[Skiboot] [PATCH 1/5] hdata: add secure and trusted boot ntuple to SPIRA-H/S
Oliver
oohall at gmail.com
Fri Sep 1 14:24:16 AEST 2017
On Thu, Aug 31, 2017 at 5:42 PM, Claudio Carvalho
<cclaudio at linux.vnet.ibm.com> wrote:
> This adds to spira-h/s the overall tpmrel structure, which defines
> secure and trusted boot related data. The internal data structures will
> be added in separated patches.
>
> Signed-off-by: Claudio Carvalho <cclaudio at linux.vnet.ibm.com>
> ---
> hdata/Makefile.inc | 2 +-
> hdata/hdata.h | 1 +
> hdata/spira.c | 4 ++++
> hdata/spira.h | 12 +++++++++---
> hdata/test/hdata_to_dt.c | 1 +
> hdata/tpmrel.c | 40 ++++++++++++++++++++++++++++++++++++++++
> 6 files changed, 56 insertions(+), 4 deletions(-)
> create mode 100644 hdata/tpmrel.c
>
> diff --git a/hdata/Makefile.inc b/hdata/Makefile.inc
> index 5b79dfe..c17b04f 100644
> --- a/hdata/Makefile.inc
> +++ b/hdata/Makefile.inc
> @@ -2,7 +2,7 @@
>
> SUBDIRS += hdata
> HDATA_OBJS = spira.o paca.o pcia.o hdif.o memory.o fsp.o iohub.o vpd.o slca.o
> -HDATA_OBJS += cpu-common.o vpd-common.o hostservices.o i2c.o
> +HDATA_OBJS += cpu-common.o vpd-common.o hostservices.o i2c.o tpmrel.o
> DEVSRC_OBJ = hdata/built-in.o
>
> $(DEVSRC_OBJ): $(HDATA_OBJS:%=hdata/%)
> diff --git a/hdata/hdata.h b/hdata/hdata.h
> index 6da9b55..31223c8 100644
> --- a/hdata/hdata.h
> +++ b/hdata/hdata.h
> @@ -65,6 +65,7 @@ extern void slca_dt_add_sai_node(void);
> extern bool hservices_from_hdat(const void *fdt, size_t size);
> int parse_i2c_devs(const struct HDIF_common_hdr *hdr, int idata_index,
> struct dt_node *xscom);
> +extern void node_stb_parse(void);
>
> #endif /* __HDATA_H */
>
> diff --git a/hdata/spira.c b/hdata/spira.c
> index b58be7c..220ae9e 100644
> --- a/hdata/spira.c
> +++ b/hdata/spira.c
> @@ -1278,6 +1278,7 @@ static void fixup_spira(void)
> spira.ntuples.proc_chip = spiras->ntuples.proc_chip;
> spira.ntuples.hs_data = spiras->ntuples.hs_data;
> spira.ntuples.ipmi_sensor = spiras->ntuples.ipmi_sensor;
> + spira.ntuples.node_stb_data = spiras->ntuples.node_stb_data;
> }
>
> int parse_hdat(bool is_opal)
> @@ -1347,6 +1348,9 @@ int parse_hdat(bool is_opal)
>
> add_stop_levels();
>
> + /* Parse node secure and trusted boot data */
> + node_stb_parse();
> +
> prlog(PR_DEBUG, "Parsing HDAT...done\n");
>
> return 0;
> diff --git a/hdata/spira.h b/hdata/spira.h
> index 0276d4a..d2a70c1 100644
> --- a/hdata/spira.h
> +++ b/hdata/spira.h
> @@ -40,7 +40,7 @@ struct spira_ntuple {
> __be64 padding;
> } __packed;
>
> -#define SPIRA_NTUPLES_COUNT 0x18
> +#define SPIRA_NTUPLES_COUNT 0x19
>
> struct spira_ntuples {
> struct HDIF_array_hdr array_hdr;
> @@ -69,6 +69,7 @@ struct spira_ntuples {
> struct spira_ntuple proc_chip; /* 0x300 */
> struct spira_ntuple hs_data; /* 0x320 */
> struct spira_ntuple ipmi_sensor; /* 0x360 */
> + struct spira_ntuple node_stb_data; /* 0x380 */
> };
>
> struct spira {
> @@ -82,7 +83,7 @@ struct spira {
> *
> * According to FSP engineers, this is an okay thing to do.
> */
> - u8 reserved[0xa0];
> + u8 reserved[0x80];
> } __packed __align(0x100);
>
> extern struct spira spira;
> @@ -146,7 +147,7 @@ struct spiras_ntuples {
> struct spira_ntuple hs_data; /* 0x200 */
> struct spira_ntuple hbrt_data; /* 0x220 */
> struct spira_ntuple ipmi_sensor; /* 0x240 */
> - struct spira_ntuple node_data; /* 0x260 */
> + struct spira_ntuple node_stb_data; /* 0x260 */
> };
>
> struct spiras {
> @@ -1092,6 +1093,11 @@ struct ipmi_sensors {
> /* Idata index 1 : LED - sensors ID mapping data */
> #define IPMI_SENSORS_IDATA_LED 1
>
> +/*
> + * Node Secure and Trusted Boot Related Data
> + */
> +#define STB_HDIF_SIG "TPMREL"
> +
> static inline const char *cpu_state(u32 flags)
> {
> switch ((flags & CPU_ID_VERIFY_MASK) >> CPU_ID_VERIFY_SHIFT) {
> diff --git a/hdata/test/hdata_to_dt.c b/hdata/test/hdata_to_dt.c
> index 155e41b..6da80a5 100644
> --- a/hdata/test/hdata_to_dt.c
> +++ b/hdata/test/hdata_to_dt.c
> @@ -124,6 +124,7 @@ static bool spira_check_ptr(const void *ptr, const char *file, unsigned int line
> #include "../slca.c"
> #include "../hostservices.c"
> #include "../i2c.c"
> +#include "../tpmrel.c"
> #include "../../core/vpd.c"
> #include "../../core/device.c"
> #include "../../core/chip.c"
> diff --git a/hdata/tpmrel.c b/hdata/tpmrel.c
> new file mode 100644
> index 0000000..7ded404
> --- /dev/null
> +++ b/hdata/tpmrel.c
> @@ -0,0 +1,40 @@
> +/* Copyright 2013-2017 IBM Corp.
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> + * implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +#ifndef pr_fmt
> +#define pr_fmt(fmt) "HDAT TPMREL: " fmt
Just make this TPMREL: or something. The bits of skiboot that are
inside the HDAT parser are clearly marked already.
> +#endif
> +
> +#include <skiboot.h>
> +
> +#include "spira.h"
> +#include "hdata.h"
> +#include "hdif.h"
> +
> +void node_stb_parse(void)
> +{
> + struct HDIF_common_hdr *hdif_hdr;
> +
> + hdif_hdr = get_hdif(&spira.ntuples.node_stb_data, "TPMREL");
> + if (!hdif_hdr) {
> + prlog(PR_INFO, "could not find TPMREL data\n");
Make this PR_DEBUG or higher. Gating this entire function around
proc_gen >= proc_gen_p9 might also be a good idea since this tuple
will never be populated on P8 FSP systems so this is a nuisance
warning there.
> + return;
> + }
> +
> + /* TODO: Idata 0: Secure Boot and TPM Instance Info */
> + /* TODO: Idata 1: User Physical Interaction Mechanism Info */
> + /* TODO: Idata 2: Hash and Verification Function Offset Array */
> +}
> --
> 2.7.4
>
> _______________________________________________
> Skiboot mailing list
> Skiboot at lists.ozlabs.org
> https://lists.ozlabs.org/listinfo/skiboot
More information about the Skiboot
mailing list