[Skiboot] [PATCH 08/19] libstb/cvc.c: import softrom behavior from drivers/sw_driver.c

Claudio Carvalho cclaudio at linux.vnet.ibm.com
Thu Nov 23 00:15:12 AEDT 2017


> On 21/11/2017 03:16, Oliver wrote:
>> On Sun, Nov 12, 2017 at 4:28 AM, Claudio Carvalho
>> <cclaudio at linux.vnet.ibm.com> wrote:
>>> Softrom is used only for testing with mambo. By setting
>>> compatible="ibm,secureboot-v1-softrom" in the "ibm,secureboot" node,
>>> firmware images can be properly measured even if the
>>> Container-Verification-Code (CVC) is not available. In this case, the
>>> mbedtls_sha512() function is used to calculate the sha512 hash of the
>>> firmware images.
>> If this is only used for testing in mambo why not build your own CVC
>> rom and load that into mambo? That way you can use the same interface
>> for sim and bare metal.
>
> The CVC source code is now public:
> https://github.com/open-power/hostboot/tree/master/src/securerom
>
> Maybe skiboot can build and load it into mambo as suggested by Oliver, 
> what do you think?
>
> Claudio
>

What do you think Stewart?

Claudio

>>
>>> This imports the softrom behavior from libstb/drivers/sw_driver.c code
>>> into cvc.c, but now softrom is implemented as a flag. When the flag is
>>> set, the wrappers for the CVC services work the same way as in
>>> sw_driver.c.
>>>
>>> Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
>>> ---
>>>   libstb/cvc.c | 13 +++++++++++++
>>>   1 file changed, 13 insertions(+)
>>>
>>> diff --git a/libstb/cvc.c b/libstb/cvc.c
>>> index ddb6a1c..5f46e5e 100644
>>> --- a/libstb/cvc.c
>>> +++ b/libstb/cvc.c
>>> @@ -25,6 +25,7 @@
>>>   #include <xscom.h>
>>>   #include "container.h"
>>>   #include "cvc.h"
>>> +#include "mbedtls/sha512.h"
>>>
>>>   /*
>>>    * Assembly interfaces to call into the Container Verification Code.
>>> @@ -251,6 +252,15 @@ int call_cvc_sha512(const uint8_t *data, size_t 
>>> data_len, uint8_t *digest,
>>>                  return OPAL_SUCCESS;
>>>
>>>          memset(digest, 0, SHA512_DIGEST_LENGTH);
>>> +       if (softrom) {
>>> +               mbedtls_sha512_context ctx;
>>> +               mbedtls_sha512_init(&ctx);
>>> +               mbedtls_sha512_starts(&ctx, 0); // SHA512 = 0
>>> +               mbedtls_sha512_update(&ctx, data, data_len);
>>> +               mbedtls_sha512_finish(&ctx, digest);
>>> +               mbedtls_sha512_free(&ctx);
>>> +               return OPAL_SUCCESS;
>>> +       }
>>>
>>>          service = cvc_find_service(CVC_SHA512_SERVICE);
>>>
>>> @@ -276,6 +286,9 @@ int call_cvc_verify(void *container, size_t len, 
>>> const void *hw_key_hash,
>>>              !hw_key_hash || hw_key_hash_size <= 0)
>>>                  return OPAL_PARAMETER;
>>>
>>> +       if (softrom)
>>> +               return OPAL_RESOURCE;
>>> +
>>>          service = cvc_find_service(CVC_VERIFY_SERVICE);
>>>
>>>          if (!service)
>>> -- 
>>> 2.7.4
>>>
>>> _______________________________________________
>>> Skiboot mailing list
>>> Skiboot at lists.ozlabs.org
>>> https://lists.ozlabs.org/listinfo/skiboot
>



More information about the Skiboot mailing list