[Skiboot] [PATCH] stb: create-container and wrap skiboot in Secure/Trusted Boot container

Stewart Smith stewart at linux.vnet.ibm.com
Thu Nov 24 16:53:57 AEDT 2016


Gavin Shan <gwshan at linux.vnet.ibm.com> writes:
> On Thu, Nov 17, 2016 at 07:33:59PM +1100, Stewart Smith wrote:
>>We produce **UNSIGNED** skiboot.lid.stb and skiboot.lid.xz.stb as build
>>artifacts
>>
>>These are suitable blobs for flashing onto Trusted Boot enabled op-build
>>builds *WITH* the secure boot jumpers *ON* (i.e. *NOT* in secure mode).
>>
>>It's just enough of the Secure and Trusted Boot container format to
>>make Hostboot behave.
>>
>>Signed-off-by: Stewart Smith <stewart at linux.vnet.ibm.com>
>
> Tested-by: Gavin Shan <gwshan at linux.vnet.ibm.com>
>
> Thanks, Stewart. There is one minor comment below.
>
>>--
>>This is really a V3 of the plain create-container utility.
>>This utility still casually sucks, but it's about 8000 LoC smaller than
>>the full sb-signing-tool (not to be confused with sbsigntool or signtool).
>>---
>> Makefile.main             |   7 +++
>> libstb/Makefile.inc       |   4 ++
>> libstb/create-container.c | 118 ++++++++++++++++++++++++++++++++++++++++++++++
>> 3 files changed, 129 insertions(+)
>> create mode 100644 libstb/create-container.c
>>
>>diff --git a/Makefile.main b/Makefile.main
>>index 62a659d..a2b0bcd 100644
>>--- a/Makefile.main
>>+++ b/Makefile.main
>>@@ -166,6 +166,7 @@ pflash-coverity:
>> 	(cd external/pflash; ./build-all-arch.sh)
>> 
>> all: $(SUBDIRS) $(TARGET).lid $(TARGET).lid.xz $(TARGET).map extract-gcov
>>+all: $(TARGET).lid.stb $(TARGET).lid.xz.stb
>> 
>> OBJS := $(ASM) $(CORE) $(HW) $(PLATFORMS) $(LIBFDT) $(LIBFLASH) $(LIBSTB)
>> ifeq ($(PORE),1)
>>@@ -184,6 +185,12 @@ $(TARGET).lid.xz: $(TARGET).lid
>> $(TARGET).lid: $(TARGET).elf
>> 	$(call Q,OBJCOPY, $(OBJCOPY) -O binary -S $^ $@, $@)
>> 
>>+$(TARGET).lid.stb: $(TARGET).lid libstb/create-container
>>+	$(call Q,STB-UNSIGNED-CONTAINER,./libstb/create-container $< $@,$@)
>>+
>>+$(TARGET).lid.xz.stb: $(TARGET).lid.xz libstb/create-container
>>+	$(call Q,STB-UNSIGNED-CONTAINER,./libstb/create-container $< $@,$@)
>>+
>> $(TARGET).tmp.elf: $(ALL_OBJS_1) $(TARGET).lds $(KERNEL)
>> 	$(call Q,LD, $(CC) $(LDFLAGS) -T $(TARGET).lds $(ALL_OBJS_1) -o $@, $@)
>> 
>>diff --git a/libstb/Makefile.inc b/libstb/Makefile.inc
>>index 337b9e4..b7e7841 100644
>>--- a/libstb/Makefile.inc
>>+++ b/libstb/Makefile.inc
>>@@ -12,3 +12,7 @@ include $(SRC)/$(LIBSTB_DIR)/drivers/Makefile.inc
>> include $(SRC)/$(LIBSTB_DIR)/tss/Makefile.inc
>> 
>> $(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(TSS)
>>+
>>+libstb/create-container: libstb/create-container.c
>>+	$(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) \
>>+	-Wpadded -O0 -g -I$(SRC) -o $@ $<,$<)
>>diff --git a/libstb/create-container.c b/libstb/create-container.c
>>new file mode 100644
>>index 0000000..1fe222d
>>--- /dev/null
>>+++ b/libstb/create-container.c
>>@@ -0,0 +1,118 @@
>>+/* Copyright 2013-2016 IBM Corp.
>>+ *
>>+ * Licensed under the Apache License, Version 2.0 (the "License");
>>+ * you may not use this file except in compliance with the License.
>>+ * You may obtain a copy of the License at
>>+ *
>>+ * 	http://www.apache.org/licenses/LICENSE-2.0
>>+ *
>>+ * Unless required by applicable law or agreed to in writing, software
>>+ * distributed under the License is distributed on an "AS IS" BASIS,
>>+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>+ * implied.
>>+ * See the License for the specific language governing permissions and
>>+ * limitations under the License.
>>+ */
>>+
>>+#include <config.h>
>>+
>>+#include <stdbool.h>
>>+#include <types.h>
>>+#include "container.h"
>>+
>>+#include <stdio.h>
>>+#include <stdlib.h>
>>+#include <getopt.h>
>>+#include <unistd.h>
>>+#include <string.h>
>>+#include <errno.h>
>>+#include <sys/types.h>
>>+#include <sys/stat.h>
>>+#include <sys/mman.h>
>>+#include <fcntl.h>
>>+#include <assert.h>
>>+
>>+int main(int argc, char* argv[])
>>+{
>>+	int fdin, fdout;
>>+	void *container = malloc(SECURE_BOOT_HEADERS_SIZE);
>>+	struct stat s;
>>+	char *buf = malloc(4096);
>>+	off_t l;
>>+	void *infile;
>>+	int r;
>>+	ROM_container_raw *c = (ROM_container_raw*)container;
>>+	ROM_prefix_header_raw *ph;
>>+	ROM_prefix_data_raw *pd;
>>+	ROM_sw_header_raw *swh;
>>+
>>+	memset(container, 0, SECURE_BOOT_HEADERS_SIZE);
>>+
>>+	if (argc<3)
>>+		return -1;
>>+
>>+	fdin = open(argv[1], O_RDONLY);
>>+	assert(fdin > 0);
>>+	r = fstat(fdin, &s);
>>+	assert(r==0);
>>+	infile = mmap(NULL, s.st_size, PROT_READ, 0, fdin, 0);
>>+	assert(infile);
>>+	fdout = open(argv[2], O_WRONLY|O_CREAT|O_TRUNC);
>
> The output file's permission is 'x', meaning it can't be overwritten when
> re-constructing it. I think the 3rd argument of open() would be as below
> and it worked for me :)
>
> (S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)

ahh, thanks for catching that. Pushed to master as of
833b1e6bb2aef485226f8bc48ec1b45c422b2152 with that fix (and a minor
makefile fix).

It turns out I may be able to give talks on how everybody gets POSIX
file IO wrong and be quite accurate about it. Everybody includes me.

-- 
Stewart Smith
OPAL Architect, IBM.



More information about the Skiboot mailing list