Age | Commit message (Collapse) | Author | Files | Lines |
|
90% of what we print isn't useful to a normal user. This
dramatically reduces the amount of messages printed by
OPAL in normal circumstances.
We still need to add a way to bump the log level at boot
based on a BMC scratch register or some HDAT property.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
OpenSSL has some API changes which causes a build break in libstb.
Specifically, directly accessing some members of a signature now requires using
a helper.
This fixes things in OpenSSL 1.1 and has no effect on OpenSSL 1.0.
The build failure was as follows:
[ HOSTCC ] libstb/create-container.c
In file included from /usr/include/openssl/asn1.h:24:0,
from /usr/include/openssl/ec.h:30,
from libstb/create-container.c:36:
libstb/create-container.c: In function ‘getSigRaw’:
libstb/create-container.c:104:31: error: dereferencing pointer to incomplete
type ‘ECDSA_SIG {aka struct ECDSA_SIG_st}’
rlen = BN_num_bytes(signature->r);
^
Signed-off-by: Russell Currey <ruscur@russell.cc>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds support for writing all the public key and signature fields to the
container header, and for dumping the prefix and software headers so they may
may be signed, and for signing those headers with the imprint keys.
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
[stewart@linux.vnet.ibm.com: fixup warnings&build, include openssl-devel in CI dockerfiles]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
stb leaves a bunch of files around even after clean. Fix this.
Signed-off-by: Michael Neuling <mikey@neuling.org>
[stewart@linux.vnet.ibm.com: use explicit TARGET rather than *.stb]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Because of ordering of include files, we got:
/usr/include/bits/stat.h:106:31: error: expected identifier or '(' before '[' token
__syscall_slong_t __unused[3];
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
In TPM 2.0 Firmware 1.3.0.1 and 1.3.1.0 (at least) there exists
a bug where if you send the wrong thing to the TPM it may lock the
bus, with no way of recovery except powering the TPM off/on.
On our current systems, the only way to power the TPM off/on is to pull
the power on the system (*NOT* just power off/on to host from BMC).
So, this patch adds the ability to do things to the i2c request really
early on, well before it hits any hardware, such as quickly drop it.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Currently, the polling time is calculated by adding the sleep time to it.
This calculates the polling time by taking timestamps with mftb() before
calling the i2c-interface to send an i2c request to the tpm. Thus having
a much more accurate polling time.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds code to handle errors after reading the tpm fifo in
tpm_read_fifo().
Fixes: 56ad053c3e8bf0764ad5878cb018f00a389d30cf
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
The tpm_read_fifo() has unnecessary and not so intuitive variables.
This cleans up these variables.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds code to handle errors after writting the tpm fifo in
tpm_write_fifo().
Fixes: 56ad053c3e8bf0764ad5878cb018f00a389d30cf
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
The tpm_write_fifo() has unnecessary and not so intuitive variables.
This cleans up these variables.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds code to handle errors after writting the sts.commandReady to
release the tpm.
Fixes: 56ad053c3e8bf0764ad5878cb018f00a389d30cf
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This handles errors returned by the tpm-i2c interface after writing
sts.go in tpm_transmit().
Fixes: 56ad053c3e8bf0764ad5878cb018f00a389d30cf
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
The functions tpm_is_expecting() and tpm_is_data_avail() ignore the
errors returned by the tpm-i2c interface.
This adds code to handle erros after checking the tpm fifo status. The
tpm_is_expecting() and tpm_is_data_avail() functions are replaced by
tpm_wait_for_fifo_status().
Fixes: 56ad053c3e8bf0764ad5878cb018f00a389d30cf
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This returns burst_count as opposed to pass it as a parameter.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
TPM_TIMEOUT_D timeout is only related to burst_count polling.
This moves the burstCount polling code to tpm_read_burst_count() in
order to isolate the code that is related to TPM_TIMEOUT_D.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds code to handle errors after reading sts.commandReady. The
nested loop in tpm_poll_for_command_ready() is splitted in two
functions.
Fixes: 56ad053c3e8bf0764ad5878cb018f00a389d30cf
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
The tpm status register is read from multiple places by calling the
tpm-i2c-interface.
This adds the tpm_status_read_byte() to be the only function that
directly calls the tpm-i2c interface to read the tpm status register
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds the tpm_check_status(), which makes the code more easy to read
and also allows the use of a mask to check status.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This shorten some defines to better fit in 80 columms.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This ensures the i2c subsystem is done with the i2c request before
we continue. Since it handles timeouts, we don't have to here.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Tested-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
The i2c code manipulates req->timeout, so it has to be reset before
re-sending.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Tested-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Doing everything asynchronously is brilliant, it's exactly what we
want to do.
Except... the tpm driver wants to do things synchronously, which isn't
so cool.
For reasons that are not yet completely known, we spend an awful lot of
time in the main thread *not* running pollers (potentially seconds), which
doesn't bode well for I2C timeouts.
Since the TPM measure is done in a secondary thread, we do *not* run pollers
there either (as of 323c8aeb54bd4e0b9004091fcbb4a9daeda2f576 - which is
roughly as of skiboot 2.1.1).
But we still need to crank the i2c state machine, so we introduce a call
to do just that. It will return how long the poll interval should be, so
that we can time_wait() for a more appropriate time for whatever i2c
implementation is sitting behind things.
Without this, it was "easy" to get to a situation where the i2c state machine
wasn't cranked at all, and you'd hit the i2c timeout (for the issued operation)
before the poller to crank i2c was ever called.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Tested-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
We produce **UNSIGNED** skiboot.lid.stb and skiboot.lid.xz.stb as build
artifacts
These are suitable blobs for flashing onto Trusted Boot enabled op-build
builds *WITH* the secure boot jumpers *ON* (i.e. *NOT* in secure mode).
It's just enough of the Secure and Trusted Boot container format to
make Hostboot behave.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Tested-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This bumps up the byte timeout for tpm i2c requests from 10ms to 30ms.
Some p8dtu systems are getting i2c request timeout.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This fixes tpm_extendl() to measure only when the list of
registered tpms is not empty.
Fixes: 3837c6f0cf4cffb5de874413eed755c0c698b076
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Currently, the tpm_extendl() results are logged by the caller, but
tpm_extendl() walks through all the tpm_chip registered and consequently
multiple tpm_chips can fail.
This turns the logging over to tpm_extendl(), which now logs how many
tpm_chips successfully measured and failed to measure a given data.
Another option would be to provide the caller the number of tpm_chips
that failed and successfully measured the data, but the caller will use
this information only for logging.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Each tpm_chip structure is associated with one tpm device and one firmware
event log. If tpm_extendl() returns when the first tpm_chip operation (pcr
extend or event log record) fails, the remaining registered tpm_chips will be
in an inconsistent state, i.e, missing one measurement.
This walks through all registered tpm_chips and disable all tpm_chips that
failed rather than only first one.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
[stewart@linux.vnet.ibm.com: assert(tpm) in disable_tpm]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
We always verify and measure an image as a whole, never its subpartition
(if exists).
This removes the subid argument from sb_verify() and tb_measure()
functions, and also reflects the change to the callers, STB interface
and STB documentation.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Fixes: fab5418b256817e2695aa653d4840bfa5b5be53b
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
For this stage in Trusted Boot development, we are wishing to not
force Secure Mode through the whole firmware boot process, but we
are wanting to be able to test it (classic chicken and egg problem with
build infrastructure).
We disabled secure mode if the secure-enabled devtree property is
read from the device tree *IF* we aren't overriding it through NVRAM.
Seeing as we can only increase (not decrease) what we're checking through
the NVRAM variable, it is safe.
The NVRAM setting is force-secure-mode=true in the ibm,skiboot partition.
However, if you want to force secure mode even if Hostboot has *not* set
the secure-enabled proprety in the device tree, set force-secure-mode
to "always".
There is also a force-trusted-mode NVRAM setting to force trusted mode
even if Hostboot has not enabled it int the device tree.
To indicate to Linux that we haven't gone through the whole firmware
process in secure mode, we replace the 'secure-enabled' property with
'partial-secure-enabled', to indicate that only part of the firmware
boot process has gone through secure mode.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
[stewart@linux.vnet.ibm.com: add NVRAM flag, modify commit message]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Add a function to get the software payload size from a STB container.
(originally from patch from Claudio, but I pulled out just this bit here)
Extracted-from-a-patch-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
doc/device-tree/tpm.rst
changed firwmare to firmware
libstb/stb.h
added missing functional parameter
Signed-off-by: Nageswara R Sastry <rnsastry@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
If our computed hash of stb container doesn't match what's in the container,
we should abort.
Useful in debug (e.g. in mambo)
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Pass SKIBOOT_ENABLE_MAMBO_STB=1 as environment variable to skiboot.tcl
and the tcl will enable the /ibm,secureboot node, enabling hash and
signature "verification" for that mambo session.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
stb.c implements the libstb API, which is an API for secure and trusted boot:
- stb_init(): read secure mode and trusted mode from device tree and
load drivers accordingly
- tb_measure(): measure a resource downloaded from PNOR if trusted mode
is on. That is, an EV_ACTION event is recorded in the event log for
the mapped PCR and the sha1 and sha256 measurements are extended in
the mapped PCR.
- sb_verify(): verify the integrity and authenticity of a resource
downloaded from PNOR if secure mode is on. The boot process is aborted
if the verification fails.
- stb_final(): this is called to add marks to TPM and event log before
handover to petitboot kernel. Basically, it records an EV_SEPARATOR
event in the event log for PCR[0-7], extends the sha1 and sha256
digests of 0xFFFFFFFF in PCR[0-7], and deallocates the memory allocated
for secure and trusted boot.
For more information please refer to 'doc/stb.rst'.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds the tpm_extendl() function to tpm_chip interface
For each TPM device, tpm_extendl() extends the sha1 and sha256 digests
provided to the indicated PCR and also records an event for the same PCR
in the event log.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
[stewart@linux.vnet.ibm.com: remove special char, align comments to 80 cols]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds both TSS and tpmLogMgr to be built as part of libstb.
We map some routines and types from TSS and tpmLogMgr codes
to equivalent skiboot routines and types.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
[stewart@linux.vnet.ibm.com: merge skiboot/HB mappings into makefile patch,
and fix pointer to int without cast warning (NULL vs 0) ]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This removes the trustedTypes.H include, it is already included by
tpmLogMgr.H.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
The TpmLogMgr_genLogEventPcrExtend() function is used to generate EV_ACTION
events that will be recorded in the event log. However, skiboot must also
create and record an EV_SEPARATOR event for a clean handover to
skiroot kernel.
This adds the i_logType parameter to the TpmLogMgr_genLogEventPcrExtend()
function, thus it can also be used to generate EV_SEPARATOR events.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This disables the TpmLogMgr_dumpLog() function for skiboot.
It breaks the compilation if TRACUCOMP and TRACUBIN macros
are not defined.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Hostboot exports the tpmLogMgr implementation for skiboot/PHYP. This
adds to skiboot the latest tpmLogMgr code, which supports multibank (it
is able to record events with multiple measurements into the firmware
event log).
tpmLogMgr code home and version:
https://github.com/open-power/hostboot/tree/master-p8/src/usr/secureboot/trusted
HEAD: 3ed4df70acbcf3927071ebd626d11e37f3656c38
Skiboot uses this tpmLogMgr API to:
- Initialize an existing event log. Hostboot allocates memory for the
firmware event log and announces it to skiboot/linux through the
linux,sml-base and linux,sml-size properties of the tpm device tree
node.
- Generate a new event to be added to the event log. The new event has a
digest list with the sha1 and sha256 measurements that are going to be
extended to the sha1 and sha256 PCR banks, respectively.
- Add a new event to the event log.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Hostboot shares the TSS code with phyp and skiboot, but the functions
declared in trustedbootUtils.H are hostboot specific and must be implemented
by the TSS downstream consumers.
This implements the trustedbootUtils.H functions.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
TrustedbootCmds.H defines TpmTarget type variables, but this type is
declared only in tpm_chip.h.
This includes tpm_chip.h in trustedbootCmds.H.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This declares the TpmTarget for TSS. This could be done in
'libstb/tss/trustedboot.H', but it causes a dependency cycle among
trustedboot.H, trustedTypes.H and tpm_chip.h.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Hostboot exports the TCG TPM Software Stack (TSS) implementation for
skiboot/PHYP (downstream consumers). This adds to skiboot the latest
Hostboot TSS code, which supports multibank (it is able to extend multiple
PCR banks at once).
TSS code home and version:
https://github.com/open-power/hostboot/tree/master-p8/src/usr/secureboot/trusted
HEAD: 3ed4df70acbcf3927071ebd626d11e37f3656c38
Skiboot uses the TSS API to extend the same PCR number of both sha1 and
sha256 PCR banks. The PCR number and both sha1 and sha256 measurements are
provided to TSS, which sends a single TPM PCR_EXTEND command to the TPM
device via TPM device driver.
The TSS interface is defined in 'libstb/tss/trustedbootCmds.H'.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This adds the 1/5 step performed by the TPM I2C Nuvoton driver to
transmit a command to the TPM device. In this step the driver
checks if the TPM device is ready to receive a new command.
This adds the 2/5 step performed by the TPM I2C Nuvoton driver to
transmit a command to the TPM device. In this step the driver
writes a given command to master I2C FIFO.
This adds the 3/5 step performed by the TPM I2C Nuvoton driver to
transmit a command to the TPM device. In this step the driver
sets the TPMGO bit in the I2C master status register to indicate that
the command stored in the FIFO can be sent to the TPM device.
This adds the 4/5 step performed by the TPM I2C Nuvoton driver to
transmit a command to the TPM device. In this step the driver
reads from the I2C master FIFO the result that the TPM device returned
for the last command sent.
This adds the 5/5 step performed by the TPM I2C Nuvoton driver to
transmit a command to the TPM device. In this step the driver
sets the COMMAND_READY bit in the status register to indicate that the
TPM device is ready to receive a new command.
This adds the probe function to the TPM Nuvoton driver and also updates
the tpm_init() in tpm_chip.c to call the probe function.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
[stewart@linux.vnet.ibm.com: squash commits into one]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|