From patchwork Wed Aug 1 23:40:42 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 952486 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41gqdJ0bpVz9s4s for ; Thu, 2 Aug 2018 09:43:48 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 41gqdH6MYyzF1mc for ; Thu, 2 Aug 2018 09:43:47 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 41gqZH1fp1zF1s5 for ; Thu, 2 Aug 2018 09:41:10 +1000 (AEST) Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w71NdJZD042357 for ; Wed, 1 Aug 2018 19:41:09 -0400 Received: from e06smtp01.uk.ibm.com (e06smtp01.uk.ibm.com [195.75.94.97]) by mx0a-001b2d01.pphosted.com with ESMTP id 2kkj3e26c9-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 01 Aug 2018 19:41:09 -0400 Received: from localhost by e06smtp01.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 2 Aug 2018 00:41:06 +0100 Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194) by e06smtp01.uk.ibm.com (192.168.101.131) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Thu, 2 Aug 2018 00:41:04 +0100 Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w71Nf2SM30736560 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 1 Aug 2018 23:41:02 GMT Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D1D13A404D; Thu, 2 Aug 2018 02:41:12 +0100 (BST) Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 53DEAA4057; Thu, 2 Aug 2018 02:41:12 +0100 (BST) Received: from boston-1.rtp.stglabs.ibm.com (unknown [9.27.30.60]) by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 2 Aug 2018 02:41:12 +0100 (BST) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 1 Aug 2018 19:40:42 -0400 X-Mailer: git-send-email 2.14.4 In-Reply-To: <20180801234042.6740-1-erichte@linux.ibm.com> References: <20180801234042.6740-1-erichte@linux.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 18080123-4275-0000-0000-000002A22C2D X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18080123-4276-0000-0000-000037AA432A Message-Id: <20180801234042.6740-11-erichte@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-08-01_08:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1806210000 definitions=main-1808010240 Subject: [Skiboot] [RFC PATCH RESEND 10/10] keystore: add experimental opal_lock_variables runtime service X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Claudio Carvalho MIME-Version: 1.0 Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" The opal_lock_variables runtime service can be called to lock specific operations until the next full reboot. For example, it could be called to write lock the keystore in-memory copy until the next full reboot. Currently, only opal_set_variable and opal_secboot_commit are able to write-locked. NOTE: This is a very drafty patch. It is currently unknown if this feature is even necessary, or if it even protects anything. The intended use is to lock down the in-memory keystore after the update queue has been processed in early skiroot, so that subsequent kernels can no longer manipulate the in-memory keystore or secboot partition beyond writes to the update queue. Signed-off-by: Eric Richter --- libstb/keystore.c | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/libstb/keystore.c b/libstb/keystore.c index 1c853380..34e5b72e 100644 --- a/libstb/keystore.c +++ b/libstb/keystore.c @@ -30,6 +30,7 @@ static struct list_head active_bank_list = LIST_HEAD_INIT(active_bank_list); static struct list_head update_queue_list = LIST_HEAD_INIT(update_queue_list); static bool keystore_ready = false; /* has the keystore been loaded? */ +static int active_lock = 0; // TODO: OPAL_UNSUPPORTED? #define CHECK_KEYSTORE_READY if(!keystore_ready) {prlog(PR_ERR, "Ignoring call, keystore not ready\n"); return OPAL_RESOURCE; } @@ -100,6 +101,11 @@ static int64_t opal_set_variable(uint64_t k_varname, uint64_t k_vardata, uint64_ bank = GET_BANK(section); + if ((section == ACTIVE_BANK) && (active_lock)) { + prlog(PR_ERR, "Variable Bank has been locked, refusing to update variable\n"); + return OPAL_RESOURCE; + } + list_for_each(bank, var, link) { if (!strcmp(varname, var->name)) { goto found; @@ -197,7 +203,6 @@ static int64_t opal_get_next_variable(uint64_t k_varname, uint64_t k_size, uint6 } opal_call(OPAL_GET_NEXT_VARIABLE, opal_get_next_variable, 3); - // Cleanup function to empty out a bank list static void clear_bank_list(struct list_head *head) { @@ -218,7 +223,7 @@ static int64_t opal_secboot_commit(uint64_t section) CHECK_KEYSTORE_READY; - if (section & ACTIVE_BANK) { + if ((section & ACTIVE_BANK) && (!active_lock)) { ret = secboot_part_serialize_and_write(&active_bank_list, ACTIVE_BANK); } @@ -237,6 +242,24 @@ static int64_t opal_secboot_commit(uint64_t section) opal_call(OPAL_SECBOOT_COMMIT, opal_secboot_commit, 1); + +// TODO: Determine and implement actual R/W mode locks +static int64_t opal_lock_variables(uint64_t section, uint64_t mode) +{ + (void) mode; + + CHECK_KEYSTORE_READY; + + if (section == ACTIVE_BANK) { + active_lock = 1; + } + + return OPAL_SUCCESS; +} +opal_call(OPAL_LOCK_VARIABLES, opal_lock_variables, 2); + + + int keystore_init(void) { int rc; @@ -265,6 +288,7 @@ int keystore_init(void) } keystore_ready = true; + active_lock = 0; prlog(PR_INFO, "Keystore initialized successfully\n");