[Skiboot] [PATCH 1/5] hdata: add secure and trusted boot ntuple to SPIRA-H/S

Claudio Carvalho cclaudio at linux.vnet.ibm.com
Thu Aug 31 17:42:48 AEST 2017 

This adds to spira-h/s the overall tpmrel structure, which defines
secure and trusted boot related data. The internal data structures will
be added in separated patches.

Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
---
 hdata/Makefile.inc       |  2 +-
 hdata/hdata.h            |  1 +
 hdata/spira.c            |  4 ++++
 hdata/spira.h            | 12 +++++++++---
 hdata/test/hdata_to_dt.c |  1 +
 hdata/tpmrel.c           | 40 ++++++++++++++++++++++++++++++++++++++++
 6 files changed, 56 insertions(+), 4 deletions(-)
 create mode 100644 hdata/tpmrel.c

diff --git a/hdata/Makefile.inc b/hdata/Makefile.inc
index 5b79dfe..c17b04f 100644
--- a/hdata/Makefile.inc
+++ b/hdata/Makefile.inc
@@ -2,7 +2,7 @@
 
 SUBDIRS += hdata
 HDATA_OBJS = spira.o paca.o pcia.o hdif.o memory.o fsp.o iohub.o vpd.o slca.o
-HDATA_OBJS += cpu-common.o vpd-common.o hostservices.o i2c.o
+HDATA_OBJS += cpu-common.o vpd-common.o hostservices.o i2c.o tpmrel.o
 DEVSRC_OBJ = hdata/built-in.o
 
 $(DEVSRC_OBJ): $(HDATA_OBJS:%=hdata/%)
diff --git a/hdata/hdata.h b/hdata/hdata.h
index 6da9b55..31223c8 100644
--- a/hdata/hdata.h
+++ b/hdata/hdata.h
@@ -65,6 +65,7 @@ extern void slca_dt_add_sai_node(void);
 extern bool hservices_from_hdat(const void *fdt, size_t size);
 int parse_i2c_devs(const struct HDIF_common_hdr *hdr, int idata_index,
 	struct dt_node *xscom);
+extern void node_stb_parse(void);
 
 #endif /* __HDATA_H */
 
diff --git a/hdata/spira.c b/hdata/spira.c
index b58be7c..220ae9e 100644
--- a/hdata/spira.c
+++ b/hdata/spira.c
@@ -1278,6 +1278,7 @@ static void fixup_spira(void)
 	spira.ntuples.proc_chip = spiras->ntuples.proc_chip;
 	spira.ntuples.hs_data = spiras->ntuples.hs_data;
 	spira.ntuples.ipmi_sensor = spiras->ntuples.ipmi_sensor;
+	spira.ntuples.node_stb_data = spiras->ntuples.node_stb_data;
 }
 
 int parse_hdat(bool is_opal)
@@ -1347,6 +1348,9 @@ int parse_hdat(bool is_opal)
 
 	add_stop_levels();
 
+	/* Parse node secure and trusted boot data */
+	node_stb_parse();
+
 	prlog(PR_DEBUG, "Parsing HDAT...done\n");
 
 	return 0;
diff --git a/hdata/spira.h b/hdata/spira.h
index 0276d4a..d2a70c1 100644
--- a/hdata/spira.h
+++ b/hdata/spira.h
@@ -40,7 +40,7 @@ struct spira_ntuple {
 	__be64		padding;
 } __packed;
 
-#define SPIRA_NTUPLES_COUNT	0x18
+#define SPIRA_NTUPLES_COUNT	0x19
 
 struct spira_ntuples {
 	struct HDIF_array_hdr	array_hdr;
@@ -69,6 +69,7 @@ struct spira_ntuples {
 	struct spira_ntuple	proc_chip;		/* 0x300 */
 	struct spira_ntuple	hs_data;		/* 0x320 */
 	struct spira_ntuple	ipmi_sensor;		/* 0x360 */
+	struct spira_ntuple	node_stb_data;		/* 0x380 */
 };
 
 struct spira {
@@ -82,7 +83,7 @@ struct spira {
 	 *
 	 * According to FSP engineers, this is an okay thing to do.
 	 */
-	u8			reserved[0xa0];
+	u8			reserved[0x80];
 } __packed __align(0x100);
 
 extern struct spira spira;
@@ -146,7 +147,7 @@ struct spiras_ntuples {
 	struct spira_ntuple	hs_data;		/* 0x200 */
 	struct spira_ntuple	hbrt_data;		/* 0x220 */
 	struct spira_ntuple	ipmi_sensor;		/* 0x240 */
-	struct spira_ntuple	node_data;		/* 0x260 */
+	struct spira_ntuple	node_stb_data;		/* 0x260 */
 };
 
 struct spiras {
@@ -1092,6 +1093,11 @@ struct ipmi_sensors {
 /* Idata index 1 : LED - sensors ID mapping data */
 #define IPMI_SENSORS_IDATA_LED		1
 
+/*
+ * Node Secure and Trusted Boot Related Data
+ */
+#define STB_HDIF_SIG	"TPMREL"
+
 static inline const char *cpu_state(u32 flags)
 {
 	switch ((flags & CPU_ID_VERIFY_MASK) >> CPU_ID_VERIFY_SHIFT) {
diff --git a/hdata/test/hdata_to_dt.c b/hdata/test/hdata_to_dt.c
index 155e41b..6da80a5 100644
--- a/hdata/test/hdata_to_dt.c
+++ b/hdata/test/hdata_to_dt.c
@@ -124,6 +124,7 @@ static bool spira_check_ptr(const void *ptr, const char *file, unsigned int line
 #include "../slca.c"
 #include "../hostservices.c"
 #include "../i2c.c"
+#include "../tpmrel.c"
 #include "../../core/vpd.c"
 #include "../../core/device.c"
 #include "../../core/chip.c"
diff --git a/hdata/tpmrel.c b/hdata/tpmrel.c
new file mode 100644
index 0000000..7ded404
--- /dev/null
+++ b/hdata/tpmrel.c
@@ -0,0 +1,40 @@
+/* Copyright 2013-2017 IBM Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * 	http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef pr_fmt
+#define pr_fmt(fmt) "HDAT TPMREL: " fmt
+#endif
+
+#include <skiboot.h>
+
+#include "spira.h"
+#include "hdata.h"
+#include "hdif.h"
+
+void node_stb_parse(void)
+{
+	struct HDIF_common_hdr *hdif_hdr;
+
+	hdif_hdr = get_hdif(&spira.ntuples.node_stb_data, "TPMREL");
+	if (!hdif_hdr) {
+		prlog(PR_INFO, "could not find TPMREL data\n");
+		return;
+	}
+
+	/* TODO: Idata 0: Secure Boot and TPM Instance Info */
+	/* TODO: Idata 1: User Physical Interaction Mechanism Info */
+	/* TODO: Idata 2: Hash and Verification Function Offset Array */
+}
-- 
2.7.4

More information about the Skiboot mailing list