Age | Commit message (Collapse) | Author | Files | Lines |
|
Follow the inclusive terminology from the "Conscious Language in
your Open Source Projects" guidelines [*] and replace the word
"whitelist" appropriately.
[*] https://github.com/conscious-lang/conscious-lang-docs/blob/main/faq.md
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
|
|
Set in core/init.c before trustedboot_exit_boot_services.
Signed-off-by: Ryan Grimm <grimm@linux.ibm.com>
Signed-off-by: Mauro S. M. Rodrigues <maurosr@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
The new implementation of PCR_Read, PCR_Extend and Eventlog uses the
recently introduced standard TSS library.
Old TSS implementation will be removed in the following commit.
Signed-off-by: Mauro S. M. Rodrigues <maurosr@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
For the very specific scenario when the fast-reboot is used, we see
multiple error messages regarding the trusteboot measurements not being
done.
The way fast-reboot works is performing just fundamental operations, like
PCI initialization, to get skiboot into good shape to boot kernel, and
later the host's Kernel. That means fast-reboot contains data structures
filled since last full reboot.
In this process trustedboot is not re-initialized when, but it still tries
to perform the STB measurements and event logging done in
trustedboot_exit_services, showing multiple failure messages.
This patch avoids that situation by returning earlier and logging that
trustedboot already exited.
If eventually something changes and trustedboot gets re-initialized during
fast-reboot this patch also set boot_services_exited to false after every
initialization so we always exit trustedboot whenever it get initialized.
Signed-off-by: Mauro S. M. Rodrigues <maurosr@linux.vnet.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
SPDX makes it a simpler diff.
I have audited the commit history of each file to ensure that they are
exclusively authored by IBM and thus we have the right to relicense.
The motivation behind this is twofold:
1) We want to enable experiments with coreboot, which is GPLv2 licensed
2) An upcoming firmware component wants to incorporate code from skiboot
and code from the Linux kernel, which is GPLv2 licensed.
I have gone through the IBM internal way of gaining approval for this.
The following files are not exclusively authored by IBM, so are *not*
included in this update (I will be seeking approval from contributors):
core/direct-controls.c
core/flash.c
core/pcie-slot.c
external/common/arch_flash_unknown.c
external/common/rules.mk
external/gard/Makefile
external/gard/rules.mk
external/opal-prd/Makefile
external/pflash/Makefile
external/xscom-utils/Makefile
hdata/vpd.c
hw/dts.c
hw/ipmi/ipmi-watchdog.c
hw/phb4.c
include/cpu.h
include/phb4.h
include/platform.h
libflash/libffs.c
libstb/mbedtls/sha512.c
libstb/mbedtls/sha512.h
platforms/astbmc/barreleye.c
platforms/astbmc/garrison.c
platforms/astbmc/mihawk.c
platforms/astbmc/nicole.c
platforms/astbmc/p8dnu.c
platforms/astbmc/p8dtu.c
platforms/astbmc/p9dsu.c
platforms/astbmc/vesnin.c
platforms/rhesus/ec/config.h
platforms/rhesus/ec/gpio.h
platforms/rhesus/gpio.c
platforms/rhesus/rhesus.c
platforms/astbmc/talos.c
platforms/astbmc/romulus.c
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
[oliver: fixed up the drift]
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
Use Software Package Data Exchange (SPDX) to indicate license for each
file that is unique to skiboot.
At the same time, ensure the (C) who and years are correct.
See https://spdx.org/
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
[oliver: Added a few missing files]
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
|
|
The existing skiboot events are being logged as EV_ACTION, however, the
TCG PC Client spec says that EV_ACTION events should have one of the
pre-defined strings in the event field recorded in the event log. For
instance:
- "Calling Ready to Boot",
- "Entering ROM Based Setup",
- "User Password Entered", and
- "Start Option ROM Scan.
None of the EV_ACTION pre-defined strings are applicable to the existing
skiboot events. Based on recent discussions with other POWER teams, this
patch proposes a convention on what PCR and event types should be used
for skiboot events. This also changes the skiboot source code to follow
the convention.
The TCG PC Client spec defines several event types, other than
EV_ACTION. However, many of them are specific to UEFI events and some
others are related to platform or CRTM events, which is more applicable
to hostboot events.
Currently, most of the hostboot events are extended to PCR[0,1] and
logged as either EV_PLATFORM_CONFIG_FLAGS, EV_S_CRTM_CONTENTS or
EV_POST_CODE. The "Node Id" and "PAYLOAD" events, though, are extended
to PCR[4,5,6] and logged as EV_COMPACT_HASH.
For the lack of an event type that fits the specific purpose,
EV_COMPACT_HASH seems to be the most adequate one due to its
flexibility. According to the TCG PC Client spec:
- May be used for any PCR except 0, 1, 2 and 3.
- The event field may be informative or may be hashed to generate the
digest field, depending on the component recording the event.
Additionally, the PCR[4,5] seem to be the most adequate PCRs. They would
be used for skiboot and some skiroot events. According to the TCG PC
Client, PCR[4] is intended to represent the entity that manages the
transition between the pre-OS and OS-present state of the platform.
PCR[4], along with PCR[5], identifies the initial OS loader.
In summary, for skiboot events:
- Events that represents data should be extended to PCR 4.
- Events that represents config should be extended to PCR 5.
- For the lack of an event type that fits the specific purpose,
both data and config events should be logged as EV_COMPACT_HASH.
Signed-off-by: Claudio Carvalho <cclaudio@linux.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
|
|
Most nvram options used by skiboot are just for debug or testing for
regressions. They should never be used long term.
We've hit a number of issues in testing and the field where nvram
options have been set "temporarily" but haven't been properly cleared
after, resulting in crashes or real bugs being masked.
This patch marks most nvram options used by skiboot as dangerous and
prints a chicken to remind users of the problem.
Signed-off-by: Michael Neuling <mikey@neuling.org>
Reviewed-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Acked-By: Alistair Popple <alistair@popple.id.au>
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
|
|
A few things need to change to support a signed VERSION partition:
- A signed VERSION partition will be 4K + SECURE_BOOT_HEADERS_SIZE (4K).
- The VERSION partition needs to be loaded after secure/trusted boot is
set up, and therefore after nvram_init().
- Added to the trustedboot resources array.
This also moves the ipmi_dt_add_bmc_info() call to after
flash_dt_add_fw_version() since it adds info to ibm,firmware-versions.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
|
|
We print out a whole bunch of things on boot, most of which aren't
interesting, so we should *not* print them instead.
Printing things like what CPUs we found and what PCI devices we found
*are* useful, so continue to do that. But we don't need to splat out
a bunch of things that are always going to be true.
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
|
|
When we load a flash resource during OPAL init, STB calls trusted measure
to measure the given resource. There is a situation when a flash gets loaded
before STB initialization then trusted measure cannot measure properly.
So this patch fixes this issue by calling trusted measure only if the
corresponding trusted init was done.
The ideal fix is to make sure STB init done at the first place during init
and then do the loading of flash resources, by that way STB can properly
verify and measure the all resources.
Signed-off-by: Pridhiviraj Paidipeddi <ppaidipe@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Currently libstb logs the verify and hash caluculation messages in
PR_INFO level. So when there is a secure boot enforcement happens
in loading last flash resource(Ex: BOOTKERNEL), the previous verify
and measure messages are not logged to console, which is not clear
to the end user which resource is verified and measured.
So this patch fixes this by increasing the log level to PR_NOTICE.
Signed-off-by: Pridhiviraj Paidipeddi <ppaidipe@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
The stb_final() primary goal is to measure the event EV_SEPARATOR
into PCR[0-7] when trusted boot is about to exit the boot services.
This imports the stb_final() from stb.c into trustedboot.c, but making
the following changes:
- Rename it to trustedboot_exit_boot_services().
- As specified in the TCG PC Client spec, EV_SEPARATOR events must be
logged with the name 0xFFFFFF.
- Remove the rom driver clean-up call.
- Don't allow code to be measured in skiboot after
trustedboot_exit_boot_services() is called.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This imports tb_measure() from stb.c, but now it calls the CVC sha512
wrapper to calculate the sha512 hash of the firmware image provided.
In trustedboot.c, the tb_measure() is renamed to trustedboot_measure().
The new function, trustedboot_measure(), no longer checks if the
container payload hash calculated at boot time matches with the hash
found in the container header. A few reasons:
- If the system admin wants the container header to be
checked/validated, the secure boot jumper must be set. Otherwise,
the container header information may not be reliable.
- The container layout is expected to change over time. Skiboot
would need to maintain a parser for each container layout
change.
- Skiboot could be checking the hash against a container version that
is not supported by the Container-Verification-Code (CVC).
The tb_measure() calls are updated to trustedboot_measure() in a
subsequent patch.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This imports stb_init() from stb.c, but breaking it into multiple files
in order to make the code easier to read and to maintain. New files
created: secureboot.c, trustedboot.c and cvc.c.
The secureboot_init() in secureboot.c also initializes the hardware key
hash and the hardware key hash size, which are used to call the CVC
verify wrapper. These variables were initialized in the romcode_probe()
function, libstb/drivers/romcode.c.
The cvc_init() in cvc.c is slightly modified from what exists in
stb_init(). Now it calls cvc_register() and cvc_service_register().
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|