Age | Commit message (Collapse) | Author | Files | Lines |
|
Found with the "codespell" utility.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Found with the "codespell" utility.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
When compiling the libnet code with Clang (e.g. for the s390-ccw bios),
it complains with the following warning:
ipv6.c:447:18: warning: variable length array folded to constant array
as an extension [-Wgnu-folding-constant]
unsigned short raw[ip6size];
^
The warning is completely harmless, of course. Anyway let's rewrite the
code a little bit to make the compiler silent again.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
We enabled additional compiler warnings in commit 26d8ba170355c9, but
so far we did not address the additional warnings in the js2x code
yet. This patch fixes at least some of the trivial warnings there.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This moves shared symbols out from the header file and leaves only
the minimum in bmc.h.
This fixes a "while (...); {" bug spotted by the modern gcc.
This fixes cleanup as otherwise the board-js2x/Makefile's "clean" tries
cleaning "rtas" which tries cleaning all libs (not just the ones it uses)
and that in turn triggers generation of lib/libtpm/Makefile.dep which
fails due to missing ./board-js2x/include/version.h.
This fixes create_reloc_table.sh to build with newer toolchains which
otherwise fail with:
ld: cannot use executable file 'reloc_table.o' as input to a link
This adds js2x compile to the travis script to know when it breaks
again.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
In the rare case of a TPM 2 failure, disable the platform hierarchy after
disabling the endorsement and owner hierarchies.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
It should be "channel" instead of "cannel", obviously.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Add test cases for sha1, sha256, sha384, and sha512 and a test script
to run the test cases.
The tests are passing on little and big endian machines (Fedora 28).
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Instead of just using sha256 for all PCR banks (and truncating
the value or zero-padding it) use the proper hash function for
each one of the banks. For unimplemented hashes, fill the buffer
with 0xff.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Use assembly for the 32 bit rotr in the sha256 implementation
similar to the assembly used in the sha1 and sha512 implementations.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Change the format of the S_CRTM_VERSION string to ucs-2 since this
is what seems to be commonly used by other firmwares following
insight from a TCG work group member.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Add a new firmware API call with the name 2HASH-EXT-LOG that will be used
by trusted grub for measuring, logging, and extending TPM PCRs.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This fixes gcc warnings from -Waddress-of-packed-member and -Wzero-length-bounds.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
---
tpm_drivers.c: In function ‘spapr_send_crq_and_wait’:
tpm_drivers.c:153:2: warning: converting a packed ‘struct crq’ pointer (alignment 1) to a ‘uint64_t’ {aka ‘long long unsigned int’} pointer alignment 8) may result in an unaligned pointer value [-Waddress-of-packed-member]
153 | rc = hv_send_crq(unit, (uint64_t *)crq);
| ^~
tpm_drivers.c:34:8: note: defined here
34 | struct crq {
| ^~~
tpm_drivers.c: In function ‘spapr_vtpm_senddata’:
tpm_drivers.c:346:2: warning: converting a packed ‘struct crq’ pointer (alignment 1) to a ‘uint64_t’ {aka ‘long long unsigned int’} pointer (alignment 8) may result in an unaligned pointer value [-Waddress-of-packed-member]
346 | rc = hv_send_crq(spapr_vtpm.unit, (uint64_t *)&crq);
| ^~
tpm_drivers.c:34:8: note: defined here
34 | struct crq {
| ^~~
[CC] common-libs
[CC] common-libs
tcgbios.c: In function ‘tpm20_write_EfiSpecIdEventStruct’:
tcgbios.c:708:24: warning: array subscript ‘numAlgs’ is outside the bounds of an interior zero-length array ‘struct TCG_EfiSpecIdEventAlgorithmSize[0]’ [-Wzero-length-bounds]
708 | event.hdr.digestSizes[numAlgs].algorithmId =
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
In file included from tpm_drivers.h:20,
from tcgbios.c:27:
tcgbios_int.h:92:4: note: while referencing ‘digestSizes’
92 | } digestSizes[0];
| ^~~~~~~~~~~
tcgbios.c:710:24: warning: array subscript ‘numAlgs’ is outside the bounds of an interior zero-length array ‘struct TCG_EfiSpecIdEventAlgorithmSize[0]’ [-Wzero-length-bounds]
710 | event.hdr.digestSizes[numAlgs].digestSize = cpu_to_log16(hsize);
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
In file included from tpm_drivers.h:20,
from tcgbios.c:27:
tcgbios_int.h:92:4: note: while referencing ‘digestSizes’
92 | } digestSizes[0];
| ^~~~~~~~~~~
|
|
Fix two details of the logs:
- Set the filed SpecErrata to 2 as required by specs.
- Write the separator into the log entry's event field.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Note this adds MIN() in tpm_gpt_set_lba1() so it may potentially fail
which is unlikely as the length comes from disk-label's block-size which
is used in other places.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
This also fixes unused parameters warning by passing meaningful value and
doing sanity checks.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
Changes:
v2:
* updated commit log about using AF_INET/etc
* replaced cast to int with size_t in pxelinux_load_cfg
* added (alen == 0) in ping()
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes with
one exception of -Wunused-parameter - this fixes it for debug macros only
and leave the rest for the future as more functional change is needed.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
Changes:
v2:
* updated debug macros to fix -Wunused-parameter
---
These are not fixed:
====== Building common libraries ======
[CC] usb-core.o
[CC] usb-ohci.o
[CC] usb-hid.o
[CC] usb-xhci.o
/home/aik/p/slof/lib/libusb/usb-core.c: In function ‘usb_set_address’:
/home/aik/p/slof/lib/libusb/usb-core.c:244:58: warning: unused parameter ‘port’ [-Wunused-parameter]
static int usb_set_address(struct usb_dev *dev, uint32_t port)
^~~~
/home/aik/p/slof/lib/libusb/usb-xhci.c: In function ‘xhci_send_enable_slot’:
/home/aik/p/slof/lib/libusb/usb-xhci.c:353:67: warning: unused parameter ‘port’ [-Wunused-parameter]
static void xhci_send_enable_slot(struct xhci_hcd *xhcd, uint32_t port)
^~~~
/home/aik/p/slof/lib/libusb/usb-ohci.c: In function ‘ohci_dump_regs’:
/home/aik/p/slof/lib/libusb/usb-ohci.c:42:46: warning: unused parameter ‘regs’ [-Wunused-parameter]
static void ohci_dump_regs(struct ohci_regs *regs)
^~~~
/home/aik/p/slof/lib/libusb/usb-core.c: In function ‘usb_handle_device’:
/home/aik/p/slof/lib/libusb/usb-core.c:444:80: warning: unused parameter ‘cfg’ [-Wunused-parameter]
static int usb_handle_device(struct usb_dev *dev, struct usb_dev_config_descr *cfg,
^~~
/home/aik/p/slof/lib/libusb/usb-xhci.c: In function ‘fill_setup_trb’:
/home/aik/p/slof/lib/libusb/usb-xhci.c:1026:13: warning: unused parameter ‘size’ [-Wunused-parameter]
uint32_t size)
^~~~
/home/aik/p/slof/lib/libusb/usb-xhci.c: In function ‘xhci_transfer_bulk’:
/home/aik/p/slof/lib/libusb/usb-xhci.c:1217:60: warning: unused parameter ‘td’ [-Wunused-parameter]
static int xhci_transfer_bulk(struct usb_pipe *pipe, void *td, void *td_phys,
^~
/home/aik/p/slof/lib/libusb/usb-xhci.c:1217:70: warning: unused parameter ‘td_phys’ [-Wunused-parameter]
static int xhci_transfer_bulk(struct usb_pipe *pipe, void *td, void *td_phys,
^~~~~~~
/home/aik/p/slof/lib/libusb/usb-xhci.c: In function ‘xhci_get_pipe_intr’:
/home/aik/p/slof/lib/libusb/usb-xhci.c:1364:22: warning: unused parameter ‘len’ [-Wunused-parameter]
char *buf, size_t len)
^~~
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
This changes the return value for the case when no ELF headers were found
to avoid (ugly-ish) cast of -1 to unsigned.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
Changes:
v2:
* cast the return value to (int)
* added missing (long)
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
Changes:
v2:
* replaced cast to int with cast to size_t
|
|
We already have MAX() defined, add MIN() to the common helpers header.
Using the common helper also fixes a bug in tpmdrivers's MIN() where
it was reverted.
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
Changes:
v2:
* updated the comment about a fixed bug
|
|
Implement tpm_hash_log_extend_event_buffer() that allows to measure
the contents of a buffer into a given PCR and log it with the
given event type and description. The caller may choose to have
the size of an ELF image file detected so that only data from the
ELF image are hashed rather than the much larger buffer.
Besides using this function call now for measuring the bootloader
read from a GPT partition, we also intend to use it for calls from
the firmware API that allow us to measure and log data from a boot
loader, such as grub. Grub will then invoke this function with a
buffer whose size it knows and will not need the ELF file size
detection.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Implement elf_get_file_size to determine the size of an ELF image
that has been loaded into a buffer much larger than the actual size
of the original file. We determine the size by searching for the
farthest offset declared by the ELF headers.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Add support for SHA3 type of algorithms that the vTPM may support
some time in the future.
The algorithms are assigned in "TCG Algorithm Registry"
https://trustedcomputinggroup.org/resource/tcg-algorithm-registry/
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
The vendorInfoSize is a uint8_t rather than a uint32_t.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Only write the logs for those PCRs that are allocated in
banks.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This reverts commit 674d0d0cf66d4 ("rtas: Reserve space for FWNMI log")
which expanded the RTAS blob size to match the QEMU expectation about
the RTAS area available for FWNMI logs.
Instead, it relies on QEMU passing the "rtas-size" property and passes it
through untouched. This adds a check that QEMU allocated enough for
RTAS blob. This adds a fallback to the default 20 bytes "rtas-size" if
none specified by QEMU.
While we are here, replace 's" /rtas" find-node' with 'rtas-node' which
we just set above.
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Linux closes stdout at the end of prom_init which triggers the FW quiesce
code which closes the virtio-serial instance. This misses stopping the
virtio queues. However this seemed working for a little longer (until the
Linux driver took over) till 300384f3dc68 which moved the VQ descriptors
around which caused use-after-free corruption.
This adds virtio_queue_term_vq(), cleanup in the forth driver and a few
checks.
Fixes: 300384f3dc68 ("virtio: Store queue descriptors in virtio_device")
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
[groug: - fix changelog
- don't restore emit]
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Fixes: 300384f3dc68 ("virtio: Store queue descriptors in virtio_device")
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Measure and log the GPT table including LBA1 and all GPT table entries
with a non-zero Type GUID.
We follow the specification "TCG PC Client Platform Firmware Profile
Specification" for the format of what needs to be logged and measured.
See section "Event Logging" subsection "Measuring UEFI Variables" for
the UEFI_GPT_DATA structure.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Implement a TPM 2 menu and enable the user to clear the TPM
and its activate PCR banks.
The main TPM menu is activated by pressing the 't' key during
firmware startup.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This patch adds TPM 2.0 support along with the firmware API that Linux
uses to transfer the firmware log.
The firmware API follows the "PFW Virtual TPM Driver" specification.
The API has callers in existing Linux code (prom_init.c) from TPM 1.2
times but the API also works for TPM 2.0 without modifications.
The TPM 2.0 support logs PCR extensions of measurements of code and data.
For this part we follow the TCG specification "TCG PC Client
Platform Firmware Profile Specification" (section "Event Logging").
Other relevant specs for the construction of TPM commands are:
- Trusted Platform Module Library; Part 2 Structures
- Trusted Platform Module Library; Part 3 Commands
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
[aik: removed new blank lines at EOF]
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
The following patch adds a SHA256 implementation based on the algorithm
description in NIST FIPS PUB 180-4. The patch includes test cases that test
the sha256 implementation and pass on big and little endian ppc64 hosts.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This patch adds a TPM driver for the CRQ interface as used by
the QEMU PAPR implementation.
Also add a Readme that explains the benefits and installation procedure
for the vTPM.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
c2358afb40d4 ("Add support for 64bit LE ABI v1 and v2 support") added
little endian ELF support for one of two ELF loading helpers, this fixes
oversight. With this changes, 'boot disk:2,boot\zImage' is able to handle
little-endian zimages.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
When QEMU is started with iommu_platform=on, the guest driver must accept
it or the device will fail.
This enables IOMMU support for virtio-net, -scsi, -block, -serial, -9p
devices. -serial and -9p are only compile tested though.
For virtio-net we map all RX buffers once and TX when xmit() is called
and unmap older pages when we are about to reuse the VQ descriptor.
As all other devices are synchronous, we unmap IOMMU pages right after
completion of a transaction.
This depends on QEMU's:
https://patchwork.ozlabs.org/patch/1194067/
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
Changes:
v5:
* fixed queue size calculation
* reworked virtio_free_desc() to only unmap what is has mapped
v4:
* ditched vqs->id in virtio_queue_init_vq
v2:
* added Mike's fs/dma-instance-function.fs
* total rework
|
|
Every virtio device negotiates virtio protocol features before setting
up internal queue descriptors with one exception which is virtio-net.
This moves virtio_queue_init_vq() later to have feature negotiation
happened sooner. This is going to be used for IOMMU setup later.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
At the moment desc/avail/used pointers are read from the device every
time we need them. This works for now unless iommu_platform=on is used,
desc/avail/used stored in the config space are bus addresses while
SLOF should keep using the guest physical addresses.
virtio-net stores queue descriptors already, virtio-serial does it in
global statics, move them into virtio_device.
The next patch will use this to allow IOMMU.
While at this, move repeating avail->flags/idx setup into
virtio_queue_init_vq() except virtio-serial which vq_rx->avail->idx is
setup differently.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
Changes:
v4:
* removed vqs::id as it is not really used
* replaced vq_size with vq->size in virtio-serial.c
|
|
It is never called outside of virtio, make it static.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
GCC 9 introduced some new compiler warnings that occur when taking the
address of a packed struct, e.g.:
lib/libnet/icmpv6.c:173:21: warning: taking address of packed member of
‘struct ip6hdr’ may result in an unaligned pointer value [-Waddress-of-packed-member]
173 | rtr = find_router (&(ip6h->src));
| ^~~~~~~~~~~~
Since these warnings are mainly about the ip6_addr_t values that are
embedded in these packed structs, and ip6_addr_t is reasonable small
(just 128 bit), let's fix it by passing around the IPv6 addresses by
value instead of pointer, which looks a little bit nicer anyway.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
gcc9 enforces -Waddress-of-packed-member, fix this.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
The current if-condition can never be true.
Buglink: https://bugs.launchpad.net/qemu/+bug/1840646
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
The Firmware Assisted Non-Maskable Interrupts Option (FWNMI) feature
requires some space for RTAS log which is in the RTAS blob area.
This expands the RTAS blob size to 2k.
More details here: https://patchwork.ozlabs.org/patch/1146765/
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
We implement RTAS as a simple binary blob which calls directly into QEMU
via a custom hcall. So far we were relying on QEMU putting the RTAS blob
to the guest memory with its location in linux,rtas-base/rtas-size.
The problems with this are:
1. we need to peek a location in the guest ram in addition to slof, FDT
and sometime kernel and init ram disk; having one less image makes QEMU's
life easier.
2. for secure VMs, it is yet another image which needs to be signed and
verified.
This implements "instantiate-rtas" completely in SLOF, including KVM PR
support ("broken sc1").
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
|