From patchwork Mon Oct 10 08:43:52 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stewart Smith X-Patchwork-Id: 680237 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3sstyW506tz9rvt for ; Mon, 10 Oct 2016 19:46:27 +1100 (AEDT) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 3sstyW40JfzDshg for ; Mon, 10 Oct 2016 19:46:27 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 3sstwS692GzDsgZ for ; Mon, 10 Oct 2016 19:44:40 +1100 (AEDT) Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.17/8.16.0.17) with SMTP id u9A8Wcqs050917 for ; Mon, 10 Oct 2016 04:44:37 -0400 Received: from e34.co.us.ibm.com (e34.co.us.ibm.com [32.97.110.152]) by mx0b-001b2d01.pphosted.com with ESMTP id 2606sc2t14-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Mon, 10 Oct 2016 04:44:37 -0400 Received: from localhost by e34.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 10 Oct 2016 02:44:36 -0600 Received: from d03dlp01.boulder.ibm.com (9.17.202.177) by e34.co.us.ibm.com (192.168.1.134) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Mon, 10 Oct 2016 02:44:34 -0600 Received: from b01cxnp22034.gho.pok.ibm.com (b01cxnp22034.gho.pok.ibm.com [9.57.198.24]) by d03dlp01.boulder.ibm.com (Postfix) with ESMTP id 2DF981FF001F for ; Mon, 10 Oct 2016 02:44:14 -0600 (MDT) Received: from b01ledav005.gho.pok.ibm.com (b01ledav005.gho.pok.ibm.com [9.57.199.110]) by b01cxnp22034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id u9A8iXbN12058948; Mon, 10 Oct 2016 08:44:33 GMT Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 21E50AE034; Mon, 10 Oct 2016 04:44:33 -0400 (EDT) Received: from birb.localdomain (unknown [9.81.212.138]) by b01ledav005.gho.pok.ibm.com (Postfix) with SMTP id B99CAAE051; Mon, 10 Oct 2016 04:44:31 -0400 (EDT) Received: by birb.localdomain (Postfix, from userid 1000) id 8BD3623351FA; Mon, 10 Oct 2016 19:44:24 +1100 (AEDT) From: Stewart Smith To: skiboot@lists.ozlabs.org, cclaudio@linux.vnet.ibm.com Date: Mon, 10 Oct 2016 19:43:52 +1100 X-Mailer: git-send-email 2.7.4 In-Reply-To: <1476089061-15197-1-git-send-email-stewart@linux.vnet.ibm.com> References: <1476089061-15197-1-git-send-email-stewart@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 X-Content-Scanned: Fidelis XPS MAILER x-cbid: 16101008-0016-0000-0000-000004E0E523 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00005885; HX=3.00000240; KW=3.00000007; PH=3.00000004; SC=3.00000186; SDB=6.00766372; UDB=6.00366538; IPR=6.00542488; BA=6.00004798; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00012933; XFM=3.00000011; UTC=2016-10-10 08:44:34 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 16101008-0017-0000-0000-000033A6082C Message-Id: <1476089061-15197-12-git-send-email-stewart@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-10-10_05:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=2 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1609300000 definitions=main-1610100142 Subject: [Skiboot] [PATCH 11/40] libstb/drivers: add romcode driver X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" From: Claudio Carvalho This adds a driver for the ROM verification code. The driver is compatible with 'ibm,secureboot-v1'. The presense of a verification code in the platform is indicated by the presence of the ibm,secureboot node in the device tree. The ibm,secureboot node is documented in 'doc/device-tree/ibm,secureboot.rst' Signed-off-by: Claudio Carvalho Signed-off-by: Stewart Smith --- libstb/Makefile.inc | 4 +- libstb/drivers/Makefile.inc | 11 ++++ libstb/drivers/romcode.c | 138 ++++++++++++++++++++++++++++++++++++++++++++ libstb/drivers/romcode.h | 24 ++++++++ libstb/rom.c | 2 + libstb/status_codes.h | 3 + 6 files changed, 181 insertions(+), 1 deletion(-) create mode 100644 libstb/drivers/Makefile.inc create mode 100644 libstb/drivers/romcode.c create mode 100644 libstb/drivers/romcode.h diff --git a/libstb/Makefile.inc b/libstb/Makefile.inc index 8b057de..b4463cf 100644 --- a/libstb/Makefile.inc +++ b/libstb/Makefile.inc @@ -8,4 +8,6 @@ LIBSTB_SRCS = container.c rom.c tpm_chip.c LIBSTB_OBJS = $(LIBSTB_SRCS:%.c=%.o) LIBSTB = $(LIBSTB_DIR)/built-in.o -$(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) +include $(SRC)/$(LIBSTB_DIR)/drivers/Makefile.inc + +$(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) diff --git a/libstb/drivers/Makefile.inc b/libstb/drivers/Makefile.inc new file mode 100644 index 0000000..63dead2 --- /dev/null +++ b/libstb/drivers/Makefile.inc @@ -0,0 +1,11 @@ +# -*-Makefile-*- + +DRIVERS_DIR = libstb/drivers + +SUBDIRS += $(DRIVERS_DIR) + +DRIVERS_SRCS = romcode.c +DRIVERS_OBJS = $(DRIVERS_SRCS:%.c=%.o) +DRIVERS = $(DRIVERS_DIR)/built-in.o + +$(DRIVERS): $(DRIVERS_OBJS:%=$(DRIVERS_DIR)/%) diff --git a/libstb/drivers/romcode.c b/libstb/drivers/romcode.c new file mode 100644 index 0000000..94bd42c --- /dev/null +++ b/libstb/drivers/romcode.c @@ -0,0 +1,138 @@ +/* Copyright 2013-2016 IBM Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include "../status_codes.h" +#include "../rom.h" +#include "romcode.h" + +#define DRIVER_NAME "romcode" + +#define ROMCODE_MEMORY_SIZE (16 * 1024) +#define ROMCODE_XSCOM_ADDRESS 0x02020017 + +/* + * From the source code of the ROM code + */ +#define ROMCODE_SHA512_OFFSET 0x20 +#define ROMCODE_VERIFY_OFFSET 0x30 + +static const char *compat = "ibm,secureboot-v1"; +static void *romcode_base_addr = NULL; +static sha2_hash_t *hw_key_hash = NULL; + +/* + * Assembly interfaces to call into ROM code. + * func_ptr is the ROM code function address, followed + * by additional parameters as necessary + */ +ROM_response call_rom_verify(void *func_ptr, ROM_container_raw *container, + ROM_hw_params *params); +void call_rom_SHA512(void *func_ptr, const uint8_t *data, size_t len, + uint8_t *digest); + +static int romcode_verify(void *container) +{ + ROM_hw_params hw_params; + ROM_response rc; + + memset(&hw_params, 0, sizeof(ROM_hw_params)); + memcpy(&hw_params.hw_key_hash, hw_key_hash, sizeof(sha2_hash_t)); + rc = call_rom_verify(romcode_base_addr + ROMCODE_VERIFY_OFFSET, + (ROM_container_raw*) container, &hw_params); + if (rc != ROM_DONE) { + /* + * Verify failed. hw_params.log indicates what checking has + * failed. This will abort the boot process. + */ + prlog(PR_ERR, "ROM: %s failed (rc=%d, hw_params.log=0x%llx)\n", + __func__, rc, be64_to_cpu(hw_params.log)); + return STB_VERIFY_FAILED; + } + return 0; +} + +static void romcode_sha512(const uint8_t *data, size_t len, uint8_t *digest) +{ + memset(digest, 0, sizeof(sha2_hash_t)); + call_rom_SHA512(romcode_base_addr + ROMCODE_SHA512_OFFSET, + data, len, digest); +} + +static void romcode_cleanup(void) { + if (romcode_base_addr) + free(romcode_base_addr); + hw_key_hash = NULL; +} + +static struct rom_driver_ops romcode_driver = { + .name = DRIVER_NAME, + .verify = romcode_verify, + .sha512 = romcode_sha512, + .cleanup = romcode_cleanup +}; + +void romcode_probe(const struct dt_node *node) +{ + /* This xscom register has the ROM code base address */ + const uint32_t reg_addr = ROMCODE_XSCOM_ADDRESS; + uint64_t reg_data; + struct proc_chip *chip; + const char* hash_algo; + + if (!dt_node_is_compatible(node, compat)) { + prlog(PR_DEBUG, "ROM: %s node is not compatible\n", + node->name); + return; + } + /* + * secureboot-v1 defines containers with sha512 hashes + */ + hash_algo = dt_prop_get(node, "hash-algo"); + if (strcmp(hash_algo, "sha512")) { + /** + * @fwts-label ROMHashAlgorithmInvalid + * @fwts-advice Hostboot creates the ibm,secureboot node and + * the hash-algo property. Check that the ibm,secureboot node + * layout has not changed. + */ + prlog(PR_ERR, "ROM: hash-algo=%s not expected\n", hash_algo); + return; + } + hw_key_hash = (sha2_hash_t*) dt_prop_get(node, "hw-key-hash"); + romcode_base_addr = malloc(ROMCODE_MEMORY_SIZE); + assert(romcode_base_addr); + /* + * The logic that contains the ROM within the processor is implemented + * in a way that it only responds to CI (cache inhibited) operations. + * Due to performance issues we copy the verification code from the + * secure ROM to RAM and we use memcpy_from_ci to do that. + */ + chip = next_chip(NULL); + xscom_read(chip->id, reg_addr, ®_data); + memcpy_from_ci(romcode_base_addr, (void*) reg_data, + ROMCODE_MEMORY_SIZE); + /* + * Skiboot runs with IR (Instruction Relocation) & + * DR (Data Relocation) off, so there is no need to either MMIO + * the ROM code or set the memory region as executable. + * skiboot accesses the physical memory directly. Real mode. + */ + rom_set_driver(&romcode_driver); +} diff --git a/libstb/drivers/romcode.h b/libstb/drivers/romcode.h new file mode 100644 index 0000000..4152eae --- /dev/null +++ b/libstb/drivers/romcode.h @@ -0,0 +1,24 @@ +/* Copyright 2013-2016 IBM Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __ROMCODE_H +#define __ROMCODE_H + +#include + +extern void romcode_probe(const struct dt_node *node); + +#endif /* __ROMCODE_H */ diff --git a/libstb/rom.c b/libstb/rom.c index 8ce64c2..217ef13 100644 --- a/libstb/rom.c +++ b/libstb/rom.c @@ -16,6 +16,7 @@ #include #include "rom.h" +#include "drivers/romcode.h" static struct rom_driver_ops *rom_driver = NULL; @@ -25,6 +26,7 @@ struct rom_driver_ops* rom_init(const struct dt_node *node __unused) goto end; /* ROM drivers supported */ + romcode_probe(node); if (!rom_driver) prlog(PR_NOTICE, "ROM: no rom driver found\n"); diff --git a/libstb/status_codes.h b/libstb/status_codes.h index 240cd95..0d7e5fb 100644 --- a/libstb/status_codes.h +++ b/libstb/status_codes.h @@ -20,4 +20,7 @@ /* general return codes */ #define STB_ERROR -1 +/* secure boot */ +#define STB_VERIFY_FAILED -100 + #endif /* __STB_STATUS_CODES_H */