[Skiboot] [PATCH 13/15] libstb: Add rom interface
Claudio Carvalho
cclaudio at linux.vnet.ibm.com
Thu Aug 11 15:23:55 AEST 2016
This adds the ROM interface for libstb:
- rom_init(): load a compatible driver for the ibm,secureboot node
- rom_set_driver(): set the rom driver that will be used to access the
verification code functions
Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
---
libstb/Makefile.inc | 2 +-
libstb/rom.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
libstb/rom.h | 44 ++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 97 insertions(+), 1 deletion(-)
create mode 100644 libstb/rom.c
create mode 100644 libstb/rom.h
diff --git a/libstb/Makefile.inc b/libstb/Makefile.inc
index 693e888..d395631 100644
--- a/libstb/Makefile.inc
+++ b/libstb/Makefile.inc
@@ -4,7 +4,7 @@ LIBSTB_DIR = libstb
SUBDIRS += $(LIBSTB_DIR)
-LIBSTB_SRCS = container.c tpm.c
+LIBSTB_SRCS = container.c tpm.c rom.c
LIBSTB_OBJS = $(LIBSTB_SRCS:%.c=%.o)
LIBSTB = $(LIBSTB_DIR)/built-in.o
diff --git a/libstb/rom.c b/libstb/rom.c
new file mode 100644
index 0000000..7981eca
--- /dev/null
+++ b/libstb/rom.c
@@ -0,0 +1,52 @@
+/* Copyright 2013-2016 IBM Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <skiboot.h>
+
+#include "rom.h"
+
+static struct rom_driver_ops *rom_driver = NULL;
+
+struct rom_driver_ops* rom_init(const struct dt_node *node)
+{
+ if (rom_driver)
+ goto end;
+
+ /* ROM drivers supported */
+
+ if (!rom_driver)
+ prlog(PR_NOTICE, "ROM: no rom driver found\n");
+
+end:
+ return rom_driver;
+}
+
+void rom_set_driver(struct rom_driver_ops *driver)
+{
+ if (rom_driver) {
+ /**
+ * @fwts-label ROMAlreadyRegistered
+ * @fwts-advice ibm,secureboot already registered. Check if
+ * rom_init called twice or the same driver is probed twice
+ */
+ prlog(PR_WARNING, "ROM: rom driver already registered\n");
+ return;
+ }
+
+ rom_driver = driver;
+ prlog(PR_NOTICE, "ROM: %s driver registered\n", driver->name);
+}
+
diff --git a/libstb/rom.h b/libstb/rom.h
new file mode 100644
index 0000000..28af319
--- /dev/null
+++ b/libstb/rom.h
@@ -0,0 +1,44 @@
+/* Copyright 2013-2016 IBM Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __ROM_H
+#define __ROM_H
+
+#include <stdint.h>
+#include <stdbool.h>
+#include <stdlib.h>
+
+#include "container.h"
+
+struct rom_driver_ops {
+ const char* name;
+ int (*verify)(void *container);
+ void (*sha512)(const uint8_t *data, size_t len, uint8_t *digest);
+ void (*cleanup)(void);
+ };
+
+/**
+ * Load a compatible driver to access the functions of the
+ * verification code flashed in the secure ROM
+ */
+extern struct rom_driver_ops* rom_init(const struct dt_node *node);
+
+/**
+ * Set the rom driver that will be used
+ */
+extern void rom_set_driver(struct rom_driver_ops *driver);
+
+#endif /* __ROM_H */
--
1.9.1
More information about the Skiboot
mailing list