[Skiboot] [PATCH 08/15] libstb: Add secure boot header structures

Thu Sep 15 20:14:43 AEST 2016

Claudio Carvalho <cclaudio at linux.vnet.ibm.com> writes:
> --- /dev/null
> +++ b/libstb/container.h
> @@ -0,0 +1,139 @@
> +/* Copyright 2013-2016 IBM Corp.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + *      http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> + * implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +#ifndef __STB_CONTAINER_H
> +#define __STB_CONTAINER_H
> +
> +#include <stdint.h>
> +
> +#define SECURE_BOOT_HEADERS_SIZE	4096
> +
> +#define SHA256_DIGEST_LENGTH	32
> +
> +/**
> + * The defines and structures below come from the secure ROM source code
> + * (trusted_boot_rom). Here you will find only the ones required by the
> + * secure and trusted boot implementation in skiboot.
> + */
> +
> +/* From trusted_boot_rom/src/sha512.h */
> +#define SHA512_DIGEST_LENGTH  64
> +typedef uint8_t __attribute__((aligned(8))) sha2_hash_t[ SHA512_DIGEST_LENGTH / sizeof(uint8_t) ];
> +typedef uint8_t sha2_byte; // Exactly 1 byte
> +
> +/* From trusted_boot_rom/src/hw_utils.h  */
> +#define ECID_SIZE	16
> +
> +/* From trusted_boot_rom/src/ecverify.h   */
> +#define EC_COORDBYTES	66     /* P-521   */
> +typedef uint8_t ecc_key_t[2*EC_COORDBYTES];
> +typedef uint8_t ecc_signature_t[2*EC_COORDBYTES];
> +
> +/* From trusted_boot_rom/src/ROM.h */
> +#define ROM_MAGIC_NUMBER	0x17082011
> +
> +typedef struct {
> +	uint16_t version;	/* (1: see versions above) */
> +	uint8_t hash_alg;	/* (1: SHA-512) */
> +	uint8_t sig_alg;	/* (1: SHA-512/ECDSA-521) */
> +}__attribute__((packed)) ROM_version_raw;

IIRC it was sig_alg here that conflicted wiht "unused" in the
https://github.com/open-power/sb-signing-utils/pull/1/files proposed
signing utils (although considering the problems there, I'm more
convinced your code is correct).

But.. since this is dealing with something that's baked into
hardware.. where did this exactly come from?

The other thing that came to me while running this morning... since this
is a representation of a serialized data structure, it'd be good to use
the be32/be16/be64 types and be32_to_cpu() "converters" so that if we
were ever crazy enough to do a LE skiboot, everything would "just
work". It also means that you can more easily write unit tests that'll
work on LE platforms.

-- 
Stewart Smith
OPAL Architect, IBM.