[Skiboot] [PATCH 08/19] libstb/cvc.c: import softrom behavior from drivers/sw_driver.c
Claudio Carvalho
cclaudio at linux.vnet.ibm.com
Thu Nov 23 00:15:12 AEDT 2017
> On 21/11/2017 03:16, Oliver wrote:
>> On Sun, Nov 12, 2017 at 4:28 AM, Claudio Carvalho
>> <cclaudio at linux.vnet.ibm.com> wrote:
>>> Softrom is used only for testing with mambo. By setting
>>> compatible="ibm,secureboot-v1-softrom" in the "ibm,secureboot" node,
>>> firmware images can be properly measured even if the
>>> Container-Verification-Code (CVC) is not available. In this case, the
>>> mbedtls_sha512() function is used to calculate the sha512 hash of the
>>> firmware images.
>> If this is only used for testing in mambo why not build your own CVC
>> rom and load that into mambo? That way you can use the same interface
>> for sim and bare metal.
>
> The CVC source code is now public:
> https://github.com/open-power/hostboot/tree/master/src/securerom
>
> Maybe skiboot can build and load it into mambo as suggested by Oliver,
> what do you think?
>
> Claudio
>
What do you think Stewart?
Claudio
>>
>>> This imports the softrom behavior from libstb/drivers/sw_driver.c code
>>> into cvc.c, but now softrom is implemented as a flag. When the flag is
>>> set, the wrappers for the CVC services work the same way as in
>>> sw_driver.c.
>>>
>>> Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
>>> ---
>>> libstb/cvc.c | 13 +++++++++++++
>>> 1 file changed, 13 insertions(+)
>>>
>>> diff --git a/libstb/cvc.c b/libstb/cvc.c
>>> index ddb6a1c..5f46e5e 100644
>>> --- a/libstb/cvc.c
>>> +++ b/libstb/cvc.c
>>> @@ -25,6 +25,7 @@
>>> #include <xscom.h>
>>> #include "container.h"
>>> #include "cvc.h"
>>> +#include "mbedtls/sha512.h"
>>>
>>> /*
>>> * Assembly interfaces to call into the Container Verification Code.
>>> @@ -251,6 +252,15 @@ int call_cvc_sha512(const uint8_t *data, size_t
>>> data_len, uint8_t *digest,
>>> return OPAL_SUCCESS;
>>>
>>> memset(digest, 0, SHA512_DIGEST_LENGTH);
>>> + if (softrom) {
>>> + mbedtls_sha512_context ctx;
>>> + mbedtls_sha512_init(&ctx);
>>> + mbedtls_sha512_starts(&ctx, 0); // SHA512 = 0
>>> + mbedtls_sha512_update(&ctx, data, data_len);
>>> + mbedtls_sha512_finish(&ctx, digest);
>>> + mbedtls_sha512_free(&ctx);
>>> + return OPAL_SUCCESS;
>>> + }
>>>
>>> service = cvc_find_service(CVC_SHA512_SERVICE);
>>>
>>> @@ -276,6 +286,9 @@ int call_cvc_verify(void *container, size_t len,
>>> const void *hw_key_hash,
>>> !hw_key_hash || hw_key_hash_size <= 0)
>>> return OPAL_PARAMETER;
>>>
>>> + if (softrom)
>>> + return OPAL_RESOURCE;
>>> +
>>> service = cvc_find_service(CVC_VERIFY_SERVICE);
>>>
>>> if (!service)
>>> --
>>> 2.7.4
>>>
>>> _______________________________________________
>>> Skiboot mailing list
>>> Skiboot at lists.ozlabs.org
>>> https://lists.ozlabs.org/listinfo/skiboot
>
More information about the Skiboot
mailing list