[Skiboot] [PATCH v2] libstb/trustedboot: Enable trusted_measure in fast-reboot path

ppaidipe ppaidipe at linux.vnet.ibm.com
Fri Mar 16 16:47:59 AEDT 2018 

On 2018-03-16 08:13, Claudio Carvalho wrote:
> Secure and trusted boot doesn't support fast reboot yet. I would
> accept this patch only if the failures pointed out are causing any
> harm.
> 

Currently no boot harm, it's just a error message thrown to console.
And also i see secureboot verify is properly functional in fast-reboot 
path.

> If we measure the same event multiple times as proposed in this patch,
> the event log and the PCRs will not have the expected values when the
> system boots up to the target OS. Consequently, remote attestation
> will fail even if the partitions measured hasn't been tampered with.
> We discussed fast reboot recently, but we did not find a solution for
> that yet. An idea that came up is that we could measure events in a
> different PCR if fast reboot is detected, but we would still need to
> make remote attestation work.

Yeah, this makes sense to record measurements in a different PCR to keep 
the expected
values as it is. Can we return in first place for trusted_measure and 
trustedboot_exit_boot_services
functions when we detect a fast-reboot? until remote attestation work in 
place. As we are seeing
lot of error messages in console saying no TPM registered/enabled.

[ 1069.079405326,3] STB: BOOTKERNEL NOT MEASURED. Already exited from 
boot services
[ 1069.087727317,3] STB: EV_SEPARATOR (pcr0) NOT MEASURED. No TPM 
registered/enabled
[ 1069.091277930,3] STB: EV_SEPARATOR (pcr1) NOT MEASURED. No TPM 
registered/enabled
[ 1069.094830682,3] STB: EV_SEPARATOR (pcr2) NOT MEASURED. No TPM 
registered/enabled
[ 1069.099085602,3] STB: EV_SEPARATOR (pcr3) NOT MEASURED. No TPM 
registered/enabled
[ 1069.102637912,3] STB: EV_SEPARATOR (pcr4) NOT MEASURED. No TPM 
registered/enabled
[ 1069.106893031,3] STB: EV_SEPARATOR (pcr5) NOT MEASURED. No TPM 
registered/enabled
[ 1069.110445897,3] STB: EV_SEPARATOR (pcr6) NOT MEASURED. No TPM 
registered/enabled
[ 1069.113998405,3] STB: EV_SEPARATOR (pcr7) NOT MEASURED. No TPM 
registered/enabled


Thanks
Pridhiviraj

> 
> -- Claudio
> 
> 
> On 15/03/2018 09:31, Pridhiviraj Paidipeddi wrote:
>> Currently in fast-reboot path trusted measure is not functioning
>> due to the tpm_cleanup happening in full IPL which un-registers
>> all the tpms.
>> 
>> It fails with below messages
>> [xxx,3] STB: BOOTKERNEL NOT MEASURED. Already exited from boot 
>> services
>> [xxx,3] STB: EV_SEPARATOR (pcr0) NOT MEASURED. No TPM 
>> registered/enabled
>> 
>> This patch enables it by enabling the boot_services_exited flag and
>> doing the tpm_cleanup only when trusted boot mode is OFF.
>> 
>> Signed-off-by: Pridhiviraj Paidipeddi <ppaidipe at linux.vnet.ibm.com>
>> ---
>>   core/fast-reboot.c   | 6 ++++++
>>   libstb/tpm_chip.c    | 1 +
>>   libstb/trustedboot.c | 8 ++++----
>>   libstb/trustedboot.h | 2 ++
>>   4 files changed, 13 insertions(+), 4 deletions(-)
>> 
>> diff --git a/core/fast-reboot.c b/core/fast-reboot.c
>> index 0fe16cc..c7853d2 100644
>> --- a/core/fast-reboot.c
>> +++ b/core/fast-reboot.c
>> @@ -30,6 +30,7 @@
>>   #include <ipmi.h>
>>   #include <direct-controls.h>
>>   #include <nvram.h>
>> +#include "libstb/trustedboot.h"
>> 
>>   /* Flag tested by the OPAL entry code */
>>   static volatile bool fast_boot_release;
>> @@ -330,6 +331,11 @@ void __noreturn fast_reboot_entry(void)
>>   	cpu_set_sreset_enable(true);
>>   	cpu_set_ipi_enable(true);
>> 
>> +	/* We are loading the BOOTKERNEL from PNOR, in order to function
>> +	 * trusted_measure, enable boot services flag
>> +	 */
>> +	boot_services_exited = false;
>> +
>>   	/* Start preloading kernel and ramdisk */
>>   	start_preload_kernel();
>> 
>> diff --git a/libstb/tpm_chip.c b/libstb/tpm_chip.c
>> index 2858caf..58e5f75 100644
>> --- a/libstb/tpm_chip.c
>> +++ b/libstb/tpm_chip.c
>> @@ -313,6 +313,7 @@ int tpm_extendl(TPM_Pcr pcr,
>>   void tpm_add_status_property(void) {
>>   	struct tpm_chip *tpm;
>>   	list_for_each(&tpm_list, tpm, link) {
>> +		dt_check_del_prop(tpm->node, "status");
>>   		dt_add_property_string(tpm->node, "status",
>>   				       tpm->enabled ? "okay" : "disabled");
>>   	}
>> diff --git a/libstb/trustedboot.c b/libstb/trustedboot.c
>> index 151e4e1..0f1f50b 100644
>> --- a/libstb/trustedboot.c
>> +++ b/libstb/trustedboot.c
>> @@ -31,7 +31,7 @@
>> 
>>   static bool trusted_mode = false;
>>   static bool trusted_init = false;
>> -static bool boot_services_exited = false;
>> +bool boot_services_exited;
>> 
>>   /*
>>    * This maps a PCR for each resource we can measure. The PCR number 
>> is
>> @@ -127,8 +127,10 @@ int trustedboot_exit_boot_services(void)
>> 
>>   	boot_services_exited = true;
>> 
>> -	if (!trusted_mode)
>> +	if (!trusted_mode) {
>> +		tpm_cleanup();
>>   		goto out_free;
>> +	}
>> 
>>   #ifdef STB_DEBUG
>>   	prlog(PR_NOTICE, "ev_separator.event: %s\n", ev_separator.event);
>> @@ -156,8 +158,6 @@ int trustedboot_exit_boot_services(void)
>>   	tpm_add_status_property();
>> 
>>   out_free:
>> -	tpm_cleanup();
>> -
>>   	return (failed) ? -1 : 0;
>>   }
>> 
>> diff --git a/libstb/trustedboot.h b/libstb/trustedboot.h
>> index 3003c80..bb4fcb6 100644
>> --- a/libstb/trustedboot.h
>> +++ b/libstb/trustedboot.h
>> @@ -19,6 +19,8 @@
>> 
>>   #include <platform.h>
>> 
>> +extern bool boot_services_exited;
>> +
>>   void trustedboot_init(void);
>> 
>>   /**

More information about the Skiboot mailing list