From patchwork Thu Aug 31 07:42:52 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
X-Patchwork-Id: 808110
Return-Path: <skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.ozlabs.org (lists.ozlabs.org [103.22.144.68])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3xjZBh2yNQz9sRq
	for <incoming@patchwork.ozlabs.org>;
	Thu, 31 Aug 2017 17:44:12 +1000 (AEST)
Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])
	by lists.ozlabs.org (Postfix) with ESMTP id 3xjZBh24qwzDr3G
	for <incoming@patchwork.ozlabs.org>;
	Thu, 31 Aug 2017 17:44:12 +1000 (AEST)
X-Original-To: skiboot@lists.ozlabs.org
Delivered-To: skiboot@lists.ozlabs.org
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
	[148.163.156.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by lists.ozlabs.org (Postfix) with ESMTPS id 3xjZ9b5sxLzDqGZ
	for <skiboot@lists.ozlabs.org>; Thu, 31 Aug 2017 17:43:15 +1000 (AEST)
Received: from pps.filterd (m0098404.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id
	v7V7cgI2116753
	for <skiboot@lists.ozlabs.org>; Thu, 31 Aug 2017 03:43:13 -0400
Received: from e31.co.us.ibm.com (e31.co.us.ibm.com [32.97.110.149])
	by mx0a-001b2d01.pphosted.com with ESMTP id 2cp98rtsvd-1
	(version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT)
	for <skiboot@lists.ozlabs.org>; Thu, 31 Aug 2017 03:43:13 -0400
Received: from localhost
	by e31.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use
	Only! Violators will be prosecuted
	for <skiboot@lists.ozlabs.org> from <cclaudio@linux.vnet.ibm.com>;
	Thu, 31 Aug 2017 01:43:12 -0600
Received: from b03cxnp08028.gho.boulder.ibm.com (9.17.130.20)
	by e31.co.us.ibm.com (192.168.1.131) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted;
	Thu, 31 Aug 2017 01:43:10 -0600
Received: from b03ledav005.gho.boulder.ibm.com
	(b03ledav005.gho.boulder.ibm.com [9.17.130.236])
	by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id v7V7h9dW31523002
	for <skiboot@lists.ozlabs.org>; Thu, 31 Aug 2017 00:43:09 -0700
Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id CD2A4BE044
	for <skiboot@lists.ozlabs.org>; Thu, 31 Aug 2017 01:43:09 -0600 (MDT)
Received: from legolas.ibm.com (unknown [9.85.193.48])
	by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP id 38190BE042
	for <skiboot@lists.ozlabs.org>; Thu, 31 Aug 2017 01:43:09 -0600 (MDT)
From: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
To: skiboot@lists.ozlabs.org
Date: Thu, 31 Aug 2017 04:42:52 -0300
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1504165372-15971-1-git-send-email-cclaudio@linux.vnet.ibm.com>
References: <1504165372-15971-1-git-send-email-cclaudio@linux.vnet.ibm.com>
X-TM-AS-GCONF: 00
x-cbid: 17083107-8235-0000-0000-00000C331D98
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00007640; HX=3.00000241; KW=3.00000007;
	PH=3.00000004; SC=3.00000226; SDB=6.00910104; UDB=6.00456514;
	IPR=6.00690384;
	BA=6.00005562; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009;
	ZB=6.00000000;
	ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00016938;
	XFM=3.00000015; UTC=2017-08-31 07:43:11
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 17083107-8236-0000-0000-00003D74643E
Message-Id: <1504165372-15971-6-git-send-email-cclaudio@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, ,
	definitions=2017-08-31_02:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	spamscore=0 suspectscore=1
	malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam
	adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000
	definitions=main-1708310118
Subject: [Skiboot] [PATCH 5/5] hdata/tpmrel.c: add cvc offset nodes
X-BeenThere: skiboot@lists.ozlabs.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Mailing list for skiboot development <skiboot.lists.ozlabs.org>
List-Unsubscribe: <https://lists.ozlabs.org/options/skiboot>,
	<mailto:skiboot-request@lists.ozlabs.org?subject=unsubscribe>
List-Archive: <http://lists.ozlabs.org/pipermail/skiboot/>
List-Post: <mailto:skiboot@lists.ozlabs.org>
List-Help: <mailto:skiboot-request@lists.ozlabs.org?subject=help>
List-Subscribe: <https://lists.ozlabs.org/listinfo/skiboot>,
	<mailto:skiboot-request@lists.ozlabs.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org
Sender: "Skiboot"
	<skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>

This parses the hdat tpmrel structure to get the offsets of the
functions provided by the container verification code and then creates
one 'ibm,container-verification-code' child node for each offset found.

Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
---
 hdata/spira.h  | 12 +++++++++
 hdata/tpmrel.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 87 insertions(+), 3 deletions(-)

diff --git a/hdata/spira.h b/hdata/spira.h
index d4c3023..799f0d7 100644
--- a/hdata/spira.h
+++ b/hdata/spira.h
@@ -1132,6 +1132,18 @@ struct secureboot_tpm_info {
 	__be32 drtm_log_size;
 } __packed;
 
+/* Idata index 2: Hash and Verification Function Offsets Array */
+#define TPMREL_IDATA_HASH_VERIF_OFFSETS 	2
+
+struct hash_and_verification {
+#define TPMREL_HV_SHA512			0x00
+#define TPMREL_HV_CONTAINER_VERIFY		0x01
+	__be32 type;
+	__be32 version;
+	__be32 dbob_id;
+	__be32 offset;
+} __packed;
+
 static inline const char *cpu_state(u32 flags)
 {
 	switch ((flags & CPU_ID_VERIFY_MASK) >> CPU_ID_VERIFY_SHIFT) {
diff --git a/hdata/tpmrel.c b/hdata/tpmrel.c
index 81e6443..cc80f3f 100644
--- a/hdata/tpmrel.c
+++ b/hdata/tpmrel.c
@@ -99,6 +99,75 @@ static struct hdat_container_verification_code *map_cvc(uint32_t type)
 	return NULL;
 }
 
+struct {
+	uint32_t container_version;
+	uint32_t type;
+	uint32_t version;
+	const char *compat;
+} cvc_offsets[] = {
+	{0x1, TPMREL_HV_SHA512, 0x1, "ibm,sha512-hash"},
+	{0x1, TPMREL_HV_CONTAINER_VERIFY, 0x1, "ibm,container-verify"}
+};
+
+static const char *map_offset_compat(uint32_t container_version, uint32_t type,
+				   uint32_t version)
+{
+	int i;
+
+	for (i = 0; i < ARRAY_SIZE(cvc_offsets); i++) {
+		if (cvc_offsets[i].container_version == container_version &&
+		    cvc_offsets[i].type == type &&
+		    cvc_offsets[i].version == version)
+			return cvc_offsets[i].compat;
+	}
+	return NULL;
+}
+
+static int cvc_add_code_offset_nodes(struct dt_node *parent,
+				      struct HDIF_common_hdr *hdif_hdr,
+				      struct hdat_container_verification_code *cvc)
+{
+	const struct hash_and_verification *hv;
+	const char *compat;
+	uint32_t type, version;
+	int count, i;
+
+	count = HDIF_get_iarray_size(hdif_hdr, TPMREL_IDATA_HASH_VERIF_OFFSETS);
+
+	if (count > cvc->num_offsets) {
+		prlog(PR_ALERT, "found %d cvc offsets for %s. (expected=%d) "
+		      "HOSTBOOT BUG?", count, cvc->compat, cvc->num_offsets);
+		return -1;
+	}
+
+	for (i = 0; i < count; i++) {
+
+		hv = HDIF_get_iarray_item(hdif_hdr,
+					  TPMREL_IDATA_HASH_VERIF_OFFSETS,
+					  i, NULL);
+
+		type = be32_to_cpu(hv->type);
+		version = be32_to_cpu(hv->version);
+
+		compat = map_offset_compat(cvc->container_version, type, version);
+		if (compat) {
+			uint32_t reg;
+			struct dt_node *code;
+
+			reg = be32_to_cpu(hv->offset);
+
+			code = dt_new_addr(parent, "ibm,code-offset", reg);
+			dt_add_property_strings(code, "compatible", compat);
+			dt_add_property_cells(code, "reg", reg);
+		} else {
+			prlog(PR_INFO, "cvc offset not added. UNKNOWN:"
+			      "cv=%d, type=%d, version=%d\n",
+			      cvc->container_version, type, version);
+		}
+	}
+	return 0;
+}
+
 #define HRMOR_BIT (1ul << 63)
 
 static struct dt_node *get_reserved_memory(const struct msvpd_hb_reserved_mem *hb_resv_mem)
@@ -127,7 +196,7 @@ static struct dt_node *get_reserved_memory(const struct msvpd_hb_reserved_mem *h
 	return node;
 }
 
-static void cvc_init(struct dt_node *parent)
+static void cvc_init(struct dt_node *parent, struct HDIF_common_hdr *hdif_hdr)
 {
 	const struct msvpd_hb_reserved_mem *hb_resv_mem;
 	const struct HDIF_common_hdr *ms_vpd;
@@ -153,7 +222,8 @@ static void cvc_init(struct dt_node *parent)
 	 * to find it.
 	 *
 	 * Once we find the container verification code we create a new node
-	 * with a cross reference to its reserved memory.
+	 * with a cross reference to its reserved memory and also create inner
+	 * nodes (one for each code offset provided).
 	 */
 	for (i = 0; i < count; i++) {
 		hb_resv_mem = HDIF_get_iarray_item(ms_vpd,
@@ -182,6 +252,8 @@ static void cvc_init(struct dt_node *parent)
 			dt_add_property_cells(node, "#size-cells", 0);
 			dt_add_property_strings(node, "compatible", cvc->compat);
 			dt_add_property_cells(node, "memory-region", reserved_mem->phandle);
+
+			cvc_add_code_offset_nodes(node, hdif_hdr, cvc);
 		}
 	}
 	return;
@@ -206,5 +278,5 @@ void node_stb_parse(void)
 		return;
 	}
 
-	cvc_init(node);
+	cvc_init(node, hdif_hdr);
 }