diff options
author | Eric Richter <erichte@linux.ibm.com> | 2019-11-05 01:37:56 -0600 |
---|---|---|
committer | Oliver O'Halloran <oohall@gmail.com> | 2019-11-07 17:46:33 +1100 |
commit | 484bdc5dda042ba46c84975a94eacb77e77e35e8 (patch) | |
tree | 94a67f28309c2757abd91f65e0f92faf2e072c4a /include | |
parent | 04f0cdb9bbb04f0d6295165a3a218d6d234dbee6 (diff) | |
download | skiboot-484bdc5dda042ba46c84975a94eacb77e77e35e8.zip skiboot-484bdc5dda042ba46c84975a94eacb77e77e35e8.tar.gz skiboot-484bdc5dda042ba46c84975a94eacb77e77e35e8.tar.bz2 |
libstb/secvar: add secure variable internal abstraction
This patch implements a platform-independent abstraction for storing and
retrieving secure variables, as required for host OS secure boot. This
serves as the main entry point for initializing the in-memory cache of the
secure variables, which also kicks off any platform-specific logic that may
be needed. This patch also provides core functions for the subsequent
patches in this series to utilize.
The base secure variable implementation makes use of two types of
drivers, to be selected by the platform: "storage" drivers, and
"backend" drivers. The storage driver implements the hooks required to
write the secure variables to some form of non-volatile memory, and load
the variables on boot. The backend driver defines how the variables
should be interpreted, and processed.
Secure variables are stored in two types of banks, the "variable" bank
and the "update" bank. Variables that have been validated and processed
are stored in the variable bank. This bank is effectively read-only
after the base secvar initialization. Any proposed variable updates are
instead stored in the update bank. During secvar initialization, the
backend driver processes variables from the update bank, and if valid,
adds the new variable to the variable bank.
NOTE: The name "backend" is subject to change. It operates more like a
scheme, so unless a better name comes along, it will likely change to
"scheme" or "schema" in the future.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
[oliver: added missing SPDX tags, removed unused definitions, style fixes]
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
---
V2:
- added secvar device tree node as child of ibm,secureboot
- added version and compatible properties to backend driver struct
- added secvar_ready flag for the API to detect if secvar
initialized successfully
- moved pre-process step to after initial variable load
- moved flags field from secvar struct to secvar node
V3:
- remove the metadata secvar field
- add probe_secvar() to bump compatible flag
- add device tree property for backend-agnostic secure mode setting
- remove backend minor version field
- remove static data allocation in secvar struct
V4:
- add alloc_secvar helpers
- removed ibm,secureboot version bump to v3
- secvars now store their allocated size seperate from the
data size (to permit overallocating)
- split device tree functions into their own file
- device tree changes:
- secvar now a child of ibm,opal
- compatible is "ibm,secvar-v1", backend creates its own node
- secure-mode is now a boolean os-secure-enforcing property
- storage and backends now have their own nodes
V5:
- removed storage device tree subnode
- moved max-var-size to secvar node
- added max-var-key-len
- fixed SPDX header in include/secvar.h
- removed obsolete enum
- removed unused devtree wrappers
- set secvar status prop earlier
V6:
- moved os-secureboot-enforcing to ibm,secureboot
- set secvar compatible based on backend
- removed backend node
Diffstat (limited to 'include')
-rw-r--r-- | include/platform.h | 2 | ||||
-rw-r--r-- | include/secvar.h | 29 |
2 files changed, 31 insertions, 0 deletions
diff --git a/include/platform.h b/include/platform.h index 0b04385..412f8fc 100644 --- a/include/platform.h +++ b/include/platform.h @@ -210,6 +210,8 @@ struct platform { uint32_t len); int (*nvram_write)(uint32_t dst, void *src, uint32_t len); + int (*secvar_init)(void); + /* * OCC timeout. This return how long we should wait for the OCC * before timing out. This lets us use a high value on larger FSP diff --git a/include/secvar.h b/include/secvar.h new file mode 100644 index 0000000..c41fb73 --- /dev/null +++ b/include/secvar.h @@ -0,0 +1,29 @@ +// SPDX-License-Identifier: Apache-2.0 +/* Copyright 2019 IBM Corp. */ + +#ifndef _SECVAR_DRIVER_ +#define _SECVAR_DRIVER_ + +#include <stdint.h> + +struct secvar; + +struct secvar_storage_driver { + int (*load_bank)(struct list_head *bank, int section); + int (*write_bank)(struct list_head *bank, int section); + int (*store_init)(void); + uint64_t max_var_size; +}; + +struct secvar_backend_driver { + int (*pre_process)(void); // Perform any pre-processing stuff (e.g. determine secure boot state) + int (*process)(void); // Process all updates + int (*post_process)(void); // Perform any post-processing stuff (e.g. derive/update variables) + int (*validate)(struct secvar *var); // Validate a single variable, return boolean + const char *compatible; // String to use for compatible in secvar node +}; + + +int secvar_main(struct secvar_storage_driver, struct secvar_backend_driver); + +#endif |