From patchwork Thu Nov 17 08:10:52 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Stewart Smith <stewart@linux.vnet.ibm.com>
X-Patchwork-Id: 696019
Return-Path: <skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.ozlabs.org (lists.ozlabs.org [103.22.144.68])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3tKDNN5lw9z9s9Y
	for <incoming@patchwork.ozlabs.org>;
	Thu, 17 Nov 2016 19:11:16 +1100 (AEDT)
Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])
	by lists.ozlabs.org (Postfix) with ESMTP id 3tKDNN4XN6zDvnv
	for <incoming@patchwork.ozlabs.org>;
	Thu, 17 Nov 2016 19:11:16 +1100 (AEDT)
X-Original-To: skiboot@lists.ozlabs.org
Delivered-To: skiboot@lists.ozlabs.org
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
	[148.163.156.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by lists.ozlabs.org (Postfix) with ESMTPS id 3tKDNC2HXTzDvdr
	for <skiboot@lists.ozlabs.org>; Thu, 17 Nov 2016 19:11:06 +1100 (AEDT)
Received: from pps.filterd (m0098404.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.17/8.16.0.17) with SMTP id
	uAH89ISS141624
	for <skiboot@lists.ozlabs.org>; Thu, 17 Nov 2016 03:11:04 -0500
Received: from e37.co.us.ibm.com (e37.co.us.ibm.com [32.97.110.158])
	by mx0a-001b2d01.pphosted.com with ESMTP id 26s7mxty21-1
	(version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT)
	for <skiboot@lists.ozlabs.org>; Thu, 17 Nov 2016 03:11:04 -0500
Received: from localhost
	by e37.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use
	Only! Violators will be prosecuted
	for <skiboot@lists.ozlabs.org> from <stewart@linux.vnet.ibm.com>;
	Thu, 17 Nov 2016 01:11:03 -0700
Received: from d03dlp03.boulder.ibm.com (9.17.202.179)
	by e37.co.us.ibm.com (192.168.1.137) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted;
	Thu, 17 Nov 2016 01:11:02 -0700
Received: from b01cxnp23032.gho.pok.ibm.com (b01cxnp23032.gho.pok.ibm.com
	[9.57.198.27])
	by d03dlp03.boulder.ibm.com (Postfix) with ESMTP id D2FF319D8045
	for <skiboot@lists.ozlabs.org>; Thu, 17 Nov 2016 01:10:23 -0700 (MST)
Received: from b01ledav005.gho.pok.ibm.com (b01ledav005.gho.pok.ibm.com
	[9.57.199.110])
	by b01cxnp23032.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP
	id uAH8B08P13566258; Thu, 17 Nov 2016 08:11:01 GMT
Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id E2733AE043;
	Thu, 17 Nov 2016 03:11:00 -0500 (EST)
Received: from birb.localdomain (unknown [9.83.5.201])
	by b01ledav005.gho.pok.ibm.com (Postfix) with SMTP id C0F56AE034;
	Thu, 17 Nov 2016 03:10:59 -0500 (EST)
Received: by birb.localdomain (Postfix, from userid 1000)
	id 84D2E229DB2D; Thu, 17 Nov 2016 19:10:54 +1100 (AEDT)
From: Stewart Smith <stewart@linux.vnet.ibm.com>
To: skiboot@lists.ozlabs.org
Date: Thu, 17 Nov 2016 19:10:52 +1100
X-Mailer: git-send-email 2.7.4
X-TM-AS-GCONF: 00
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 16111708-0024-0000-0000-0000150A5FB9
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00006092; HX=3.00000240; KW=3.00000007;
	PH=3.00000004; SC=3.00000189; SDB=6.00781833; UDB=6.00377195;
	IPR=6.00559339;
	BA=6.00004886; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009;
	ZB=6.00000000;
	ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00013356;
	XFM=3.00000011; UTC=2016-11-17 08:11:03
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 16111708-0025-0000-0000-0000463454F2
Message-Id: <1479370252-29274-1-git-send-email-stewart@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, ,
	definitions=2016-11-17_04:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	spamscore=0 suspectscore=4
	malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam
	adjust=0 reason=mlx scancount=1 engine=8.0.1-1609300000
	definitions=main-1611170150
Subject: [Skiboot] [RFC v2 PATCH] stb: create-container utility for wrapping
	something in a container
X-BeenThere: skiboot@lists.ozlabs.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Mailing list for skiboot development <skiboot.lists.ozlabs.org>
List-Unsubscribe: <https://lists.ozlabs.org/options/skiboot>,
	<mailto:skiboot-request@lists.ozlabs.org?subject=unsubscribe>
List-Archive: <http://lists.ozlabs.org/pipermail/skiboot/>
List-Post: <mailto:skiboot@lists.ozlabs.org>
List-Help: <mailto:skiboot-request@lists.ozlabs.org?subject=help>
List-Subscribe: <https://lists.ozlabs.org/listinfo/skiboot>,
	<mailto:skiboot-request@lists.ozlabs.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org
Sender: "Skiboot"
	<skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>

Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
---
v2: this time it boots! SHIP IT!
---
 libstb/Makefile.inc       |   4 ++
 libstb/create-container.c | 118 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 122 insertions(+)
 create mode 100644 libstb/create-container.c

diff --git a/libstb/Makefile.inc b/libstb/Makefile.inc
index 337b9e4..b7e7841 100644
--- a/libstb/Makefile.inc
+++ b/libstb/Makefile.inc
@@ -12,3 +12,7 @@ include $(SRC)/$(LIBSTB_DIR)/drivers/Makefile.inc
 include $(SRC)/$(LIBSTB_DIR)/tss/Makefile.inc
 
 $(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(TSS)
+
+libstb/create-container: libstb/create-container.c
+	$(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) \
+	-Wpadded -O0 -g -I$(SRC) -o $@ $<,$<)
diff --git a/libstb/create-container.c b/libstb/create-container.c
new file mode 100644
index 0000000..1fe222d
--- /dev/null
+++ b/libstb/create-container.c
@@ -0,0 +1,118 @@
+/* Copyright 2013-2016 IBM Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * 	http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <config.h>
+
+#include <stdbool.h>
+#include <types.h>
+#include "container.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <getopt.h>
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <assert.h>
+
+int main(int argc, char* argv[])
+{
+	int fdin, fdout;
+	void *container = malloc(SECURE_BOOT_HEADERS_SIZE);
+	struct stat s;
+	char *buf = malloc(4096);
+	off_t l;
+	void *infile;
+	int r;
+	ROM_container_raw *c = (ROM_container_raw*)container;
+	ROM_prefix_header_raw *ph;
+	ROM_prefix_data_raw *pd;
+	ROM_sw_header_raw *swh;
+
+	memset(container, 0, SECURE_BOOT_HEADERS_SIZE);
+
+	if (argc<3)
+		return -1;
+
+	fdin = open(argv[1], O_RDONLY);
+	assert(fdin > 0);
+	r = fstat(fdin, &s);
+	assert(r==0);
+	infile = mmap(NULL, s.st_size, PROT_READ, 0, fdin, 0);
+	assert(infile);
+	fdout = open(argv[2], O_WRONLY|O_CREAT|O_TRUNC);
+	assert(fdout > 0);
+
+	c->magic_number = cpu_to_be32(ROM_MAGIC_NUMBER);
+	c->version = 1;
+	c->container_size = cpu_to_be64(SECURE_BOOT_HEADERS_SIZE + s.st_size);
+	c->target_hrmor = 0;
+	c->stack_pointer = 0;
+	memset(c->hw_pkey_a, 0, sizeof(ecc_key_t));
+	memset(c->hw_pkey_b, 0, sizeof(ecc_key_t));
+	memset(c->hw_pkey_c, 0, sizeof(ecc_key_t));
+
+	ph = container + sizeof(ROM_container_raw);
+	ph->ver_alg.version = cpu_to_be16(1);
+	ph->ver_alg.hash_alg = 1;
+	ph->ver_alg.sig_alg = 1;
+	ph->code_start_offset = 0;
+	ph->reserved = 0;
+	ph->flags = 0;
+	ph->sw_key_count = 1; // 1, not 0. Because Hostboot
+	memset(ph->payload_hash, 0, sizeof(sha2_hash_t)); // TODO
+	ph->ecid_count = 0;
+
+	pd = (ROM_prefix_data_raw*)ph->ecid;
+	memset(pd->hw_sig_a, 0, sizeof(ecc_signature_t));
+	memset(pd->hw_sig_b, 0, sizeof(ecc_signature_t));
+	memset(pd->hw_sig_c, 0, sizeof(ecc_signature_t));
+	memset(pd->sw_pkey_p, 0, sizeof(ecc_key_t));
+	memset(pd->sw_pkey_q, 0, sizeof(ecc_key_t));
+	memset(pd->sw_pkey_r, 0, sizeof(ecc_key_t));
+	ph->payload_size = cpu_to_be64(sizeof(ecc_signature_t)*3 + ph->sw_key_count * sizeof(ecc_key_t));
+
+	swh = (ROM_sw_header_raw*)(((void*)pd) + be64_to_cpu(ph->payload_size));
+	swh->ver_alg.version = cpu_to_be16(1);
+	swh->ver_alg.hash_alg = 1;
+	swh->ver_alg.sig_alg = 1;
+	swh->code_start_offset = 0;
+	swh->reserved = 0;
+	swh->flags = 0;
+	swh->reserved_0 = 0;
+	swh->payload_size = cpu_to_be64(s.st_size);
+
+	r = write(fdout, container, SECURE_BOOT_HEADERS_SIZE);
+	assert(r == 4096);
+	read(fdin, buf, s.st_size%4096);
+	write(fdout, buf, s.st_size%4096);
+	l = s.st_size - s.st_size%4096;
+	while (l) {
+		read(fdin, buf, 4096);
+		write(fdout, buf, 4096);
+		l-=4096;
+	};
+	close(fdin);
+	close(fdout);
+
+	free(container);
+	free(buf);
+	return 0;
+}