| Message ID | 1521117089-27073-1-git-send-email-ppaidipe@linux.vnet.ibm.com |
|---|---|
| State | Rejected |
| Headers | show |
| Series | [v2] libstb/trustedboot: Enable trusted_measure in fast-reboot path | expand |
Secure and trusted boot doesn't support fast reboot yet. I would accept this patch only if the failures pointed out are causing any harm. If we measure the same event multiple times as proposed in this patch, the event log and the PCRs will not have the expected values when the system boots up to the target OS. Consequently, remote attestation will fail even if the partitions measured hasn't been tampered with. We discussed fast reboot recently, but we did not find a solution for that yet. An idea that came up is that we could measure events in a different PCR if fast reboot is detected, but we would still need to make remote attestation work. -- Claudio On 15/03/2018 09:31, Pridhiviraj Paidipeddi wrote: > Currently in fast-reboot path trusted measure is not functioning > due to the tpm_cleanup happening in full IPL which un-registers > all the tpms. > > It fails with below messages > [xxx,3] STB: BOOTKERNEL NOT MEASURED. Already exited from boot services > [xxx,3] STB: EV_SEPARATOR (pcr0) NOT MEASURED. No TPM registered/enabled > > This patch enables it by enabling the boot_services_exited flag and > doing the tpm_cleanup only when trusted boot mode is OFF. > > Signed-off-by: Pridhiviraj Paidipeddi <ppaidipe@linux.vnet.ibm.com> > --- > core/fast-reboot.c | 6 ++++++ > libstb/tpm_chip.c | 1 + > libstb/trustedboot.c | 8 ++++---- > libstb/trustedboot.h | 2 ++ > 4 files changed, 13 insertions(+), 4 deletions(-) > > diff --git a/core/fast-reboot.c b/core/fast-reboot.c > index 0fe16cc..c7853d2 100644 > --- a/core/fast-reboot.c > +++ b/core/fast-reboot.c > @@ -30,6 +30,7 @@ > #include <ipmi.h> > #include <direct-controls.h> > #include <nvram.h> > +#include "libstb/trustedboot.h" > > /* Flag tested by the OPAL entry code */ > static volatile bool fast_boot_release; > @@ -330,6 +331,11 @@ void __noreturn fast_reboot_entry(void) > cpu_set_sreset_enable(true); > cpu_set_ipi_enable(true); > > + /* We are loading the BOOTKERNEL from PNOR, in order to function > + * trusted_measure, enable boot services flag > + */ > + boot_services_exited = false; > + > /* Start preloading kernel and ramdisk */ > start_preload_kernel(); > > diff --git a/libstb/tpm_chip.c b/libstb/tpm_chip.c > index 2858caf..58e5f75 100644 > --- a/libstb/tpm_chip.c > +++ b/libstb/tpm_chip.c > @@ -313,6 +313,7 @@ int tpm_extendl(TPM_Pcr pcr, > void tpm_add_status_property(void) { > struct tpm_chip *tpm; > list_for_each(&tpm_list, tpm, link) { > + dt_check_del_prop(tpm->node, "status"); > dt_add_property_string(tpm->node, "status", > tpm->enabled ? "okay" : "disabled"); > } > diff --git a/libstb/trustedboot.c b/libstb/trustedboot.c > index 151e4e1..0f1f50b 100644 > --- a/libstb/trustedboot.c > +++ b/libstb/trustedboot.c > @@ -31,7 +31,7 @@ > > static bool trusted_mode = false; > static bool trusted_init = false; > -static bool boot_services_exited = false; > +bool boot_services_exited; > > /* > * This maps a PCR for each resource we can measure. The PCR number is > @@ -127,8 +127,10 @@ int trustedboot_exit_boot_services(void) > > boot_services_exited = true; > > - if (!trusted_mode) > + if (!trusted_mode) { > + tpm_cleanup(); > goto out_free; > + } > > #ifdef STB_DEBUG > prlog(PR_NOTICE, "ev_separator.event: %s\n", ev_separator.event); > @@ -156,8 +158,6 @@ int trustedboot_exit_boot_services(void) > tpm_add_status_property(); > > out_free: > - tpm_cleanup(); > - > return (failed) ? -1 : 0; > } > > diff --git a/libstb/trustedboot.h b/libstb/trustedboot.h > index 3003c80..bb4fcb6 100644 > --- a/libstb/trustedboot.h > +++ b/libstb/trustedboot.h > @@ -19,6 +19,8 @@ > > #include <platform.h> > > +extern bool boot_services_exited; > + > void trustedboot_init(void); > > /**
On 2018-03-16 08:13, Claudio Carvalho wrote: > Secure and trusted boot doesn't support fast reboot yet. I would > accept this patch only if the failures pointed out are causing any > harm. > Currently no boot harm, it's just a error message thrown to console. And also i see secureboot verify is properly functional in fast-reboot path. > If we measure the same event multiple times as proposed in this patch, > the event log and the PCRs will not have the expected values when the > system boots up to the target OS. Consequently, remote attestation > will fail even if the partitions measured hasn't been tampered with. > We discussed fast reboot recently, but we did not find a solution for > that yet. An idea that came up is that we could measure events in a > different PCR if fast reboot is detected, but we would still need to > make remote attestation work. Yeah, this makes sense to record measurements in a different PCR to keep the expected values as it is. Can we return in first place for trusted_measure and trustedboot_exit_boot_services functions when we detect a fast-reboot? until remote attestation work in place. As we are seeing lot of error messages in console saying no TPM registered/enabled. [ 1069.079405326,3] STB: BOOTKERNEL NOT MEASURED. Already exited from boot services [ 1069.087727317,3] STB: EV_SEPARATOR (pcr0) NOT MEASURED. No TPM registered/enabled [ 1069.091277930,3] STB: EV_SEPARATOR (pcr1) NOT MEASURED. No TPM registered/enabled [ 1069.094830682,3] STB: EV_SEPARATOR (pcr2) NOT MEASURED. No TPM registered/enabled [ 1069.099085602,3] STB: EV_SEPARATOR (pcr3) NOT MEASURED. No TPM registered/enabled [ 1069.102637912,3] STB: EV_SEPARATOR (pcr4) NOT MEASURED. No TPM registered/enabled [ 1069.106893031,3] STB: EV_SEPARATOR (pcr5) NOT MEASURED. No TPM registered/enabled [ 1069.110445897,3] STB: EV_SEPARATOR (pcr6) NOT MEASURED. No TPM registered/enabled [ 1069.113998405,3] STB: EV_SEPARATOR (pcr7) NOT MEASURED. No TPM registered/enabled Thanks Pridhiviraj > > -- Claudio > > > On 15/03/2018 09:31, Pridhiviraj Paidipeddi wrote: >> Currently in fast-reboot path trusted measure is not functioning >> due to the tpm_cleanup happening in full IPL which un-registers >> all the tpms. >> >> It fails with below messages >> [xxx,3] STB: BOOTKERNEL NOT MEASURED. Already exited from boot >> services >> [xxx,3] STB: EV_SEPARATOR (pcr0) NOT MEASURED. No TPM >> registered/enabled >> >> This patch enables it by enabling the boot_services_exited flag and >> doing the tpm_cleanup only when trusted boot mode is OFF. >> >> Signed-off-by: Pridhiviraj Paidipeddi <ppaidipe@linux.vnet.ibm.com> >> --- >> core/fast-reboot.c | 6 ++++++ >> libstb/tpm_chip.c | 1 + >> libstb/trustedboot.c | 8 ++++---- >> libstb/trustedboot.h | 2 ++ >> 4 files changed, 13 insertions(+), 4 deletions(-) >> >> diff --git a/core/fast-reboot.c b/core/fast-reboot.c >> index 0fe16cc..c7853d2 100644 >> --- a/core/fast-reboot.c >> +++ b/core/fast-reboot.c >> @@ -30,6 +30,7 @@ >> #include <ipmi.h> >> #include <direct-controls.h> >> #include <nvram.h> >> +#include "libstb/trustedboot.h" >> >> /* Flag tested by the OPAL entry code */ >> static volatile bool fast_boot_release; >> @@ -330,6 +331,11 @@ void __noreturn fast_reboot_entry(void) >> cpu_set_sreset_enable(true); >> cpu_set_ipi_enable(true); >> >> + /* We are loading the BOOTKERNEL from PNOR, in order to function >> + * trusted_measure, enable boot services flag >> + */ >> + boot_services_exited = false; >> + >> /* Start preloading kernel and ramdisk */ >> start_preload_kernel(); >> >> diff --git a/libstb/tpm_chip.c b/libstb/tpm_chip.c >> index 2858caf..58e5f75 100644 >> --- a/libstb/tpm_chip.c >> +++ b/libstb/tpm_chip.c >> @@ -313,6 +313,7 @@ int tpm_extendl(TPM_Pcr pcr, >> void tpm_add_status_property(void) { >> struct tpm_chip *tpm; >> list_for_each(&tpm_list, tpm, link) { >> + dt_check_del_prop(tpm->node, "status"); >> dt_add_property_string(tpm->node, "status", >> tpm->enabled ? "okay" : "disabled"); >> } >> diff --git a/libstb/trustedboot.c b/libstb/trustedboot.c >> index 151e4e1..0f1f50b 100644 >> --- a/libstb/trustedboot.c >> +++ b/libstb/trustedboot.c >> @@ -31,7 +31,7 @@ >> >> static bool trusted_mode = false; >> static bool trusted_init = false; >> -static bool boot_services_exited = false; >> +bool boot_services_exited; >> >> /* >> * This maps a PCR for each resource we can measure. The PCR number >> is >> @@ -127,8 +127,10 @@ int trustedboot_exit_boot_services(void) >> >> boot_services_exited = true; >> >> - if (!trusted_mode) >> + if (!trusted_mode) { >> + tpm_cleanup(); >> goto out_free; >> + } >> >> #ifdef STB_DEBUG >> prlog(PR_NOTICE, "ev_separator.event: %s\n", ev_separator.event); >> @@ -156,8 +158,6 @@ int trustedboot_exit_boot_services(void) >> tpm_add_status_property(); >> >> out_free: >> - tpm_cleanup(); >> - >> return (failed) ? -1 : 0; >> } >> >> diff --git a/libstb/trustedboot.h b/libstb/trustedboot.h >> index 3003c80..bb4fcb6 100644 >> --- a/libstb/trustedboot.h >> +++ b/libstb/trustedboot.h >> @@ -19,6 +19,8 @@ >> >> #include <platform.h> >> >> +extern bool boot_services_exited; >> + >> void trustedboot_init(void); >> >> /**
diff --git a/core/fast-reboot.c b/core/fast-reboot.c index 0fe16cc..c7853d2 100644 --- a/core/fast-reboot.c +++ b/core/fast-reboot.c @@ -30,6 +30,7 @@ #include <ipmi.h> #include <direct-controls.h> #include <nvram.h> +#include "libstb/trustedboot.h" /* Flag tested by the OPAL entry code */ static volatile bool fast_boot_release; @@ -330,6 +331,11 @@ void __noreturn fast_reboot_entry(void) cpu_set_sreset_enable(true); cpu_set_ipi_enable(true); + /* We are loading the BOOTKERNEL from PNOR, in order to function + * trusted_measure, enable boot services flag + */ + boot_services_exited = false; + /* Start preloading kernel and ramdisk */ start_preload_kernel(); diff --git a/libstb/tpm_chip.c b/libstb/tpm_chip.c index 2858caf..58e5f75 100644 --- a/libstb/tpm_chip.c +++ b/libstb/tpm_chip.c @@ -313,6 +313,7 @@ int tpm_extendl(TPM_Pcr pcr, void tpm_add_status_property(void) { struct tpm_chip *tpm; list_for_each(&tpm_list, tpm, link) { + dt_check_del_prop(tpm->node, "status"); dt_add_property_string(tpm->node, "status", tpm->enabled ? "okay" : "disabled"); } diff --git a/libstb/trustedboot.c b/libstb/trustedboot.c index 151e4e1..0f1f50b 100644 --- a/libstb/trustedboot.c +++ b/libstb/trustedboot.c @@ -31,7 +31,7 @@ static bool trusted_mode = false; static bool trusted_init = false; -static bool boot_services_exited = false; +bool boot_services_exited; /* * This maps a PCR for each resource we can measure. The PCR number is @@ -127,8 +127,10 @@ int trustedboot_exit_boot_services(void) boot_services_exited = true; - if (!trusted_mode) + if (!trusted_mode) { + tpm_cleanup(); goto out_free; + } #ifdef STB_DEBUG prlog(PR_NOTICE, "ev_separator.event: %s\n", ev_separator.event); @@ -156,8 +158,6 @@ int trustedboot_exit_boot_services(void) tpm_add_status_property(); out_free: - tpm_cleanup(); - return (failed) ? -1 : 0; } diff --git a/libstb/trustedboot.h b/libstb/trustedboot.h index 3003c80..bb4fcb6 100644 --- a/libstb/trustedboot.h +++ b/libstb/trustedboot.h @@ -19,6 +19,8 @@ #include <platform.h> +extern bool boot_services_exited; + void trustedboot_init(void); /**
Currently in fast-reboot path trusted measure is not functioning due to the tpm_cleanup happening in full IPL which un-registers all the tpms. It fails with below messages [xxx,3] STB: BOOTKERNEL NOT MEASURED. Already exited from boot services [xxx,3] STB: EV_SEPARATOR (pcr0) NOT MEASURED. No TPM registered/enabled This patch enables it by enabling the boot_services_exited flag and doing the tpm_cleanup only when trusted boot mode is OFF. Signed-off-by: Pridhiviraj Paidipeddi <ppaidipe@linux.vnet.ibm.com> --- core/fast-reboot.c | 6 ++++++ libstb/tpm_chip.c | 1 + libstb/trustedboot.c | 8 ++++---- libstb/trustedboot.h | 2 ++ 4 files changed, 13 insertions(+), 4 deletions(-)