[Skiboot] [PATCH 08/19] libstb/cvc.c: import softrom behavior from drivers/sw_driver.c

Claudio Carvalho cclaudio at linux.vnet.ibm.com
Thu Nov 23 00:13:44 AEDT 2017



On 21/11/2017 03:16, Oliver wrote:
> On Sun, Nov 12, 2017 at 4:28 AM, Claudio Carvalho
> <cclaudio at linux.vnet.ibm.com> wrote:
>> Softrom is used only for testing with mambo. By setting
>> compatible="ibm,secureboot-v1-softrom" in the "ibm,secureboot" node,
>> firmware images can be properly measured even if the
>> Container-Verification-Code (CVC) is not available. In this case, the
>> mbedtls_sha512() function is used to calculate the sha512 hash of the
>> firmware images.
> If this is only used for testing in mambo why not build your own CVC
> rom and load that into mambo? That way you can use the same interface
> for sim and bare metal.

The CVC source code is now public:
https://github.com/open-power/hostboot/tree/master/src/securerom

Maybe skiboot can build and load it into mambo as suggested by Oliver, 
what do you think?

Claudio

>
>> This imports the softrom behavior from libstb/drivers/sw_driver.c code
>> into cvc.c, but now softrom is implemented as a flag. When the flag is
>> set, the wrappers for the CVC services work the same way as in
>> sw_driver.c.
>>
>> Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
>> ---
>>   libstb/cvc.c | 13 +++++++++++++
>>   1 file changed, 13 insertions(+)
>>
>> diff --git a/libstb/cvc.c b/libstb/cvc.c
>> index ddb6a1c..5f46e5e 100644
>> --- a/libstb/cvc.c
>> +++ b/libstb/cvc.c
>> @@ -25,6 +25,7 @@
>>   #include <xscom.h>
>>   #include "container.h"
>>   #include "cvc.h"
>> +#include "mbedtls/sha512.h"
>>
>>   /*
>>    * Assembly interfaces to call into the Container Verification Code.
>> @@ -251,6 +252,15 @@ int call_cvc_sha512(const uint8_t *data, size_t data_len, uint8_t *digest,
>>                  return OPAL_SUCCESS;
>>
>>          memset(digest, 0, SHA512_DIGEST_LENGTH);
>> +       if (softrom) {
>> +               mbedtls_sha512_context ctx;
>> +               mbedtls_sha512_init(&ctx);
>> +               mbedtls_sha512_starts(&ctx, 0); // SHA512 = 0
>> +               mbedtls_sha512_update(&ctx, data, data_len);
>> +               mbedtls_sha512_finish(&ctx, digest);
>> +               mbedtls_sha512_free(&ctx);
>> +               return OPAL_SUCCESS;
>> +       }
>>
>>          service = cvc_find_service(CVC_SHA512_SERVICE);
>>
>> @@ -276,6 +286,9 @@ int call_cvc_verify(void *container, size_t len, const void *hw_key_hash,
>>              !hw_key_hash || hw_key_hash_size <= 0)
>>                  return OPAL_PARAMETER;
>>
>> +       if (softrom)
>> +               return OPAL_RESOURCE;
>> +
>>          service = cvc_find_service(CVC_VERIFY_SERVICE);
>>
>>          if (!service)
>> --
>> 2.7.4
>>
>> _______________________________________________
>> Skiboot mailing list
>> Skiboot at lists.ozlabs.org
>> https://lists.ozlabs.org/listinfo/skiboot



More information about the Skiboot mailing list