diff options
| author | Claudio Carvalho <cclaudio@linux.vnet.ibm.com> | 2017-12-09 02:52:29 -0200 |
|---|---|---|
| committer | Stewart Smith <stewart@linux.vnet.ibm.com> | 2017-12-18 21:30:57 -0600 |
| commit | 48fd73cfc7073911a1ecdf0ff62e1800ef544d2a (patch) | |
| tree | b27fbf121782036044b0e31854b840a6bd10ea30 /hdata | |
| parent | ccdbfdac637c2ddabfcc36371344cd5c6c648e1b (diff) | |
| download | skiboot-48fd73cfc7073911a1ecdf0ff62e1800ef544d2a.zip skiboot-48fd73cfc7073911a1ecdf0ff62e1800ef544d2a.tar.gz skiboot-48fd73cfc7073911a1ecdf0ff62e1800ef544d2a.tar.bz2 | |
hdata/spira: add ibm, secureboot node in P9
In P9, skiboot builds the device tree from the HDAT. These are the
"ibm,secureboot" node changes compared to P8:
- The Container-Verification-Code (CVC), a.k.a. ROM code, is no longer
stored in a secure ROM with static address. In P9, it is stored in a
hostboot reserved memory and each service provided also has a version,
not only an offset.
- The hash-algo property is not provided via HDAT, instead it provides
the hw-key-hash-size, which is indeed the information required by the
CVC to verify containers.
This parses the iplparams_sysparams HDAT structure and creates the
"ibm,secureboot", which is bumped to "ibm,secureboot-v2".
In "ibm,secureboot-v2":
- hash-algo property is superseded by hw-key-hash-size.
- container verification code is explicitly described by a child node.
Added in a subsequent patch.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Reviewed-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Reviewed-by: Oliver O'Halloran <oohall@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Diffstat (limited to 'hdata')
| -rw-r--r-- | hdata/spira.c | 39 | ||||
| -rw-r--r-- | hdata/spira.h | 15 |
2 files changed, 48 insertions, 6 deletions
diff --git a/hdata/spira.c b/hdata/spira.c index 532a50a..edb140d 100644 --- a/hdata/spira.c +++ b/hdata/spira.c @@ -938,6 +938,42 @@ static void add_nmmu(void) } } +static void dt_init_secureboot_node(const struct iplparams_sysparams *sysparams) +{ + struct dt_node *node; + u16 sys_sec_setting; + u16 hw_key_hash_size; + + node = dt_new(dt_root, "ibm,secureboot"); + assert(node); + + dt_add_property_string(node, "compatible", "ibm,secureboot-v2"); + + sys_sec_setting = be16_to_cpu(sysparams->sys_sec_setting); + if (sys_sec_setting & SEC_CONTAINER_SIG_CHECKING) + dt_add_property(node, "secure-enabled", NULL, 0); + if (sys_sec_setting & SEC_HASHES_EXTENDED_TO_TPM) + dt_add_property(node, "trusted-enabled", NULL, 0); + + hw_key_hash_size = be16_to_cpu(sysparams->hw_key_hash_size); + + /* Prevent hw-key-hash buffer overflow by truncating hw-key-hash-size if + * it is bigger than the hw-key-hash buffer. + * Secure boot will be enforced later in skiboot, if the hw-key-hash-size + * was not supposed to be SYSPARAMS_HW_KEY_HASH_MAX. + */ + if (hw_key_hash_size > SYSPARAMS_HW_KEY_HASH_MAX) { + prlog(PR_ERR, "IPLPARAMS: hw-key-hash-size=%d too big, " + "truncating to %d\n", hw_key_hash_size, + SYSPARAMS_HW_KEY_HASH_MAX); + hw_key_hash_size = SYSPARAMS_HW_KEY_HASH_MAX; + } + + dt_add_property(node, "hw-key-hash", sysparams->hw_key_hash, + hw_key_hash_size); + dt_add_property_cells(node, "hw-key-hash-size", hw_key_hash_size); +} + static void add_iplparams_sys_params(const void *iplp, struct dt_node *node) { const struct iplparams_sysparams *p; @@ -1024,6 +1060,9 @@ static void add_iplparams_sys_params(const void *iplp, struct dt_node *node) sys_attributes = be32_to_cpu(p->sys_attributes); if (sys_attributes & SYS_ATTR_RISK_LEVEL) dt_add_property(node, "elevated-risk-level", NULL, 0); + + if (version >= 0x60 && proc_gen >= proc_gen_p9) + dt_init_secureboot_node(p); } static void add_iplparams_ipl_params(const void *iplp, struct dt_node *node) diff --git a/hdata/spira.h b/hdata/spira.h index 190afad..17c6a2a 100644 --- a/hdata/spira.h +++ b/hdata/spira.h @@ -355,6 +355,7 @@ struct iplparams_sysparams { __be32 abc_bus_speed; __be32 wxyz_bus_speed; __be32 sys_eco_mode; +#define SYS_ATTR_MULTIPLE_TPM PPC_BIT32(0) #define SYS_ATTR_RISK_LEVEL PPC_BIT32(3) __be32 sys_attributes; __be32 mem_scrubbing; @@ -369,12 +370,14 @@ struct iplparams_sysparams { uint8_t split_core_mode; /* >= 0x5c */ uint8_t reserved[3]; uint8_t sys_vendor[64]; /* >= 0x5f */ - /* >= 0x60 */ - __be16 sys_sec_setting; - __be16 tpm_config_bit; - __be16 tpm_drawer; - __be16 reserved2; - uint8_t hw_key_hash[64]; +#define SEC_CONTAINER_SIG_CHECKING PPC_BIT16(0) +#define SEC_HASHES_EXTENDED_TO_TPM PPC_BIT16(1) + __be16 sys_sec_setting; /* >= 0x60 */ + __be16 tpm_config_bit; /* >= 0x60 */ + __be16 tpm_drawer; /* >= 0x60 */ + __be16 hw_key_hash_size; /* >= 0x60 */ +#define SYSPARAMS_HW_KEY_HASH_MAX 64 + uint8_t hw_key_hash[SYSPARAMS_HW_KEY_HASH_MAX]; /* >= 0x60 */ uint8_t sys_family_str[64]; /* vendor,name */ uint8_t sys_type_str[64]; /* vendor,type */ } __packed; |