[Skiboot] [PATCH 05/13] libstb: rename drivers/romcode.* to cvc/c1vc.*

Claudio Carvalho cclaudio at linux.vnet.ibm.com
Thu Aug 31 16:45:53 AEST 2017


This gives a better name to the driver/romcode.* files and also moves
them to a better place. The function names are also renamed accordingly.

Romcode provides an API to access the functions provided by the
container version 1 verification code (c1vc).

Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
---
 asm/Makefile.inc            |   2 +-
 asm/c1vc_entry.S            |  51 ++++++++++++++++
 asm/rom_entry.S             |  52 -----------------
 libstb/Makefile.inc         |   3 +-
 libstb/cvc/Makefile.inc     |  11 ++++
 libstb/cvc/c1vc.c           | 138 ++++++++++++++++++++++++++++++++++++++++++++
 libstb/cvc/c1vc.h           |  24 ++++++++
 libstb/drivers/Makefile.inc |   2 +-
 libstb/drivers/romcode.c    | 138 --------------------------------------------
 libstb/drivers/romcode.h    |  24 --------
 libstb/rom.c                |   6 +-
 11 files changed, 231 insertions(+), 220 deletions(-)
 create mode 100644 asm/c1vc_entry.S
 delete mode 100644 asm/rom_entry.S
 create mode 100644 libstb/cvc/Makefile.inc
 create mode 100644 libstb/cvc/c1vc.c
 create mode 100644 libstb/cvc/c1vc.h
 delete mode 100644 libstb/drivers/romcode.c
 delete mode 100644 libstb/drivers/romcode.h

diff --git a/asm/Makefile.inc b/asm/Makefile.inc
index 2e678fd..6b61c9b 100644
--- a/asm/Makefile.inc
+++ b/asm/Makefile.inc
@@ -1,7 +1,7 @@
 # -*-Makefile-*-
 
 SUBDIRS += asm 
-ASM_OBJS = head.o lock.o misc.o kernel-wrapper.o rom_entry.o
+ASM_OBJS = head.o lock.o misc.o kernel-wrapper.o c1vc_entry.o
 ASM=asm/built-in.o
 
 # Add extra dependency to the kernel wrapper
diff --git a/asm/c1vc_entry.S b/asm/c1vc_entry.S
new file mode 100644
index 0000000..f215415
--- /dev/null
+++ b/asm/c1vc_entry.S
@@ -0,0 +1,51 @@
+# IBM_PROLOG_BEGIN_TAG
+# This is an automatically generated prolog.
+#
+# $Source: src/usr/secureboot/base/rom_entry.S $
+#
+# OpenPOWER HostBoot Project
+#
+# COPYRIGHT International Business Machines Corp. 2013,2016
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+#
+# IBM_PROLOG_END_TAG
+
+#.include "kernel/ppcconsts.S"
+
+.section .text
+
+.global __c1vc_verify
+.global __c1vc_sha512
+
+__c1vc_verify:
+__c1vc_sha512:
+
+    std %r2, 40(%r1)
+    mflr %r0
+    std %r0, 16(%r1)
+    stdu %r1, -128(%r1)
+    li %r2, 0
+    mtctr %r3
+    mr %r3, %r4
+    mr %r4, %r5
+    mr %r5, %r6
+    mr %r6, %r7
+    mr %r7, %r8
+    bctrl
+    addi %r1, %r1, 128
+    ld %r2, 40(%r1)
+    ld %r0, 16(%r1)
+    mtlr %r0
+    blr
+
diff --git a/asm/rom_entry.S b/asm/rom_entry.S
deleted file mode 100644
index 26d1b96..0000000
--- a/asm/rom_entry.S
+++ /dev/null
@@ -1,52 +0,0 @@
-# IBM_PROLOG_BEGIN_TAG
-# This is an automatically generated prolog.
-#
-# $Source: src/usr/secureboot/base/rom_entry.S $
-#
-# OpenPOWER HostBoot Project
-#
-# COPYRIGHT International Business Machines Corp. 2013,2016
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-# IBM_PROLOG_END_TAG
-
-#.include "kernel/ppcconsts.S"
-
-.section .text
-
-.global call_rom_verify
-.global call_rom_SHA512
-
-call_rom_verify:
-call_rom_SHA512:
-
-call_rom_entry:
-    std %r2, 40(%r1)
-    mflr %r0
-    std %r0, 16(%r1)
-    stdu %r1, -128(%r1)
-    li %r2, 0
-    mtctr %r3
-    mr %r3, %r4
-    mr %r4, %r5
-    mr %r5, %r6
-    mr %r6, %r7
-    mr %r7, %r8
-    bctrl
-    addi %r1, %r1, 128
-    ld %r2, 40(%r1)
-    ld %r0, 16(%r1)
-    mtlr %r0
-    blr
-
diff --git a/libstb/Makefile.inc b/libstb/Makefile.inc
index 64be4d6..5389fac 100644
--- a/libstb/Makefile.inc
+++ b/libstb/Makefile.inc
@@ -8,10 +8,11 @@ LIBSTB_SRCS = container.c rom.c tpm_chip.c stb.c
 LIBSTB_OBJS = $(LIBSTB_SRCS:%.c=%.o)
 LIBSTB = $(LIBSTB_DIR)/built-in.o
 
+include $(SRC)/$(LIBSTB_DIR)/cvc/Makefile.inc
 include $(SRC)/$(LIBSTB_DIR)/drivers/Makefile.inc
 include $(SRC)/$(LIBSTB_DIR)/tss/Makefile.inc
 
-$(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(TSS)
+$(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(TSS) $(CVC)
 
 libstb/create-container: libstb/create-container.c
 	$(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) \
diff --git a/libstb/cvc/Makefile.inc b/libstb/cvc/Makefile.inc
new file mode 100644
index 0000000..8ce86d5
--- /dev/null
+++ b/libstb/cvc/Makefile.inc
@@ -0,0 +1,11 @@
+# -*-Makefile-*-
+
+CVC_DIR = libstb/cvc
+
+SUBDIRS += $(CVC_DIR)
+
+CVC_SRCS = c1vc.c
+CVC_OBJS = $(CVC_SRCS:%.c=%.o)
+CVC = $(CVC_DIR)/built-in.o
+
+$(CVC): $(CVC_OBJS:%=$(CVC_DIR)/%)
diff --git a/libstb/cvc/c1vc.c b/libstb/cvc/c1vc.c
new file mode 100644
index 0000000..0ac0d8a
--- /dev/null
+++ b/libstb/cvc/c1vc.c
@@ -0,0 +1,138 @@
+/* Copyright 2013-2016 IBM Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * 	http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <chip.h>
+#include <xscom.h>
+#include <string.h>
+#include <skiboot.h>
+#include "../status_codes.h"
+#include "../rom.h"
+#include "c1vc.h"
+
+#define DRIVER_NAME	"c1vc"
+
+#define SECURE_ROM_MEMORY_SIZE		(16 * 1024)
+#define SECURE_ROM_XSCOM_ADDRESS	0x02020017
+
+/*
+ *  From the source code of the ROM code
+ */
+#define SECURE_ROM_SHA512_OFFSET	0x20
+#define SECURE_ROM_VERIFY_OFFSET	0x30
+
+static const char *compat = "ibm,secureboot-v1";
+static void *securerom_addr = NULL;
+static sha2_hash_t *hw_key_hash = NULL;
+
+/*
+ * Assembly interfaces to call into ROM code.
+ * func_ptr is the ROM code function address, followed
+ * by additional parameters as necessary
+ */
+ROM_response __c1vc_verify(void *func_ptr, ROM_container_raw *container,
+			   ROM_hw_params *params);
+void __c1vc_sha512(void *func_ptr, const uint8_t *data, size_t len,
+		   uint8_t *digest);
+
+static int c1vc_verify(void *container)
+{
+	ROM_hw_params hw_params;
+	ROM_response rc;
+
+	memset(&hw_params, 0, sizeof(ROM_hw_params));
+	memcpy(&hw_params.hw_key_hash, hw_key_hash, sizeof(sha2_hash_t));
+	rc = __c1vc_verify(securerom_addr + SECURE_ROM_VERIFY_OFFSET,
+			   (ROM_container_raw*) container, &hw_params);
+	if (rc != ROM_DONE) {
+		/*
+		 * Verify failed. hw_params.log indicates what checking has
+		 * failed. This will abort the boot process.
+		 */
+		prlog(PR_ERR, "ROM: %s failed (rc=%d, hw_params.log=0x%llx)\n",
+		      __func__, rc, be64_to_cpu(hw_params.log));
+		return STB_VERIFY_FAILED;
+	}
+	return 0;
+}
+
+static void c1vc_sha512(const uint8_t *data, size_t len, uint8_t *digest)
+{
+	memset(digest, 0, sizeof(sha2_hash_t));
+	__c1vc_sha512(securerom_addr + SECURE_ROM_SHA512_OFFSET,
+		      data, len, digest);
+}
+
+static void c1vc_cleanup(void) {
+	if (securerom_addr)
+		free(securerom_addr);
+	hw_key_hash = NULL;
+}
+
+static struct container_verification_code c1vc = {
+	.name    = DRIVER_NAME,
+	.verify  = c1vc_verify,
+	.sha512  = c1vc_sha512,
+	.cleanup = c1vc_cleanup,
+};
+
+void c1vc_probe(const struct dt_node *node)
+{
+	/* This xscom register has the Secure ROM code base address */
+	const uint32_t reg_addr = SECURE_ROM_XSCOM_ADDRESS;
+	uint64_t reg_data;
+	struct proc_chip *chip;
+	const char* hash_algo;
+
+	if (!dt_node_is_compatible(node, compat)) {
+		prlog(PR_DEBUG, "ROM: %s node is not compatible\n",
+		      node->name);
+		return;
+	}
+	/*
+	 * secureboot-v1 defines containers with sha512 hashes
+	 */
+	hash_algo = dt_prop_get(node, "hash-algo");
+	if (strcmp(hash_algo, "sha512")) {
+		/**
+		 * @fwts-label ROMHashAlgorithmInvalid
+		 * @fwts-advice Hostboot creates the ibm,secureboot node and
+		 * the hash-algo property. Check that the ibm,secureboot node
+		 * layout has not changed.
+		 */
+		prlog(PR_ERR, "ROM: hash-algo=%s not expected\n", hash_algo);
+		return;
+	}
+	hw_key_hash = (sha2_hash_t*) dt_prop_get(node, "hw-key-hash");
+	securerom_addr = malloc(SECURE_ROM_MEMORY_SIZE);
+	assert(securerom_addr);
+	/*
+	 * The logic that contains the ROM within the processor is implemented
+	 * in a way that it only responds to CI (cache inhibited) operations.
+	 * Due to performance issues we copy the verification code from the
+	 * secure ROM to RAM and we use memcpy_from_ci to do that.
+	 */
+	chip = next_chip(NULL);
+	xscom_read(chip->id, reg_addr, &reg_data);
+	memcpy_from_ci(securerom_addr, (void*) reg_data,
+		       SECURE_ROM_MEMORY_SIZE);
+	/*
+	 * Skiboot runs with IR (Instruction Relocation) &
+	 * DR (Data Relocation) off, so there is no need to either MMIO
+	 * the ROM code or set the memory region as executable.
+         * skiboot accesses the physical memory directly. Real mode.
+	 */
+	rom_set_driver(&c1vc);
+}
diff --git a/libstb/cvc/c1vc.h b/libstb/cvc/c1vc.h
new file mode 100644
index 0000000..f0d2a3d
--- /dev/null
+++ b/libstb/cvc/c1vc.h
@@ -0,0 +1,24 @@
+/* Copyright 2013-2016 IBM Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __C1VC_H
+#define __C1VC_H
+
+#include <device.h>
+
+extern void c1vc_probe(const struct dt_node *node);
+
+#endif /* __C1VC_H */
diff --git a/libstb/drivers/Makefile.inc b/libstb/drivers/Makefile.inc
index d0f88ea..6425208 100644
--- a/libstb/drivers/Makefile.inc
+++ b/libstb/drivers/Makefile.inc
@@ -4,7 +4,7 @@ DRIVERS_DIR = libstb/drivers
 
 SUBDIRS += $(DRIVERS_DIR)
 
-DRIVERS_SRCS = romcode.c tpm_i2c_interface.c tpm_i2c_nuvoton.c sw_driver.c sha512.c
+DRIVERS_SRCS = tpm_i2c_interface.c tpm_i2c_nuvoton.c sw_driver.c sha512.c
 DRIVERS_OBJS = $(DRIVERS_SRCS:%.c=%.o)
 DRIVERS = $(DRIVERS_DIR)/built-in.o
 
diff --git a/libstb/drivers/romcode.c b/libstb/drivers/romcode.c
deleted file mode 100644
index 68f1230..0000000
--- a/libstb/drivers/romcode.c
+++ /dev/null
@@ -1,138 +0,0 @@
-/* Copyright 2013-2016 IBM Corp.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * 	http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- * implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <chip.h>
-#include <xscom.h>
-#include <string.h>
-#include <skiboot.h>
-#include "../status_codes.h"
-#include "../rom.h"
-#include "romcode.h"
-
-#define DRIVER_NAME	"romcode"
-
-#define ROMCODE_MEMORY_SIZE	(16 * 1024)
-#define ROMCODE_XSCOM_ADDRESS	0x02020017
-
-/*
- *  From the source code of the ROM code
- */
-#define ROMCODE_SHA512_OFFSET		0x20
-#define ROMCODE_VERIFY_OFFSET		0x30
-
-static const char *compat = "ibm,secureboot-v1";
-static void *romcode_base_addr = NULL;
-static sha2_hash_t *hw_key_hash = NULL;
-
-/*
- * Assembly interfaces to call into ROM code.
- * func_ptr is the ROM code function address, followed
- * by additional parameters as necessary
- */
-ROM_response call_rom_verify(void *func_ptr, ROM_container_raw *container,
-			     ROM_hw_params *params);
-void call_rom_SHA512(void *func_ptr, const uint8_t *data, size_t len,
-		     uint8_t *digest);
-
-static int romcode_verify(void *container)
-{
-	ROM_hw_params hw_params;
-	ROM_response rc;
-
-	memset(&hw_params, 0, sizeof(ROM_hw_params));
-	memcpy(&hw_params.hw_key_hash, hw_key_hash, sizeof(sha2_hash_t));
-	rc = call_rom_verify(romcode_base_addr + ROMCODE_VERIFY_OFFSET,
-			     (ROM_container_raw*) container, &hw_params);
-	if (rc != ROM_DONE) {
-		/*
-		 * Verify failed. hw_params.log indicates what checking has
-		 * failed. This will abort the boot process.
-		 */
-		prlog(PR_ERR, "ROM: %s failed (rc=%d, hw_params.log=0x%llx)\n",
-		      __func__, rc, be64_to_cpu(hw_params.log));
-		return STB_VERIFY_FAILED;
-	}
-	return 0;
-}
-
-static void romcode_sha512(const uint8_t *data, size_t len, uint8_t *digest)
-{
-	memset(digest, 0, sizeof(sha2_hash_t));
-	call_rom_SHA512(romcode_base_addr + ROMCODE_SHA512_OFFSET,
-			data, len, digest);
-}
-
-static void romcode_cleanup(void) {
-	if (romcode_base_addr)
-		free(romcode_base_addr);
-	hw_key_hash = NULL;
-}
-
-static struct container_verification_code c1vc = {
-	.name    = DRIVER_NAME,
-	.verify  = romcode_verify,
-	.sha512  = romcode_sha512,
-	.cleanup = romcode_cleanup
-};
-
-void romcode_probe(const struct dt_node *node)
-{
-	/* This xscom register has the ROM code base address */
-	const uint32_t reg_addr = ROMCODE_XSCOM_ADDRESS;
-	uint64_t reg_data;
-	struct proc_chip *chip;
-	const char* hash_algo;
-
-	if (!dt_node_is_compatible(node, compat)) {
-		prlog(PR_DEBUG, "ROM: %s node is not compatible\n",
-		      node->name);
-		return;
-	}
-	/*
-	 * secureboot-v1 defines containers with sha512 hashes
-	 */
-	hash_algo = dt_prop_get(node, "hash-algo");
-	if (strcmp(hash_algo, "sha512")) {
-		/**
-		 * @fwts-label ROMHashAlgorithmInvalid
-		 * @fwts-advice Hostboot creates the ibm,secureboot node and
-		 * the hash-algo property. Check that the ibm,secureboot node
-		 * layout has not changed.
-		 */
-		prlog(PR_ERR, "ROM: hash-algo=%s not expected\n", hash_algo);
-		return;
-	}
-	hw_key_hash = (sha2_hash_t*) dt_prop_get(node, "hw-key-hash");
-	romcode_base_addr = malloc(ROMCODE_MEMORY_SIZE);
-	assert(romcode_base_addr);
-	/*
-	 * The logic that contains the ROM within the processor is implemented
-	 * in a way that it only responds to CI (cache inhibited) operations.
-	 * Due to performance issues we copy the verification code from the
-	 * secure ROM to RAM and we use memcpy_from_ci to do that.
-	 */
-	chip = next_chip(NULL);
-	xscom_read(chip->id, reg_addr, &reg_data);
-	memcpy_from_ci(romcode_base_addr, (void*) reg_data,
-		       ROMCODE_MEMORY_SIZE);
-	/*
-	 * Skiboot runs with IR (Instruction Relocation) &
-	 * DR (Data Relocation) off, so there is no need to either MMIO
-	 * the ROM code or set the memory region as executable.
-         * skiboot accesses the physical memory directly. Real mode.
-	 */
-	rom_set_driver(&c1vc);
-}
diff --git a/libstb/drivers/romcode.h b/libstb/drivers/romcode.h
deleted file mode 100644
index 4152eae..0000000
--- a/libstb/drivers/romcode.h
+++ /dev/null
@@ -1,24 +0,0 @@
-/* Copyright 2013-2016 IBM Corp.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- * implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef __ROMCODE_H
-#define __ROMCODE_H
-
-#include <device.h>
-
-extern void romcode_probe(const struct dt_node *node);
-
-#endif /* __ROMCODE_H */
diff --git a/libstb/rom.c b/libstb/rom.c
index 27b65c9..9054420 100644
--- a/libstb/rom.c
+++ b/libstb/rom.c
@@ -16,7 +16,7 @@
 
 #include <skiboot.h>
 #include "rom.h"
-#include "drivers/romcode.h"
+#include "cvc/c1vc.h"
 #include "drivers/sw_driver.h"
 
 static struct container_verification_code *c1vc = NULL;
@@ -26,8 +26,8 @@ struct container_verification_code* rom_init(const struct dt_node *node __unused
 	if (c1vc)
 		goto end;
 
-	/* ROM drivers supported */
-	romcode_probe(node);
+	/* CVC drivers supported */
+	c1vc_probe(node);
 
 	if (!c1vc)
 		stb_software_probe(node);
-- 
2.7.4



More information about the Skiboot mailing list