Message ID | 1504165372-15971-2-git-send-email-cclaudio@linux.vnet.ibm.com |
---|---|
State | Superseded |
Headers | show |
Series | hdata: add and parse the tpmrel structure | expand |
On Thu, Aug 31, 2017 at 5:42 PM, Claudio Carvalho <cclaudio@linux.vnet.ibm.com> wrote: > This adds to spira-h/s the overall tpmrel structure, which defines > secure and trusted boot related data. The internal data structures will > be added in separated patches. > > Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com> > --- > hdata/Makefile.inc | 2 +- > hdata/hdata.h | 1 + > hdata/spira.c | 4 ++++ > hdata/spira.h | 12 +++++++++--- > hdata/test/hdata_to_dt.c | 1 + > hdata/tpmrel.c | 40 ++++++++++++++++++++++++++++++++++++++++ > 6 files changed, 56 insertions(+), 4 deletions(-) > create mode 100644 hdata/tpmrel.c > > diff --git a/hdata/Makefile.inc b/hdata/Makefile.inc > index 5b79dfe..c17b04f 100644 > --- a/hdata/Makefile.inc > +++ b/hdata/Makefile.inc > @@ -2,7 +2,7 @@ > > SUBDIRS += hdata > HDATA_OBJS = spira.o paca.o pcia.o hdif.o memory.o fsp.o iohub.o vpd.o slca.o > -HDATA_OBJS += cpu-common.o vpd-common.o hostservices.o i2c.o > +HDATA_OBJS += cpu-common.o vpd-common.o hostservices.o i2c.o tpmrel.o > DEVSRC_OBJ = hdata/built-in.o > > $(DEVSRC_OBJ): $(HDATA_OBJS:%=hdata/%) > diff --git a/hdata/hdata.h b/hdata/hdata.h > index 6da9b55..31223c8 100644 > --- a/hdata/hdata.h > +++ b/hdata/hdata.h > @@ -65,6 +65,7 @@ extern void slca_dt_add_sai_node(void); > extern bool hservices_from_hdat(const void *fdt, size_t size); > int parse_i2c_devs(const struct HDIF_common_hdr *hdr, int idata_index, > struct dt_node *xscom); > +extern void node_stb_parse(void); > > #endif /* __HDATA_H */ > > diff --git a/hdata/spira.c b/hdata/spira.c > index b58be7c..220ae9e 100644 > --- a/hdata/spira.c > +++ b/hdata/spira.c > @@ -1278,6 +1278,7 @@ static void fixup_spira(void) > spira.ntuples.proc_chip = spiras->ntuples.proc_chip; > spira.ntuples.hs_data = spiras->ntuples.hs_data; > spira.ntuples.ipmi_sensor = spiras->ntuples.ipmi_sensor; > + spira.ntuples.node_stb_data = spiras->ntuples.node_stb_data; > } > > int parse_hdat(bool is_opal) > @@ -1347,6 +1348,9 @@ int parse_hdat(bool is_opal) > > add_stop_levels(); > > + /* Parse node secure and trusted boot data */ > + node_stb_parse(); > + > prlog(PR_DEBUG, "Parsing HDAT...done\n"); > > return 0; > diff --git a/hdata/spira.h b/hdata/spira.h > index 0276d4a..d2a70c1 100644 > --- a/hdata/spira.h > +++ b/hdata/spira.h > @@ -40,7 +40,7 @@ struct spira_ntuple { > __be64 padding; > } __packed; > > -#define SPIRA_NTUPLES_COUNT 0x18 > +#define SPIRA_NTUPLES_COUNT 0x19 > > struct spira_ntuples { > struct HDIF_array_hdr array_hdr; > @@ -69,6 +69,7 @@ struct spira_ntuples { > struct spira_ntuple proc_chip; /* 0x300 */ > struct spira_ntuple hs_data; /* 0x320 */ > struct spira_ntuple ipmi_sensor; /* 0x360 */ > + struct spira_ntuple node_stb_data; /* 0x380 */ > }; > > struct spira { > @@ -82,7 +83,7 @@ struct spira { > * > * According to FSP engineers, this is an okay thing to do. > */ > - u8 reserved[0xa0]; > + u8 reserved[0x80]; > } __packed __align(0x100); > > extern struct spira spira; > @@ -146,7 +147,7 @@ struct spiras_ntuples { > struct spira_ntuple hs_data; /* 0x200 */ > struct spira_ntuple hbrt_data; /* 0x220 */ > struct spira_ntuple ipmi_sensor; /* 0x240 */ > - struct spira_ntuple node_data; /* 0x260 */ > + struct spira_ntuple node_stb_data; /* 0x260 */ > }; > > struct spiras { > @@ -1092,6 +1093,11 @@ struct ipmi_sensors { > /* Idata index 1 : LED - sensors ID mapping data */ > #define IPMI_SENSORS_IDATA_LED 1 > > +/* > + * Node Secure and Trusted Boot Related Data > + */ > +#define STB_HDIF_SIG "TPMREL" > + > static inline const char *cpu_state(u32 flags) > { > switch ((flags & CPU_ID_VERIFY_MASK) >> CPU_ID_VERIFY_SHIFT) { > diff --git a/hdata/test/hdata_to_dt.c b/hdata/test/hdata_to_dt.c > index 155e41b..6da80a5 100644 > --- a/hdata/test/hdata_to_dt.c > +++ b/hdata/test/hdata_to_dt.c > @@ -124,6 +124,7 @@ static bool spira_check_ptr(const void *ptr, const char *file, unsigned int line > #include "../slca.c" > #include "../hostservices.c" > #include "../i2c.c" > +#include "../tpmrel.c" > #include "../../core/vpd.c" > #include "../../core/device.c" > #include "../../core/chip.c" > diff --git a/hdata/tpmrel.c b/hdata/tpmrel.c > new file mode 100644 > index 0000000..7ded404 > --- /dev/null > +++ b/hdata/tpmrel.c > @@ -0,0 +1,40 @@ > +/* Copyright 2013-2017 IBM Corp. > + * > + * Licensed under the Apache License, Version 2.0 (the "License"); > + * you may not use this file except in compliance with the License. > + * You may obtain a copy of the License at > + * > + * http://www.apache.org/licenses/LICENSE-2.0 > + * > + * Unless required by applicable law or agreed to in writing, software > + * distributed under the License is distributed on an "AS IS" BASIS, > + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or > + * implied. > + * See the License for the specific language governing permissions and > + * limitations under the License. > + */ > + > +#ifndef pr_fmt > +#define pr_fmt(fmt) "HDAT TPMREL: " fmt Just make this TPMREL: or something. The bits of skiboot that are inside the HDAT parser are clearly marked already. > +#endif > + > +#include <skiboot.h> > + > +#include "spira.h" > +#include "hdata.h" > +#include "hdif.h" > + > +void node_stb_parse(void) > +{ > + struct HDIF_common_hdr *hdif_hdr; > + > + hdif_hdr = get_hdif(&spira.ntuples.node_stb_data, "TPMREL"); > + if (!hdif_hdr) { > + prlog(PR_INFO, "could not find TPMREL data\n"); Make this PR_DEBUG or higher. Gating this entire function around proc_gen >= proc_gen_p9 might also be a good idea since this tuple will never be populated on P8 FSP systems so this is a nuisance warning there. > + return; > + } > + > + /* TODO: Idata 0: Secure Boot and TPM Instance Info */ > + /* TODO: Idata 1: User Physical Interaction Mechanism Info */ > + /* TODO: Idata 2: Hash and Verification Function Offset Array */ > +} > -- > 2.7.4 > > _______________________________________________ > Skiboot mailing list > Skiboot@lists.ozlabs.org > https://lists.ozlabs.org/listinfo/skiboot
On 01/09/2017 01:24, Oliver wrote: > On Thu, Aug 31, 2017 at 5:42 PM, Claudio Carvalho > <cclaudio@linux.vnet.ibm.com> wrote: >> + * Unless required by applicable law or agreed to in writing, software >> + * distributed under the License is distributed on an "AS IS" BASIS, >> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or >> + * implied. >> + * See the License for the specific language governing permissions and >> + * limitations under the License. >> + */ >> + >> +#ifndef pr_fmt >> +#define pr_fmt(fmt) "HDAT TPMREL: " fmt > Just make this TPMREL: or something. The bits of skiboot that are > inside the HDAT parser are clearly marked already. I will do that. > >> +#endif >> + >> +#include <skiboot.h> >> + >> +#include "spira.h" >> +#include "hdata.h" >> +#include "hdif.h" >> + >> +void node_stb_parse(void) >> +{ >> + struct HDIF_common_hdr *hdif_hdr; >> + >> + hdif_hdr = get_hdif(&spira.ntuples.node_stb_data, "TPMREL"); >> + if (!hdif_hdr) { >> + prlog(PR_INFO, "could not find TPMREL data\n"); > Make this PR_DEBUG or higher. Gating this entire function around > proc_gen >= proc_gen_p9 might also be a good idea since this tuple > will never be populated on P8 FSP systems so this is a nuisance > warning there. Good catch. I will gate that. >> + return; >> + } >> + >> + /* TODO: Idata 0: Secure Boot and TPM Instance Info */ >> + /* TODO: Idata 1: User Physical Interaction Mechanism Info */ >> + /* TODO: Idata 2: Hash and Verification Function Offset Array */ >> +} >> -- >> 2.7.4 >> >> _______________________________________________ >> Skiboot mailing list >> Skiboot@lists.ozlabs.org >> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ozlabs.org_listinfo_skiboot&d=DwIBaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=75damxi8dv4vdGLwy_TNRoKm9_3FxQYCSDCtliSDIKc&m=srzWbN1CNe3nkNA26MGHhtCqfxwLG0s7MkdSflrrNKg&s=ePMbw9zE5RHH1jl0n6UnWIIhGVl_RXXhs4EdeFevYJI&e=
diff --git a/hdata/Makefile.inc b/hdata/Makefile.inc index 5b79dfe..c17b04f 100644 --- a/hdata/Makefile.inc +++ b/hdata/Makefile.inc @@ -2,7 +2,7 @@ SUBDIRS += hdata HDATA_OBJS = spira.o paca.o pcia.o hdif.o memory.o fsp.o iohub.o vpd.o slca.o -HDATA_OBJS += cpu-common.o vpd-common.o hostservices.o i2c.o +HDATA_OBJS += cpu-common.o vpd-common.o hostservices.o i2c.o tpmrel.o DEVSRC_OBJ = hdata/built-in.o $(DEVSRC_OBJ): $(HDATA_OBJS:%=hdata/%) diff --git a/hdata/hdata.h b/hdata/hdata.h index 6da9b55..31223c8 100644 --- a/hdata/hdata.h +++ b/hdata/hdata.h @@ -65,6 +65,7 @@ extern void slca_dt_add_sai_node(void); extern bool hservices_from_hdat(const void *fdt, size_t size); int parse_i2c_devs(const struct HDIF_common_hdr *hdr, int idata_index, struct dt_node *xscom); +extern void node_stb_parse(void); #endif /* __HDATA_H */ diff --git a/hdata/spira.c b/hdata/spira.c index b58be7c..220ae9e 100644 --- a/hdata/spira.c +++ b/hdata/spira.c @@ -1278,6 +1278,7 @@ static void fixup_spira(void) spira.ntuples.proc_chip = spiras->ntuples.proc_chip; spira.ntuples.hs_data = spiras->ntuples.hs_data; spira.ntuples.ipmi_sensor = spiras->ntuples.ipmi_sensor; + spira.ntuples.node_stb_data = spiras->ntuples.node_stb_data; } int parse_hdat(bool is_opal) @@ -1347,6 +1348,9 @@ int parse_hdat(bool is_opal) add_stop_levels(); + /* Parse node secure and trusted boot data */ + node_stb_parse(); + prlog(PR_DEBUG, "Parsing HDAT...done\n"); return 0; diff --git a/hdata/spira.h b/hdata/spira.h index 0276d4a..d2a70c1 100644 --- a/hdata/spira.h +++ b/hdata/spira.h @@ -40,7 +40,7 @@ struct spira_ntuple { __be64 padding; } __packed; -#define SPIRA_NTUPLES_COUNT 0x18 +#define SPIRA_NTUPLES_COUNT 0x19 struct spira_ntuples { struct HDIF_array_hdr array_hdr; @@ -69,6 +69,7 @@ struct spira_ntuples { struct spira_ntuple proc_chip; /* 0x300 */ struct spira_ntuple hs_data; /* 0x320 */ struct spira_ntuple ipmi_sensor; /* 0x360 */ + struct spira_ntuple node_stb_data; /* 0x380 */ }; struct spira { @@ -82,7 +83,7 @@ struct spira { * * According to FSP engineers, this is an okay thing to do. */ - u8 reserved[0xa0]; + u8 reserved[0x80]; } __packed __align(0x100); extern struct spira spira; @@ -146,7 +147,7 @@ struct spiras_ntuples { struct spira_ntuple hs_data; /* 0x200 */ struct spira_ntuple hbrt_data; /* 0x220 */ struct spira_ntuple ipmi_sensor; /* 0x240 */ - struct spira_ntuple node_data; /* 0x260 */ + struct spira_ntuple node_stb_data; /* 0x260 */ }; struct spiras { @@ -1092,6 +1093,11 @@ struct ipmi_sensors { /* Idata index 1 : LED - sensors ID mapping data */ #define IPMI_SENSORS_IDATA_LED 1 +/* + * Node Secure and Trusted Boot Related Data + */ +#define STB_HDIF_SIG "TPMREL" + static inline const char *cpu_state(u32 flags) { switch ((flags & CPU_ID_VERIFY_MASK) >> CPU_ID_VERIFY_SHIFT) { diff --git a/hdata/test/hdata_to_dt.c b/hdata/test/hdata_to_dt.c index 155e41b..6da80a5 100644 --- a/hdata/test/hdata_to_dt.c +++ b/hdata/test/hdata_to_dt.c @@ -124,6 +124,7 @@ static bool spira_check_ptr(const void *ptr, const char *file, unsigned int line #include "../slca.c" #include "../hostservices.c" #include "../i2c.c" +#include "../tpmrel.c" #include "../../core/vpd.c" #include "../../core/device.c" #include "../../core/chip.c" diff --git a/hdata/tpmrel.c b/hdata/tpmrel.c new file mode 100644 index 0000000..7ded404 --- /dev/null +++ b/hdata/tpmrel.c @@ -0,0 +1,40 @@ +/* Copyright 2013-2017 IBM Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef pr_fmt +#define pr_fmt(fmt) "HDAT TPMREL: " fmt +#endif + +#include <skiboot.h> + +#include "spira.h" +#include "hdata.h" +#include "hdif.h" + +void node_stb_parse(void) +{ + struct HDIF_common_hdr *hdif_hdr; + + hdif_hdr = get_hdif(&spira.ntuples.node_stb_data, "TPMREL"); + if (!hdif_hdr) { + prlog(PR_INFO, "could not find TPMREL data\n"); + return; + } + + /* TODO: Idata 0: Secure Boot and TPM Instance Info */ + /* TODO: Idata 1: User Physical Interaction Mechanism Info */ + /* TODO: Idata 2: Hash and Verification Function Offset Array */ +}
This adds to spira-h/s the overall tpmrel structure, which defines secure and trusted boot related data. The internal data structures will be added in separated patches. Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com> --- hdata/Makefile.inc | 2 +- hdata/hdata.h | 1 + hdata/spira.c | 4 ++++ hdata/spira.h | 12 +++++++++--- hdata/test/hdata_to_dt.c | 1 + hdata/tpmrel.c | 40 ++++++++++++++++++++++++++++++++++++++++ 6 files changed, 56 insertions(+), 4 deletions(-) create mode 100644 hdata/tpmrel.c