| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This changes to build system to use thin archives rather than
incremental linking for built-in.o, similar to recent change to Linux.
built-in.o is renamed to built-in.a, and is created as a thin archive
with no index, for speed and size. All built-in.a are aggregated into
a skiboot.tmp.a which is a thin archive built with an index, making it
suitable or linking. This is input into the final link.
The advantags of build size and linker code placement flexibility are
not as great with skiboot as a bigger project like Linux, but it's a
conceptually better way to build, and is more compatible with link
time optimisation in toolchains which might be interesting for skiboot
particularly for size reductions.
Size of build tree before this patch is 34.4MB, afterwards 23.1MB.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Skiboot, precisely the tpmLogMgr, initializes the firmware event log by
calculating its length so that a new event can be recorded without
exceeding the log size. In order to calculate the size, it walks through
the log until it finds an especific event type. However, if the log has
an unknown event type, the tpmLogMgr will not be able to reach the end
of the log.
This updates the list of event types with all of those supported by
hostboot. Thus, skiboot can properly calculate the event log length.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This imports stb_init() from stb.c, but breaking it into multiple files
in order to make the code easier to read and to maintain. New files
created: secureboot.c, trustedboot.c and cvc.c.
The secureboot_init() in secureboot.c also initializes the hardware key
hash and the hardware key hash size, which are used to call the CVC
verify wrapper. These variables were initialized in the romcode_probe()
function, libstb/drivers/romcode.c.
The cvc_init() in cvc.c is slightly modified from what exists in
stb_init(). Now it calls cvc_register() and cvc_service_register().
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds both TSS and tpmLogMgr to be built as part of libstb.
We map some routines and types from TSS and tpmLogMgr codes
to equivalent skiboot routines and types.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
[stewart@linux.vnet.ibm.com: merge skiboot/HB mappings into makefile patch,
and fix pointer to int without cast warning (NULL vs 0) ]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This removes the trustedTypes.H include, it is already included by
tpmLogMgr.H.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
The TpmLogMgr_genLogEventPcrExtend() function is used to generate EV_ACTION
events that will be recorded in the event log. However, skiboot must also
create and record an EV_SEPARATOR event for a clean handover to
skiroot kernel.
This adds the i_logType parameter to the TpmLogMgr_genLogEventPcrExtend()
function, thus it can also be used to generate EV_SEPARATOR events.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This disables the TpmLogMgr_dumpLog() function for skiboot.
It breaks the compilation if TRACUCOMP and TRACUBIN macros
are not defined.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Hostboot exports the tpmLogMgr implementation for skiboot/PHYP. This
adds to skiboot the latest tpmLogMgr code, which supports multibank (it
is able to record events with multiple measurements into the firmware
event log).
tpmLogMgr code home and version:
https://github.com/open-power/hostboot/tree/master-p8/src/usr/secureboot/trusted
HEAD: 3ed4df70acbcf3927071ebd626d11e37f3656c38
Skiboot uses this tpmLogMgr API to:
- Initialize an existing event log. Hostboot allocates memory for the
firmware event log and announces it to skiboot/linux through the
linux,sml-base and linux,sml-size properties of the tpm device tree
node.
- Generate a new event to be added to the event log. The new event has a
digest list with the sha1 and sha256 measurements that are going to be
extended to the sha1 and sha256 PCR banks, respectively.
- Add a new event to the event log.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Hostboot shares the TSS code with phyp and skiboot, but the functions
declared in trustedbootUtils.H are hostboot specific and must be implemented
by the TSS downstream consumers.
This implements the trustedbootUtils.H functions.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
TrustedbootCmds.H defines TpmTarget type variables, but this type is
declared only in tpm_chip.h.
This includes tpm_chip.h in trustedbootCmds.H.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Hostboot exports the TCG TPM Software Stack (TSS) implementation for
skiboot/PHYP (downstream consumers). This adds to skiboot the latest
Hostboot TSS code, which supports multibank (it is able to extend multiple
PCR banks at once).
TSS code home and version:
https://github.com/open-power/hostboot/tree/master-p8/src/usr/secureboot/trusted
HEAD: 3ed4df70acbcf3927071ebd626d11e37f3656c38
Skiboot uses the TSS API to extend the same PCR number of both sha1 and
sha256 PCR banks. The PCR number and both sha1 and sha256 measurements are
provided to TSS, which sends a single TPM PCR_EXTEND command to the TPM
device via TPM device driver.
The TSS interface is defined in 'libstb/tss/trustedbootCmds.H'.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
