[Skiboot] [PATCH 00/19] libstb: add support for secure and trusted boot in P9

Claudio Carvalho cclaudio at linux.vnet.ibm.com
Sun Nov 12 04:28:23 AEDT 2017 

In POWER9, skiboot is responsible to build the device tree from the HDAT,
including the entries related to secure and trusted boot.

Secure and Trusted Boot changes compared to POWER8:

    - The Container-Verification-Code (CVC), a.k.a. ROM code, is no longer
      stored in a secure ROM with static address and offsets. In POWER9, it is
      stored in a hostboot reserved memory and each CVC service provided has
      a version, not only an offset.

    - The hash-algo property is not provided via HDAT, instead it provides
      the hw-key-hash-size, which is indeed the information required by the
      CVC to verify signed firmware code.

Since skiboot is the only consumer for the Container-Verification-Code, this
patch series doesn't export the CVC services (version and offset) to the device
tree. Instead, they are consumed only in skiboot.

Activities performed in this patch series:

    - do some libstb code refactoring in order to support CVC initialization
      during HDAT parsing and also later on when the libstb is initialized.

    - build the STB device tree entries from HDAT.

    - update the skiboot TCG Software Stack (TSS).

    - extend and update the libstb documentation with POWER9 changes.

Roughly speaking, with this patch series every partition fetched from PNOR
should be properly verified and measured in both POWER8 and POWER9. It was
tested on witherspoon. Here are the STB messages printed in the OPAL log:

$> grep STB /sys/firmware/opal/msglog
[  115.507742723,6] STB: CVC-sha512 service found @0xffd330040
[  115.507747366,6] STB: CVC-verify service found @0xffd330050
[    4.329796596,5] STB: Found ibm,secureboot-v1
[    4.329919669,5] STB: secure mode on (FORCED by nvram)
[    4.329962637,5] STB: trusted mode on (FORCED by nvram)
[    4.330023021,5] STB: tpm0 registered: driver=i2c_tpm_nuvoton evLogSize=2095
[    5.354157641,6] STB: IMA_CATALOG verified
[    5.354264802,6] STB: IMA_CATALOG hash calculated
[    5.397284153,5] STB: IMA_CATALOG measured on pcr2 (tpm0, evType 0x5, evLogSize 2178)
[    7.026764601,6] STB: CAPP verified
[    7.027069959,6] STB: CAPP hash calculated
[    7.070083022,5] STB: CAPP measured on pcr2 (tpm0, evType 0x5, evLogSize 2254)
[   16.087319251,6] STB: BOOTKERNEL verified
[   16.126912000,6] STB: BOOTKERNEL hash calculated
[   16.169940665,5] STB: BOOTKERNEL measured on pcr4 (tpm0, evType 0x5, evLogSize 2336)
[   17.105389759,5] STB: EV_SEPARATOR measured on pcr0 (tpm0, evType 0x4, evLogSize 2412)
[   17.148509076,5] STB: EV_SEPARATOR measured on pcr1 (tpm0, evType 0x4, evLogSize 2488)
[   17.191687100,5] STB: EV_SEPARATOR measured on pcr2 (tpm0, evType 0x4, evLogSize 2564)
[   17.234846677,5] STB: EV_SEPARATOR measured on pcr3 (tpm0, evType 0x4, evLogSize 2640)
[   17.277938046,5] STB: EV_SEPARATOR measured on pcr4 (tpm0, evType 0x4, evLogSize 2716)
[   17.321053996,5] STB: EV_SEPARATOR measured on pcr5 (tpm0, evType 0x4, evLogSize 2792)
[   17.364199336,5] STB: EV_SEPARATOR measured on pcr6 (tpm0, evType 0x4, evLogSize 2868)
[   17.407303146,5] STB: EV_SEPARATOR measured on pcr7 (tpm0, evType 0x4, evLogSize 2944)


Claudio Carvalho (19):
  hdata: add secure and trusted boot ntuple to SPIRA-H/S
  hdata/spira: add ibm,secureboot node in P9
  hdata/tpmrel.c: add firmware event log info to the tpm node
  hdata/tpmrel.c: register CVC services during HDAT parsing
  libstb/cvc: add function wrappers to call into CVC services
  libstb: move drivers/sha512.* to mbedtls directory
  libstb: import stb_init() breaking it into multiple files
  libstb/cvc.c: import softrom behavior from drivers/sw_driver.c
  core/flash.c: extern function to get the name of a PNOR partition
  core/init.c: remove redundant calls to verify and measure BOOTKERNEL
  libstb/secureboot.c: import sb_verify() from stb.c
  libstb/trustedboot.c: import tb_measure() from stb.c
  libstb/trustedboot.c: import stb_final() from stb.c
  tpm_i2c_nuvoton: add nuvoton,npct601 to the compatible property
  libstb/tss: update the list of event types supported
  libstb/tpm_chip.c: define pr_fmt and fix messages logged
  libstb: integrate changes made to support POWER9
  doc: update libstb documentation with POWER9 changes
  libstb: remove junk after code refactoring for P9 support

 asm/Makefile.inc                     |   2 +-
 asm/{rom_entry.S => cvc_entry.S}     |  10 +-
 core/flash.c                         |  15 +-
 core/init.c                          |  29 +---
 doc/device-tree/ibm,secureboot.rst   |  42 ++---
 doc/device-tree/tpm.rst              |   6 +-
 doc/stb.rst                          | 299 ++++++++++++++++----------------
 hdata/Makefile.inc                   |   2 +-
 hdata/hdata.h                        |   1 +
 hdata/spira.c                        |  43 +++++
 hdata/spira.h                        |  66 ++++++-
 hdata/test/hdata_to_dt.c             |   1 +
 hdata/test/stubs.c                   |   2 +
 hdata/tpmrel.c                       | 180 +++++++++++++++++++
 include/skiboot.h                    |   1 +
 libstb/Makefile.inc                  |   5 +-
 libstb/cvc.c                         | 327 +++++++++++++++++++++++++++++++++++
 libstb/cvc.h                         |  74 ++++++++
 libstb/drivers/Makefile.inc          |   2 +-
 libstb/drivers/romcode.c             | 138 ---------------
 libstb/drivers/romcode.h             |  24 ---
 libstb/drivers/sw_driver.c           |  76 --------
 libstb/drivers/sw_driver.h           |  24 ---
 libstb/drivers/tpm_i2c_nuvoton.c     |  10 ++
 libstb/mbedtls/Makefile.inc          |  11 ++
 libstb/{drivers => mbedtls}/sha512.c |   0
 libstb/{drivers => mbedtls}/sha512.h |   0
 libstb/rom.c                         |  55 ------
 libstb/rom.h                         |  43 -----
 libstb/secureboot.c                  | 170 ++++++++++++++++++
 libstb/secureboot.h                  |  40 +++++
 libstb/stb.c                         | 316 +--------------------------------
 libstb/stb.h                         |  56 +-----
 libstb/tpm_chip.c                    |  99 +++++------
 libstb/tpm_chip.h                    |   2 +-
 libstb/trustedboot.c                 | 261 ++++++++++++++++++++++++++++
 libstb/trustedboot.h                 |  51 ++++++
 libstb/tss/trustedTypes.H            |  22 ++-
 libstb/tss/trustedboot.H             |  18 +-
 39 files changed, 1511 insertions(+), 1012 deletions(-)
 rename asm/{rom_entry.S => cvc_entry.S} (91%)
 create mode 100644 hdata/tpmrel.c
 create mode 100644 libstb/cvc.c
 create mode 100644 libstb/cvc.h
 delete mode 100644 libstb/drivers/romcode.c
 delete mode 100644 libstb/drivers/romcode.h
 delete mode 100644 libstb/drivers/sw_driver.c
 delete mode 100644 libstb/drivers/sw_driver.h
 create mode 100644 libstb/mbedtls/Makefile.inc
 rename libstb/{drivers => mbedtls}/sha512.c (100%)
 rename libstb/{drivers => mbedtls}/sha512.h (100%)
 delete mode 100644 libstb/rom.c
 delete mode 100644 libstb/rom.h
 create mode 100644 libstb/secureboot.c
 create mode 100644 libstb/secureboot.h
 create mode 100644 libstb/trustedboot.c
 create mode 100644 libstb/trustedboot.h

-- 
2.7.4

More information about the Skiboot mailing list