From patchwork Thu Aug 31 06:45:51 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
X-Patchwork-Id: 808051
Return-Path: <skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.ozlabs.org (lists.ozlabs.org [103.22.144.68])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3xjXx41zY8z9s7F
	for <incoming@patchwork.ozlabs.org>;
	Thu, 31 Aug 2017 16:47:20 +1000 (AEST)
Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])
	by lists.ozlabs.org (Postfix) with ESMTP id 3xjXx4146gzDqYP
	for <incoming@patchwork.ozlabs.org>;
	Thu, 31 Aug 2017 16:47:20 +1000 (AEST)
X-Original-To: skiboot@lists.ozlabs.org
Delivered-To: skiboot@lists.ozlabs.org
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
	[148.163.156.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by lists.ozlabs.org (Postfix) with ESMTPS id 3xjXvv3t0tzDqVg
	for <skiboot@lists.ozlabs.org>; Thu, 31 Aug 2017 16:46:19 +1000 (AEST)
Received: from pps.filterd (m0098393.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id
	v7V6hmXd049209
	for <skiboot@lists.ozlabs.org>; Thu, 31 Aug 2017 02:46:17 -0400
Received: from e35.co.us.ibm.com (e35.co.us.ibm.com [32.97.110.153])
	by mx0a-001b2d01.pphosted.com with ESMTP id 2cpa7cn350-1
	(version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT)
	for <skiboot@lists.ozlabs.org>; Thu, 31 Aug 2017 02:46:17 -0400
Received: from localhost
	by e35.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use
	Only! Violators will be prosecuted
	for <skiboot@lists.ozlabs.org> from <cclaudio@linux.vnet.ibm.com>;
	Thu, 31 Aug 2017 00:46:16 -0600
Received: from b03cxnp08025.gho.boulder.ibm.com (9.17.130.17)
	by e35.co.us.ibm.com (192.168.1.135) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted;
	Thu, 31 Aug 2017 00:46:15 -0600
Received: from b03ledav004.gho.boulder.ibm.com
	(b03ledav004.gho.boulder.ibm.com [9.17.130.235])
	by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id v7V6kEYb983458
	for <skiboot@lists.ozlabs.org>; Wed, 30 Aug 2017 23:46:14 -0700
Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 7CEAD78037
	for <skiboot@lists.ozlabs.org>; Thu, 31 Aug 2017 00:46:14 -0600 (MDT)
Received: from legolas.ibm.com (unknown [9.85.193.48])
	by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP id D494178038
	for <skiboot@lists.ozlabs.org>; Thu, 31 Aug 2017 00:46:13 -0600 (MDT)
From: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
To: skiboot@lists.ozlabs.org
Date: Thu, 31 Aug 2017 03:45:51 -0300
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1504161961-12190-1-git-send-email-cclaudio@linux.vnet.ibm.com>
References: <1504161961-12190-1-git-send-email-cclaudio@linux.vnet.ibm.com>
X-TM-AS-GCONF: 00
x-cbid: 17083106-0012-0000-0000-000014F00334
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00007640; HX=3.00000241; KW=3.00000007;
	PH=3.00000004; SC=3.00000226; SDB=6.00910085; UDB=6.00456503;
	IPR=6.00690365;
	BA=6.00005562; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009;
	ZB=6.00000000;
	ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00016938;
	XFM=3.00000015; UTC=2017-08-31 06:46:15
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 17083106-0013-0000-0000-00004F4C20A3
Message-Id: <1504161961-12190-4-git-send-email-cclaudio@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, ,
	definitions=2017-08-31_01:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	spamscore=0 suspectscore=1
	malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam
	adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000
	definitions=main-1708310102
Subject: [Skiboot] [PATCH 03/13] libstb/stb.c: change tb_measure() to use
	flash_lookup_resource_name()
X-BeenThere: skiboot@lists.ozlabs.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Mailing list for skiboot development <skiboot.lists.ozlabs.org>
List-Unsubscribe: <https://lists.ozlabs.org/options/skiboot>,
	<mailto:skiboot-request@lists.ozlabs.org?subject=unsubscribe>
List-Archive: <http://lists.ozlabs.org/pipermail/skiboot/>
List-Post: <mailto:skiboot@lists.ozlabs.org>
List-Help: <mailto:skiboot-request@lists.ozlabs.org?subject=help>
List-Subscribe: <https://lists.ozlabs.org/listinfo/skiboot>,
	<mailto:skiboot-request@lists.ozlabs.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org
Sender: "Skiboot"
	<skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>

Trustedboot measures only images stored in known PNOR partitions. With
the flash_lookup_resource_name(), the PNOR partition information don't
need to be duplicated in libstb for trustedboot.

Additionally, an image can be measured to a PCR only if a PCR number has
been mapped to the respective partition.

This adds the pcr_map() function and replaces stb_resource_lookup() by
both flash_lookup_resource_name() and pcr_map().

Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
---
 libstb/stb.c | 76 +++++++++++++++++++++++++++++-------------------------------
 1 file changed, 37 insertions(+), 39 deletions(-)

diff --git a/libstb/stb.c b/libstb/stb.c
index 949f81c..ed34c6a 100644
--- a/libstb/stb.c
+++ b/libstb/stb.c
@@ -34,8 +34,6 @@ static bool trusted_mode = false;
 
 static struct rom_driver_ops *rom_driver = NULL;
 
-#define MAX_RESOURCE_NAME	15
-
 /*
  * This maps a PCR for each resource we can measure. The PCR number is
  * mapped according to the TCG PC Client Platform Firmware Profile
@@ -43,21 +41,23 @@ static struct rom_driver_ops *rom_driver = NULL;
  * Only resources included in this whitelist can be measured.
  */
 static struct {
-
-	/* PNOR partition id */
 	enum resource_id id;
-
-	/* PCR mapping for the resource id */
 	TPM_Pcr pcr;
-
-	/* Resource name */
-	const char name[MAX_RESOURCE_NAME+1];
-
-} resource_map[] = {
-	{ RESOURCE_ID_KERNEL, PCR_4, "BOOTKERNEL" },
-	{ RESOURCE_ID_CAPP,   PCR_2, "CAPP"},
+} resources[] = {
+	{ RESOURCE_ID_KERNEL, PCR_4 },
+	{ RESOURCE_ID_CAPP,   PCR_2 },
 };
 
+static TPM_Pcr map_pcr(enum resource_id id)
+{
+	int i;
+	for (i = 0; i < ARRAY_SIZE(resources); i++) {
+		if (resources[i].id == id)
+			return resources[i].pcr;
+	}
+	return -1;
+}
+
 struct event_hash {
 	const unsigned char *sha1;
 	const unsigned char *sha256;
@@ -76,15 +76,6 @@ static struct event_hash evFF = {
 		  "\xfd\x0e"
 };
 
-static int stb_resource_lookup(enum resource_id id)
-{
-	int i;
-	for (i = 0; i < ARRAY_SIZE(resource_map); i++)
-		if (resource_map[i].id == id)
-			return i;
-	return -1;
-}
-
 static void sb_enforce(void)
 {
 	/*
@@ -188,9 +179,10 @@ int stb_final(void)
 
 int tb_measure(enum resource_id id, void *buf, size_t len)
 {
-	int r;
 	uint8_t digest[SHA512_DIGEST_LENGTH];
 	const uint8_t *digestp;
+	const char *name;
+	TPM_Pcr pcr;
 
 	digestp = NULL;
 	if (!trusted_mode) {
@@ -198,17 +190,25 @@ int tb_measure(enum resource_id id, void *buf, size_t len)
 		      "trusted_mode=0\n", __func__, id);
 		return STB_TRUSTED_MODE_DISABLED;
 	}
-	r = stb_resource_lookup(id);
-	if (r == -1) {
+	name = flash_map_resource_name(id);
+	if (!name) {
 		/**
-		 * @fwts-label STBMeasureResourceNotMapped
-		 * @fwts-advice The resource is not registered in the resource_map[]
-		 * array, but it should be otherwise the resource cannot be
-		 * measured if trusted mode is on.
+		 * @fwts-label ResourceNotMeasuredUnknown
+		 * @fwts-advice This is a bug in the tb_measure() caller, which
+		 * is passing an unknown resource_id.
 		 */
-		prlog(PR_ERR, "STB: %s failed, resource %d not mapped\n",
-		      __func__, id);
-		return STB_ARG_ERROR;
+		prerror("STB: resource NOT MEASURED, resource_id=%d unknown\n", id);
+		return -1;
+	}
+	pcr = map_pcr(id);
+	if (pcr == -1) {
+		/**
+		 * @fwts-label ResourceNotMappedToPCR
+		 * @fwts-advice This is a bug. The resource cannot be measured
+		 * because it is not mapped to a PCR in the resources[] array.
+		 */
+		prerror("STB: %s NOT MEASURED, it's not mapped to a PCR\n", name);
+		return -1;
 	}
 	if (!buf) {
 		/**
@@ -218,7 +218,7 @@ int tb_measure(enum resource_id id, void *buf, size_t len)
 		 * bug in the framework.
 		 */
 		prlog(PR_ERR, "STB: %s failed: resource %s, buf null\n",
-		      __func__, resource_map[r].name);
+		      __func__, name);
 		return STB_ARG_ERROR;
 	}
 	memset(digest, 0, SHA512_DIGEST_LENGTH);
@@ -239,8 +239,7 @@ int tb_measure(enum resource_id id, void *buf, size_t len)
 			      (void*)((uint8_t*)buf + SECURE_BOOT_HEADERS_SIZE),
 			      len - SECURE_BOOT_HEADERS_SIZE, digest);
 
-		prlog(PR_INFO, "STB: %s sha512 hash re-calculated\n",
-		      resource_map[r].name);
+		prlog(PR_INFO, "STB: %s sha512 hash re-calculated\n", name);
 		if (memcmp(digestp, digest, TPM_ALG_SHA256_SIZE) != 0) {
 			prlog(PR_ALERT, "STB: HASH IN CONTAINER DOESN'T MATCH CONTENT!\n");
 			prlog(PR_ALERT, "STB: Container hash:\n");
@@ -253,8 +252,7 @@ int tb_measure(enum resource_id id, void *buf, size_t len)
 		}
 	} else {
 		rom_driver->sha512(buf, len, digest);
-		prlog(PR_INFO, "STB: %s sha512 hash calculated\n",
-		      resource_map[r].name);
+		prlog(PR_INFO, "STB: %s sha512 hash calculated\n", name);
 	}
 
 #ifdef STB_DEBUG
@@ -267,10 +265,10 @@ int tb_measure(enum resource_id id, void *buf, size_t len)
 	 * algorithm, the sha512 hash is truncated to match the size required
 	 * by each PCR bank.
 	 */
-	return tpm_extendl(resource_map[r].pcr,
+	return tpm_extendl(pcr,
 			   TPM_ALG_SHA256, digest, TPM_ALG_SHA256_SIZE,
 			   TPM_ALG_SHA1,   digest, TPM_ALG_SHA1_SIZE,
-			   EV_ACTION, resource_map[r].name);
+			   EV_ACTION, name);
 }
 
 int sb_verify(enum resource_id id, void *buf, size_t len)