From patchwork Wed Oct 26 03:37:55 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stewart Smith X-Patchwork-Id: 686870 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3t3bMX16Npz9sdn for ; Wed, 26 Oct 2016 14:38:16 +1100 (AEDT) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 3t3bMX07bXzDvJ9 for ; Wed, 26 Oct 2016 14:38:16 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 3t3bMP16nQzDt0N for ; Wed, 26 Oct 2016 14:38:08 +1100 (AEDT) Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.17/8.16.0.17) with SMTP id u9Q3YRCN140388 for ; Tue, 25 Oct 2016 23:38:06 -0400 Received: from e38.co.us.ibm.com (e38.co.us.ibm.com [32.97.110.159]) by mx0a-001b2d01.pphosted.com with ESMTP id 26ajdyecxp-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Tue, 25 Oct 2016 23:38:06 -0400 Received: from localhost by e38.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 25 Oct 2016 21:38:06 -0600 Received: from d03dlp02.boulder.ibm.com (9.17.202.178) by e38.co.us.ibm.com (192.168.1.138) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Tue, 25 Oct 2016 21:38:04 -0600 Received: from b03cxnp07028.gho.boulder.ibm.com (b03cxnp07028.gho.boulder.ibm.com [9.17.130.15]) by d03dlp02.boulder.ibm.com (Postfix) with ESMTP id 8784C3E4003F for ; Tue, 25 Oct 2016 21:38:03 -0600 (MDT) Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id u9Q3c3Nw15204778; Tue, 25 Oct 2016 20:38:03 -0700 Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6643BBE039; Tue, 25 Oct 2016 21:38:03 -0600 (MDT) Received: from birb.localdomain (unknown [9.83.7.67]) by b03ledav005.gho.boulder.ibm.com (Postfix) with SMTP id 808FDBE061; Tue, 25 Oct 2016 21:38:02 -0600 (MDT) Received: from ka1.ozlabs.ibm.com (localhost.localdomain [127.0.0.1]) by birb.localdomain (Postfix) with ESMTP id 06AF8229DB26; Wed, 26 Oct 2016 14:37:56 +1100 (AEDT) From: Stewart Smith To: skiboot@lists.ozlabs.org Date: Wed, 26 Oct 2016 14:37:55 +1100 X-Mailer: git-send-email 2.1.4 In-Reply-To: <1477278689-23645-1-git-send-email-cclaudio@linux.vnet.ibm.com> References: <1477278689-23645-1-git-send-email-cclaudio@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 X-Content-Scanned: Fidelis XPS MAILER x-cbid: 16102603-0028-0000-0000-000005E3501C X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00005979; HX=3.00000240; KW=3.00000007; PH=3.00000004; SC=3.00000188; SDB=6.00772821; UDB=6.00370996; IPR=6.00549647; BA=6.00004832; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00013105; XFM=3.00000011; UTC=2016-10-26 03:38:05 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 16102603-0029-0000-0000-000030530588 Message-Id: <1477453075-6406-1-git-send-email-stewart@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-10-26_01:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=1 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1609300000 definitions=main-1610260059 Subject: [Skiboot] [PATCH] libstb/stb.c: ignore the secure mode flag unless forced in NVRAM X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" From: Claudio Carvalho For this stage in Trusted Boot development, we are wishing to not force Secure Mode through the whole firmware boot process, but we are wanting to be able to test it (classic chicken and egg problem with build infrastructure). We disabled secure mode if the secure-enabled devtree property is read from the device tree *IF* we aren't overriding it through NVRAM. Seeing as we can only increase (not decrease) what we're checking through the NVRAM variable, it is safe. The NVRAM setting is forced-secure-mode=true in the ibm,skiboot partition. To indicate to Linux that we haven't gone through the whole firmware process in secure mode, we replace the 'secure-enabled' property with 'partial-secure-enabled', to indicate that only part of the firmware boot process has gone through secure mode. Signed-off-by: Claudio Carvalho [stewart@linux.vnet.ibm.com: add NVRAM flag, modify commit message] Signed-off-by: Stewart Smith --- libstb/stb.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/libstb/stb.c b/libstb/stb.c index 8c8f3803145f..a5db7077bf13 100644 --- a/libstb/stb.c +++ b/libstb/stb.c @@ -19,6 +19,7 @@ #include #include #include +#include #include "stb.h" #include "status_codes.h" #include "container.h" @@ -100,7 +101,7 @@ static void sb_enforce(void) void stb_init(void) { - const struct dt_node *ibm_secureboot; + struct dt_node *ibm_secureboot; /* * The ibm,secureboot device tree properties are documented in * 'doc/device-tree/ibm,secureboot.rst' @@ -117,8 +118,17 @@ void stb_init(void) #else secure_mode = dt_has_node_property(ibm_secureboot, "secure-enabled", NULL); - prlog(PR_NOTICE, "STB: secure mode %s\n", - secure_mode ? "on" : "off"); + + if (nvram_query_eq("force-secure-mode", "true")) { + prlog(PR_NOTICE, "STB: secure mode on (FORCED by nvram)\n"); + } else if (secure_mode) { + prlog(PR_NOTICE, "STB: secure mode on (but not enforced, core secure mode only)\n"); + dt_check_del_prop(ibm_secureboot, "secure-enabled"); + dt_add_property(ibm_secureboot, "partial-secure-enabled", NULL, 0); + secure_mode = false; + } else { + prlog(PR_NOTICE, "STB: secure mode off\n"); + } #endif #ifdef STB_FORCE_TRUSTED_MODE