From patchwork Wed Aug 1 23:40:32 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 952476 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41gqZ06b7Gz9s5K for ; Thu, 2 Aug 2018 09:40:56 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 41gqZ05LGLzF1Qn for ; Thu, 2 Aug 2018 09:40:56 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 41gqYw2hFRzF14j for ; Thu, 2 Aug 2018 09:40:51 +1000 (AEST) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w71NdHWN126154 for ; Wed, 1 Aug 2018 19:40:49 -0400 Received: from e06smtp01.uk.ibm.com (e06smtp01.uk.ibm.com [195.75.94.97]) by mx0b-001b2d01.pphosted.com with ESMTP id 2kkmwukq83-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 01 Aug 2018 19:40:48 -0400 Received: from localhost by e06smtp01.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 2 Aug 2018 00:40:47 +0100 Received: from b06cxnps3075.portsmouth.uk.ibm.com (9.149.109.195) by e06smtp01.uk.ibm.com (192.168.101.131) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Thu, 2 Aug 2018 00:40:46 +0100 Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w71Nej6S42008676 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 1 Aug 2018 23:40:45 GMT Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9204EA404D; Thu, 2 Aug 2018 02:40:55 +0100 (BST) Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1414CA4053; Thu, 2 Aug 2018 02:40:55 +0100 (BST) Received: from boston-1.rtp.stglabs.ibm.com (unknown [9.27.30.60]) by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 2 Aug 2018 02:40:54 +0100 (BST) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 1 Aug 2018 19:40:32 -0400 X-Mailer: git-send-email 2.14.4 X-TM-AS-GCONF: 00 x-cbid: 18080123-4275-0000-0000-000002A22C24 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18080123-4276-0000-0000-000037AA4321 Message-Id: <20180801234042.6740-1-erichte@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-08-01_08:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1806210000 definitions=main-1808010240 Subject: [Skiboot] [RFC PATCH RESEND 00/10] Initial Implementation of Secure Boot Key Management support X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Claudio Carvalho MIME-Version: 1.0 Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" Resending the whole set, since I apparently goofed up my list membership and only a few patches got through. Apologies for the noise. This patch set includes a very drafty implementation of the structures and runtime services for the management of the secure boot keys, used for OS secure boot. These features have seen numerous redesigns and reimplementations, and so we are posting them now to hopefully gather more feedback, suggestions, and recommendations as we continue to develop secure boot support for POWER. We are specifically looking for feedback on the general design of the API itself, as well as some of the higher level implementation details, such as allocated memory usage. Given that this is a draft, there are some hacky bits of code that are still slated for a rewrite, suggestions for cleaner reimplementations would also be appreciated. As it currently stands, the skiroot kernel will be handling most of the secure boot logic and enforcement, leaving the implementation in skiboot to be little more than a secure variable storage. Thus, this set only handles the operations necessary to load and store the variables in PNOR. For now, the secboot partition is not validated in any form, but future patch sets will require a hash of the partition to match that of a hash stored in TPM NV space. The TPM NV index will be locked after early skiroot, therefore the PNOR can not be modified without breaking this hash. The secboot partition is split into three major sections, two variable storage sections (one active and one back up), and a section for queueing variable updates, referred to as the "update queue". Since we cannot update the TPM hash until the next boot, we must process variable changes on boot. Patches 1-3 contain simple background fixes and dependencies for the following commits. Patches 4,5 contain the basic implementation of the structures and initialization process. Patches 6-10 each implement a single runtime service, each including the basic idea and usage in the patch description. Claudio Carvalho (3): libstb/container.h: add stdbool.h and short_types.h headers core/flash.c: add SECBOOT read and write support libstb: initialize and format pnor secboot partition Eric Richter (7): opal-api: add values for secboot keystore management keystore: initialize the base keystore structure keystore: add opal_get_variable runtime service keystore: add opal_set_variable runtime service keystore: add opal_get_next_variable runtime service keystore: add opal_secboot_commit runtime service keystore: add experimental opal_lock_variables runtime service core/flash.c | 118 ++++++++++++++++ include/opal-api.h | 7 +- include/platform.h | 4 + libstb/Makefile.inc | 2 +- libstb/container.h | 2 + libstb/keystore.c | 296 +++++++++++++++++++++++++++++++++++++++ libstb/keystore.h | 57 ++++++++ libstb/secboot_part.c | 373 ++++++++++++++++++++++++++++++++++++++++++++++++++ libstb/secboot_part.h | 24 ++++ libstb/secureboot.c | 4 + 10 files changed, 885 insertions(+), 2 deletions(-) create mode 100644 libstb/keystore.c create mode 100644 libstb/keystore.h create mode 100644 libstb/secboot_part.c create mode 100644 libstb/secboot_part.h