| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Commit ad7e9a67c4e4 ("xive/p9: obsolete OPAL_XIVE_IRQ_SHIFT_BUG
flags") forgot to remove the internal flag.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Since Mowgli has only one slot, modify the names of other slots to avoid confusion.
Cc: skiboot-stable@lists.ozlabs.org
Signed-off-by: LuluTHSu <Lulu_Su@wistron.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Refer to the spec. of mowgli, limit the slot to Gen3 speed.
For mowgli platform spec.
Cc: skiboot-stable@lists.ozlabs.org
Signed-off-by: LuluTHSu <Lulu_Su@wistron.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
A very hacky, but very useful script that parses the PowerNV EEH register dump
from the kernel log, and the verbose EEH dump from the opal message log
and renders it into something mostly readable.
Cc: Mahesh Salgaonkar <mahesh@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
`msg` is valid pointer here. I don't recall why I added assert here :-(
This is not correct. We shouldn't call assert here. Also we are not using
`msg`. Hence convert it to `__unused`.
Fixes: 19d4f98e ('FSP/NVRAM: Handle "get vNVRAM statistics" command')
Cc: skiboot-stable@lists.ozlabs.org # v5.4.x +
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Reviewed-by: Mahesh Salgaonkar <mahesh@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Hostboot doesn't export the correct data for the system VPD EEPROM for this system.
So add vpd_dt_fixup().
Cc: skiboot-stable@lists.ozlabs.org
Signed-off-by: LuluTHSu <Lulu_Su@wistron.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
On systems using recent versions of systemd /dev (devtmpfs) is mounted with
noexec option. Such mount prevents mapping HBRT image code region as RWX
from /dev. This commit, as suggested in github PR linked below, attempts to
work around the situation by copying HBRT image to anon mmaped memory
region and sets mprotect rwx on it, allowing opal-prd to sucessfully
execute the code region.
Having memory region set as RWX is not ideal for security, but fixing that
is a separate and hard to solve problem. Original code also mmaped region
as RWX, so this PR does not make things worse at least.
Closes: https://github.com/open-power/skiboot/issues/258
Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>
Reviewed-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
[oliver: whitespace fix, add a comment, reflow commit message]
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Secure variable support is needed for Host OS Secure Boot key management.
This needs to be enabled for each platform, as each platform needs to
select the storage and backend drivers to use. This patch adds secure
variable support to the mowgli platform.
Test Results:
After applying the patch, sysfs and device-tree shows secvar entries correctly.
# cd /sys/firmware/secvar/
# ls
format vars
# cat format
ibm,edk2-compat-v1
# cd vars
# ls
KEK PK TS db dbx
# cat PK/size
0
# cat KEK/size
0
# cat TS/size
64
# cat db/size
0
# cat dbx/size
0
# ls /proc/device-tree/ibm,secureboot/
compatible hw-key-hash-size name secure-enabled
hw-key-hash ibm,cvc phandle trusted-enabled
# ls /proc/device-tree/ibm,opal/secvar/status
/proc/device-tree/ibm,opal/secvar/status
# ls /proc/device-tree/ibm,opal/secvar/
compatible max-var-key-len name status
format max-var-size phandle update-status
# cat /proc/device-tree/ibm,opal/secvar/status
okay#
# cat /proc/device-tree/ibm,opal/secvar/format
ibm,edk2-compat-v1#
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
With the addition of the secvar patches the GCOV enabled builds now
produce a skiboot.lid that greater than 4MB. This is larger than the
historical max firmware image size supported by the PowerNV Qemu model
so we need to skip the Qemu boot tests in that case.
Non-GCOV builds are still well under the limit (2.3MB or so) and mambo
tests are not affected, so this shouldn't be a big deal. If the Qemu
happens to support a larger image size this should continue to work
without issues.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
The edk2 test file includes some mbedtls files directly, make sure that
those also include the correct mbedtls config file.
Without this, the default config file is used, which conflicts with the
version we build as part of skiboot.
As host libc includes a SIZE_MAX macro, this also changes the SIZE_MAX
macro defined in mbedtls_config.h (needed for some mbedtls functions) to
only be defined if it isn't already.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Linking against the host mbedtls introduces problems if the host does not
have the library, or if the host has a different version installed.
This patch changes the tests to instead build mbedtls from the version
included in skiboot using the host compiler, removing the dependency on
external mbedtls.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
The secvar makefiles use $(SRC) in a few places they shouldn't and don't
use it in a few places they should. Also drop the _SRCS rules and the
pattern substuituion that turns them into _OBJS rules because chaining
dependent rules is infuriating at the best of times.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Some versions of GCC complain about this. That and since it's a static
global it goes in the BSS and is initialized to zero anyway.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Witht addition of libtss and mbedtls the .data section now overlaps the
start of the .bss section. Adding a few MB to the offset doesn't hurt.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Needed for the secvar unit tests.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch adds following more unit test cases and improve comments.
* Check for successful processing of queued updates
* Check for queued updates when one update fail, especially when PK is
added.
* Check for queued updates when one update fail, especially when PK is
deleted.
* Check hw-key-hash addition/deleting/verification.
* Update dbxcert file
* Update rc checks against specific failure error return codes.
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch fixes following bugs. Additionally, it improves logs.
* Failure in adding/deleting PK as part of failure of processing any
subsequential update in the queue didn't reset the global variable
setup_mode to the original value. This patch adds the fix to always
set the value of setup_mode as per final contents in variable_bank
before existing process().
* Deletion of HWKH as part of deleting PK was only updating the value of
the variable to be zero. However, this didn't deallocate the variable from
the bank and was getting exposed via sysfs.
* The mismatch in verification of hw-key-hash, was also clearing staging
bank, which isn't initialized in this case. Fix the cleanup tag to only
clear update_bank.
* Fixes a memory leak in validate_esl_list().
* Convert signature verification error code from mbedtls into
opal error code as OPAL_PERMISSION.
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
The TPM NV index size for storing the PK was originally set to 1024,
which was determined to be a "smallest maximum" size that we
determined to be enough to store the PK. However with overhead, this
only allowed for about ~912 bytes, which is far too small to store a
certificate, as it only permits about ~10 characters in the x509
subject field.
This patch increases the TPM NV Vars index to 2048 bytes, which is the
largest size a single NV index can be on the Nuvoton npct650 chip.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
indices
The Nuvoton npct650 chip has a command buffer max size of 1024.
Attempting to read or write from an NV index larger than this value
would return an error.
This patch changes the tss_nv_read and tss_nv_write commands to chunk
their operations in 1024-byte batches to allow support for larger NV
indices.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Secure variable support needs to be enabled for each platform, and each
platform needs to select which storage and backend drivers to use (or
alternatively implement their own). This patch adds secure variable
support to the witherspoon platform.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch contains a set of tests to exercise the edk2 driver using actual
properly (and in some cases, improperly) signed binary data.
Due to the excessive size of the binary data included in the header files,
this test was split into its own patch.
Co-developed-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
As part of secureboot key management, the scheme for handling key updates
is derived from tianocore reference implementation[1]. The wrappers for
holding the signed update is the Authentication Header and for holding
the public key certificate is ESL (EFI Signature List), both derived from
tianocore reference implementation[1].
This patch adds the support to process update queue. This involves:
1. Verification of the update signature using the key authorized as per the
key hierarchy
2. Handling addition/deletion of the keys
3. Support for dbx (blacklisting of hashes)
4. Validation checks for the updates
5. Supporting multiple ESLs for single variable both for update/verification
6. Timestamp check
7. Allowing only single PK
8. Failure Handling
9. Resetting keystore if the hardware key hash changes
[1] https://github.com/tianocore/edk2-staging.git
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch adds a pkcs7 parser for mbedtls that hasn't yet
gone upstream. Once/if that implementation is accepted,
this patch can be removed.
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch adds a small userspace utility to locally generate the
expected hash returned by a TSS_NV_ReadPublic command for the NV
indices as defined by the secboot_tpm storage driver. This removes the
need for manually copying in the hash from the ReadPublic output if for some
reason the set of attributes used when defining the NV indices changes in the
future.
As this is an auxiliary tool, it is not built by default and must be
manually built using `make gen_tpmnv_public_name`.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch adds some simple unit cases to exercise the storage driver,
using the fake TPM NV implementation.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
The secboot_tpm storage driver heavily relies on the TPM to ensure data
integrity, which makes it difficult to test in userspace or on hardware
without a TPM.
This patch adds a bunch of functions that implement the tssskiboot
interface, and simulates the expected TPM behavior utilizing PNOR space
instead.
THIS IS NOT INTENDED FOR PRODUCTION USE.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch implements the platform specific logic for persisting the
secure variable storage banks across reboots via the SECBOOT PNOR
partition.
For POWER 9, all secure variables and updates are stored in the
in the SECBOOT PNOR partition. The partition is split into three
sections: two variable bank sections, and a section for storing
updates. The driver alternates writes between the two variable
sections, so that the final switch from one set of variables to
the next can be as atomic as possible by flipping an "active bit"
stored in TPM NV.
PNOR space provides no lock protection, so prior to writing the
variable bank, a sha256 hash is calculated and stored in TPM NV.
This hash is compared against the hash of the variables loaded from
PNOR to ensure consistency -- otherwise a failure is reported, no keys
are loaded (which should cause skiroot to refuse to boot if secure boot
support is enabled).
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
In secure boot enabled systems, the petitboot linux kernel verifies the
OS kernel against x509 certificates that are wrapped in secure variables
controlled by OPAL. These secure variables are stored in the PNOR SECBOOT
partition, as well as the updates submitted for them using userspace
tools.
This patch adds read and write support to the PNOR SECBOOT partition in
a similar fashion to that of NVRAM, so that OPAL can handle the secure
variables.
Signed-off-by: Claudio Carvalho <cclaudio@linux.ibm.com>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch adds a reference document that explains the intended use for
each of the secvar driver API functions to aid in future secvar driver
implementations.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch adds a simple function to detect whether or not physical
presence has been asserted. In the current implementation, all physical
presence assertion modes are treated the same.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch reads the hdata bits to check for physical presence
assertion, and creates device tree entries to be consumed later in the
boot.
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch adjusts the API unit tests to use the secvar struct rather than
the old secvar_node. Where applicable, some manual allocations have also been
replaced with the util functions.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Originally, the secvar struct was intended to contain all the variable
information seperate from the linked list/etc metadata, so that copying
and serialization/deserialization could be handled by a single memcpy().
This is fragile, potentially compiler dependent, and doesn't account for
endianness. Therefore, this patch removes the static allocation for key, now
allocates a buffer for data, and completely removes the now unnecessary
secvar_node struct.
As a side effect, some of the secvar_util functionality has been tweaked where
it makes sense. Most notably alloc_secvar now takes in an extra argument as it
now has to allocate the key
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch adds the following helper functions:
- dealloc_secvar()
- new_secvar()
- copy_bank_list()
dealloc_secvar() frees a whole secvar_node reference including
its children allocations. This also updates the clear_bank_list()
helper function to use this destructor.
new_secvar() allocates a secvar_node, and fills it with data
provided via arguments.
copy_bank_list() creates a deep copy of a secvar bank list
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Previously, backends were implicitly expected to operate on global
references to the variable and update banks. This patch changes the
interface for this driver to instead take the banks in as an argument.
This removes the implict dependency on these references, makes the
design consistent with the storage driver, and also will simplify unit
testing of these functions.
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch adjusts the behavior of secvar_main to actually halt the boot
in some form if there is an issue initializing secure variables. The secvar
storage driver contains the secure boot state, and therefore if that fails
to initialize, we immediately need to halt the boot. For all other cases we
enforce secure boot in the bootloader by setting the secure mode flag, but
booting with an empty keyring (and thus, cannot verify a kexec image).
Previously, the storage driver was expected to handle any locking
procedures implicitly as part of the write operation. This patch uses the
new lockdown hook which makes locking explicit and part of the secvar_main
flow.
The storage driver is now locked unconditionally when exiting
secvar_main, and the lockdown() call should halt the boot if it encounters
any sign of struggle.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Previously, it was implied that the storage driver would lock itself after
performing a write action. As this behavior is not particularly clear when
reviewing the main secvar flow, this action instead has been made explicit.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
OS Secure Boot establishes a chain of trust from firmware to the OS.
However, OS Secure Boot can only be secure if the chain of trust
beneath it - from hardware to firmware - has been established by
Firmware Secure Boot. This patch ensures that OS Secure Boot is enabled
only if Firmware Secure Boot is enabled.
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch exposes the secureboot_enforce() function to unify any
system-halting behavior enacted by either firmware or OS secure boot.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Set in core/init.c before trustedboot_exit_boot_services.
Signed-off-by: Ryan Grimm <grimm@linux.ibm.com>
Signed-off-by: Mauro S. M. Rodrigues <maurosr@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This is being removed in favor of using a standard TSS library which
offers a more broad implementation that is required for the new
necessities of trusted and secure boot.
Signed-off-by: Mauro S. M. Rodrigues <maurosr@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
The new implementation of PCR_Read, PCR_Extend and Eventlog uses the
recently introduced standard TSS library.
Old TSS implementation will be removed in the following commit.
Signed-off-by: Mauro S. M. Rodrigues <maurosr@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This new implementation uses the recently introduced standard TSS library,
reducing maintenance burden in skiboot side.
We have yet to switch over this new implementation and to remove the old
one in future commits.
Signed-off-by: Mauro S. M. Rodrigues <maurosr@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
In this commit we add some fundamental TSS operations:
- tss_nv_read_public
- tss_nv_read
- tss_nv_write
- tss_nv_write_lock
- tss_nv_define_space
- tss_nv_undefine_space
- tss_get_defined_nv_indices
- tss_pcr_extend
- tss_pcr_read
- tss_get_random_number
- tss_set_platform_auth
Co-authored-by: Eric Richter <erichte@linux.ibm.com>
Co-authored-by: Ryan Grimm <grimm@linux.ibm.com>
Signed-off-by: Mauro S. M. Rodrigues <maurosr@linux.vnet.ibm.com>
Signed-off-by: Mauro S. M. Rodrigues <maurosr@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
TSS will know which device and transmit handler to use through this
registration, and the equivalent unregistering process.
Signed-off-by: Mauro S. M. Rodrigues <maurosr@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Co-authored-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Mauro S. M. Rodrigues <maurosr@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
