Age | Commit message (Collapse) | Author | Files | Lines |
|
The new implementation of PCR_Read, PCR_Extend and Eventlog uses the
recently introduced standard TSS library.
Old TSS implementation will be removed in the following commit.
Signed-off-by: Mauro S. M. Rodrigues <maurosr@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Co-authored-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Mauro S. M. Rodrigues <maurosr@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Secure variable support requires more crypto support than skiboot
currently has. Since mbedtls' x509, etc implementations have rather
tight dependencies which prevent easy cherry picking (unlike the
existing sha512.c), it is easier to integrate and maintain the whole
mbedtls library as a subtree.
Authored-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Mauro S. M. Rodrigues <maurosr@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
This patch implements a platform-independent abstraction for storing and
retrieving secure variables, as required for host OS secure boot. This
serves as the main entry point for initializing the in-memory cache of the
secure variables, which also kicks off any platform-specific logic that may
be needed. This patch also provides core functions for the subsequent
patches in this series to utilize.
The base secure variable implementation makes use of two types of
drivers, to be selected by the platform: "storage" drivers, and
"backend" drivers. The storage driver implements the hooks required to
write the secure variables to some form of non-volatile memory, and load
the variables on boot. The backend driver defines how the variables
should be interpreted, and processed.
Secure variables are stored in two types of banks, the "variable" bank
and the "update" bank. Variables that have been validated and processed
are stored in the variable bank. This bank is effectively read-only
after the base secvar initialization. Any proposed variable updates are
instead stored in the update bank. During secvar initialization, the
backend driver processes variables from the update bank, and if valid,
adds the new variable to the variable bank.
NOTE: The name "backend" is subject to change. It operates more like a
scheme, so unless a better name comes along, it will likely change to
"scheme" or "schema" in the future.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
[oliver: added missing SPDX tags, removed unused definitions, style fixes]
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
---
V2:
- added secvar device tree node as child of ibm,secureboot
- added version and compatible properties to backend driver struct
- added secvar_ready flag for the API to detect if secvar
initialized successfully
- moved pre-process step to after initial variable load
- moved flags field from secvar struct to secvar node
V3:
- remove the metadata secvar field
- add probe_secvar() to bump compatible flag
- add device tree property for backend-agnostic secure mode setting
- remove backend minor version field
- remove static data allocation in secvar struct
V4:
- add alloc_secvar helpers
- removed ibm,secureboot version bump to v3
- secvars now store their allocated size seperate from the
data size (to permit overallocating)
- split device tree functions into their own file
- device tree changes:
- secvar now a child of ibm,opal
- compatible is "ibm,secvar-v1", backend creates its own node
- secure-mode is now a boolean os-secure-enforcing property
- storage and backends now have their own nodes
V5:
- removed storage device tree subnode
- moved max-var-size to secvar node
- added max-var-key-len
- fixed SPDX header in include/secvar.h
- removed obsolete enum
- removed unused devtree wrappers
- set secvar status prop earlier
V6:
- moved os-secureboot-enforcing to ibm,secureboot
- set secvar compatible based on backend
- removed backend node
|
|
This changes to build system to use thin archives rather than
incremental linking for built-in.o, similar to recent change to Linux.
built-in.o is renamed to built-in.a, and is created as a thin archive
with no index, for speed and size. All built-in.a are aggregated into
a skiboot.tmp.a which is a thin archive built with an index, making it
suitable or linking. This is input into the final link.
The advantags of build size and linker code placement flexibility are
not as great with skiboot as a bigger project like Linux, but it's a
conceptually better way to build, and is more compatible with link
time optimisation in toolchains which might be interesting for skiboot
particularly for size reductions.
Size of build tree before this patch is 34.4MB, afterwards 23.1MB.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
The sb-signing-utils project has improved upon the skeleton
create-container tool that existed in skiboot, including
being able to (quite easily) create *signed* images.
This commit brings in that code (and makes it build in the
skiboot build environment) and updates our skiboot.*.stb
generating code to use the development keys.
We also update print-container as well, syncing it with the
upstream project.
Derived from github.com:open-power/sb-signing-utils.git
at v0.3-5-gcb111c03ad7f
(and yes, changes here will be submitted upstream)
Cc: Dave Heller <hellerda@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This removes all the files that were replaced by secureboot.c,
trustedboot.c and cvc.c.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This imports stb_init() from stb.c, but breaking it into multiple files
in order to make the code easier to read and to maintain. New files
created: secureboot.c, trustedboot.c and cvc.c.
The secureboot_init() in secureboot.c also initializes the hardware key
hash and the hardware key hash size, which are used to call the CVC
verify wrapper. These variables were initialized in the romcode_probe()
function, libstb/drivers/romcode.c.
The cvc_init() in cvc.c is slightly modified from what exists in
stb_init(). Now it calls cvc_register() and cvc_service_register().
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
The drivers/sha512.c file is a SHA512 hash implementation imported from
the mbed TLS project.
As a matter of semantics, this moves drivers/sha512.* to the mbedtls
directory.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds support for writing all the public key and signature fields to the
container header, and for dumping the prefix and software headers so they may
may be signed, and for signing those headers with the imprint keys.
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
[stewart@linux.vnet.ibm.com: fixup warnings&build, include openssl-devel in CI dockerfiles]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
stb leaves a bunch of files around even after clean. Fix this.
Signed-off-by: Michael Neuling <mikey@neuling.org>
[stewart@linux.vnet.ibm.com: use explicit TARGET rather than *.stb]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
We produce **UNSIGNED** skiboot.lid.stb and skiboot.lid.xz.stb as build
artifacts
These are suitable blobs for flashing onto Trusted Boot enabled op-build
builds *WITH* the secure boot jumpers *ON* (i.e. *NOT* in secure mode).
It's just enough of the Secure and Trusted Boot container format to
make Hostboot behave.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Tested-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
stb.c implements the libstb API, which is an API for secure and trusted boot:
- stb_init(): read secure mode and trusted mode from device tree and
load drivers accordingly
- tb_measure(): measure a resource downloaded from PNOR if trusted mode
is on. That is, an EV_ACTION event is recorded in the event log for
the mapped PCR and the sha1 and sha256 measurements are extended in
the mapped PCR.
- sb_verify(): verify the integrity and authenticity of a resource
downloaded from PNOR if secure mode is on. The boot process is aborted
if the verification fails.
- stb_final(): this is called to add marks to TPM and event log before
handover to petitboot kernel. Basically, it records an EV_SEPARATOR
event in the event log for PCR[0-7], extends the sha1 and sha256
digests of 0xFFFFFFFF in PCR[0-7], and deallocates the memory allocated
for secure and trusted boot.
For more information please refer to 'doc/stb.rst'.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds both TSS and tpmLogMgr to be built as part of libstb.
We map some routines and types from TSS and tpmLogMgr codes
to equivalent skiboot routines and types.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
[stewart@linux.vnet.ibm.com: merge skiboot/HB mappings into makefile patch,
and fix pointer to int without cast warning (NULL vs 0) ]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds a driver for the ROM verification code. The driver is compatible
with 'ibm,secureboot-v1'.
The presense of a verification code in the platform is indicated by the
presence of the ibm,secureboot node in the device tree.
The ibm,secureboot node is documented in 'doc/device-tree/ibm,secureboot.rst'
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds the TPM chip interface for libstb:
- tpm_init(): call drivers' probe to find TPM devices that are
compatible with them.
- tpm_register_chip(): register a TPM chip which includes pointers to
the TPM device and TPM driver structures.
- tpm_add_status_property(): add the status device tree property for
each registered TPM device.
The TPM chip interface is documented in 'libstb/tpm_chip.h' and the tpm device
tree node is documented in 'doc/device-tree/tpm.rst'
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
[stewart@linux.vnet.ibm.com: shuffle unused error path around]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds rom.c, which is the ROM interface for libstb.
- rom_init(): load a compatible driver for the ibm,secureboot node
- rom_set_driver(): set the romcode driver that will be used to access the
verification code functions
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
[stewart@linux.vnet.ibm.com: fix unused parameter]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
The full container header layout will be released soon either as
a separate github project or as part of hostboot.
This adds the secure boot header structures required by skiboot,
and also implements some helper routines related to containers.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
[stewart@linux.vnet.ibm.com: Add unit test, print utility, use zero length
arrays to ensure sizeof() works correctly, add parsing function]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|