From patchwork Wed Sep 22 03:11:22 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1530998 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=fmBrdgp0; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=2404:9400:2:0:216:3eff:fee1:b9f1; helo=lists.ozlabs.org; envelope-from=skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2404:9400:2:0:216:3eff:fee1:b9f1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4HDjxz5vXyz9sVq for ; Wed, 22 Sep 2021 13:11:51 +1000 (AEST) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4HDjxw5jRqz2yfg for ; Wed, 22 Sep 2021 13:11:48 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=fmBrdgp0; dkim-atps=neutral X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=fmBrdgp0; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4HDjxn4kSYz2yLZ for ; Wed, 22 Sep 2021 13:11:41 +1000 (AEST) Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18M2dLWJ019104 for ; Tue, 21 Sep 2021 23:11:38 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=VcC6s3e704gjeqjVIQSzGJjtqEqIcOm6lFTRXdQ1Lzk=; b=fmBrdgp0Zau3ooAC5uo+UedXcyKSyAeEULoX1RaUV+6Qr7AHUrdIXSiIIr7DhrMY/RBr Bo1nawwyu+bGh1sUjMjGhGZ6EINh1c6k9BrQ4WTJkjcZhKUzhn4NGvHo9FBfTNiefKBU al2/149IKZCjthYN1m4UoH6ZhcZMymftOy+yq0rmuG3FqtCBz/6pnN+sJ/Lx3O/3vT93 Td5XtG8KrudTsRG/O32cyClv7hPd3JPbObOVUMj2/UIi1dA3kkGEE2qx844Pep80cl8P 9MO4k9sAqSqvqWu4B6JbLhmDycLwaS5ak0ZASO4hgXgS+GGEaFvE1CMIW2PGGeZs5APS Kg== Received: from ppma04fra.de.ibm.com (6a.4a.5195.ip4.static.sl-reverse.com [149.81.74.106]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b7t09a7tk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 21 Sep 2021 23:11:38 -0400 Received: from pps.filterd (ppma04fra.de.ibm.com [127.0.0.1]) by ppma04fra.de.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18M370ZH031383 for ; Wed, 22 Sep 2021 03:11:36 GMT Received: from b06avi18626390.portsmouth.uk.ibm.com (b06avi18626390.portsmouth.uk.ibm.com [9.149.26.192]) by ppma04fra.de.ibm.com with ESMTP id 3b7q669g78-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 22 Sep 2021 03:11:35 +0000 Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59]) by b06avi18626390.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18M36kbp48234816 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 22 Sep 2021 03:06:46 GMT Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 95514A405F; Wed, 22 Sep 2021 03:11:32 +0000 (GMT) Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D91F3A4040; Wed, 22 Sep 2021 03:11:31 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.65.202.213]) by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 22 Sep 2021 03:11:31 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Tue, 21 Sep 2021 22:11:22 -0500 Message-Id: <20210922031129.4188386-2-erichte@linux.ibm.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210922031129.4188386-1-erichte@linux.ibm.com> References: <20210922031129.4188386-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: pxM7jIWbIdnunAH4suN3aCL575rN9nuO X-Proofpoint-ORIG-GUID: pxM7jIWbIdnunAH4suN3aCL575rN9nuO X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-22_01,2021-09-20_01,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 adultscore=0 spamscore=0 suspectscore=0 phishscore=0 bulkscore=0 impostorscore=0 priorityscore=1501 mlxscore=0 mlxlogscore=999 clxscore=1015 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109200000 definitions=main-2109220019 Subject: [Skiboot] [RFC 1/8] secvar_devtree: add hook for reset-default-keys physical presence mode X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" Currently, the secboot_tpm driver utilizes the physical presence detection function to determine when it should (re)define the TPM indices -- either to recover from a faulty state or forcibly disable OS secure boot. As this is a complete escape-hatch solution, it is not viable to use this method in conjunction with a driver that utilizing compile-time built-in variables. Thus, a new physical presence method is introduced specifically for resetting to default, built-in keys for future driver use (ideally, with OS secure boot now enabled). The previous physical presence function has been renamed to more actually reflect the physical presence mode it is detecting (clear-os-keys). Signed-off-by: Eric Richter --- libstb/secvar/secvar_devtree.c | 18 +++++++++++++++++- libstb/secvar/secvar_devtree.h | 3 ++- libstb/secvar/storage/secboot_tpm.c | 2 +- libstb/secvar/test/secvar-test-secboot-tpm.c | 2 +- 4 files changed, 21 insertions(+), 4 deletions(-) diff --git a/libstb/secvar/secvar_devtree.c b/libstb/secvar/secvar_devtree.c index 8ce21936..e6ab0710 100644 --- a/libstb/secvar/secvar_devtree.c +++ b/libstb/secvar/secvar_devtree.c @@ -64,7 +64,7 @@ void secvar_set_update_status(uint64_t val) dt_add_property_u64(secvar_node, "update-status", val); } -bool secvar_check_physical_presence(void) +bool secvar_check_clear_keys(void) { struct dt_node *secureboot; @@ -79,3 +79,19 @@ bool secvar_check_physical_presence(void) return false; } + +bool secvar_check_reset_default_keys(void) +{ + struct dt_node *secureboot; + + /* Only bother checking if this image was built with default keys */ + secureboot = dt_find_by_path(dt_root, "ibm,secureboot"); + if (!secureboot) + return false; + + + if (dt_find_property(secureboot, "reset-default-keys")) + return true; + + return false; +} diff --git a/libstb/secvar/secvar_devtree.h b/libstb/secvar/secvar_devtree.h index 04eb00de..d2baedd2 100644 --- a/libstb/secvar/secvar_devtree.h +++ b/libstb/secvar/secvar_devtree.h @@ -10,6 +10,7 @@ void secvar_init_devnode(const char *compatible); void secvar_set_status(const char *status); void secvar_set_update_status(uint64_t val); -bool secvar_check_physical_presence(void); +bool secvar_check_clear_keys(void); +bool secvar_check_reset_default_keys(void); #endif diff --git a/libstb/secvar/storage/secboot_tpm.c b/libstb/secvar/storage/secboot_tpm.c index 129f674a..53ae03f5 100644 --- a/libstb/secvar/storage/secboot_tpm.c +++ b/libstb/secvar/storage/secboot_tpm.c @@ -598,7 +598,7 @@ static int secboot_tpm_store_init(void) free(indices); /* Undefine the NV indices if physical presence has been asserted */ - if (secvar_check_physical_presence()) { + if (secvar_check_clear_keys()) { prlog(PR_INFO, "Physical presence asserted, redefining NV indices, and resetting keystore\n"); rc = secboot_tpm_undefine_indices(&vars_defined, &control_defined); if (rc) diff --git a/libstb/secvar/test/secvar-test-secboot-tpm.c b/libstb/secvar/test/secvar-test-secboot-tpm.c index 798ca281..21ed0320 100644 --- a/libstb/secvar/test/secvar-test-secboot-tpm.c +++ b/libstb/secvar/test/secvar-test-secboot-tpm.c @@ -32,7 +32,7 @@ int flash_secboot_info(uint32_t *total_size) /* Toggle this to test the physical presence resetting */ bool phys_presence = false; -bool secvar_check_physical_presence(void) +bool secvar_check_clear_keys(void) { return phys_presence; } From patchwork Wed Sep 22 03:11:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1531000 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=YwnpFUU3; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=112.213.38.117; helo=lists.ozlabs.org; envelope-from=skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=) Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4HDjyB2FgMz9sRK for ; Wed, 22 Sep 2021 13:12:02 +1000 (AEST) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4HDjyB1Qr5z2ynS for ; Wed, 22 Sep 2021 13:12:02 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=YwnpFUU3; dkim-atps=neutral X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=YwnpFUU3; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4HDjxp2fDyz2yL9 for ; Wed, 22 Sep 2021 13:11:41 +1000 (AEST) Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18LNUXo6029623 for ; Tue, 21 Sep 2021 23:11:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=B+nnKMnU0vDWdzgVP4YPQkOPoUNb0okQ5CPmA8BzkZQ=; b=YwnpFUU3xW1IbYLOMRxQQdt4B5ds2FEhvWv7JzxeGbAd4NsNOBEolT6lsYSAxpO8RJ43 Nz0W82SJPaTWrDM7/6OCqZtfM5ckK8oC9tBBugwwaSu3NvGFOOugkouykDVGEAGzSyBu rm2opaJougipPJltj0DwWwq8c5xob7T/IC/dcRlxleRSGKvT3jq5kEXrLOjsnjGCgOmk eEbN2eR8Ss5BHqazrVq1Z4obADokcBThP1BGL4R67HmYsV/fr8Uy2OmLj80e2bn/vvJ7 JwvA13D+jzZqyOHDzAStyA8AQNEYzkzgcFvlv+6XP5KjCFIKCNiHLJjR3w6u2zShkCh3 rQ== Received: from ppma05fra.de.ibm.com (6c.4a.5195.ip4.static.sl-reverse.com [149.81.74.108]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b7s4k398p-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 21 Sep 2021 23:11:39 -0400 Received: from pps.filterd (ppma05fra.de.ibm.com [127.0.0.1]) by ppma05fra.de.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18M3737V019966 for ; Wed, 22 Sep 2021 03:11:37 GMT Received: from b06cxnps3075.portsmouth.uk.ibm.com (d06relay10.portsmouth.uk.ibm.com [9.149.109.195]) by ppma05fra.de.ibm.com with ESMTP id 3b7q69sg6t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 22 Sep 2021 03:11:37 +0000 Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18M3BXbe43647428 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 22 Sep 2021 03:11:33 GMT Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 94F50A404D; Wed, 22 Sep 2021 03:11:33 +0000 (GMT) Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D894AA407C; Wed, 22 Sep 2021 03:11:32 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.65.202.213]) by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 22 Sep 2021 03:11:32 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Tue, 21 Sep 2021 22:11:23 -0500 Message-Id: <20210922031129.4188386-3-erichte@linux.ibm.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210922031129.4188386-1-erichte@linux.ibm.com> References: <20210922031129.4188386-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: QLDJDcGFwfrerdCRQKn2l1OAM_p5PjNP X-Proofpoint-GUID: QLDJDcGFwfrerdCRQKn2l1OAM_p5PjNP X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-22_01,2021-09-20_01,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 bulkscore=0 malwarescore=0 mlxscore=0 phishscore=0 clxscore=1015 priorityscore=1501 suspectscore=0 mlxlogscore=999 adultscore=0 spamscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109200000 definitions=main-2109220015 Subject: [Skiboot] [RFC 2/8] secvar/secboot_tpm: expose some helper functions for future use X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" The secboot_tpm driver handles a lot of initialization logic that can be reused by a driver that may implement similar behavior. This patch exposes the functions related to the TPM NV space that the forthcoming switchable-mode storage driver can borrow. NOTE: A lot of the functions highlighted here are hyper-specific to this driver, and the `secboot_tpm_store_init` function desperately needs to be broken up into smaller, more reusable chunks. If moving forward with this plan, I intend to refactor the exposed functions here, and the init function to be far more modular. Signed-off-by: Eric Richter --- libstb/secvar/storage/secboot_tpm.c | 10 +++++----- libstb/secvar/storage/secboot_tpm.h | 8 ++++++++ 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/libstb/secvar/storage/secboot_tpm.c b/libstb/secvar/storage/secboot_tpm.c index 53ae03f5..d42d7fae 100644 --- a/libstb/secvar/storage/secboot_tpm.c +++ b/libstb/secvar/storage/secboot_tpm.c @@ -411,7 +411,7 @@ static int secboot_tpm_load_bank(struct list_head *bank, int section) return OPAL_HARDWARE; } -static int secboot_tpm_get_tpmnv_names(char *nv_vars_name, char *nv_control_name) +int secboot_tpm_get_tpmnv_names(char *nv_vars_name, char *nv_control_name) { TPMS_NV_PUBLIC nv_public; /* Throwaway, we only want the name field */ TPM2B_NAME vars_tmp; @@ -441,7 +441,7 @@ static int secboot_tpm_get_tpmnv_names(char *nv_vars_name, char *nv_control_name /* Ensure the NV indices were defined with the correct set of attributes */ -static int secboot_tpm_check_tpmnv_attrs(char *nv_vars_name, char *nv_control_name) +int secboot_tpm_check_tpmnv_attrs(char *nv_vars_name, char *nv_control_name) { if (memcmp(tpmnv_vars_name, nv_vars_name, @@ -459,7 +459,7 @@ static int secboot_tpm_check_tpmnv_attrs(char *nv_vars_name, char *nv_control_na return OPAL_SUCCESS; } -static bool secboot_tpm_check_provisioned_indices(char *nv_vars_name, char *nv_control_name) +int secboot_tpm_check_provisioned_indices(char *nv_vars_name, char *nv_control_name) { /* Check for provisioned NV indices, redefine them if detected. */ if (!memcmp(tpmnv_vars_prov_name, @@ -479,7 +479,7 @@ static bool secboot_tpm_check_provisioned_indices(char *nv_vars_name, char *nv_c return false; } -static int secboot_tpm_define_indices(void) +int secboot_tpm_define_indices(void) { int rc = OPAL_SUCCESS; @@ -503,7 +503,7 @@ static int secboot_tpm_define_indices(void) return secboot_format(); } -static int secboot_tpm_undefine_indices(bool *vars_defined, bool *control_defined) +int secboot_tpm_undefine_indices(bool *vars_defined, bool *control_defined) { int rc; diff --git a/libstb/secvar/storage/secboot_tpm.h b/libstb/secvar/storage/secboot_tpm.h index 30a747a7..eaf20cf0 100644 --- a/libstb/secvar/storage/secboot_tpm.h +++ b/libstb/secvar/storage/secboot_tpm.h @@ -4,6 +4,7 @@ #define _SECBOOT_TPM_H_ #include +#include #define SECBOOT_VARIABLE_BANK_SIZE 32000 #define SECBOOT_UPDATE_BANK_SIZE 32000 @@ -58,4 +59,11 @@ extern struct tpmnv_ops_s tpmnv_ops; extern const uint8_t tpmnv_vars_name[]; extern const uint8_t tpmnv_control_name[]; +int secboot_tpm_get_tpmnv_names(char *nv_vars_name, char *nv_control_name); +int secboot_tpm_check_tpmnv_attrs(char *nv_vars_name, char *nv_control_name); +int secboot_tpm_check_provisioned_indices(char *nv_vars_name, char *nv_control_name); +int secboot_tpm_define_indices(void); +int secboot_tpm_undefine_indices(bool *vars_defined, bool *control_defined); + + #endif From patchwork Wed Sep 22 03:11:24 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1531001 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=Cc9K9sR2; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=2404:9400:2:0:216:3eff:fee1:b9f1; helo=lists.ozlabs.org; envelope-from=skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2404:9400:2:0:216:3eff:fee1:b9f1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4HDjyK20rPz9sRK for ; Wed, 22 Sep 2021 13:12:09 +1000 (AEST) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4HDjyK0mzQz2yw9 for ; Wed, 22 Sep 2021 13:12:09 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=Cc9K9sR2; dkim-atps=neutral X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=Cc9K9sR2; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4HDjxp6D6tz2yL9 for ; Wed, 22 Sep 2021 13:11:42 +1000 (AEST) Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18M2dEJL018825 for ; Tue, 21 Sep 2021 23:11:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=ld6GTwhWoP6vl4EGQosnky9ZHSCzCEPSnd7U96e5esQ=; b=Cc9K9sR2gZZ97aQiGyessHdPxm/Kvtm6cQ4jMOGl8OHXSy0z9t14EZcaRIFVWlMNtntR bT9rWUHK+oBXbEvd5GkQQEnnN7idYRG9QWwKppx4KCazeZaYQUKQna5Ag6za2e2xGwmc qGpyNdtq1AL0MRkTJcu943jNCWSc14S6s24bNYkwUHmGW0Np8/VsUiR2UofZHynk++v1 qzX7nXb8YdKj+WRQTL9EPvnn5s6t4p0jTJ3dVrpi19CC8KzU9vo7yvMGO4bvlyFZ8iFs 3ZftDFMBLtZqjfkzzp1o0ZGc6NNbRQZloHe8A21yyqFWpyAcaTSwBpHwZcv8z+S3DfMS bA== Received: from ppma04ams.nl.ibm.com (63.31.33a9.ip4.static.sl-reverse.com [169.51.49.99]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b7t09a7u8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 21 Sep 2021 23:11:40 -0400 Received: from pps.filterd (ppma04ams.nl.ibm.com [127.0.0.1]) by ppma04ams.nl.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18M380pb030034 for ; Wed, 22 Sep 2021 03:11:38 GMT Received: from b06cxnps4074.portsmouth.uk.ibm.com (d06relay11.portsmouth.uk.ibm.com [9.149.109.196]) by ppma04ams.nl.ibm.com with ESMTP id 3b7q6qsjan-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 22 Sep 2021 03:11:38 +0000 Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18M3BYGm983764 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 22 Sep 2021 03:11:34 GMT Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A1972A405D; Wed, 22 Sep 2021 03:11:34 +0000 (GMT) Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D7D44A404D; Wed, 22 Sep 2021 03:11:33 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.65.202.213]) by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 22 Sep 2021 03:11:33 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Tue, 21 Sep 2021 22:11:24 -0500 Message-Id: <20210922031129.4188386-4-erichte@linux.ibm.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210922031129.4188386-1-erichte@linux.ibm.com> References: <20210922031129.4188386-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: XxPRrX8-vrfKzW_31vb-kvQ-yLxhhnfT X-Proofpoint-ORIG-GUID: XxPRrX8-vrfKzW_31vb-kvQ-yLxhhnfT X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-22_01,2021-09-20_01,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 adultscore=0 spamscore=0 suspectscore=0 phishscore=0 bulkscore=0 impostorscore=0 priorityscore=1501 mlxscore=0 mlxlogscore=999 clxscore=1015 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109200000 definitions=main-2109220019 Subject: [Skiboot] [RFC 3/8] secvar/drivers: add mode-switchable storage driver for secboot_tpm X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" This patch adds a new storage driver that detects whether a system should load static built-in variables, or load from the regular SECBOOT PNOR partition and TPM NV. The storage driver is responsible for maintaining the protected storage available (in this case, TPM NV), therefore it must be also be responsible for preserving this state across reboots in this protected storage. Ultimately, the storage driver controls the secure boot state of the system -- if it cannot load the variables, then there is nothing for the backend to operate on. Furthermore, if it cannot load from the root of trust, then we have no idea what the previous state of the system may have been. This new driver operates in two "modes", USER_MODE and SYSTEM_MODE. USER_MODE operates exactly as the normal secboot_tpm driver does. SYSTEM_MODE does not load anything from persistant storage, and passes off the loading of default variables to the backend. This driver utilizes a previously unused TPM NV index reserved for opal secure boot use (0x01c10192) to store which mode it is operating in. The driver will initialize itself into a mode based on the value stored in the MODE index, and if undefined, on the status of the indices used by the secboot_tpm driver. The following describes the possible states: - MODE undefined, VARS/CONTROL undefined -> SYSTEM_MODE - MODE undefined, VARS/CONTROL defined -> USER_MODE - MODE index defined, value = SYSTEM_MODE -> SYSTEM_MODE - MODE index defined, value = USER_MODE -> USER_MODE The first option details the first-boot scenario, the system (if built with default variables) will boot directly into SYSTEM_MODE. The second option covers a scenario where the machine may have initialized secvar prior (e.g. firmware upgrade occurred), and so it initializes in USER_MODE instead, to preserve the machine's previous state. Physical presence is used to switch between modes. Asserting with the clear-os-keys option will set to USER_MODE, and effectively disable secure boot. Asserting with reset-default-keys will set to SYSTEM_MODE, and secure boot will be enabled with the default keys provided by the backend. RFC NOTE: This is probably the messiest part of this patch set. I am trying to keep the secboot_tpm driver relatively untouched, so that these new modes are purely an extension on the existing driver(s). However, as the TPM NV space is needed to securely preserve the state, this new driver needs to re-implement a lot of the same TPM NV initialization logic. I am looking to refactor the existing secboot_tpm driver to be more modular, and also better reactive to some of its components being pre-initialized. At the moment, it should most "work" as is, it is just very inelegant as it repeats a lot of the same initialization steps when the init function is called in USER_MODE. I have left a lot of TODO comments in where I would be copy-pasting even more bits from secboot_tpm -- all candidates for a better refactor and reuse of code from secboot_tpm. Signed-off-by: Eric Richter --- include/secvar.h | 2 + libstb/secvar/storage/Makefile.inc | 2 +- .../secvar/storage/secboot_tpm_switchable.c | 251 ++++++++++++++++++ .../secvar/storage/secboot_tpm_switchable.h | 15 ++ 4 files changed, 269 insertions(+), 1 deletion(-) create mode 100644 libstb/secvar/storage/secboot_tpm_switchable.c create mode 100644 libstb/secvar/storage/secboot_tpm_switchable.h diff --git a/include/secvar.h b/include/secvar.h index 413d7997..259b9b63 100644 --- a/include/secvar.h +++ b/include/secvar.h @@ -5,6 +5,7 @@ #define _SECVAR_DRIVER_ #include +#include struct secvar; @@ -37,6 +38,7 @@ struct secvar_backend_driver { }; extern struct secvar_storage_driver secboot_tpm_driver; +extern struct secvar_storage_driver secboot_tpm_switchable_driver; extern struct secvar_backend_driver edk2_compatible_v1; int secvar_main(struct secvar_storage_driver, struct secvar_backend_driver); diff --git a/libstb/secvar/storage/Makefile.inc b/libstb/secvar/storage/Makefile.inc index 50156fe2..dbddd6e5 100644 --- a/libstb/secvar/storage/Makefile.inc +++ b/libstb/secvar/storage/Makefile.inc @@ -7,7 +7,7 @@ SUBDIRS += $(SECVAR_STORAGE_DIR) # Swap the comment on these two lines to use the fake TPM NV # implementation hardware without a TPM -SECVAR_STORAGE_OBJS = secboot_tpm.o tpmnv_ops.o +SECVAR_STORAGE_OBJS = secboot_tpm.o tpmnv_ops.o secboot_tpm_switchable.o #SECVAR_STORAGE_OBJS = secboot_tpm.o fakenv_ops.o SECVAR_STORAGE = $(SECVAR_STORAGE_DIR)/built-in.a diff --git a/libstb/secvar/storage/secboot_tpm_switchable.c b/libstb/secvar/storage/secboot_tpm_switchable.c new file mode 100644 index 00000000..0790ed68 --- /dev/null +++ b/libstb/secvar/storage/secboot_tpm_switchable.c @@ -0,0 +1,251 @@ +#include +#include +#include +#include "../secvar.h" +#include "../secvar_devtree.h" +#include "secboot_tpm.h" +#include +#include +#include "secboot_tpm_switchable.h" + +/* POTENTIAL ITEMS TO MOVE TO secboot_tpm.h */ +#define SECBOOT_TPM_MAX_VAR_SIZE 8192 + +extern const uint8_t tpmnv_vars_name[34]; +extern const uint8_t tpmnv_vars_prov_name[34]; +extern const uint8_t tpmnv_control_name[34]; +extern const uint8_t tpmnv_control_prov_name[34]; + +/* END POTENTIALLY HEADER STUFF */ + +// TODO: actually get the correct mode name hash here. +const uint8_t tpmnv_mode_name[] = { + 0x00, 0x0b, + 0x7a, 0xe8, 0x16, 0xe0, 0x15, 0xab, 0xdc, 0xd8, 0xc6, 0xe6, 0xa1, 0x6f, 0x26, 0x71, 0x65, 0x96, + 0x69, 0x15, 0x04, 0xd1, 0x05, 0x14, 0xfc, 0xf0, 0x82, 0x17, 0x99, 0x22, 0x4e, 0x06, 0xe5, 0x76, +}; + +const uint8_t tpmnv_mode_prov_name[] = { + 0x00, 0x0b, + 0x7a, 0xe8, 0x16, 0xe0, 0x15, 0xab, 0xdc, 0xd8, 0xc6, 0xe6, 0xa1, 0x6f, 0x26, 0x71, 0x65, 0x96, + 0x69, 0x15, 0x04, 0xd1, 0x05, 0x14, 0xfc, 0xf0, 0x82, 0x17, 0x99, 0x22, 0x4e, 0x06, 0xe5, 0x76, +}; + +uint64_t mode_value = 0; + + +// TODO: break down into reusable functions w/ the functions in secboot_tpm_store_init +static int pre_switchable_init(void) +{ + TPMI_RH_NV_INDEX *indices = NULL; + char nv_vars_name[sizeof(tpmnv_vars_name)]; + char nv_control_name[sizeof(tpmnv_control_name)]; + char nv_mode_name[sizeof(tpmnv_mode_name)]; + size_t count = 0; + bool control_defined = false; + bool vars_defined = false; + bool mode_defined = false; + int i, rc; + + /* Check if the NV indices have been defined already */ + rc = tpmnv_ops.getindices(&indices, &count); + if (rc) { + prlog(PR_ERR, "Could not load defined indicies from TPM, rc=%d\n", rc); + goto error; + } + + for (i = 0; i < count; i++) { + if (indices[i] == SECBOOT_TPMNV_VARS_INDEX) + vars_defined = true; + else if (indices[i] == SECBOOT_TPMNV_CONTROL_INDEX) + control_defined = true; + else if (indices[i] == SECBOOT_TPMNV_MODE_INDEX) + mode_defined = true; + } + free(indices); + + if (secvar_check_clear_keys() || secvar_check_set_default_keys()) { + /* TODO: undefine *ALL THREE* indices */ + mode_defined = control_defined = vars_defined = false; + } + + if (mode_defined) { + // TODO: Probably break a lot of the following up into a reusable function between + // this driver and secboot_tpm + TPMS_NV_PUBLIC nv_public; + TPM2B_NAME vars_tmp; + + rc = tpmnv_ops.readpublic(SECBOOT_TPMNV_MODE_INDEX, + &nv_public, + &vars_tmp); + if (rc) { + prlog(PR_ERR, "Failed to readpublic from the MODE index, rc=%d\n", rc); + return rc; + } + + memcpy(nv_mode_name, vars_tmp.t.name, MIN(sizeof(tpmnv_vars_name), vars_tmp.t.size)); + + + // TODO: perhaps rework this function too, or just drop that extra function + if (!memcmp(tpmnv_mode_prov_name, nv_mode_name, sizeof(tpmnv_mode_prov_name))) { + /* Detected a provisioned mode index, claim it here and set the mode to system mode */ + // TODO: perhaps not hardcode the space + rc = tpmnv_ops.definespace(SECBOOT_TPMNV_MODE_INDEX, sizeof(uint64_t)); + if (rc) { + prlog(PR_ERR, "Failed to define the MODE index, rc=%d\n", rc); + return rc; + } + + /* Write TPMNV variables to actual NV */ + mode_value = 1; + rc = tpmnv_ops.write(SECBOOT_TPMNV_MODE_INDEX, &mode_value, sizeof(mode_value), 0); + if (rc) + return rc; + + return OPAL_SUCCESS; + } + + if (!memcmp(tpmnv_mode_name, nv_mode_name, sizeof(tpmnv_mode_name))) { + /* Detected an improperly defined mode index, give up? */ + abort(); // TODO: don't actually abort, this should be in an init function + } + + + rc = tpmnv_ops.read(SECBOOT_TPMNV_VARS_INDEX, + &mode_value, + sizeof(mode_value), 0); + if (rc) { + prlog(PR_ERR, "Failed to read from the VARS index\n"); + goto error; + } + + return OPAL_SUCCESS; + } + + /* Mode index was not defined, so we need to check the other indices first */ + + /* Determine if we need to define the indices. These should BOTH be false or true */ + if (!vars_defined && !control_defined) { + // TODO: Define *ALL THREE* indices here, perhaps let the other init handle the formatting? + // or do we format here as well in secboot_tpm format? + + if (secvar_check_clear_keys()) { + /* clear-os-keys was issued, continue in user mode (OS secure boot disabled) */ + mode_value = USER_MODE; + } + + /* reset-default-keys likely undefined the indices, either way default to system mode */ + mode_value = SYSTEM_MODE; + + goto define; + } + if (vars_defined ^ control_defined) { + /* This should never happen. Both indices should be defined at the same + * time. Otherwise something seriously went wrong. */ + prlog(PR_ERR, "NV indices defined with unexpected attributes. Assert physical presence to clear\n"); + goto error; + } + + rc = secboot_tpm_get_tpmnv_names(nv_vars_name, nv_control_name); + if (rc) + goto error; + + if (secboot_tpm_check_provisioned_indices(nv_vars_name, nv_control_name)) { + // TODO: Reclaim the NV indices here, we default to system mode (noop), + // so that driver will not handle it. + + mode_value = SYSTEM_MODE; + goto define; + } + + /* Otherwise, ensure the NV indices were defined with the correct set of attributes */ + rc = secboot_tpm_check_tpmnv_attrs(nv_vars_name, nv_control_name); + if (rc) + goto error; + + /* Reaching here, mode index was not defined, and the other NV indices were. + * This is (likely) a firmware update case, where we should preserve the previous + * secure boot state. */ + mode_value = SYSTEM_MODE; + +define: + rc = tpmnv_ops.definespace(SECBOOT_TPMNV_MODE_INDEX, sizeof(mode_value)); + if (rc) { + prlog(PR_ERR, "Failed to define the MODE index, rc=%d\n", rc); + return rc; + } + + rc = tpmnv_ops.write(SECBOOT_TPMNV_MODE_INDEX, + &mode_value, + sizeof(mode_value), 0); + if (rc) { + prlog(PR_ERR, "Could not write to the MODE index, rc=%d\n", rc); + goto error; + } + + return OPAL_SUCCESS; + +error: + // TODO: error handle better here + return rc; +} + +static int switchable_store_init(void) +{ + int rc; + + rc = pre_switchable_init(); + if (rc) { + prlog(PR_ERR, "Failed to initialize/detect secure boot mode\n"); + } + + if (mode_value == USER_MODE) + return secboot_tpm_driver.store_init(); + return OPAL_SUCCESS; +} + +static int switchable_load_bank(struct list_head *bank, int section) +{ + if (mode_value == USER_MODE) + return secboot_tpm_driver.load_bank(bank, section); + return OPAL_SUCCESS; +} + +static int switchable_write_bank(struct list_head *bank, int section) +{ + if (mode_value == USER_MODE) + return secboot_tpm_driver.write_bank(bank, section); + return OPAL_SUCCESS; +} + +static void switchable_lockdown(void) +{ + /* Note: While write lock is called here on the two NV indices, + * both indices are also defined on the platform hierarchy. + * The platform hierarchy auth is set later in the skiboot + * initialization process, and not by any secvar-related code. + */ + int rc; + + rc = tpmnv_ops.writelock(SECBOOT_TPMNV_MODE_INDEX); + if (rc) { + prlog(PR_EMERG, "TSS Write Lock failed on CONTROL index, halting.\n"); + abort(); + } + + /* Unconditionally call the secboot_tpm lockdown as well to lock the other + * two indices we care about. */ + secboot_tpm_driver.lockdown(); +} + + +struct secvar_storage_driver secboot_tpm_switchable_driver = { + .store_init = switchable_store_init, + + /* These two hooks are no-ops, no storage actually needed */ + .load_bank = switchable_load_bank, + .write_bank = switchable_write_bank, + + .lockdown = switchable_lockdown, + .max_var_size = SECBOOT_TPM_MAX_VAR_SIZE, +}; diff --git a/libstb/secvar/storage/secboot_tpm_switchable.h b/libstb/secvar/storage/secboot_tpm_switchable.h new file mode 100644 index 00000000..2c95b387 --- /dev/null +++ b/libstb/secvar/storage/secboot_tpm_switchable.h @@ -0,0 +1,15 @@ +#ifndef _SECBOOT_TPM_SWITCHABLE_H_ +#define _SECBOOT_TPM_SWITCHABLE_H_ + +#include + +#define SECBOOT_TPMNV_MODE_INDEX 0x01c10192 + +extern uint64_t mode_value; + +enum switchable_modes { + USER_MODE, + SYSTEM_MODE, +}; + +#endif \ No newline at end of file From patchwork Wed Sep 22 03:11:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1531002 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=rj8FDMV3; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=2404:9400:2:0:216:3eff:fee1:b9f1; helo=lists.ozlabs.org; envelope-from=skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2404:9400:2:0:216:3eff:fee1:b9f1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4HDjyT1r8fz9sRK for ; Wed, 22 Sep 2021 13:12:17 +1000 (AEST) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4HDjyT0kDQz2ywX for ; Wed, 22 Sep 2021 13:12:17 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=rj8FDMV3; dkim-atps=neutral X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=rj8FDMV3; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4HDjxq34Xbz2yL9 for ; Wed, 22 Sep 2021 13:11:43 +1000 (AEST) Received: from pps.filterd (m0098414.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18M2TZnM025793 for ; Tue, 21 Sep 2021 23:11:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=5jU0v0c5nxyED7RRQ+iDTXMEUrf7SAKBaULDGnLXKM0=; b=rj8FDMV3M4mMfoSnvuXWjoHxSA2V7/8HSSa+qe3pidTcFxuN7/NcPXCchSzeHu3VxUsa 1lVpaN6iKsSpF2XcXyd7IZPxU0z2TBNL4avtZ1v/nBIRcztD0JOW7IXRDDxCHOnxqqff u42C598qL/maiU/vCoXrpO7JahYqQFjjPqMoV+k7yteTPQAAESO8lI5Jkbuy9B46v574 R0QYUzNIQCQ/04h70TPe5wSAP+pdoy1Jn8jCtaRu/ZZD+qctba3OAAAM9f/1xJymDbTx 1kTx1xnT49m4QVlLdlPlC3n5yoMOLsFy0m4H8i2PyzTwhtwo8SKqUk0/fDJdpTgNr+t8 Bg== Received: from ppma03ams.nl.ibm.com (62.31.33a9.ip4.static.sl-reverse.com [169.51.49.98]) by mx0b-001b2d01.pphosted.com with ESMTP id 3b7urkgm92-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 21 Sep 2021 23:11:40 -0400 Received: from pps.filterd (ppma03ams.nl.ibm.com [127.0.0.1]) by ppma03ams.nl.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18M37wEX013832 for ; Wed, 22 Sep 2021 03:11:39 GMT Received: from b06cxnps4075.portsmouth.uk.ibm.com (d06relay12.portsmouth.uk.ibm.com [9.149.109.197]) by ppma03ams.nl.ibm.com with ESMTP id 3b7q6phjgu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 22 Sep 2021 03:11:39 +0000 Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18M3BZew49283544 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 22 Sep 2021 03:11:35 GMT Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AA8FCA4059; Wed, 22 Sep 2021 03:11:35 +0000 (GMT) Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E3D73A4040; Wed, 22 Sep 2021 03:11:34 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.65.202.213]) by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 22 Sep 2021 03:11:34 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Tue, 21 Sep 2021 22:11:25 -0500 Message-Id: <20210922031129.4188386-5-erichte@linux.ibm.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210922031129.4188386-1-erichte@linux.ibm.com> References: <20210922031129.4188386-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: PwR6eE-Q9Z2XOStTy8q6CmS_nk5NZ5So X-Proofpoint-GUID: PwR6eE-Q9Z2XOStTy8q6CmS_nk5NZ5So X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-21_07,2021-09-20_01,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 malwarescore=0 lowpriorityscore=0 phishscore=0 spamscore=0 suspectscore=0 bulkscore=0 clxscore=1015 mlxlogscore=676 adultscore=0 priorityscore=1501 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109200000 definitions=main-2109220015 Subject: [Skiboot] [RFC 4/8] secboot_tpm_switchable merge X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" Signed-off-by: Eric Richter --- libstb/secvar/storage/secboot_tpm_switchable.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libstb/secvar/storage/secboot_tpm_switchable.c b/libstb/secvar/storage/secboot_tpm_switchable.c index 0790ed68..28b1f434 100644 --- a/libstb/secvar/storage/secboot_tpm_switchable.c +++ b/libstb/secvar/storage/secboot_tpm_switchable.c @@ -64,7 +64,7 @@ static int pre_switchable_init(void) } free(indices); - if (secvar_check_clear_keys() || secvar_check_set_default_keys()) { + if (secvar_check_clear_keys() || secvar_check_reset_default_keys()) { /* TODO: undefine *ALL THREE* indices */ mode_defined = control_defined = vars_defined = false; } From patchwork Wed Sep 22 03:11:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1531003 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=OGXgRKy7; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=2404:9400:2:0:216:3eff:fee1:b9f1; helo=lists.ozlabs.org; envelope-from=skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2404:9400:2:0:216:3eff:fee1:b9f1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4HDjyc6fbzz9sRK for ; Wed, 22 Sep 2021 13:12:24 +1000 (AEST) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4HDjyc5Wzbz2ypL for ; Wed, 22 Sep 2021 13:12:24 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=OGXgRKy7; dkim-atps=neutral X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=OGXgRKy7; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4HDjxs3CJkz2yL9 for ; Wed, 22 Sep 2021 13:11:45 +1000 (AEST) Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18M1USvf028542 for ; Tue, 21 Sep 2021 23:11:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=Vb5uUGXJTNwBSzeSE2zUj8qxoIvK7Fj/lcVwawD+ixc=; b=OGXgRKy7wwr/1xtKMk8mzX+bNjfcTktoMwK/Bgk9GZOZ5xNCC18Gr+WB3Aco0m0NgCSP /CsuBkSDTIXCceFK/igOa9ZYvJW9FdpC0khVeaMfG/TPtpx71+p2g2JWV4z+HCIjH2Be pgvVz1w97+ZPode/3MvuJqQibxfAvTGdnXWb8fMjDerHUjzJQ4ci+9aAJWx5AxkSbmPN wuV3tQviCuaJ4V9Dlgs7mmtOwyi+a/feW58LGUPLccmxbYlt7aQMl0CVNDVgz2CQ6kWr UUA/TFNQu1R4i6SJzhH8+YBTavD4cX9zW+Z+IDBJjTNzYe6pxyPNizXBu+EjQwhs/9SA Xw== Received: from ppma03ams.nl.ibm.com (62.31.33a9.ip4.static.sl-reverse.com [169.51.49.98]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b7tvv9faw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 21 Sep 2021 23:11:43 -0400 Received: from pps.filterd (ppma03ams.nl.ibm.com [127.0.0.1]) by ppma03ams.nl.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18M37xPB013855 for ; Wed, 22 Sep 2021 03:11:40 GMT Received: from b06cxnps3074.portsmouth.uk.ibm.com (d06relay09.portsmouth.uk.ibm.com [9.149.109.194]) by ppma03ams.nl.ibm.com with ESMTP id 3b7q6phjgw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 22 Sep 2021 03:11:40 +0000 Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18M3BaNx43319698 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 22 Sep 2021 03:11:36 GMT Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A879DA4053; Wed, 22 Sep 2021 03:11:36 +0000 (GMT) Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id ECCDDA404D; Wed, 22 Sep 2021 03:11:35 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.65.202.213]) by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 22 Sep 2021 03:11:35 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Tue, 21 Sep 2021 22:11:26 -0500 Message-Id: <20210922031129.4188386-6-erichte@linux.ibm.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210922031129.4188386-1-erichte@linux.ibm.com> References: <20210922031129.4188386-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 4Ur9wXXGl6H8ZWQoWHu-mB_1lBFrgqPp X-Proofpoint-GUID: 4Ur9wXXGl6H8ZWQoWHu-mB_1lBFrgqPp X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-22_01,2021-09-20_01,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 suspectscore=0 mlxlogscore=903 clxscore=1015 mlxscore=0 phishscore=0 malwarescore=0 lowpriorityscore=0 priorityscore=1501 bulkscore=0 spamscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109200000 definitions=main-2109220015 Subject: [Skiboot] [RFC 5/8] secvar: add build-time mechanism to inject default variable data X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" To allow the implementation of a backend that uses static, built-in variables, this patch adds the ability to compile in a blob of data, accessible by symbol named similarly to the file in which the data was loaded from. To operate: place a file in the libstb/secvar/defaultvars directory named `secvar_default_NAME.var`, where NAME is the case-sensitive name of the variable the static-variable enabled backend will expect it to be. For example, to build in a db into the forthcoming edk2-compat-static driver, copy the db.esl file into the aforementioned directory as `secvar_default_db.var`. This will be compiled in, and exposed in the secvar_default_vars.h header, which will look something like: uint8_t secvar_default_db[] = { ... }; \#define SECVAR_DEFAULT_DB The #define may be used by backends to determine if a default variable was provided for a specific variable it may expect. RFC NOTE: This is a rather janky first implementation, and ideally should be improved in some form. I am open to suggestions on how to improve this. Ideally at minimum, the backend should be able to "discover" which variables have been built in. Furthermore, there should likely be some kind of trigger to detect whether or not default keys have been built in at all, but that is something that will come up in a later patch. Signed-off-by: Eric Richter --- Makefile.main | 1 + libstb/secvar/Makefile.inc | 3 ++- libstb/secvar/defaultvars/Makefile.inc | 31 ++++++++++++++++++++++++++ 3 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 libstb/secvar/defaultvars/Makefile.inc diff --git a/Makefile.main b/Makefile.main index c8a63e8b..d0b5d4eb 100644 --- a/Makefile.main +++ b/Makefile.main @@ -409,6 +409,7 @@ clean: $(RM) include/asm-offsets.h version.c .version $(RM) skiboot.info external/gard/gard.info external/pflash/pflash.info $(RM) extract-gcov $(TARGET).lid.stb $(TARGET).lid.xz.stb + $(RM) libstb/secvar/defaultvars/*.{c,d,o,h} distclean: clean $(RM) *~ $(SUBDIRS:%=%/*~) include/*~ diff --git a/libstb/secvar/Makefile.inc b/libstb/secvar/Makefile.inc index 57c7cfb5..1d6f4c81 100644 --- a/libstb/secvar/Makefile.inc +++ b/libstb/secvar/Makefile.inc @@ -8,5 +8,6 @@ SECVAR = libstb/secvar/built-in.a include $(SRC)/libstb/secvar/storage/Makefile.inc include $(SRC)/libstb/secvar/backend/Makefile.inc +include $(SRC)/libstb/secvar/defaultvars/Makefile.inc -$(SECVAR): $(SECVAR_OBJS:%=libstb/secvar/%) $(SECVAR_STORAGE) $(SECVAR_BACKEND) +$(SECVAR): $(SECVAR_OBJS:%=libstb/secvar/%) $(SECVAR_DEFAULTVARS) $(SECVAR_STORAGE) $(SECVAR_BACKEND) diff --git a/libstb/secvar/defaultvars/Makefile.inc b/libstb/secvar/defaultvars/Makefile.inc new file mode 100644 index 00000000..f831413d --- /dev/null +++ b/libstb/secvar/defaultvars/Makefile.inc @@ -0,0 +1,31 @@ +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# -*-Makefile-*- + +SECVAR_DEFAULTVARS_DIR = libstb/secvar/defaultvars + +SUBDIRS += $(SECVAR_DEFAULTVARS_DIR) + +SECVAR_DEFAULTVARS_FILES = $(wildcard $(SECVAR_DEFAULTVARS_DIR)/secvar_default_*.var) +SECVAR_DEFAULTVARS_C_FILES = $(patsubst %.var,%.c,$(notdir $(SECVAR_DEFAULTVARS_FILES))) +SECVAR_DEFAULTVARS_OBJS = $(patsubst %.c,%.o,$(SECVAR_DEFAULTVARS_C_FILES)) + +$(SECVAR_DEFAULTVARS_DIR)/secvar_default_vars.h: $(SECVAR_DEFAULTVARS_FILES) + echo -n "" > $@ + for var in $(subst .var,,$(notdir $^)) ; do \ + echo "#ifndef _SECVAR_DEFAULTVARS_H_" >> $@ ; \ + echo "#define _SECVAR_DEFAULTVARS_H_" >> $@ ; \ + echo "extern unsigned char *$$var;" >> $@ ; \ + echo -n "#define " >> $@ ; \ + echo $$var | tr [:lower:] [:upper:] >> $@ ; \ + echo "#endif" >> $@ ; \ + done; + +secvar_default_%.c: secvar_default_%.var $(SECVAR_DEFAULTVARS_DIR)/secvar_default_vars.h + echo $^ + echo "unsigned char $(subst .var,,$(notdir $<))[] = {" > $@ + cat $^ | xxd -e -i >> $@ + echo "};" >> $@ + +SECVAR_DEFAULTVARS = $(SECVAR_DEFAULTVARS_DIR)/built-in.a + +$(SECVAR_DEFAULTVARS): $(SECVAR_DEFAULTVARS_OBJS:%=$(SECVAR_DEFAULTVARS_DIR)/%) From patchwork Wed Sep 22 03:11:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1531004 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=Lr/PyxFS; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=2404:9400:2:0:216:3eff:fee1:b9f1; helo=lists.ozlabs.org; envelope-from=skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2404:9400:2:0:216:3eff:fee1:b9f1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4HDjym3Rwtz9sRK for ; Wed, 22 Sep 2021 13:12:32 +1000 (AEST) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4HDjym21hhz2ywr for ; Wed, 22 Sep 2021 13:12:32 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=Lr/PyxFS; dkim-atps=neutral X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=Lr/PyxFS; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4HDjxs6DXhz2yL9 for ; Wed, 22 Sep 2021 13:11:45 +1000 (AEST) Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18M1dOrW007789 for ; Tue, 21 Sep 2021 23:11:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=2cFy/oyVg4df6q3fJHffq/E6Eewe67OGmv9n3YuidUc=; b=Lr/PyxFS+XXGxaZZIYRbwKHd9h38WX6NovjfJeRcg8/8Tu+3k/2Ng/VE+F3pY9pSCpKJ P+nZbHCRfCsFyg748bBfD6s8cPn0Jm1R38N36M3GFm1CUfTiLFnwLdoTGkO7rupeC3CA E8WcZEmv+Ng6GfhDiCjPmcei/NCYeoVp+MTZLjPiW9QyOjaZwYD3Ayx9PKoRkKgKkPMI rJdGV4V32qlCYwZ/CjRNPrlCDr77xGrVgwtg4GmalF4ow9MkceDg3oINcLfZm7NHkKJs gXYV8kIYb6fH06lV6WALH+KyyQW+qRHjKc37M1+AsMPrIeHvBYgyxx4LwUWcCnj1FWdN bQ== Received: from ppma03ams.nl.ibm.com (62.31.33a9.ip4.static.sl-reverse.com [169.51.49.98]) by mx0b-001b2d01.pphosted.com with ESMTP id 3b7sqracgv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 21 Sep 2021 23:11:42 -0400 Received: from pps.filterd (ppma03ams.nl.ibm.com [127.0.0.1]) by ppma03ams.nl.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18M37wEY013832 for ; Wed, 22 Sep 2021 03:11:41 GMT Received: from b06cxnps4076.portsmouth.uk.ibm.com (d06relay13.portsmouth.uk.ibm.com [9.149.109.198]) by ppma03ams.nl.ibm.com with ESMTP id 3b7q6phjh1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 22 Sep 2021 03:11:41 +0000 Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18M3BbqF65012154 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 22 Sep 2021 03:11:37 GMT Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A627AA4059; Wed, 22 Sep 2021 03:11:37 +0000 (GMT) Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EAE28A4040; Wed, 22 Sep 2021 03:11:36 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.65.202.213]) by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 22 Sep 2021 03:11:36 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Tue, 21 Sep 2021 22:11:27 -0500 Message-Id: <20210922031129.4188386-7-erichte@linux.ibm.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210922031129.4188386-1-erichte@linux.ibm.com> References: <20210922031129.4188386-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 8-gGOz1gjqYGJ8eKoBht8Q8t_rM_Tof6 X-Proofpoint-GUID: 8-gGOz1gjqYGJ8eKoBht8Q8t_rM_Tof6 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-22_01,2021-09-20_01,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 malwarescore=0 bulkscore=0 adultscore=0 mlxlogscore=999 lowpriorityscore=0 spamscore=0 phishscore=0 impostorscore=0 clxscore=1015 suspectscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109200000 definitions=main-2109220019 Subject: [Skiboot] [RFC 6/8] secvar/drivers: add a edk2-derived static key backend X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" The current edk2-compat-v1 backend expects the user of the system to enroll their own secure boot keys into variables to enable secure boot, and there is no behavior to allow default secure boot keys to be pre-loaded into variables for the hardware appliance use-case. This patch introduces a new backend driver that only exposes variables provided at compile-time, and will not process any updates. OS secure boot will always be enabled when utilizing this driver. This driver uses the same format as the edk2-compat-v1 driver, so existing code (e.g secvar-sysfs in linux) should be able to interact with this in the exact same manner. To effectively utilize this driver, it is recommended to at least provide PK and db variable data (in ESL form), as according to the defaultvars specification. RFC NOTE: This is a simple driver not intended to be directly used; the next patch will introduce a wrapper driver that will switch between using this driver and the original edk2-compat-v1 driver based on the secure boot mode. Consider this driver to be the SYSTEM_MODE behavior, and the original unmodified edk2-compat-v1 driver to be USER_MODE. That said, I think it is still useful to provide as a standalone driver, rather than baked in to the switchable wrapper driver -- it could be used on a system that does not have a protected form of storage (e.g. TPM) to still enable secure boot if a user wants to compile their own firmware, or on an appliance that does not want/need to be able to disable secure boot entirely. In both cases, it should be used with a no-op storage driver. Signed-off-by: Eric Richter --- include/secvar.h | 1 + libstb/secvar/backend/Makefile.inc | 2 +- libstb/secvar/backend/edk2-compat-static.c | 80 ++++++++++++++++++++++ 3 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 libstb/secvar/backend/edk2-compat-static.c diff --git a/include/secvar.h b/include/secvar.h index 259b9b63..3b439eaf 100644 --- a/include/secvar.h +++ b/include/secvar.h @@ -40,6 +40,7 @@ struct secvar_backend_driver { extern struct secvar_storage_driver secboot_tpm_driver; extern struct secvar_storage_driver secboot_tpm_switchable_driver; extern struct secvar_backend_driver edk2_compatible_v1; +extern struct secvar_backend_driver edk2_compatible_v1_static; int secvar_main(struct secvar_storage_driver, struct secvar_backend_driver); diff --git a/libstb/secvar/backend/Makefile.inc b/libstb/secvar/backend/Makefile.inc index 436f9faf..b929769f 100644 --- a/libstb/secvar/backend/Makefile.inc +++ b/libstb/secvar/backend/Makefile.inc @@ -5,7 +5,7 @@ SECVAR_BACKEND_DIR = libstb/secvar/backend SUBDIRS += $(SECVAR_BACKEND_DIR) -SECVAR_BACKEND_OBJS = edk2-compat.o edk2-compat-process.o edk2-compat-reset.o +SECVAR_BACKEND_OBJS = edk2-compat.o edk2-compat-process.o edk2-compat-reset.o edk2-compat-static.o SECVAR_BACKEND = $(SECVAR_BACKEND_DIR)/built-in.a $(SECVAR_BACKEND): $(SECVAR_BACKEND_OBJS:%=$(SECVAR_BACKEND_DIR)/%) diff --git a/libstb/secvar/backend/edk2-compat-static.c b/libstb/secvar/backend/edk2-compat-static.c new file mode 100644 index 00000000..8c708a8c --- /dev/null +++ b/libstb/secvar/backend/edk2-compat-static.c @@ -0,0 +1,80 @@ +#include +#include "../secvar_devtree.h" +#include "../secvar.h" +#include "../defaultvars/secvar_default_vars.h" + +static int edk2_compat_pre_process_static(struct list_head *variable_bank, + struct list_head *update_bank __unused) +{ + struct secvar *var; + + /* Avoid unused if no static keys */ + (void) var; + (void) variable_bank; + +#ifdef SECVAR_DEFAULT_PK + var = new_secvar("PK", 3, secvar_default_PK, sizeof(secvar_default_PK), SECVAR_FLAG_VOLATILE); + if (!var) + return OPAL_NO_MEM; + + list_add_tail(variable_bank, &var->link); +#endif +#ifdef SECVAR_DEFAULT_KEK + var = new_secvar("KEK", 3, secvar_default_KEK, sizeof(secvar_default_KEK), SECVAR_FLAG_VOLATILE); + if (!var) + return OPAL_NO_MEM; + + list_add_tail(variable_bank, &var->link); +#endif +#ifdef SECVAR_DEFAULT_DB + var = new_secvar("db", 3, secvar_default_db, sizeof(secvar_default_db), SECVAR_FLAG_VOLATILE); + if (!var) + return OPAL_NO_MEM; + + list_add_tail(variable_bank, &var->link); +#endif +#ifdef SECVAR_DEFAULT_DBX + var = new_secvar("dbx", 3, secvar_default_dbx, sizeof(secvar_default_dbx), SECVAR_FLAG_VOLATILE); + if (!var) + return OPAL_NO_MEM; + + list_add_tail(variable_bank, &var->link); +#endif + + return OPAL_SUCCESS; +} + + +static int edk2_compat_process_static(struct list_head *variable_bank __unused, + struct list_head *update_bank __unused) +{ + /* No updates will ever be processed, so return an EMPTY here to signal + * that no updates were managed, and thus the storage driver doesn't have + * to do anything either. */ + return OPAL_EMPTY; +} + +static int edk2_compat_post_process_static(struct list_head *variable_bank __unused, + struct list_head *update_bank __unused) +{ + + /* Always set secure mode when using this static driver. */ + + secvar_set_secure_mode(); + + return OPAL_SUCCESS; +} + +static int edk2_compat_validate_static(struct secvar *var __unused) +{ + /* No updates are processed in static key mode. Reject all. */ + return OPAL_PERMISSION; +}; + +struct secvar_backend_driver edk2_compatible_v1_static = { + .pre_process = edk2_compat_pre_process_static, + .process = edk2_compat_process_static, + .post_process = edk2_compat_post_process_static, + .validate = edk2_compat_validate_static, + .compatible = "ibm,edk2-compat-v1", // TODO: add an additional static compatible here? +}; From patchwork Wed Sep 22 03:11:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1531005 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=IE+LO5dr; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=2404:9400:2:0:216:3eff:fee1:b9f1; helo=lists.ozlabs.org; envelope-from=skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2404:9400:2:0:216:3eff:fee1:b9f1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4HDjyv5XzNz9sRK for ; Wed, 22 Sep 2021 13:12:39 +1000 (AEST) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4HDjyv42Q7z2ygC for ; Wed, 22 Sep 2021 13:12:39 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=IE+LO5dr; dkim-atps=neutral X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=IE+LO5dr; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4HDjxt4C9lz2yL9 for ; Wed, 22 Sep 2021 13:11:46 +1000 (AEST) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18M320bB002068 for ; Tue, 21 Sep 2021 23:11:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=ocI/33IeBnVh3ad7R3RYvEfXrSnE0rLtjK4p620QCKY=; b=IE+LO5dr48z5RZIUbi7WDOYZGsbFbezGuRrDExwZIgb52AW9f9+NNB/xSC+vgPlYClZ1 iXQ5v2vEWx16e9fD5z81L+j7F2+RSZ11Kx8VANomt9Rk1SrPdKgox56NJ6ob3Yr78eoX xClYIZv4fP2N2LFbIhwuGxaQhzH90U3RIsVPuWznHLNXEiCwCv2EK51Dam4jGW7GbnDi kV7kG+/A+ZySplZFWKwiNapjO0/KkI3NSa28Wbgm39nyEdDtordAVctb35c7WcdwKFhM O9GtG34m6apw4lA6EiLVjt+mcYRZIVFwFuLPqOSl0HIpO230yf1UvFKGIMMQHn4+7/w9 Xw== Received: from ppma03ams.nl.ibm.com (62.31.33a9.ip4.static.sl-reverse.com [169.51.49.98]) by mx0b-001b2d01.pphosted.com with ESMTP id 3b7r8mc069-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 21 Sep 2021 23:11:43 -0400 Received: from pps.filterd (ppma03ams.nl.ibm.com [127.0.0.1]) by ppma03ams.nl.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18M37twp013829 for ; Wed, 22 Sep 2021 03:11:42 GMT Received: from b06avi18878370.portsmouth.uk.ibm.com (b06avi18878370.portsmouth.uk.ibm.com [9.149.26.194]) by ppma03ams.nl.ibm.com with ESMTP id 3b7q6phjh5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 22 Sep 2021 03:11:42 +0000 Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59]) by b06avi18878370.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18M36n3u58655166 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 22 Sep 2021 03:06:49 GMT Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B6470A4053; Wed, 22 Sep 2021 03:11:38 +0000 (GMT) Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 070C1A4055; Wed, 22 Sep 2021 03:11:38 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.65.202.213]) by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 22 Sep 2021 03:11:37 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Tue, 21 Sep 2021 22:11:28 -0500 Message-Id: <20210922031129.4188386-8-erichte@linux.ibm.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210922031129.4188386-1-erichte@linux.ibm.com> References: <20210922031129.4188386-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: cv0Xv39V-Nqwuz1LSr1wgbbprikZyaoK X-Proofpoint-GUID: cv0Xv39V-Nqwuz1LSr1wgbbprikZyaoK X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-22_01,2021-09-20_01,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 spamscore=0 priorityscore=1501 clxscore=1015 bulkscore=0 adultscore=0 malwarescore=0 suspectscore=0 mlxlogscore=999 impostorscore=0 phishscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109200000 definitions=main-2109220019 Subject: [Skiboot] [RFC 7/8] secvar/backend: add a switchable-mode edk2-based backend X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" This patch introduces a new backend driver that wraps the existing edk2-compat-v1 driver and the new edk2-compat-static driver, to switch functionality based on the secure boot mode as exposed by the secboot_tpm storage driver. If the secure boot mode is set to SYSTEM_MODE, all hooks will be passed to the edk2-compat-static driver. Otherwise, if the mode is USER_MODE, the regular edk2-compat-v1 driver hooks are called. As with the secboot_tpm_switchable driver, asserting physical presence will switch between modes: clear-os-keys will disable secure boot and enter USER_MODE, while reset-default-keys will enforce secure boot with default keys via the edk2-compat-static driver. RFC NOTE: I don't like how this driver has to directly interact with a specific storage driver. I am considering instead leaving a crumb in the device tree for this driver to inspect. That way, if documented as an interface, a future "switchable" storage driver may also be compatible with this switchable backend driver. The name "switchable" is subject to change, I did not put a lot of time into coming up with good names, so consider all of them placeholders. Signed-off-by: Eric Richter --- include/secvar.h | 1 + libstb/secvar/backend/Makefile.inc | 2 +- libstb/secvar/backend/edk2-switchable.c | 46 +++++++++++++++++++++++++ 3 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 libstb/secvar/backend/edk2-switchable.c diff --git a/include/secvar.h b/include/secvar.h index 3b439eaf..2aa52ec2 100644 --- a/include/secvar.h +++ b/include/secvar.h @@ -41,6 +41,7 @@ extern struct secvar_storage_driver secboot_tpm_driver; extern struct secvar_storage_driver secboot_tpm_switchable_driver; extern struct secvar_backend_driver edk2_compatible_v1; extern struct secvar_backend_driver edk2_compatible_v1_static; +extern struct secvar_backend_driver edk2_switchable_driver; int secvar_main(struct secvar_storage_driver, struct secvar_backend_driver); diff --git a/libstb/secvar/backend/Makefile.inc b/libstb/secvar/backend/Makefile.inc index b929769f..b60efe83 100644 --- a/libstb/secvar/backend/Makefile.inc +++ b/libstb/secvar/backend/Makefile.inc @@ -5,7 +5,7 @@ SECVAR_BACKEND_DIR = libstb/secvar/backend SUBDIRS += $(SECVAR_BACKEND_DIR) -SECVAR_BACKEND_OBJS = edk2-compat.o edk2-compat-process.o edk2-compat-reset.o edk2-compat-static.o +SECVAR_BACKEND_OBJS = edk2-compat.o edk2-compat-process.o edk2-compat-reset.o edk2-compat-static.o edk2-switchable.o SECVAR_BACKEND = $(SECVAR_BACKEND_DIR)/built-in.a $(SECVAR_BACKEND): $(SECVAR_BACKEND_OBJS:%=$(SECVAR_BACKEND_DIR)/%) diff --git a/libstb/secvar/backend/edk2-switchable.c b/libstb/secvar/backend/edk2-switchable.c new file mode 100644 index 00000000..f2883928 --- /dev/null +++ b/libstb/secvar/backend/edk2-switchable.c @@ -0,0 +1,46 @@ +#include +#include +#include "../storage/secboot_tpm_switchable.h" +#include "../secvar.h" + +static int switchable_pre_process(struct list_head *variable_bank, + struct list_head *update_bank) +{ + if (mode_value == USER_MODE) + return edk2_compatible_v1.pre_process(variable_bank, update_bank); + return edk2_compatible_v1_static.pre_process(variable_bank, update_bank); +} + + +static int switchable_process(struct list_head *variable_bank, + struct list_head *update_bank) +{ + if (mode_value == USER_MODE) + return edk2_compatible_v1.process(variable_bank, update_bank); + return edk2_compatible_v1_static.process(variable_bank, update_bank); +} + +static int switchable_post_process(struct list_head *variable_bank, + struct list_head *update_bank) +{ + if (mode_value == USER_MODE) + return edk2_compatible_v1.post_process(variable_bank, update_bank); + return edk2_compatible_v1_static.post_process(variable_bank, update_bank); +} + +static int switchable_validate(struct secvar *var) +{ + if (mode_value == USER_MODE) + return edk2_compatible_v1.validate(var); + return edk2_compatible_v1_static.validate(var); +}; + +struct secvar_backend_driver edk2_switchable_driver = { + .pre_process = switchable_pre_process, + .process = switchable_process, + .post_process = switchable_post_process, + .validate = switchable_validate, + // TODO: perhaps this should also be a composite compatible? + // The interface isn't changing, but it might be useful to know if using a switchable backend + .compatible = "ibm,edk2-compat-v1", +}; From patchwork Wed Sep 22 03:11:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1531006 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=REhaSx0t; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=2404:9400:2:0:216:3eff:fee1:b9f1; helo=lists.ozlabs.org; envelope-from=skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2404:9400:2:0:216:3eff:fee1:b9f1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4HDjz30Ykhz9sRK for ; Wed, 22 Sep 2021 13:12:47 +1000 (AEST) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4HDjz26WQgz2yw5 for ; Wed, 22 Sep 2021 13:12:46 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=REhaSx0t; dkim-atps=neutral X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=REhaSx0t; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4HDjxv0KNPz2yZx for ; Wed, 22 Sep 2021 13:11:46 +1000 (AEST) Received: from pps.filterd (m0098414.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18M2TbF0025848 for ; Tue, 21 Sep 2021 23:11:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=HASyMuhtEJXGzuxlEp/bE3HrqBpgdAqJiCTHrIBUVrg=; b=REhaSx0ts5aJ1eHBFcR/z9ykNfpuCmML1R665maOO+DxzEUilkjxzYW8LtEt1bmizTRU 2j6mj6ShTesUrJf7sPWfIDIcH2Fj/wP2HBq/atYonMBUSAG/ck3DDqKgnIrY7EDFW2JA 6hqaEMTHm1ZE0oXtbvdXZVr3dY0msOE88dsbP24EPfuhbAH69Y3vnfrquHKSwOwKBiue MYWxJ45TXECuzDnTKD0mqyPl7wV/kZxl0WanwdrPg/MRbgyRhfFcHvONzt970PUqWwzz vsb4Lovw+dbP+7AnEP6ucjP7BPF1OQTBrxHDQlaP0DMe75SCH0SFiVlIvfWZd3trVx5Y aA== Received: from ppma04ams.nl.ibm.com (63.31.33a9.ip4.static.sl-reverse.com [169.51.49.99]) by mx0b-001b2d01.pphosted.com with ESMTP id 3b7urkgm9y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 21 Sep 2021 23:11:44 -0400 Received: from pps.filterd (ppma04ams.nl.ibm.com [127.0.0.1]) by ppma04ams.nl.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18M37xGh030031 for ; Wed, 22 Sep 2021 03:11:43 GMT Received: from b06avi18626390.portsmouth.uk.ibm.com (b06avi18626390.portsmouth.uk.ibm.com [9.149.26.192]) by ppma04ams.nl.ibm.com with ESMTP id 3b7q6qsjb5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 22 Sep 2021 03:11:43 +0000 Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59]) by b06avi18626390.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18M36rKA30736742 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 22 Sep 2021 03:06:53 GMT Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B4555A4051; Wed, 22 Sep 2021 03:11:39 +0000 (GMT) Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 04650A4053; Wed, 22 Sep 2021 03:11:39 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.65.202.213]) by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 22 Sep 2021 03:11:38 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Tue, 21 Sep 2021 22:11:29 -0500 Message-Id: <20210922031129.4188386-9-erichte@linux.ibm.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210922031129.4188386-1-erichte@linux.ibm.com> References: <20210922031129.4188386-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: ILD9TGX_6DY7kQJZPMXePiAF38Lvn2i9 X-Proofpoint-GUID: ILD9TGX_6DY7kQJZPMXePiAF38Lvn2i9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-21_07,2021-09-20_01,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 malwarescore=0 lowpriorityscore=0 phishscore=0 spamscore=0 suspectscore=0 bulkscore=0 clxscore=1015 mlxlogscore=999 adultscore=0 priorityscore=1501 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109200000 definitions=main-2109220015 Subject: [Skiboot] [RFC 8/8] mowgli: (EXAMPLE) enable mode-switchable drivers for secvar X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" This example patch enables the new mode-switchable secvar drivers for the mowgli platform. RFC NOTE: This is a patch that should likely be carried out-of-tree for platforms that decide to use these switchable drivers. As this will depend on having default variables compiled it, there should likely be some compile-time check to confirm default keys are in use, or some runtime check to force USER_MODE if no built-in keys are provided. I am slightly in favor of the latter option, so that it is easier for users of platforms supported by secvar to enable switchable modes by only needing to supply default variable data. --- platforms/astbmc/mowgli.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/platforms/astbmc/mowgli.c b/platforms/astbmc/mowgli.c index df83319d..8b0686b6 100644 --- a/platforms/astbmc/mowgli.c +++ b/platforms/astbmc/mowgli.c @@ -84,7 +84,9 @@ static bool mowgli_probe(void) } static int mowgli_secvar_init(void) { - return secvar_main(secboot_tpm_driver, edk2_compatible_v1); + // TODO: Provide a compile-time check to make sure there actually are static keys? + // have switchable mode only in the presence of a mode to switch to + return secvar_main(secboot_tpm_switchable_driver, edk2_switchable_driver); }