[1/5] hdata: add secure and trusted boot ntuple to SPIRA-H/S

Message ID 1504165372-15971-2-git-send-email-cclaudio@linux.vnet.ibm.com
State Under Review
Headers show
Series
  • hdata: add and parse the tpmrel structure
Related show

Commit Message

Claudio Carvalho Aug. 31, 2017, 7:42 a.m.
This adds to spira-h/s the overall tpmrel structure, which defines
secure and trusted boot related data. The internal data structures will
be added in separated patches.

Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
---
 hdata/Makefile.inc       |  2 +-
 hdata/hdata.h            |  1 +
 hdata/spira.c            |  4 ++++
 hdata/spira.h            | 12 +++++++++---
 hdata/test/hdata_to_dt.c |  1 +
 hdata/tpmrel.c           | 40 ++++++++++++++++++++++++++++++++++++++++
 6 files changed, 56 insertions(+), 4 deletions(-)
 create mode 100644 hdata/tpmrel.c

Comments

Oliver O'Halloran Sept. 1, 2017, 4:24 a.m. | #1
On Thu, Aug 31, 2017 at 5:42 PM, Claudio Carvalho
<cclaudio@linux.vnet.ibm.com> wrote:
> This adds to spira-h/s the overall tpmrel structure, which defines
> secure and trusted boot related data. The internal data structures will
> be added in separated patches.
>
> Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
> ---
>  hdata/Makefile.inc       |  2 +-
>  hdata/hdata.h            |  1 +
>  hdata/spira.c            |  4 ++++
>  hdata/spira.h            | 12 +++++++++---
>  hdata/test/hdata_to_dt.c |  1 +
>  hdata/tpmrel.c           | 40 ++++++++++++++++++++++++++++++++++++++++
>  6 files changed, 56 insertions(+), 4 deletions(-)
>  create mode 100644 hdata/tpmrel.c
>
> diff --git a/hdata/Makefile.inc b/hdata/Makefile.inc
> index 5b79dfe..c17b04f 100644
> --- a/hdata/Makefile.inc
> +++ b/hdata/Makefile.inc
> @@ -2,7 +2,7 @@
>
>  SUBDIRS += hdata
>  HDATA_OBJS = spira.o paca.o pcia.o hdif.o memory.o fsp.o iohub.o vpd.o slca.o
> -HDATA_OBJS += cpu-common.o vpd-common.o hostservices.o i2c.o
> +HDATA_OBJS += cpu-common.o vpd-common.o hostservices.o i2c.o tpmrel.o
>  DEVSRC_OBJ = hdata/built-in.o
>
>  $(DEVSRC_OBJ): $(HDATA_OBJS:%=hdata/%)
> diff --git a/hdata/hdata.h b/hdata/hdata.h
> index 6da9b55..31223c8 100644
> --- a/hdata/hdata.h
> +++ b/hdata/hdata.h
> @@ -65,6 +65,7 @@ extern void slca_dt_add_sai_node(void);
>  extern bool hservices_from_hdat(const void *fdt, size_t size);
>  int parse_i2c_devs(const struct HDIF_common_hdr *hdr, int idata_index,
>         struct dt_node *xscom);
> +extern void node_stb_parse(void);
>
>  #endif /* __HDATA_H */
>
> diff --git a/hdata/spira.c b/hdata/spira.c
> index b58be7c..220ae9e 100644
> --- a/hdata/spira.c
> +++ b/hdata/spira.c
> @@ -1278,6 +1278,7 @@ static void fixup_spira(void)
>         spira.ntuples.proc_chip = spiras->ntuples.proc_chip;
>         spira.ntuples.hs_data = spiras->ntuples.hs_data;
>         spira.ntuples.ipmi_sensor = spiras->ntuples.ipmi_sensor;
> +       spira.ntuples.node_stb_data = spiras->ntuples.node_stb_data;
>  }
>
>  int parse_hdat(bool is_opal)
> @@ -1347,6 +1348,9 @@ int parse_hdat(bool is_opal)
>
>         add_stop_levels();
>
> +       /* Parse node secure and trusted boot data */
> +       node_stb_parse();
> +
>         prlog(PR_DEBUG, "Parsing HDAT...done\n");
>
>         return 0;
> diff --git a/hdata/spira.h b/hdata/spira.h
> index 0276d4a..d2a70c1 100644
> --- a/hdata/spira.h
> +++ b/hdata/spira.h
> @@ -40,7 +40,7 @@ struct spira_ntuple {
>         __be64          padding;
>  } __packed;
>
> -#define SPIRA_NTUPLES_COUNT    0x18
> +#define SPIRA_NTUPLES_COUNT    0x19
>
>  struct spira_ntuples {
>         struct HDIF_array_hdr   array_hdr;
> @@ -69,6 +69,7 @@ struct spira_ntuples {
>         struct spira_ntuple     proc_chip;              /* 0x300 */
>         struct spira_ntuple     hs_data;                /* 0x320 */
>         struct spira_ntuple     ipmi_sensor;            /* 0x360 */
> +       struct spira_ntuple     node_stb_data;          /* 0x380 */
>  };
>
>  struct spira {
> @@ -82,7 +83,7 @@ struct spira {
>          *
>          * According to FSP engineers, this is an okay thing to do.
>          */
> -       u8                      reserved[0xa0];
> +       u8                      reserved[0x80];
>  } __packed __align(0x100);
>
>  extern struct spira spira;
> @@ -146,7 +147,7 @@ struct spiras_ntuples {
>         struct spira_ntuple     hs_data;                /* 0x200 */
>         struct spira_ntuple     hbrt_data;              /* 0x220 */
>         struct spira_ntuple     ipmi_sensor;            /* 0x240 */
> -       struct spira_ntuple     node_data;              /* 0x260 */
> +       struct spira_ntuple     node_stb_data;          /* 0x260 */
>  };
>
>  struct spiras {
> @@ -1092,6 +1093,11 @@ struct ipmi_sensors {
>  /* Idata index 1 : LED - sensors ID mapping data */
>  #define IPMI_SENSORS_IDATA_LED         1
>
> +/*
> + * Node Secure and Trusted Boot Related Data
> + */
> +#define STB_HDIF_SIG   "TPMREL"
> +
>  static inline const char *cpu_state(u32 flags)
>  {
>         switch ((flags & CPU_ID_VERIFY_MASK) >> CPU_ID_VERIFY_SHIFT) {
> diff --git a/hdata/test/hdata_to_dt.c b/hdata/test/hdata_to_dt.c
> index 155e41b..6da80a5 100644
> --- a/hdata/test/hdata_to_dt.c
> +++ b/hdata/test/hdata_to_dt.c
> @@ -124,6 +124,7 @@ static bool spira_check_ptr(const void *ptr, const char *file, unsigned int line
>  #include "../slca.c"
>  #include "../hostservices.c"
>  #include "../i2c.c"
> +#include "../tpmrel.c"
>  #include "../../core/vpd.c"
>  #include "../../core/device.c"
>  #include "../../core/chip.c"
> diff --git a/hdata/tpmrel.c b/hdata/tpmrel.c
> new file mode 100644
> index 0000000..7ded404
> --- /dev/null
> +++ b/hdata/tpmrel.c
> @@ -0,0 +1,40 @@
> +/* Copyright 2013-2017 IBM Corp.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + *     http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> + * implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +#ifndef pr_fmt
> +#define pr_fmt(fmt) "HDAT TPMREL: " fmt

Just make this TPMREL: or something. The bits of skiboot that are
inside the HDAT parser are clearly marked already.

> +#endif
> +
> +#include <skiboot.h>
> +
> +#include "spira.h"
> +#include "hdata.h"
> +#include "hdif.h"
> +
> +void node_stb_parse(void)
> +{
> +       struct HDIF_common_hdr *hdif_hdr;
> +
> +       hdif_hdr = get_hdif(&spira.ntuples.node_stb_data, "TPMREL");
> +       if (!hdif_hdr) {
> +               prlog(PR_INFO, "could not find TPMREL data\n");

Make this PR_DEBUG or higher. Gating this entire function around
proc_gen >= proc_gen_p9 might also be a good idea since this tuple
will never be populated on P8 FSP systems so this is a nuisance
warning there.

> +               return;
> +       }
> +
> +       /* TODO: Idata 0: Secure Boot and TPM Instance Info */
> +       /* TODO: Idata 1: User Physical Interaction Mechanism Info */
> +       /* TODO: Idata 2: Hash and Verification Function Offset Array */
> +}
> --
> 2.7.4
>
> _______________________________________________
> Skiboot mailing list
> Skiboot@lists.ozlabs.org
> https://lists.ozlabs.org/listinfo/skiboot
Claudio Carvalho Sept. 4, 2017, 2:50 p.m. | #2
On 01/09/2017 01:24, Oliver wrote:
> On Thu, Aug 31, 2017 at 5:42 PM, Claudio Carvalho
> <cclaudio@linux.vnet.ibm.com> wrote:
>> + * Unless required by applicable law or agreed to in writing, software
>> + * distributed under the License is distributed on an "AS IS" BASIS,
>> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>> + * implied.
>> + * See the License for the specific language governing permissions and
>> + * limitations under the License.
>> + */
>> +
>> +#ifndef pr_fmt
>> +#define pr_fmt(fmt) "HDAT TPMREL: " fmt
> Just make this TPMREL: or something. The bits of skiboot that are
> inside the HDAT parser are clearly marked already.
I will do that.

>
>> +#endif
>> +
>> +#include <skiboot.h>
>> +
>> +#include "spira.h"
>> +#include "hdata.h"
>> +#include "hdif.h"
>> +
>> +void node_stb_parse(void)
>> +{
>> +       struct HDIF_common_hdr *hdif_hdr;
>> +
>> +       hdif_hdr = get_hdif(&spira.ntuples.node_stb_data, "TPMREL");
>> +       if (!hdif_hdr) {
>> +               prlog(PR_INFO, "could not find TPMREL data\n");
> Make this PR_DEBUG or higher. Gating this entire function around
> proc_gen >= proc_gen_p9 might also be a good idea since this tuple
> will never be populated on P8 FSP systems so this is a nuisance
> warning there.

Good catch. I will gate that.

>> +               return;
>> +       }
>> +
>> +       /* TODO: Idata 0: Secure Boot and TPM Instance Info */
>> +       /* TODO: Idata 1: User Physical Interaction Mechanism Info */
>> +       /* TODO: Idata 2: Hash and Verification Function Offset Array */
>> +}
>> --
>> 2.7.4
>>
>> _______________________________________________
>> Skiboot mailing list
>> Skiboot@lists.ozlabs.org
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ozlabs.org_listinfo_skiboot&d=DwIBaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=75damxi8dv4vdGLwy_TNRoKm9_3FxQYCSDCtliSDIKc&m=srzWbN1CNe3nkNA26MGHhtCqfxwLG0s7MkdSflrrNKg&s=ePMbw9zE5RHH1jl0n6UnWIIhGVl_RXXhs4EdeFevYJI&e=

Patch

diff --git a/hdata/Makefile.inc b/hdata/Makefile.inc
index 5b79dfe..c17b04f 100644
--- a/hdata/Makefile.inc
+++ b/hdata/Makefile.inc
@@ -2,7 +2,7 @@ 
 
 SUBDIRS += hdata
 HDATA_OBJS = spira.o paca.o pcia.o hdif.o memory.o fsp.o iohub.o vpd.o slca.o
-HDATA_OBJS += cpu-common.o vpd-common.o hostservices.o i2c.o
+HDATA_OBJS += cpu-common.o vpd-common.o hostservices.o i2c.o tpmrel.o
 DEVSRC_OBJ = hdata/built-in.o
 
 $(DEVSRC_OBJ): $(HDATA_OBJS:%=hdata/%)
diff --git a/hdata/hdata.h b/hdata/hdata.h
index 6da9b55..31223c8 100644
--- a/hdata/hdata.h
+++ b/hdata/hdata.h
@@ -65,6 +65,7 @@  extern void slca_dt_add_sai_node(void);
 extern bool hservices_from_hdat(const void *fdt, size_t size);
 int parse_i2c_devs(const struct HDIF_common_hdr *hdr, int idata_index,
 	struct dt_node *xscom);
+extern void node_stb_parse(void);
 
 #endif /* __HDATA_H */
 
diff --git a/hdata/spira.c b/hdata/spira.c
index b58be7c..220ae9e 100644
--- a/hdata/spira.c
+++ b/hdata/spira.c
@@ -1278,6 +1278,7 @@  static void fixup_spira(void)
 	spira.ntuples.proc_chip = spiras->ntuples.proc_chip;
 	spira.ntuples.hs_data = spiras->ntuples.hs_data;
 	spira.ntuples.ipmi_sensor = spiras->ntuples.ipmi_sensor;
+	spira.ntuples.node_stb_data = spiras->ntuples.node_stb_data;
 }
 
 int parse_hdat(bool is_opal)
@@ -1347,6 +1348,9 @@  int parse_hdat(bool is_opal)
 
 	add_stop_levels();
 
+	/* Parse node secure and trusted boot data */
+	node_stb_parse();
+
 	prlog(PR_DEBUG, "Parsing HDAT...done\n");
 
 	return 0;
diff --git a/hdata/spira.h b/hdata/spira.h
index 0276d4a..d2a70c1 100644
--- a/hdata/spira.h
+++ b/hdata/spira.h
@@ -40,7 +40,7 @@  struct spira_ntuple {
 	__be64		padding;
 } __packed;
 
-#define SPIRA_NTUPLES_COUNT	0x18
+#define SPIRA_NTUPLES_COUNT	0x19
 
 struct spira_ntuples {
 	struct HDIF_array_hdr	array_hdr;
@@ -69,6 +69,7 @@  struct spira_ntuples {
 	struct spira_ntuple	proc_chip;		/* 0x300 */
 	struct spira_ntuple	hs_data;		/* 0x320 */
 	struct spira_ntuple	ipmi_sensor;		/* 0x360 */
+	struct spira_ntuple	node_stb_data;		/* 0x380 */
 };
 
 struct spira {
@@ -82,7 +83,7 @@  struct spira {
 	 *
 	 * According to FSP engineers, this is an okay thing to do.
 	 */
-	u8			reserved[0xa0];
+	u8			reserved[0x80];
 } __packed __align(0x100);
 
 extern struct spira spira;
@@ -146,7 +147,7 @@  struct spiras_ntuples {
 	struct spira_ntuple	hs_data;		/* 0x200 */
 	struct spira_ntuple	hbrt_data;		/* 0x220 */
 	struct spira_ntuple	ipmi_sensor;		/* 0x240 */
-	struct spira_ntuple	node_data;		/* 0x260 */
+	struct spira_ntuple	node_stb_data;		/* 0x260 */
 };
 
 struct spiras {
@@ -1092,6 +1093,11 @@  struct ipmi_sensors {
 /* Idata index 1 : LED - sensors ID mapping data */
 #define IPMI_SENSORS_IDATA_LED		1
 
+/*
+ * Node Secure and Trusted Boot Related Data
+ */
+#define STB_HDIF_SIG	"TPMREL"
+
 static inline const char *cpu_state(u32 flags)
 {
 	switch ((flags & CPU_ID_VERIFY_MASK) >> CPU_ID_VERIFY_SHIFT) {
diff --git a/hdata/test/hdata_to_dt.c b/hdata/test/hdata_to_dt.c
index 155e41b..6da80a5 100644
--- a/hdata/test/hdata_to_dt.c
+++ b/hdata/test/hdata_to_dt.c
@@ -124,6 +124,7 @@  static bool spira_check_ptr(const void *ptr, const char *file, unsigned int line
 #include "../slca.c"
 #include "../hostservices.c"
 #include "../i2c.c"
+#include "../tpmrel.c"
 #include "../../core/vpd.c"
 #include "../../core/device.c"
 #include "../../core/chip.c"
diff --git a/hdata/tpmrel.c b/hdata/tpmrel.c
new file mode 100644
index 0000000..7ded404
--- /dev/null
+++ b/hdata/tpmrel.c
@@ -0,0 +1,40 @@ 
+/* Copyright 2013-2017 IBM Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * 	http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef pr_fmt
+#define pr_fmt(fmt) "HDAT TPMREL: " fmt
+#endif
+
+#include <skiboot.h>
+
+#include "spira.h"
+#include "hdata.h"
+#include "hdif.h"
+
+void node_stb_parse(void)
+{
+	struct HDIF_common_hdr *hdif_hdr;
+
+	hdif_hdr = get_hdif(&spira.ntuples.node_stb_data, "TPMREL");
+	if (!hdif_hdr) {
+		prlog(PR_INFO, "could not find TPMREL data\n");
+		return;
+	}
+
+	/* TODO: Idata 0: Secure Boot and TPM Instance Info */
+	/* TODO: Idata 1: User Physical Interaction Mechanism Info */
+	/* TODO: Idata 2: Hash and Verification Function Offset Array */
+}