Age | Commit message (Collapse) | Author | Files | Lines |
|
90% of what we print isn't useful to a normal user. This
dramatically reduces the amount of messages printed by
OPAL in normal circumstances.
We still need to add a way to bump the log level at boot
based on a BMC scratch register or some HDAT property.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Currently, the tpm_extendl() results are logged by the caller, but
tpm_extendl() walks through all the tpm_chip registered and consequently
multiple tpm_chips can fail.
This turns the logging over to tpm_extendl(), which now logs how many
tpm_chips successfully measured and failed to measure a given data.
Another option would be to provide the caller the number of tpm_chips
that failed and successfully measured the data, but the caller will use
this information only for logging.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
We always verify and measure an image as a whole, never its subpartition
(if exists).
This removes the subid argument from sb_verify() and tb_measure()
functions, and also reflects the change to the callers, STB interface
and STB documentation.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
For this stage in Trusted Boot development, we are wishing to not
force Secure Mode through the whole firmware boot process, but we
are wanting to be able to test it (classic chicken and egg problem with
build infrastructure).
We disabled secure mode if the secure-enabled devtree property is
read from the device tree *IF* we aren't overriding it through NVRAM.
Seeing as we can only increase (not decrease) what we're checking through
the NVRAM variable, it is safe.
The NVRAM setting is force-secure-mode=true in the ibm,skiboot partition.
However, if you want to force secure mode even if Hostboot has *not* set
the secure-enabled proprety in the device tree, set force-secure-mode
to "always".
There is also a force-trusted-mode NVRAM setting to force trusted mode
even if Hostboot has not enabled it int the device tree.
To indicate to Linux that we haven't gone through the whole firmware
process in secure mode, we replace the 'secure-enabled' property with
'partial-secure-enabled', to indicate that only part of the firmware
boot process has gone through secure mode.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
[stewart@linux.vnet.ibm.com: add NVRAM flag, modify commit message]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
If our computed hash of stb container doesn't match what's in the container,
we should abort.
Useful in debug (e.g. in mambo)
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
stb.c implements the libstb API, which is an API for secure and trusted boot:
- stb_init(): read secure mode and trusted mode from device tree and
load drivers accordingly
- tb_measure(): measure a resource downloaded from PNOR if trusted mode
is on. That is, an EV_ACTION event is recorded in the event log for
the mapped PCR and the sha1 and sha256 measurements are extended in
the mapped PCR.
- sb_verify(): verify the integrity and authenticity of a resource
downloaded from PNOR if secure mode is on. The boot process is aborted
if the verification fails.
- stb_final(): this is called to add marks to TPM and event log before
handover to petitboot kernel. Basically, it records an EV_SEPARATOR
event in the event log for PCR[0-7], extends the sha1 and sha256
digests of 0xFFFFFFFF in PCR[0-7], and deallocates the memory allocated
for secure and trusted boot.
For more information please refer to 'doc/stb.rst'.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|