From patchwork Wed Oct 26 05:17:35 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stewart Smith X-Patchwork-Id: 686872 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [103.22.144.68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3t3dZV5zpFz9sf9 for ; Wed, 26 Oct 2016 16:17:54 +1100 (AEDT) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 3t3dZV4qQlzDt2v for ; Wed, 26 Oct 2016 16:17:54 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 3t3dZP5s1kzDt2W for ; Wed, 26 Oct 2016 16:17:49 +1100 (AEDT) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.17/8.16.0.17) with SMTP id u9Q5DQbi116268 for ; Wed, 26 Oct 2016 01:17:47 -0400 Received: from e17.ny.us.ibm.com (e17.ny.us.ibm.com [129.33.205.207]) by mx0b-001b2d01.pphosted.com with ESMTP id 26akv4xrha-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Wed, 26 Oct 2016 01:17:47 -0400 Received: from localhost by e17.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 26 Oct 2016 01:17:46 -0400 Received: from d01dlp02.pok.ibm.com (9.56.250.167) by e17.ny.us.ibm.com (146.89.104.204) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 26 Oct 2016 01:17:44 -0400 Received: from b01cxnp23034.gho.pok.ibm.com (b01cxnp23034.gho.pok.ibm.com [9.57.198.29]) by d01dlp02.pok.ibm.com (Postfix) with ESMTP id 659A06E803C for ; Wed, 26 Oct 2016 01:17:19 -0400 (EDT) Received: from b01ledav001.gho.pok.ibm.com (b01ledav001.gho.pok.ibm.com [9.57.199.106]) by b01cxnp23034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id u9Q5HhPH10420542; Wed, 26 Oct 2016 05:17:43 GMT Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 738172803E; Wed, 26 Oct 2016 01:17:43 -0400 (EDT) Received: from birb.localdomain (unknown [9.83.7.67]) by b01ledav001.gho.pok.ibm.com (Postfix) with SMTP id 531C52803D; Wed, 26 Oct 2016 01:17:42 -0400 (EDT) Received: from ka1.ozlabs.ibm.com (localhost.localdomain [127.0.0.1]) by birb.localdomain (Postfix) with ESMTP id 06ED2229DB26; Wed, 26 Oct 2016 16:17:36 +1100 (AEDT) From: Stewart Smith To: skiboot@lists.ozlabs.org Date: Wed, 26 Oct 2016 16:17:35 +1100 X-Mailer: git-send-email 2.1.4 In-Reply-To: <1477278689-23645-1-git-send-email-cclaudio@linux.vnet.ibm.com> References: <1477278689-23645-1-git-send-email-cclaudio@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 X-Content-Scanned: Fidelis XPS MAILER x-cbid: 16102605-0040-0000-0000-000001AF156B X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00005980; HX=3.00000240; KW=3.00000007; PH=3.00000004; SC=3.00000188; SDB=6.00772854; UDB=6.00371016; IPR=6.00549680; BA=6.00004834; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00013105; XFM=3.00000011; UTC=2016-10-26 05:17:45 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 16102605-0041-0000-0000-000005A225B5 Message-Id: <1477459055-8579-1-git-send-email-stewart@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-10-26_01:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=1 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1609300000 definitions=main-1610260088 Subject: [Skiboot] [PATCH v2] libstb/stb.c: ignore the secure mode flag unless forced in NVRAM X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" From: Claudio Carvalho For this stage in Trusted Boot development, we are wishing to not force Secure Mode through the whole firmware boot process, but we are wanting to be able to test it (classic chicken and egg problem with build infrastructure). We disabled secure mode if the secure-enabled devtree property is read from the device tree *IF* we aren't overriding it through NVRAM. Seeing as we can only increase (not decrease) what we're checking through the NVRAM variable, it is safe. The NVRAM setting is force-secure-mode=true in the ibm,skiboot partition. However, if you want to force secure mode even if Hostboot has *not* set the secure-enabled proprety in the device tree, set force-secure-mode to "always". There is also a force-trusted-mode NVRAM setting to force trusted mode even if Hostboot has not enabled it int the device tree. To indicate to Linux that we haven't gone through the whole firmware process in secure mode, we replace the 'secure-enabled' property with 'partial-secure-enabled', to indicate that only part of the firmware boot process has gone through secure mode. Signed-off-by: Claudio Carvalho [stewart@linux.vnet.ibm.com: add NVRAM flag, modify commit message] Signed-off-by: Stewart Smith --- Changes in v2: * add property for trusted boot * rejig NVRAM to be initialized before libstb so we can read NVRAM. core/init.c | 6 +++--- libstb/stb.c | 24 +++++++++++++++++++++--- 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/core/init.c b/core/init.c index 7d75fd28d04c..9557f4769a93 100644 --- a/core/init.c +++ b/core/init.c @@ -889,6 +889,9 @@ void __noreturn __nomcount main_cpu_entry(const void *fdt) if (platform.init) platform.init(); + /* Read in NVRAM and set it up */ + nvram_init(); + /* Secure/Trusted Boot init. We look for /ibm,secureboot in DT */ stb_init(); @@ -901,9 +904,6 @@ void __noreturn __nomcount main_cpu_entry(const void *fdt) op_display(OP_LOG, OP_MOD_INIT, 0x0002); - /* Read in NVRAM and set it up */ - nvram_init(); - phb3_preload_vpd(); phb3_preload_capp_ucode(); start_preload_kernel(); diff --git a/libstb/stb.c b/libstb/stb.c index 8c8f3803145f..4dc28a958e11 100644 --- a/libstb/stb.c +++ b/libstb/stb.c @@ -19,6 +19,7 @@ #include #include #include +#include #include "stb.h" #include "status_codes.h" #include "container.h" @@ -100,7 +101,7 @@ static void sb_enforce(void) void stb_init(void) { - const struct dt_node *ibm_secureboot; + struct dt_node *ibm_secureboot; /* * The ibm,secureboot device tree properties are documented in * 'doc/device-tree/ibm,secureboot.rst' @@ -117,8 +118,21 @@ void stb_init(void) #else secure_mode = dt_has_node_property(ibm_secureboot, "secure-enabled", NULL); - prlog(PR_NOTICE, "STB: secure mode %s\n", - secure_mode ? "on" : "off"); + + if (nvram_query_eq("force-secure-mode", "always")) { + prlog(PR_NOTICE, "STB: secure mode on (FORCED by nvram)\n"); + secure_mode = true; + } else if (nvram_query_eq("force-secure-mode", "true")) { + prlog(PR_NOTICE, "STB: secure mode %s\n", + (secure_mode) ? "on, *not* partial" : "off"); + } else if (secure_mode) { + prlog(PR_NOTICE, "STB: secure mode on (but not enforced, core secure mode only)\n"); + dt_check_del_prop(ibm_secureboot, "secure-enabled"); + dt_add_property(ibm_secureboot, "partial-secure-enabled", NULL, 0); + secure_mode = false; + } else { + prlog(PR_NOTICE, "STB: secure mode off\n"); + } #endif #ifdef STB_FORCE_TRUSTED_MODE @@ -127,6 +141,10 @@ void stb_init(void) #else trusted_mode = dt_has_node_property(ibm_secureboot, "trusted-enabled", NULL); + if (nvram_query_eq("force-trusted-mode", "true")) { + prlog(PR_NOTICE, "STB: trusted mode ON (from NVRAM)\n"); + trusted_mode = true; + } prlog(PR_NOTICE, "STB: trusted mode %s\n", trusted_mode ? "on" : "off"); #endif