[Skiboot] [PATCH v2 08/20] libstb/trustedboot.c: import stb_final() from stb.c
Claudio Carvalho
cclaudio at linux.vnet.ibm.com
Sat Dec 9 15:52:22 AEDT 2017
The stb_final() primary goal is to measure the event EV_SEPARATOR
into PCR[0-7] when trusted boot is about to exit the boot services.
This imports the stb_final() from stb.c into trustedboot.c, but making
the following changes:
- Rename it to trustedboot_exit_boot_services().
- As specified in the TCG PC Client spec, EV_SEPARATOR events must be
logged with the name 0xFFFFFF.
- Remove the rom driver clean-up call.
- Don't allow code to be measured in skiboot after
trustedboot_exit_boot_services() is called.
Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
---
libstb/trustedboot.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++
libstb/trustedboot.h | 11 +++++++++
2 files changed, 79 insertions(+)
diff --git a/libstb/trustedboot.c b/libstb/trustedboot.c
index f829c0b..e2df0e6 100644
--- a/libstb/trustedboot.c
+++ b/libstb/trustedboot.c
@@ -30,6 +30,7 @@
//#define STB_DEBUG
static bool trusted_mode = false;
+static bool boot_services_exited = false;
/*
* This maps a PCR for each resource we can measure. The PCR number is
@@ -46,6 +47,26 @@ static struct {
{ RESOURCE_ID_CAPP, PCR_2 },
};
+/*
+ * Event Separator - digest of 0xFFFFFFFF
+ */
+static struct {
+ const unsigned char *event;
+ const unsigned char *sha1;
+ const unsigned char *sha256;
+} ev_separator = {
+
+ .event = "\xff\xff\xff\xff",
+
+ .sha1 = "\xd9\xbe\x65\x24\xa5\xf5\x04\x7d\xb5\x86"
+ "\x68\x13\xac\xf3\x27\x78\x92\xa7\xa3\x0a",
+
+ .sha256 = "\xad\x95\x13\x1b\xc0\xb7\x99\xc0\xb1\xaf"
+ "\x47\x7f\xb1\x4f\xcf\x26\xa6\xa9\xf7\x60"
+ "\x79\xe4\x8b\xf0\x90\xac\xb7\xe8\x36\x7b"
+ "\xfd\x0e"
+};
+
static TPM_Pcr map_pcr(enum resource_id id)
{
int i;
@@ -95,6 +116,48 @@ void trustedboot_init(void)
tpm_init();
}
+int trustedboot_exit_boot_services(void)
+{
+ uint32_t pcr;
+ int rc = 0;
+ bool failed = false;
+
+ boot_services_exited = true;
+
+ if (!trusted_mode)
+ goto out_free;
+
+#ifdef STB_DEBUG
+ prlog(PR_NOTICE, "ev_separator.event: %s\n", ev_separator.event);
+ prlog(PR_NOTICE, "ev_separator.sha1:\n");
+ stb_print_data((uint8_t*) ev_separator.sha1, TPM_ALG_SHA1_SIZE);
+ prlog(PR_NOTICE, "ev_separator.sha256:\n");
+ stb_print_data((uint8_t*) ev_separator.sha256, TPM_ALG_SHA256_SIZE);
+#endif
+ /*
+ * As defined in the TCG Platform Firmware PWe are done. Extending the digest of 0xFFFFFFFF
+ * in PCR[0-7], and recording an EV_SEPARATOR event in
+ * event log as defined in the TCG Platform Firmware Profile
+ * specification, Revision 00.21
+ */
+ for (pcr = 0; pcr < 8; pcr++) {
+ rc = tpm_extendl(pcr, TPM_ALG_SHA256,
+ (uint8_t*) ev_separator.sha256,
+ TPM_ALG_SHA256_SIZE, TPM_ALG_SHA1,
+ (uint8_t*) ev_separator.sha1,
+ TPM_ALG_SHA1_SIZE, EV_SEPARATOR,
+ ev_separator.event);
+ if (rc)
+ failed = true;
+ }
+ tpm_add_status_property();
+
+out_free:
+ tpm_cleanup();
+
+ return (failed) ? -1 : 0;
+}
+
int trustedboot_measure(enum resource_id id, void *buf, size_t len)
{
uint8_t digest[SHA512_DIGEST_LENGTH];
@@ -117,6 +180,11 @@ int trustedboot_measure(enum resource_id id, void *buf, size_t len)
prlog(PR_ERR, "resource NOT MEASURED, resource_id=%d unknown\n", id);
return -1;
}
+ if (boot_services_exited) {
+ prlog(PR_ERR, "%s NOT MEASURED. Already exited from boot "
+ "services\n", name);
+ return -1;
+ }
pcr = map_pcr(id);
if (pcr == -1) {
/**
diff --git a/libstb/trustedboot.h b/libstb/trustedboot.h
index bd5ac91..3003c80 100644
--- a/libstb/trustedboot.h
+++ b/libstb/trustedboot.h
@@ -22,6 +22,17 @@
void trustedboot_init(void);
/**
+ * As defined in the TCG Platform Firmware Profile specification, the
+ * digest of 0xFFFFFFFF or 0x00000000 must be extended in PCR[0-7] and
+ * an EV_SEPARATOR event must be recorded in the event log for PCR[0-7]
+ * prior to the first invocation of the first Ready to Boot call.
+ *
+ * This function must be called just before BOOTKERNEL is executed. Every call
+ * to trustedboot_measure() will fail afterwards.
+ */
+int trustedboot_exit_boot_services(void);
+
+/**
* trustedboot_measure - measure a resource
* @id : resource id
* @buf : data to be measured
--
2.7.4
More information about the Skiboot
mailing list