| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
We schedule timer and wait for `timer expiry` interrupt from SBE.
If we get new timer request which is lesser than inflight timer
expiry value we can update timer (essentially sending new timer chip-op
and SBE takes care of stoping inflight timer and scheduling new one).
SBE runs at much slower speed than host CPU. If we do continuous timer
update like below then SBE will be busy with handling PSU side timer
message and will not get time to handle FIFO side requests.
send timer chip-op -> Got ACK -> send timer chip-op
Hence this patch limits number of continuous timer update and we will
restart sending timer request as soon as we get timer expiry interrupt.
Rate limit value (2) is suggested by SBE team.
With this patch:
If our timer requests are : 2ms, 1500us, 1000us and 800us
(and requests are coming after sending each message)
We will schedule timer for 2ms and then update timer for 1500us and 1000us
(These update happens after getting ACK interrupt from SBE)
We will not send 800us request.
At 1000us we get `timer expiry` and we are good to send next timer requests
(At this stage both 1000us and 800us timeout happens. We will schedule
next timer request with timeout value 500us (1500-1000)).
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Timer flow:
- OPAL sends timer chip-op to SBE and waits for ACK
- Until we get ACK interrupt from SBE we will not schedule any new timer
- Once we get ACK either we wait for timer expiry -OR- schedule
new one if new-timer-request < inflight-timer-timeout value.
- If we get new timer request while processing current one
p9_sbe_update_timer_expiry code sets `has_new_target` and we
schedule it in ACK path (p9_sbe_timer_resp()).
p9_sbe_timer_resp() is callback handler and its called without lock.
It does not check whether timer message is busy or not (timer_ctrl_msg).
So in theory we may hit below scenario and corrupt msg_list.
CPU 1 -> Timer ACK (callback handler) -- its not holding any lock
CPU 2 -> Grabbed sbe_timer_lock -> scheduled timer --> done
CPU 3 -> p9_sbe_update_timer_expiry() -> see timer is busy -> sets has_new_timer -> done
CPU 1 -> gets chance to grab sbe_timer_lock -> saw has_new_timer -> Called p9_sbe_timer_schedule() --> List corrupted !
This patch adds timer message busy check in p9_sbe_timer_resp().
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Use the method provided by Frederic:
Add the "ibm, maximum link speed" attribute to the PHB device tree at index 0.
The phb4.c code will looks for it and set up the link correctly.
Signed-off-by: LuluTHSu <Lulu_Su@wistron.com>
Reviewed-by: Frederic Barrat <fbarrat@linux.ibm.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
This reverts commit 5262cdd1b99f77bca5951fc8132f9795ef0c2b87.
When link reset/retrain, this method cannot maintain the max-link-speed limit, so remove it.
Signed-off-by: LuluTHSu <Lulu_Su@wistron.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Commit 80fd2e963bd4 ("xscom: Don't log xscom errors caused by OPAL
calls") ensured that xscom errors caused due to XSCOM read/write OPAL
calls aren't logged in the error-log since the caller of the OPAL call
is expected to handle it.
However we are continuing to print the prerror() in the OPAL log
regarding the same. This patch reduces the severity of the log from
PR_ERROR to PR_INFO for the xscom read and write made via OPAL calls.
Tested-by: Pavaman Subramaniyam <pavsubra@in.ibm.com>
Signed-off-by: Gautham R. Shenoy <ego@linux.vnet.ibm.com>
Print info only for xscom read/writes made via opal calls
Signed-off-by: Gautham R. Shenoy <ego@linux.vnet.ibm.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
XIVE VPs are structures describing the vCPUs of guests. When starting
a guest, these are allocated and enabled and some checks are done on
the location of the associated ENDs, which describe the event
queues. If the block of the VP and the block of the ENDs do not match,
the XIVE driver asserts.
Unfortunately, there is no way to check that a VP identifier is part
of a VP block that was previously allocated and it is relatively easy
to crash the host with a bogus VP id. That can be done with a QEMU
hack on a machine using vsmt.
Simply remove the assert, the OS should gracefully handle the error.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reported-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Fix log message and convert perror to prlog.
Also reduce message severity as its informational message, not error.
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Looks like HBRT sets top bit in pcbaddress before making OCMB SCOM request.
We have to clear that bit so that we can find proper address range
for SCOM operation.
Sample failure:
[ 2578.156011925,3] OCMB: no matching address range!
[ 2578.156044481,3] scom_read: to 80000028 off: 8006430d4008c000 rc = -26
Also move HRMOR_BIT macro to common include file (hdata/spira.h -> skiboot.h).
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
If we have duplicate xscom nodes then it will fail to attach xscom
node to device tree and we will fail eventully. Better to call assert()
and fail here.
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Reviewed-by: Dan Horák <dan@danny.cz>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Reviewed-by: Dan Horák <dan@danny.cz>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Commit '6b08928d - build/lds: place debug sections according to
defaults' introduced a DEBUG_SECTIONS macro that is effectivelly
resetting the location pointer back to zero, making the next section
(builtin_kernel) collide with the earlier sections.
Fix by moving these sections to the very end.
Error message:
$ make KERNEL=zImage.epapr
[CC] asm/asm-offsets.s
[GN] include/asm-offsets.h
<...>
[LD] skiboot.tmp.elf
ld: section .builtin_kernel LMA [0000000000000000,0000000000285d87]
overlaps section .head LMA [0000000000000000,0000000000003897]
ld: section .naca LMA [0000000000004000,000000000000505f] overlaps
section .builtin_kernel LMA [0000000000000000,0000000000285d87]
make: *** [/skiboot/Makefile.main:333: skiboot.tmp.elf] Error 1
Fixes: 6b08928d - build/lds: place debug sections according to defaults
Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Sample output from Cédric:
-------------------------
[ 88.294111649,7] cpu_idle_p9 called on cpu 0x063c with pm disabled
[ 88.289365222,7] cpu_idle_p9 called on cpu 0x025f with pm disabled
[ 88.289900684,7] cpu_idle_p9 called on cpu 0x045f with pm disabled
[ 88.302621295,7] CHIPTOD: Base TFMR=0x2512000000000000
[ 88.289899701,7] cpu_idle_p9 called on cpu 0x0456 with pm disabled
LOCK ERROR: Deadlock detected @0x30402740 (state: 0x0000000400000001)
[ 88.332264757,3] ***********************************************
[ 88.332300051,3] < assert failed at core/lock.c:32 >
[ 88.332328282,3] .
[ 88.332347335,3] .
[ 88.332364894,3] .
[ 88.332377963,3] OO__)
[ 88.332395458,3] <"__/
[ 88.332412628,3] ^ ^
[ 88.332450246,3] Fatal TRAP at 00000000300286a0 .lock_error+0x64 MSR 9000000000021002
[ 88.332501812,3] CFAR : 00000000300414f4 MSR : 9000000000021002
[ 88.332536539,3] SRR0 : 00000000300286a0 SRR1 : 9000000000021002
[ 88.332574644,3] HSRR0: 0000000030020024 HSRR1: 9000000000001000
[ 88.332610635,3] DSISR: 00000000 DAR : 0000000000000000
[ 88.332650628,3] LR : 0000000030028690 CTR : 00000000300f9fa0
[ 88.332684451,3] CR : 20002000 XER : 00000000
[ 88.332712767,3] GPR00: 0000000030028690 GPR16: 0000000032c98000
[ 88.332748046,3] GPR01: 0000000032c9b0a0 GPR17: 0000000000000000
[ 88.332784060,3] GPR02: 0000000030169d00 GPR18: 0000000000000000
[ 88.332822091,3] GPR03: 0000000032c9b310 GPR19: 0000000000000000
[ 88.332861357,3] GPR04: 0000000030041480 GPR20: 0000000000000000
[ 88.332897229,3] GPR05: 0000000000000000 GPR21: 0000000000000000
[ 88.332937051,3] GPR06: 0000000000000010 GPR22: 0000000000000000
[ 88.332968463,3] GPR07: 0000000000000000 GPR23: 0000000000000000
[ 88.333007333,3] GPR08: 000000000002cbb5 GPR24: 0000000000000000
[ 88.333041971,3] GPR09: 0000000000000000 GPR25: 0000000000000000
[ 88.333081073,3] GPR10: 0000000000000000 GPR26: 0000000000000003
[ 88.333114301,3] GPR11: 3839616263646566 GPR27: 0000000000000211
[ 88.333156040,3] GPR12: 0000000020002000 GPR28: 000000003042a134
[ 88.333189222,3] GPR13: 0000000000000000 GPR29: 0000000030402740
[ 88.333225638,3] GPR14: 0000000000000000 GPR30: 0000000000000001
[ 88.333259730,3] GPR15: 0000000000000000 GPR31: 0000000000000000
CPU 0211 Backtrace:
S: 0000000032c9b3b0 R: 0000000030028690 .lock_error+0x54
S: 0000000032c9b440 R: 0000000030028828 .add_lock_request+0xd0
S: 0000000032c9b4f0 R: 0000000030028a9c .lock_caller+0x8c
S: 0000000032c9b5a0 R: 0000000030021b30 .__mcount_stack_check+0x70
S: 0000000032c9b650 R: 00000000300fabb0 .list_check_node+0x1c
S: 0000000032c9b6f0 R: 00000000300fac98 .list_check+0x38
S: 0000000032c9b790 R: 00000000300289bc .try_lock_caller+0xac
S: 0000000032c9b830 R: 0000000030028ad8 .lock_caller+0xc8
S: 0000000032c9b8e0 R: 0000000030028d74 .lock_recursive_caller+0x54
S: 0000000032c9b980 R: 0000000030020cb8 .console_write+0x48
S: 0000000032c9ba30 R: 00000000300445a8 .vprlog+0xc8
S: 0000000032c9bc20 R: 0000000030044630 ._prlog+0x50
S: 0000000032c9bcb0 R: 0000000030029204 .cpu_idle_p9+0x74
S: 0000000032c9bd40 R: 0000000030029628 .cpu_idle_pm+0x4c
S: 0000000032c9bde0 R: 0000000030023fe0 .__secondary_cpu_entry+0xa0
S: 0000000032c9be70 R: 0000000030024034 .secondary_cpu_entry+0x40
S: 0000000032c9bf00 R: 0000000030003290 secondary_wait+0x8c
CPU 0x4:
opal_run_pollers ->
check_stacks -> takes stack_check_lock lock
prlog ->
console_write -> waits for con_lock
CPU 0x211
cpu_idle_p9 ->
prlog ->
console_write -> Takes con_lock lock
list_check_node -> tries to take stack_check_lock and hits deadlock.
I think we don't need to hold `stack_check_lock` while printing
backtraces. Instead it makes sense to hold backtrace lock (bt_lock)
and print output.
Reported-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Tested-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
platforms/astbmc/witherspoon.c:557:28: warning: Using plain integer as NULL pointer
Signed-off-by: Stewart Smith <stewart@flamingspork.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@flamingspork.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Fixes:
core/opal.c:418:61: warning: Using plain integer as NULL pointer
Signed-off-by: Stewart Smith <stewart@flamingspork.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Rename XIVE_ESB_SIZE to XIVE_ESB_PAGE_SIZE in the xive/p9 driver to
be consistent with the xive2/p10 driver.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
These bitmaps are big (128K). On systems with multiple sockets, we
will run out of heap.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
If fast reboot fails then we return to Linux with OPAL_SUCCESS.
Current Linux code thinks that request succedded and enters
infinite loop (see Linux pnv_restart() code).
This patch fixes above issue by return OPAL_UNSUPPORTED if fast
reboot fails.
Alternatively we can directly call full_reboot() itself. But I
think it makes sense to go back to Linux and report the failure.
And Linux falls back to normal reboot request.
Fixes: 10bbcd07 ("core/platform: Add an explicit fast-reboot type")
Cc: Oliver O'Halloran <oohall@gmail.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Acked-by: Michael Ellerman <mpe@ellerman.id.au>
Reviewed-by: Dan Horák <dan@danny.cz>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Linux requires chained CPIOs to be 4 byte aligned otherwise they are
ignored. This aligns them.
Signed-off-by: Michael Neuling <mikey@neuling.org>
Reviewed-by: Dan Horák <dan@danny.cz>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
next_unguarded_primary dereferences NULL CPU -> UB -> infinite loop
Fast reboot works again after this patch.
Fixes: 98f5834253c7e ("cpu: Keep track of the "ec_primary" in big core more")
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Commit ad7e9a67c4e4 ("xive/p9: obsolete OPAL_XIVE_IRQ_SHIFT_BUG
flags") forgot to remove the internal flag.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Since Mowgli has only one slot, modify the names of other slots to avoid confusion.
Cc: skiboot-stable@lists.ozlabs.org
Signed-off-by: LuluTHSu <Lulu_Su@wistron.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Refer to the spec. of mowgli, limit the slot to Gen3 speed.
For mowgli platform spec.
Cc: skiboot-stable@lists.ozlabs.org
Signed-off-by: LuluTHSu <Lulu_Su@wistron.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
A very hacky, but very useful script that parses the PowerNV EEH register dump
from the kernel log, and the verbose EEH dump from the opal message log
and renders it into something mostly readable.
Cc: Mahesh Salgaonkar <mahesh@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
`msg` is valid pointer here. I don't recall why I added assert here :-(
This is not correct. We shouldn't call assert here. Also we are not using
`msg`. Hence convert it to `__unused`.
Fixes: 19d4f98e ('FSP/NVRAM: Handle "get vNVRAM statistics" command')
Cc: skiboot-stable@lists.ozlabs.org # v5.4.x +
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Reviewed-by: Mahesh Salgaonkar <mahesh@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Hostboot doesn't export the correct data for the system VPD EEPROM for this system.
So add vpd_dt_fixup().
Cc: skiboot-stable@lists.ozlabs.org
Signed-off-by: LuluTHSu <Lulu_Su@wistron.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
On systems using recent versions of systemd /dev (devtmpfs) is mounted with
noexec option. Such mount prevents mapping HBRT image code region as RWX
from /dev. This commit, as suggested in github PR linked below, attempts to
work around the situation by copying HBRT image to anon mmaped memory
region and sets mprotect rwx on it, allowing opal-prd to sucessfully
execute the code region.
Having memory region set as RWX is not ideal for security, but fixing that
is a separate and hard to solve problem. Original code also mmaped region
as RWX, so this PR does not make things worse at least.
Closes: https://github.com/open-power/skiboot/issues/258
Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>
Reviewed-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
[oliver: whitespace fix, add a comment, reflow commit message]
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Secure variable support is needed for Host OS Secure Boot key management.
This needs to be enabled for each platform, as each platform needs to
select the storage and backend drivers to use. This patch adds secure
variable support to the mowgli platform.
Test Results:
After applying the patch, sysfs and device-tree shows secvar entries correctly.
# cd /sys/firmware/secvar/
# ls
format vars
# cat format
ibm,edk2-compat-v1
# cd vars
# ls
KEK PK TS db dbx
# cat PK/size
0
# cat KEK/size
0
# cat TS/size
64
# cat db/size
0
# cat dbx/size
0
# ls /proc/device-tree/ibm,secureboot/
compatible hw-key-hash-size name secure-enabled
hw-key-hash ibm,cvc phandle trusted-enabled
# ls /proc/device-tree/ibm,opal/secvar/status
/proc/device-tree/ibm,opal/secvar/status
# ls /proc/device-tree/ibm,opal/secvar/
compatible max-var-key-len name status
format max-var-size phandle update-status
# cat /proc/device-tree/ibm,opal/secvar/status
okay#
# cat /proc/device-tree/ibm,opal/secvar/format
ibm,edk2-compat-v1#
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
With the addition of the secvar patches the GCOV enabled builds now
produce a skiboot.lid that greater than 4MB. This is larger than the
historical max firmware image size supported by the PowerNV Qemu model
so we need to skip the Qemu boot tests in that case.
Non-GCOV builds are still well under the limit (2.3MB or so) and mambo
tests are not affected, so this shouldn't be a big deal. If the Qemu
happens to support a larger image size this should continue to work
without issues.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
The edk2 test file includes some mbedtls files directly, make sure that
those also include the correct mbedtls config file.
Without this, the default config file is used, which conflicts with the
version we build as part of skiboot.
As host libc includes a SIZE_MAX macro, this also changes the SIZE_MAX
macro defined in mbedtls_config.h (needed for some mbedtls functions) to
only be defined if it isn't already.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Linking against the host mbedtls introduces problems if the host does not
have the library, or if the host has a different version installed.
This patch changes the tests to instead build mbedtls from the version
included in skiboot using the host compiler, removing the dependency on
external mbedtls.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
The secvar makefiles use $(SRC) in a few places they shouldn't and don't
use it in a few places they should. Also drop the _SRCS rules and the
pattern substuituion that turns them into _OBJS rules because chaining
dependent rules is infuriating at the best of times.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Some versions of GCC complain about this. That and since it's a static
global it goes in the BSS and is initialized to zero anyway.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Witht addition of libtss and mbedtls the .data section now overlaps the
start of the .bss section. Adding a few MB to the offset doesn't hurt.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Needed for the secvar unit tests.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch adds following more unit test cases and improve comments.
* Check for successful processing of queued updates
* Check for queued updates when one update fail, especially when PK is
added.
* Check for queued updates when one update fail, especially when PK is
deleted.
* Check hw-key-hash addition/deleting/verification.
* Update dbxcert file
* Update rc checks against specific failure error return codes.
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch fixes following bugs. Additionally, it improves logs.
* Failure in adding/deleting PK as part of failure of processing any
subsequential update in the queue didn't reset the global variable
setup_mode to the original value. This patch adds the fix to always
set the value of setup_mode as per final contents in variable_bank
before existing process().
* Deletion of HWKH as part of deleting PK was only updating the value of
the variable to be zero. However, this didn't deallocate the variable from
the bank and was getting exposed via sysfs.
* The mismatch in verification of hw-key-hash, was also clearing staging
bank, which isn't initialized in this case. Fix the cleanup tag to only
clear update_bank.
* Fixes a memory leak in validate_esl_list().
* Convert signature verification error code from mbedtls into
opal error code as OPAL_PERMISSION.
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
The TPM NV index size for storing the PK was originally set to 1024,
which was determined to be a "smallest maximum" size that we
determined to be enough to store the PK. However with overhead, this
only allowed for about ~912 bytes, which is far too small to store a
certificate, as it only permits about ~10 characters in the x509
subject field.
This patch increases the TPM NV Vars index to 2048 bytes, which is the
largest size a single NV index can be on the Nuvoton npct650 chip.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
indices
The Nuvoton npct650 chip has a command buffer max size of 1024.
Attempting to read or write from an NV index larger than this value
would return an error.
This patch changes the tss_nv_read and tss_nv_write commands to chunk
their operations in 1024-byte batches to allow support for larger NV
indices.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Secure variable support needs to be enabled for each platform, and each
platform needs to select which storage and backend drivers to use (or
alternatively implement their own). This patch adds secure variable
support to the witherspoon platform.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch contains a set of tests to exercise the edk2 driver using actual
properly (and in some cases, improperly) signed binary data.
Due to the excessive size of the binary data included in the header files,
this test was split into its own patch.
Co-developed-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
As part of secureboot key management, the scheme for handling key updates
is derived from tianocore reference implementation[1]. The wrappers for
holding the signed update is the Authentication Header and for holding
the public key certificate is ESL (EFI Signature List), both derived from
tianocore reference implementation[1].
This patch adds the support to process update queue. This involves:
1. Verification of the update signature using the key authorized as per the
key hierarchy
2. Handling addition/deletion of the keys
3. Support for dbx (blacklisting of hashes)
4. Validation checks for the updates
5. Supporting multiple ESLs for single variable both for update/verification
6. Timestamp check
7. Allowing only single PK
8. Failure Handling
9. Resetting keystore if the hardware key hash changes
[1] https://github.com/tianocore/edk2-staging.git
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch adds a pkcs7 parser for mbedtls that hasn't yet
gone upstream. Once/if that implementation is accepted,
this patch can be removed.
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch adds a small userspace utility to locally generate the
expected hash returned by a TSS_NV_ReadPublic command for the NV
indices as defined by the secboot_tpm storage driver. This removes the
need for manually copying in the hash from the ReadPublic output if for some
reason the set of attributes used when defining the NV indices changes in the
future.
As this is an auxiliary tool, it is not built by default and must be
manually built using `make gen_tpmnv_public_name`.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
