From patchwork Mon Sep 28 22:06:05 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1372908 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C0c6x2P1Qz9s1t for ; Tue, 29 Sep 2020 08:06:33 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=Qr6xYO4y; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4C0c6x0dnYzDqQC for ; Tue, 29 Sep 2020 08:06:33 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0b-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=Qr6xYO4y; dkim-atps=neutral Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4C0c6h5XrszDqLC for ; Tue, 29 Sep 2020 08:06:19 +1000 (AEST) Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08SM1VUW155053 for ; Mon, 28 Sep 2020 18:06:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding; s=pp1; bh=FWn9yS+6pab4dyL7wqSXs0rzpEulv0RO6jDXyjJA7cU=; b=Qr6xYO4yAfbEvVMl+ErCWKZCZqceR+6FhMWWRJhCW7aIuxsWBg80IA+K2yCG7Yl/XOJS A5yXnkonxyFpdgxe2dTd/Xgg2FBAU6TH2NXhOUupR6mQVB3ZJriGR5HRJodDcUkRL9KX a0ytxw7zPc/LEup0lWheyFzv/Zai5IobC8bEu3DIPqTSbZD8em2wc89yRfNmq9/c/0Th EmWf9pZiDaiWGuA5r1byotJ/V4AkphfslWZvWXLXdAmE0eFVv9jjNwFjgIsvbFb0Vy+J MNt23tN7sxPRND8IEMjWq4lVfkaAOggOz0sXqCC/KGMBv7UAVW9cVySl+bb8v15jhqX4 3w== Received: from ppma02fra.de.ibm.com (47.49.7a9f.ip4.static.sl-reverse.com [159.122.73.71]) by mx0a-001b2d01.pphosted.com with ESMTP id 33uppg2q6c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 28 Sep 2020 18:06:17 -0400 Received: from pps.filterd (ppma02fra.de.ibm.com [127.0.0.1]) by ppma02fra.de.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 08SM2NBM022381 for ; Mon, 28 Sep 2020 22:06:15 GMT Received: from b06cxnps3074.portsmouth.uk.ibm.com (d06relay09.portsmouth.uk.ibm.com [9.149.109.194]) by ppma02fra.de.ibm.com with ESMTP id 33sw981ars-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 28 Sep 2020 22:06:15 +0000 Received: from d06av26.portsmouth.uk.ibm.com (d06av26.portsmouth.uk.ibm.com [9.149.105.62]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 08SM6CB123724434 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 28 Sep 2020 22:06:12 GMT Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 51448AE058; Mon, 28 Sep 2020 22:06:12 +0000 (GMT) Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 616A5AE051; Mon, 28 Sep 2020 22:06:11 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.211.92.104]) by d06av26.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 28 Sep 2020 22:06:11 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Mon, 28 Sep 2020 17:06:05 -0500 Message-Id: <20200928220609.10479-1-erichte@linux.ibm.com> X-Mailer: git-send-email 2.21.1 MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-28_22:2020-09-28, 2020-09-28 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 spamscore=0 clxscore=1015 priorityscore=1501 mlxscore=0 mlxlogscore=999 suspectscore=0 impostorscore=0 malwarescore=0 adultscore=0 bulkscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009280164 Subject: [Skiboot] [PATCH v6a 0/4] Initial secure variable drivers addendum X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: klaus@linux.ibm.com, nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" This is a small set of patches meant to be applied on top of the previous set, "Add initial secure variable storage and backend drivers"[1]. This set contains some fixes and adjustments as found from continued testing. These patches can be either applied on top of the v6 set, or can be merged into their respective patches. These patches were sent standalone to avoid excess mail clutter. Changes include: - chunking tss nv reads/writes to allow for larger indices - increase the NV vars index size, to allow for larger PK certs. - improvements to the edk2 driver unit test case - improvements to logging in the edk2 driver - edk2 driver bug fixes - fix memory leak in validate_esl_list() - fixed resetting global setup_mode variable after processing failure - fixes regarding hardware key hash handling [1] https://lists.ozlabs.org/pipermail/skiboot/2020-September/017242.html Eric Richter (2): tssskiboot.c: chunk reads/writes in 1024-sized buffers to support larger nv indices secboot_tpm.c: increase tpmnv vars index size Nayna Jain (2): secvar/backend: Bugfixes in edk2 driver secvar/backend: improve edk2 driver unit testcases libstb/secvar/backend/edk2-compat-process.c | 24 +- libstb/secvar/backend/edk2-compat-reset.c | 7 +- libstb/secvar/backend/edk2-compat.c | 20 +- libstb/secvar/storage/fakenv_ops.c | 2 +- libstb/secvar/storage/gen_tpmnv_public_name.c | 2 +- libstb/secvar/storage/secboot_tpm.c | 8 +- libstb/secvar/test/data/dbxcert.h | 161 +++++++++++ libstb/secvar/test/secvar-test-edk2-compat.c | 263 +++++++++++++++--- libstb/tss2/tssskiboot.c | 82 ++++-- 9 files changed, 484 insertions(+), 85 deletions(-) create mode 100644 libstb/secvar/test/data/dbxcert.h