[Skiboot] [PATCH 13/15] libstb: Add rom interface

Thu Aug 11 15:23:55 AEST 2016

This adds the ROM interface for libstb:

- rom_init(): load a compatible driver for the ibm,secureboot node

- rom_set_driver(): set the rom driver that will be used to access the
  verification code functions

Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
---
 libstb/Makefile.inc |  2 +-
 libstb/rom.c        | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 libstb/rom.h        | 44 ++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 97 insertions(+), 1 deletion(-)
 create mode 100644 libstb/rom.c
 create mode 100644 libstb/rom.h

diff --git a/libstb/Makefile.inc b/libstb/Makefile.inc
index 693e888..d395631 100644
--- a/libstb/Makefile.inc
+++ b/libstb/Makefile.inc
@@ -4,7 +4,7 @@ LIBSTB_DIR = libstb
 
 SUBDIRS += $(LIBSTB_DIR)
 
-LIBSTB_SRCS = container.c tpm.c
+LIBSTB_SRCS = container.c tpm.c rom.c
 LIBSTB_OBJS = $(LIBSTB_SRCS:%.c=%.o)
 LIBSTB = $(LIBSTB_DIR)/built-in.o
 
diff --git a/libstb/rom.c b/libstb/rom.c
new file mode 100644
index 0000000..7981eca
--- /dev/null
+++ b/libstb/rom.c
@@ -0,0 +1,52 @@
+/* Copyright 2013-2016 IBM Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <skiboot.h>
+
+#include "rom.h"
+
+static struct rom_driver_ops *rom_driver = NULL;
+
+struct rom_driver_ops* rom_init(const struct dt_node *node)
+{
+	if (rom_driver)
+		goto end;
+
+	/* ROM drivers supported */
+
+	if (!rom_driver)
+		prlog(PR_NOTICE, "ROM: no rom driver found\n");
+
+end:
+	return rom_driver;
+}
+
+void rom_set_driver(struct rom_driver_ops *driver)
+{
+	if (rom_driver) {
+		/**
+		 * @fwts-label ROMAlreadyRegistered
+		 * @fwts-advice ibm,secureboot already registered. Check if
+		 * rom_init called twice or the same driver is probed twice
+		 */
+		prlog(PR_WARNING, "ROM: rom driver already registered\n");
+		return;
+	}
+
+	rom_driver = driver;
+	prlog(PR_NOTICE, "ROM: %s driver registered\n", driver->name);
+}
+
diff --git a/libstb/rom.h b/libstb/rom.h
new file mode 100644
index 0000000..28af319
--- /dev/null
+++ b/libstb/rom.h
@@ -0,0 +1,44 @@
+/* Copyright 2013-2016 IBM Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __ROM_H
+#define __ROM_H
+
+#include <stdint.h>
+#include <stdbool.h>
+#include <stdlib.h>
+
+#include "container.h"
+
+struct rom_driver_ops {
+	const char* name;
+	int  (*verify)(void *container);
+	void (*sha512)(const uint8_t *data, size_t len, uint8_t *digest);
+	void (*cleanup)(void);
+  };
+
+/**
+ * Load a compatible driver to access the functions of the
+ * verification code flashed in the secure ROM
+ */
+extern struct rom_driver_ops* rom_init(const struct dt_node *node);
+
+/**
+ * Set the rom driver that will be used
+ */
+extern void rom_set_driver(struct rom_driver_ops *driver);
+
+#endif /* __ROM_H */
-- 
1.9.1

