From patchwork Mon Oct 10 08:44:21 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stewart Smith X-Patchwork-Id: 680265 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [103.22.144.68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3ssv2Q5YjPz9ryT for ; Mon, 10 Oct 2016 19:49:50 +1100 (AEDT) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 3ssv2Q4lQpzDt1G for ; Mon, 10 Oct 2016 19:49:50 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 3sstwZ0NgszDrfR for ; Mon, 10 Oct 2016 19:44:45 +1100 (AEDT) Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.17/8.16.0.17) with SMTP id u9A8WcaZ102841 for ; Mon, 10 Oct 2016 04:44:43 -0400 Received: from e34.co.us.ibm.com (e34.co.us.ibm.com [32.97.110.152]) by mx0a-001b2d01.pphosted.com with ESMTP id 26058eq69g-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Mon, 10 Oct 2016 04:44:43 -0400 Received: from localhost by e34.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 10 Oct 2016 02:44:42 -0600 Received: from d03dlp01.boulder.ibm.com (9.17.202.177) by e34.co.us.ibm.com (192.168.1.134) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Mon, 10 Oct 2016 02:44:41 -0600 Received: from b03cxnp07029.gho.boulder.ibm.com (b03cxnp07029.gho.boulder.ibm.com [9.17.130.16]) by d03dlp01.boulder.ibm.com (Postfix) with ESMTP id 262631FF001E for ; Mon, 10 Oct 2016 02:44:21 -0600 (MDT) Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp07029.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id u9A8ieQb15663568; Mon, 10 Oct 2016 01:44:40 -0700 Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 634606A041; Mon, 10 Oct 2016 02:44:40 -0600 (MDT) Received: from birb.localdomain (unknown [9.81.212.138]) by b03ledav003.gho.boulder.ibm.com (Postfix) with SMTP id 72BFD6A03F; Mon, 10 Oct 2016 02:44:39 -0600 (MDT) Received: by birb.localdomain (Postfix, from userid 1000) id D347D2335218; Mon, 10 Oct 2016 19:44:25 +1100 (AEDT) From: Stewart Smith To: skiboot@lists.ozlabs.org, cclaudio@linux.vnet.ibm.com Date: Mon, 10 Oct 2016 19:44:21 +1100 X-Mailer: git-send-email 2.7.4 In-Reply-To: <1476089061-15197-1-git-send-email-stewart@linux.vnet.ibm.com> References: <1476089061-15197-1-git-send-email-stewart@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 X-Content-Scanned: Fidelis XPS MAILER x-cbid: 16101008-0016-0000-0000-000004E0E53C X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00005885; HX=3.00000240; KW=3.00000007; PH=3.00000004; SC=3.00000186; SDB=6.00766373; UDB=6.00366538; IPR=6.00542488; BA=6.00004798; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00012933; XFM=3.00000011; UTC=2016-10-10 08:44:41 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 16101008-0017-0000-0000-000033A60854 Message-Id: <1476089061-15197-41-git-send-email-stewart@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-10-10_05:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1609300000 definitions=main-1610100142 Subject: [Skiboot] [PATCH 40/40] stb: always recompute hash of container payload and compare X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" If our computed hash of stb container doesn't match what's in the container, we should abort. Useful in debug (e.g. in mambo) Signed-off-by: Stewart Smith --- libstb/stb.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/libstb/stb.c b/libstb/stb.c index 6e1dcef..8c8f380 100644 --- a/libstb/stb.c +++ b/libstb/stb.c @@ -188,7 +188,7 @@ int tb_measure(enum resource_id id, uint32_t subid, void *buf, size_t len) { int rc, r; uint8_t digest[SHA512_DIGEST_LENGTH]; - uint8_t* digestp; + const uint8_t *digestp; rc = 0; digestp = NULL; @@ -227,20 +227,35 @@ int tb_measure(enum resource_id id, uint32_t subid, void *buf, size_t len) * the hash of the container payload (if it's a container) or the image * (if it's not a container) */ - if (secure_mode && stb_is_container(buf, len)) { - digestp = (uint8_t*) stb_sw_payload_hash(buf, len); - memcpy(digest, digestp, TPM_ALG_SHA256_SIZE); - } else if (!secure_mode && stb_is_container(buf, len)) { + if (stb_is_container(buf, len)) { + digestp = stb_sw_payload_hash(buf, len); + if(!digestp) { + prlog(PR_EMERG, "STB Container is corrupt, can't find hash\n"); + abort(); + } + rom_driver->sha512( (void*)((uint8_t*)buf + SECURE_BOOT_HEADERS_SIZE), len - SECURE_BOOT_HEADERS_SIZE, digest); + prlog(PR_INFO, "STB: %s sha512 hash re-calculated\n", resource_map[r].name); + if (memcmp(digestp, digest, TPM_ALG_SHA256_SIZE) != 0) { + prlog(PR_ALERT, "STB: HASH IN CONTAINER DOESN'T MATCH CONTENT!\n"); + prlog(PR_ALERT, "STB: Container hash:\n"); + stb_print_data(digestp, TPM_ALG_SHA256_SIZE); + prlog(PR_ALERT, "STB: Computed hash (on %lx bytes):\n", len); + stb_print_data(digest, TPM_ALG_SHA256_SIZE); + + if (secure_mode) + abort(); + } } else { rom_driver->sha512(buf, len, digest); prlog(PR_INFO, "STB: %s sha512 hash calculated\n", resource_map[r].name); } + #ifdef STB_DEBUG /* print the payload/image hash */ prlog(PR_NOTICE, "STB: %s hash:\n", resource_map[r].name);