@@ -4,7 +4,7 @@ CVC_DIR = libstb/cvc
SUBDIRS += $(CVC_DIR)
-CVC_SRCS = c1vc.c
+CVC_SRCS = c1vc.c c1vc_mbedtls.c
CVC_OBJS = $(CVC_SRCS:%.c=%.o)
CVC = $(CVC_DIR)/built-in.o
new file mode 100644
@@ -0,0 +1,76 @@
+/* Copyright 2013-2016 IBM Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <chip.h>
+#include <string.h>
+#include <skiboot.h>
+#include "../rom.h"
+#include "sha512.h"
+#include "c1vc_mbedtls.h"
+
+static sha2_hash_t *hw_key_hash = NULL;
+
+static int c1vc_mbedtls_verify(void *container __unused)
+{
+ return -100;
+}
+
+static void c1vc_mbedtls_sha512(const uint8_t *data, size_t len, uint8_t *digest)
+{
+ mbedtls_sha512_context ctx;
+ mbedtls_sha512_init(&ctx);
+ memset(digest, 0, sizeof(sha2_hash_t));
+ mbedtls_sha512_starts(&ctx, 0); // SHA512 = 0
+ mbedtls_sha512_update(&ctx, data, len);
+ mbedtls_sha512_finish(&ctx, digest);
+ mbedtls_sha512_free(&ctx);
+}
+
+static void c1vc_mbedtls_cleanup(void)
+{
+ return;
+}
+
+static struct container_verification_code c1vc = {
+ .name = "software",
+ .verify = c1vc_mbedtls_verify,
+ .sha512 = c1vc_mbedtls_sha512,
+ .cleanup = c1vc_mbedtls_cleanup
+};
+
+void c1vc_mbedtls_probe(const struct dt_node *node)
+{
+ const char* hash_algo;
+
+ if (!dt_node_is_compatible(node, "ibm,secureboot-v1-softrom")) {
+ return;
+ }
+
+ hash_algo = dt_prop_get(node, "hash-algo");
+ if (strcmp(hash_algo, "sha512")) {
+ /**
+ * @fwts-label ROMHashAlgorithmInvalid
+ * @fwts-advice Hostboot creates the ibm,secureboot node and
+ * the hash-algo property. Check that the ibm,secureboot node
+ * layout has not changed.
+ */
+ prlog(PR_ERR, "ROM: hash-algo=%s not expected\n", hash_algo);
+ return;
+ }
+ hw_key_hash = (sha2_hash_t*) dt_prop_get(node, "hw-key-hash");
+
+ rom_set_driver(&c1vc);
+}
new file mode 100644
@@ -0,0 +1,24 @@
+/* Copyright 2013-2016 IBM Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __C1VC_MBEDTLS_H
+#define __C1VC_MBEDTLS_H
+
+#include <device.h>
+
+extern void c1vc_mbedtls_probe(const struct dt_node *node);
+
+#endif /* __C1VC_MBEDTLS_H */
@@ -4,7 +4,7 @@ DRIVERS_DIR = libstb/drivers
SUBDIRS += $(DRIVERS_DIR)
-DRIVERS_SRCS = tpm_i2c_interface.c tpm_i2c_nuvoton.c sw_driver.c sha512.c
+DRIVERS_SRCS = tpm_i2c_interface.c tpm_i2c_nuvoton.c sha512.c
DRIVERS_OBJS = $(DRIVERS_SRCS:%.c=%.o)
DRIVERS = $(DRIVERS_DIR)/built-in.o
deleted file mode 100644
@@ -1,76 +0,0 @@
-/* Copyright 2013-2016 IBM Corp.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- * implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <chip.h>
-#include <string.h>
-#include <skiboot.h>
-#include "../rom.h"
-#include "sha512.h"
-#include "sw_driver.h"
-
-static sha2_hash_t *hw_key_hash = NULL;
-
-static int stb_software_verify(void *container __unused)
-{
- return -100;
-}
-
-static void stb_software_sha512(const uint8_t *data, size_t len, uint8_t *digest)
-{
- mbedtls_sha512_context ctx;
- mbedtls_sha512_init(&ctx);
- memset(digest, 0, sizeof(sha2_hash_t));
- mbedtls_sha512_starts(&ctx, 0); // SHA512 = 0
- mbedtls_sha512_update(&ctx, data, len);
- mbedtls_sha512_finish(&ctx, digest);
- mbedtls_sha512_free(&ctx);
-}
-
-static void stb_software_cleanup(void)
-{
- return;
-}
-
-static struct container_verification_code c1vc = {
- .name = "software",
- .verify = stb_software_verify,
- .sha512 = stb_software_sha512,
- .cleanup = stb_software_cleanup
-};
-
-void stb_software_probe(const struct dt_node *node)
-{
- const char* hash_algo;
-
- if (!dt_node_is_compatible(node, "ibm,secureboot-v1-softrom")) {
- return;
- }
-
- hash_algo = dt_prop_get(node, "hash-algo");
- if (strcmp(hash_algo, "sha512")) {
- /**
- * @fwts-label ROMHashAlgorithmInvalid
- * @fwts-advice Hostboot creates the ibm,secureboot node and
- * the hash-algo property. Check that the ibm,secureboot node
- * layout has not changed.
- */
- prlog(PR_ERR, "ROM: hash-algo=%s not expected\n", hash_algo);
- return;
- }
- hw_key_hash = (sha2_hash_t*) dt_prop_get(node, "hw-key-hash");
-
- rom_set_driver(&c1vc);
-}
deleted file mode 100644
@@ -1,24 +0,0 @@
-/* Copyright 2013-2016 IBM Corp.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- * implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef __SW_DRIVER_H
-#define __SW_DRIVER_H
-
-#include <device.h>
-
-extern void stb_software_probe(const struct dt_node *node);
-
-#endif /* __ROMCODE_H */
@@ -17,7 +17,7 @@
#include <skiboot.h>
#include "rom.h"
#include "cvc/c1vc.h"
-#include "drivers/sw_driver.h"
+#include "cvc/c1vc_mbedtls.h"
static struct container_verification_code *c1vc = NULL;
@@ -30,7 +30,7 @@ struct container_verification_code* rom_init(const struct dt_node *node __unused
c1vc_probe(node);
if (!c1vc)
- stb_software_probe(node);
+ c1vc_mbedtls_probe(node);
if (!c1vc)
prlog(PR_NOTICE, "ROM: no rom driver found\n");
This gives a better name to the drivers/sw_driver.* files and also moves them to a better place. The function names are also renamed accordingly. sw_driver emulates the container version 1 verification code so that we can run tests using mambo. In summary, the function to verify containers is not emulated, but the sha512 function is emulated using the sha512 code provided by the mbedtls project. Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com> --- libstb/cvc/Makefile.inc | 2 +- libstb/cvc/c1vc_mbedtls.c | 76 +++++++++++++++++++++++++++++++++++++++++++++ libstb/cvc/c1vc_mbedtls.h | 24 ++++++++++++++ libstb/drivers/Makefile.inc | 2 +- libstb/drivers/sw_driver.c | 76 --------------------------------------------- libstb/drivers/sw_driver.h | 24 -------------- libstb/rom.c | 4 +-- 7 files changed, 104 insertions(+), 104 deletions(-) create mode 100644 libstb/cvc/c1vc_mbedtls.c create mode 100644 libstb/cvc/c1vc_mbedtls.h delete mode 100644 libstb/drivers/sw_driver.c delete mode 100644 libstb/drivers/sw_driver.h