[Skiboot] [PATCH] stb: create-container and wrap skiboot in Secure/Trusted Boot container

Gavin Shan gwshan at linux.vnet.ibm.com
Fri Nov 18 10:06:56 AEDT 2016 

On Thu, Nov 17, 2016 at 07:33:59PM +1100, Stewart Smith wrote:
>We produce **UNSIGNED** skiboot.lid.stb and skiboot.lid.xz.stb as build
>artifacts
>
>These are suitable blobs for flashing onto Trusted Boot enabled op-build
>builds *WITH* the secure boot jumpers *ON* (i.e. *NOT* in secure mode).
>
>It's just enough of the Secure and Trusted Boot container format to
>make Hostboot behave.
>
>Signed-off-by: Stewart Smith <stewart at linux.vnet.ibm.com>

Tested-by: Gavin Shan <gwshan at linux.vnet.ibm.com>

Thanks, Stewart. There is one minor comment below.

>--
>This is really a V3 of the plain create-container utility.
>This utility still casually sucks, but it's about 8000 LoC smaller than
>the full sb-signing-tool (not to be confused with sbsigntool or signtool).
>---
> Makefile.main             |   7 +++
> libstb/Makefile.inc       |   4 ++
> libstb/create-container.c | 118 ++++++++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 129 insertions(+)
> create mode 100644 libstb/create-container.c
>
>diff --git a/Makefile.main b/Makefile.main
>index 62a659d..a2b0bcd 100644
>--- a/Makefile.main
>+++ b/Makefile.main
>@@ -166,6 +166,7 @@ pflash-coverity:
> 	(cd external/pflash; ./build-all-arch.sh)
> 
> all: $(SUBDIRS) $(TARGET).lid $(TARGET).lid.xz $(TARGET).map extract-gcov
>+all: $(TARGET).lid.stb $(TARGET).lid.xz.stb
> 
> OBJS := $(ASM) $(CORE) $(HW) $(PLATFORMS) $(LIBFDT) $(LIBFLASH) $(LIBSTB)
> ifeq ($(PORE),1)
>@@ -184,6 +185,12 @@ $(TARGET).lid.xz: $(TARGET).lid
> $(TARGET).lid: $(TARGET).elf
> 	$(call Q,OBJCOPY, $(OBJCOPY) -O binary -S $^ $@, $@)
> 
>+$(TARGET).lid.stb: $(TARGET).lid libstb/create-container
>+	$(call Q,STB-UNSIGNED-CONTAINER,./libstb/create-container $< $@,$@)
>+
>+$(TARGET).lid.xz.stb: $(TARGET).lid.xz libstb/create-container
>+	$(call Q,STB-UNSIGNED-CONTAINER,./libstb/create-container $< $@,$@)
>+
> $(TARGET).tmp.elf: $(ALL_OBJS_1) $(TARGET).lds $(KERNEL)
> 	$(call Q,LD, $(CC) $(LDFLAGS) -T $(TARGET).lds $(ALL_OBJS_1) -o $@, $@)
> 
>diff --git a/libstb/Makefile.inc b/libstb/Makefile.inc
>index 337b9e4..b7e7841 100644
>--- a/libstb/Makefile.inc
>+++ b/libstb/Makefile.inc
>@@ -12,3 +12,7 @@ include $(SRC)/$(LIBSTB_DIR)/drivers/Makefile.inc
> include $(SRC)/$(LIBSTB_DIR)/tss/Makefile.inc
> 
> $(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(TSS)
>+
>+libstb/create-container: libstb/create-container.c
>+	$(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) \
>+	-Wpadded -O0 -g -I$(SRC) -o $@ $<,$<)
>diff --git a/libstb/create-container.c b/libstb/create-container.c
>new file mode 100644
>index 0000000..1fe222d
>--- /dev/null
>+++ b/libstb/create-container.c
>@@ -0,0 +1,118 @@
>+/* Copyright 2013-2016 IBM Corp.
>+ *
>+ * Licensed under the Apache License, Version 2.0 (the "License");
>+ * you may not use this file except in compliance with the License.
>+ * You may obtain a copy of the License at
>+ *
>+ * 	http://www.apache.org/licenses/LICENSE-2.0
>+ *
>+ * Unless required by applicable law or agreed to in writing, software
>+ * distributed under the License is distributed on an "AS IS" BASIS,
>+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>+ * implied.
>+ * See the License for the specific language governing permissions and
>+ * limitations under the License.
>+ */
>+
>+#include <config.h>
>+
>+#include <stdbool.h>
>+#include <types.h>
>+#include "container.h"
>+
>+#include <stdio.h>
>+#include <stdlib.h>
>+#include <getopt.h>
>+#include <unistd.h>
>+#include <string.h>
>+#include <errno.h>
>+#include <sys/types.h>
>+#include <sys/stat.h>
>+#include <sys/mman.h>
>+#include <fcntl.h>
>+#include <assert.h>
>+
>+int main(int argc, char* argv[])
>+{
>+	int fdin, fdout;
>+	void *container = malloc(SECURE_BOOT_HEADERS_SIZE);
>+	struct stat s;
>+	char *buf = malloc(4096);
>+	off_t l;
>+	void *infile;
>+	int r;
>+	ROM_container_raw *c = (ROM_container_raw*)container;
>+	ROM_prefix_header_raw *ph;
>+	ROM_prefix_data_raw *pd;
>+	ROM_sw_header_raw *swh;
>+
>+	memset(container, 0, SECURE_BOOT_HEADERS_SIZE);
>+
>+	if (argc<3)
>+		return -1;
>+
>+	fdin = open(argv[1], O_RDONLY);
>+	assert(fdin > 0);
>+	r = fstat(fdin, &s);
>+	assert(r==0);
>+	infile = mmap(NULL, s.st_size, PROT_READ, 0, fdin, 0);
>+	assert(infile);
>+	fdout = open(argv[2], O_WRONLY|O_CREAT|O_TRUNC);

The output file's permission is 'x', meaning it can't be overwritten when
re-constructing it. I think the 3rd argument of open() would be as below
and it worked for me :)

(S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)

>+	assert(fdout > 0);
>+
>+	c->magic_number = cpu_to_be32(ROM_MAGIC_NUMBER);
>+	c->version = 1;
>+	c->container_size = cpu_to_be64(SECURE_BOOT_HEADERS_SIZE + s.st_size);
>+	c->target_hrmor = 0;
>+	c->stack_pointer = 0;
>+	memset(c->hw_pkey_a, 0, sizeof(ecc_key_t));
>+	memset(c->hw_pkey_b, 0, sizeof(ecc_key_t));
>+	memset(c->hw_pkey_c, 0, sizeof(ecc_key_t));
>+
>+	ph = container + sizeof(ROM_container_raw);
>+	ph->ver_alg.version = cpu_to_be16(1);
>+	ph->ver_alg.hash_alg = 1;
>+	ph->ver_alg.sig_alg = 1;
>+	ph->code_start_offset = 0;
>+	ph->reserved = 0;
>+	ph->flags = 0;
>+	ph->sw_key_count = 1; // 1, not 0. Because Hostboot
>+	memset(ph->payload_hash, 0, sizeof(sha2_hash_t)); // TODO
>+	ph->ecid_count = 0;
>+
>+	pd = (ROM_prefix_data_raw*)ph->ecid;
>+	memset(pd->hw_sig_a, 0, sizeof(ecc_signature_t));
>+	memset(pd->hw_sig_b, 0, sizeof(ecc_signature_t));
>+	memset(pd->hw_sig_c, 0, sizeof(ecc_signature_t));
>+	memset(pd->sw_pkey_p, 0, sizeof(ecc_key_t));
>+	memset(pd->sw_pkey_q, 0, sizeof(ecc_key_t));
>+	memset(pd->sw_pkey_r, 0, sizeof(ecc_key_t));
>+	ph->payload_size = cpu_to_be64(sizeof(ecc_signature_t)*3 + ph->sw_key_count * sizeof(ecc_key_t));
>+
>+	swh = (ROM_sw_header_raw*)(((void*)pd) + be64_to_cpu(ph->payload_size));
>+	swh->ver_alg.version = cpu_to_be16(1);
>+	swh->ver_alg.hash_alg = 1;
>+	swh->ver_alg.sig_alg = 1;
>+	swh->code_start_offset = 0;
>+	swh->reserved = 0;
>+	swh->flags = 0;
>+	swh->reserved_0 = 0;
>+	swh->payload_size = cpu_to_be64(s.st_size);
>+
>+	r = write(fdout, container, SECURE_BOOT_HEADERS_SIZE);
>+	assert(r == 4096);
>+	read(fdin, buf, s.st_size%4096);
>+	write(fdout, buf, s.st_size%4096);
>+	l = s.st_size - s.st_size%4096;
>+	while (l) {
>+		read(fdin, buf, 4096);
>+		write(fdout, buf, 4096);
>+		l-=4096;
>+	};
>+	close(fdin);
>+	close(fdout);
>+
>+	free(container);
>+	free(buf);
>+	return 0;
>+}

Thanks,
Gavin

More information about the Skiboot mailing list