From patchwork Sat Nov 11 17:28:42 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Claudio Carvalho X-Patchwork-Id: 837067 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3yZ3vw6FPYz9s0Z for ; Sun, 12 Nov 2017 04:35:40 +1100 (AEDT) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 3yZ3vw3khRzDrLT for ; Sun, 12 Nov 2017 04:35:40 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=linux.vnet.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=cclaudio@linux.vnet.ibm.com; receiver=) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 3yZ3mp4LfCzDrLT for ; Sun, 12 Nov 2017 04:29:30 +1100 (AEDT) Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id vABHR1Qj062894 for ; Sat, 11 Nov 2017 12:29:28 -0500 Received: from e35.co.us.ibm.com (e35.co.us.ibm.com [32.97.110.153]) by mx0a-001b2d01.pphosted.com with ESMTP id 2e5x60w09r-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Sat, 11 Nov 2017 12:29:28 -0500 Received: from localhost by e35.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Sat, 11 Nov 2017 10:29:27 -0700 Received: from b03cxnp08027.gho.boulder.ibm.com (9.17.130.19) by e35.co.us.ibm.com (192.168.1.135) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Sat, 11 Nov 2017 10:29:25 -0700 Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id vABHTPsq59048160 for ; Sat, 11 Nov 2017 10:29:25 -0700 Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E71A3C6037 for ; Sat, 11 Nov 2017 10:29:24 -0700 (MST) Received: from legolas.ibm.com (unknown [9.85.175.178]) by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTP id 50C29C603C for ; Sat, 11 Nov 2017 10:29:24 -0700 (MST) From: Claudio Carvalho To: skiboot@lists.ozlabs.org Date: Sat, 11 Nov 2017 15:28:42 -0200 X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510421322-27237-1-git-send-email-cclaudio@linux.vnet.ibm.com> References: <1510421322-27237-1-git-send-email-cclaudio@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 17111117-0012-0000-0000-000015477B6B X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00008051; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000239; SDB=6.00944424; UDB=6.00476526; IPR=6.00724686; BA=6.00005688; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00017969; XFM=3.00000015; UTC=2017-11-11 17:29:25 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17111117-0013-0000-0000-0000503A2714 Message-Id: <1510421322-27237-20-git-send-email-cclaudio@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-11-11_05:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=4 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1711110250 Subject: [Skiboot] [PATCH 19/19] libstb: remove junk after code refactoring for P9 support X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.24 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" The code of some files was imported into secureboot.c, trustedboot.c and cvc.c. The original files now have only duplicated code. This removes the original files. Signed-off-by: Claudio Carvalho --- libstb/Makefile.inc | 2 +- libstb/drivers/Makefile.inc | 2 +- libstb/drivers/romcode.c | 137 -------------------------------------------- libstb/drivers/romcode.h | 24 -------- libstb/drivers/sw_driver.c | 76 ------------------------ libstb/drivers/sw_driver.h | 24 -------- libstb/rom.c | 55 ------------------ libstb/rom.h | 43 -------------- 8 files changed, 2 insertions(+), 361 deletions(-) delete mode 100644 libstb/drivers/romcode.c delete mode 100644 libstb/drivers/romcode.h delete mode 100644 libstb/drivers/sw_driver.c delete mode 100644 libstb/drivers/sw_driver.h delete mode 100644 libstb/rom.c delete mode 100644 libstb/rom.h diff --git a/libstb/Makefile.inc b/libstb/Makefile.inc index 7b90bd5..d46cc9c 100644 --- a/libstb/Makefile.inc +++ b/libstb/Makefile.inc @@ -4,7 +4,7 @@ LIBSTB_DIR = libstb SUBDIRS += $(LIBSTB_DIR) -LIBSTB_SRCS = container.c rom.c tpm_chip.c stb.c cvc.c secureboot.c trustedboot.c +LIBSTB_SRCS = container.c tpm_chip.c stb.c cvc.c secureboot.c trustedboot.c LIBSTB_OBJS = $(LIBSTB_SRCS:%.c=%.o) LIBSTB = $(LIBSTB_DIR)/built-in.o diff --git a/libstb/drivers/Makefile.inc b/libstb/drivers/Makefile.inc index 9eaa257..3b8ed0f 100644 --- a/libstb/drivers/Makefile.inc +++ b/libstb/drivers/Makefile.inc @@ -4,7 +4,7 @@ DRIVERS_DIR = libstb/drivers SUBDIRS += $(DRIVERS_DIR) -DRIVERS_SRCS = romcode.c tpm_i2c_interface.c tpm_i2c_nuvoton.c sw_driver.c +DRIVERS_SRCS = tpm_i2c_interface.c tpm_i2c_nuvoton.c DRIVERS_OBJS = $(DRIVERS_SRCS:%.c=%.o) DRIVERS = $(DRIVERS_DIR)/built-in.o diff --git a/libstb/drivers/romcode.c b/libstb/drivers/romcode.c deleted file mode 100644 index cc64c8b..0000000 --- a/libstb/drivers/romcode.c +++ /dev/null @@ -1,137 +0,0 @@ -/* Copyright 2013-2016 IBM Corp. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include "../status_codes.h" -#include "../rom.h" -#include "romcode.h" - -#define DRIVER_NAME "romcode" - -#define ROMCODE_MEMORY_SIZE (16 * 1024) -#define ROMCODE_XSCOM_ADDRESS 0x02020017 - -/* - * From the source code of the ROM code - */ -#define ROMCODE_SHA512_OFFSET 0x20 -#define ROMCODE_VERIFY_OFFSET 0x30 - -static const char *compat = "ibm,secureboot-v1"; -static void *romcode_base_addr = NULL; -static sha2_hash_t *hw_key_hash = NULL; - -/* - * Assembly interfaces to call into the Container Verification Code. - * func_ptr: CVC base address + offset - */ -ROM_response __cvc_verify_v1(void *func_ptr, ROM_container_raw *container, - ROM_hw_params *params); -void __cvc_sha512_v1(void *func_ptr, const uint8_t *data, size_t len, - uint8_t *digest); - -static int romcode_verify(void *container) -{ - ROM_hw_params hw_params; - ROM_response rc; - - memset(&hw_params, 0, sizeof(ROM_hw_params)); - memcpy(&hw_params.hw_key_hash, hw_key_hash, sizeof(sha2_hash_t)); - rc = __cvc_verify_v1(romcode_base_addr + ROMCODE_VERIFY_OFFSET, - (ROM_container_raw*) container, &hw_params); - if (rc != ROM_DONE) { - /* - * Verify failed. hw_params.log indicates what checking has - * failed. This will abort the boot process. - */ - prlog(PR_ERR, "ROM: %s failed (rc=%d, hw_params.log=0x%llx)\n", - __func__, rc, be64_to_cpu(hw_params.log)); - return STB_VERIFY_FAILED; - } - return 0; -} - -static void romcode_sha512(const uint8_t *data, size_t len, uint8_t *digest) -{ - memset(digest, 0, sizeof(sha2_hash_t)); - __cvc_sha512_v1(romcode_base_addr + ROMCODE_SHA512_OFFSET, - data, len, digest); -} - -static void romcode_cleanup(void) { - if (romcode_base_addr) - free(romcode_base_addr); - hw_key_hash = NULL; -} - -static struct rom_driver_ops romcode_driver = { - .name = DRIVER_NAME, - .verify = romcode_verify, - .sha512 = romcode_sha512, - .cleanup = romcode_cleanup -}; - -void romcode_probe(const struct dt_node *node) -{ - /* This xscom register has the ROM code base address */ - const uint32_t reg_addr = ROMCODE_XSCOM_ADDRESS; - uint64_t reg_data; - struct proc_chip *chip; - const char* hash_algo; - - if (!dt_node_is_compatible(node, compat)) { - prlog(PR_DEBUG, "ROM: %s node is not compatible\n", - node->name); - return; - } - /* - * secureboot-v1 defines containers with sha512 hashes - */ - hash_algo = dt_prop_get(node, "hash-algo"); - if (strcmp(hash_algo, "sha512")) { - /** - * @fwts-label ROMHashAlgorithmInvalid - * @fwts-advice Hostboot creates the ibm,secureboot node and - * the hash-algo property. Check that the ibm,secureboot node - * layout has not changed. - */ - prlog(PR_ERR, "ROM: hash-algo=%s not expected\n", hash_algo); - return; - } - hw_key_hash = (sha2_hash_t*) dt_prop_get(node, "hw-key-hash"); - romcode_base_addr = malloc(ROMCODE_MEMORY_SIZE); - assert(romcode_base_addr); - /* - * The logic that contains the ROM within the processor is implemented - * in a way that it only responds to CI (cache inhibited) operations. - * Due to performance issues we copy the verification code from the - * secure ROM to RAM and we use memcpy_from_ci to do that. - */ - chip = next_chip(NULL); - xscom_read(chip->id, reg_addr, ®_data); - memcpy_from_ci(romcode_base_addr, (void*) reg_data, - ROMCODE_MEMORY_SIZE); - /* - * Skiboot runs with IR (Instruction Relocation) & - * DR (Data Relocation) off, so there is no need to either MMIO - * the ROM code or set the memory region as executable. - * skiboot accesses the physical memory directly. Real mode. - */ - rom_set_driver(&romcode_driver); -} diff --git a/libstb/drivers/romcode.h b/libstb/drivers/romcode.h deleted file mode 100644 index 4152eae..0000000 --- a/libstb/drivers/romcode.h +++ /dev/null @@ -1,24 +0,0 @@ -/* Copyright 2013-2016 IBM Corp. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef __ROMCODE_H -#define __ROMCODE_H - -#include - -extern void romcode_probe(const struct dt_node *node); - -#endif /* __ROMCODE_H */ diff --git a/libstb/drivers/sw_driver.c b/libstb/drivers/sw_driver.c deleted file mode 100644 index 287dae9..0000000 --- a/libstb/drivers/sw_driver.c +++ /dev/null @@ -1,76 +0,0 @@ -/* Copyright 2013-2016 IBM Corp. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include "../rom.h" -#include "sw_driver.h" - -static sha2_hash_t *hw_key_hash = NULL; - -static int stb_software_verify(void *container __unused) -{ - return -100; -} - -static void stb_software_sha512(const uint8_t *data, size_t len, uint8_t *digest) -{ - mbedtls_sha512_context ctx; - mbedtls_sha512_init(&ctx); - memset(digest, 0, sizeof(sha2_hash_t)); - mbedtls_sha512_starts(&ctx, 0); // SHA512 = 0 - mbedtls_sha512_update(&ctx, data, len); - mbedtls_sha512_finish(&ctx, digest); - mbedtls_sha512_free(&ctx); -} - -static void stb_software_cleanup(void) -{ - return; -} - -static struct rom_driver_ops sw_driver = { - .name = "software", - .verify = stb_software_verify, - .sha512 = stb_software_sha512, - .cleanup = stb_software_cleanup -}; - -void stb_software_probe(const struct dt_node *node) -{ - const char* hash_algo; - - if (!dt_node_is_compatible(node, "ibm,secureboot-v1-softrom")) { - return; - } - - hash_algo = dt_prop_get(node, "hash-algo"); - if (strcmp(hash_algo, "sha512")) { - /** - * @fwts-label ROMHashAlgorithmInvalid - * @fwts-advice Hostboot creates the ibm,secureboot node and - * the hash-algo property. Check that the ibm,secureboot node - * layout has not changed. - */ - prlog(PR_ERR, "ROM: hash-algo=%s not expected\n", hash_algo); - return; - } - hw_key_hash = (sha2_hash_t*) dt_prop_get(node, "hw-key-hash"); - - rom_set_driver(&sw_driver); -} diff --git a/libstb/drivers/sw_driver.h b/libstb/drivers/sw_driver.h deleted file mode 100644 index 73adabf..0000000 --- a/libstb/drivers/sw_driver.h +++ /dev/null @@ -1,24 +0,0 @@ -/* Copyright 2013-2016 IBM Corp. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef __SW_DRIVER_H -#define __SW_DRIVER_H - -#include - -extern void stb_software_probe(const struct dt_node *node); - -#endif /* __ROMCODE_H */ diff --git a/libstb/rom.c b/libstb/rom.c deleted file mode 100644 index 5f9abd2..0000000 --- a/libstb/rom.c +++ /dev/null @@ -1,55 +0,0 @@ -/* Copyright 2013-2016 IBM Corp. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include "rom.h" -#include "drivers/romcode.h" -#include "drivers/sw_driver.h" - -static struct rom_driver_ops *rom_driver = NULL; - -struct rom_driver_ops* rom_init(const struct dt_node *node __unused) -{ - if (rom_driver) - goto end; - - /* ROM drivers supported */ - romcode_probe(node); - - if (!rom_driver) - stb_software_probe(node); - - if (!rom_driver) - prlog(PR_NOTICE, "ROM: no rom driver found\n"); -end: - return rom_driver; -} - -void rom_set_driver(struct rom_driver_ops *driver) -{ - if (rom_driver) { - /** - * @fwts-label ROMAlreadyRegistered - * @fwts-advice ibm,secureboot already registered. Check if - * rom_init called twice or the same driver is probed twice - */ - prlog(PR_WARNING, "ROM: %s driver already registered\n", - driver->name); - return; - } - rom_driver = driver; - prlog(PR_NOTICE, "ROM: %s driver registered\n", driver->name); -} diff --git a/libstb/rom.h b/libstb/rom.h deleted file mode 100644 index e1a7497..0000000 --- a/libstb/rom.h +++ /dev/null @@ -1,43 +0,0 @@ -/* Copyright 2013-2016 IBM Corp. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef __ROM_H -#define __ROM_H - -#include -#include -#include -#include "container.h" - -struct rom_driver_ops { - const char* name; - int (*verify)(void *container); - void (*sha512)(const uint8_t *data, size_t len, uint8_t *digest); - void (*cleanup)(void); -}; - -/* - * Load a compatible driver to access the functions of the - * verification code flashed in the secure ROM - */ -extern struct rom_driver_ops* rom_init(const struct dt_node *node); - -/* - * Set the rom driver that will be used - */ -extern void rom_set_driver(struct rom_driver_ops *driver); - -#endif /* __ROM_H */