tprerror(\"STB: %s NOT MEASURED, it's not mapped to a PCR\\n\", name);\n+\t\treturn -1;\n \t}\n \tif (!buf) {\n \t\t/**\n@@ -218,7 +218,7 @@ int tb_measure(enum resource_id id, void *buf, size_t len)\n \t\t * bug in the framework.\n \t\t */\n \t\tprlog(PR_ERR, \"STB: %s failed: resource %s, buf null\\n\",\n-\t\t __func__, resource_map[r].name);\n+\t\t __func__, name);\n \t\treturn STB_ARG_ERROR;\n \t}\n \tmemset(digest, 0, SHA512_DIGEST_LENGTH);\n@@ -239,8 +239,7 @@ int tb_measure(enum resource_id id, void *buf, size_t len)\n \t\t\t (void*)((uint8_t*)buf + SECURE_BOOT_HEADERS_SIZE),\n \t\t\t len - SECURE_BOOT_HEADERS_SIZE, digest);\n \n-\t\tprlog(PR_INFO, \"STB: %s sha512 hash re-calculated\\n\",\n-\t\t resource_map[r].name);\n+\t\tprlog(PR_INFO, \"STB: %s sha512 hash re-calculated\\n\", name);\n \t\tif (memcmp(digestp, digest, TPM_ALG_SHA256_SIZE) != 0) {\n \t\t\tprlog(PR_ALERT, \"STB: HASH IN CONTAINER DOESN'T MATCH CONTENT!\\n\");\n \t\t\tprlog(PR_ALERT, \"STB: Container hash:\\n\");\n@@ -253,8 +252,7 @@ int tb_measure(enum resource_id id, void *buf, size_t len)\n \t\t}\n \t} else {\n \t\trom_driver->sha512(buf, len, digest);\n-\t\tprlog(PR_INFO, \"STB: %s sha512 hash calculated\\n\",\n-\t\t resource_map[r].name);\n+\t\tprlog(PR_INFO, \"STB: %s sha512 hash calculated\\n\", name);\n \t}\n \n #ifdef STB_DEBUG\n@@ -267,10 +265,10 @@ int tb_measure(enum resource_id id, void *buf, size_t len)\n \t * algorithm, the sha512 hash is truncated to match the size required\n \t * by each PCR bank.\n \t */\n-\treturn tpm_extendl(resource_map[r].pcr,\n+\treturn tpm_extendl(pcr,\n \t\t\t TPM_ALG_SHA256, digest, TPM_ALG_SHA256_SIZE,\n \t\t\t TPM_ALG_SHA1, digest, TPM_ALG_SHA1_SIZE,\n-\t\t\t EV_ACTION, resource_map[r].name);\n+\t\t\t EV_ACTION, name);\n }\n \n int sb_verify(enum resource_id id, void *buf, size_t len)\n", "prefixes": [ "v2", "04/14" ] }