[Skiboot] [RFC v2 0/8] Initial Skiboot Secure Variable Support

Eric Richter erichte at linux.ibm.com
Fri Apr 12 08:45:43 AEST 2019

This V2 splits out the platform-specific storage functions into their
own platform struct hooks. This is a very drafty implementation, any
direction or feedback on this new version would be greatly appreciated.
Other minor changes in this V2 are noted in the respective patch

The base secvar implementation and runtime services have not changed
much themselves. If an interface to the platform specific logic can be
determined, they may be split from this set and sent as non-RFC.


In order to support the secure boot of the host OS on POWER, the platform
needs three things:
 - Variables that can only be modified with proper authorization
      ("Secure variables")
 - Tamper-proof storage for secure variables ("Trust storage")
 - Interface to access and manage secure variables

The secure variables will need to be consumed by the linux kernel and
sysadmins. During the boot process, the linux IMA subsystem will fetch
keys stored in the secure variables to verify the signature of the kexec
image. Therefore, these variables must contain keys that have been
authorized. Furthermore, the variables need to be persisted across reboots,
and thus must be resistant to unauthorized writes to system flash. Finally,
sysadmins also need to access the secure variables for key management.

This patch series proposes a definition of secure variables, how to store
the secure variables in the trust storage via the PNOR secboot partition,
as well as an interface via OPAL runtime services to access them. Further
implementation detail can be found in the individual patch descriptions. 

As this is an early draft of this implementation, some key features are
not yet included (most notably, the PNOR secboot partition is not
validated on load, see patch description for more). Many of these missing
features are mentioned in the patches as TODO comments -- some of which
are open questions, so comments or suggestions would be greatly

ON TESTING: This patch series is intended to be paired with a forthcoming
linux kernel patch set, to be sent by Claudio Carvalho. The patches may
also be exercised in userspace via a simple test framework located at the
following internal Github repository (will be integrated in the tree in
the future):


Claudio Carvalho (1):
  core/flash.c: add SECBOOT read and write support

Eric Richter (7):
  doc: add opal secvar documentation
  platform.h: add secure variable storage hooks
  libstb: add secure variable internal abstraction
  libstb: add opal runtime services for secure boot key management
  libstb: add secvar flash storage implementation for pnor-based p9
  platforms/witherspoon: enable secvar functions for the witherspoon
  secureboot: initialize secure variables on secureboot init

 ccan/list/list.h               |  38 +++++
 core/flash.c                   | 130 +++++++++++++++
 doc/opal-api/opal-secvar.rst   | 188 +++++++++++++++++++++
 include/opal-api.h             |   5 +-
 include/platform.h             |   9 +
 libstb/Makefile.inc            |   2 +-
 libstb/secboot_p9.c            | 293 +++++++++++++++++++++++++++++++++
 libstb/secboot_p9.h            |   8 +
 libstb/secureboot.c            |   3 +
 libstb/secvar.c                | 138 ++++++++++++++++
 libstb/secvar.h                |  64 +++++++
 libstb/secvar_api.c            | 189 +++++++++++++++++++++
 platforms/astbmc/witherspoon.c |   5 +
 13 files changed, 1070 insertions(+), 2 deletions(-)
 create mode 100644 doc/opal-api/opal-secvar.rst
 create mode 100644 libstb/secboot_p9.c
 create mode 100644 libstb/secboot_p9.h
 create mode 100644 libstb/secvar.c
 create mode 100644 libstb/secvar.h
 create mode 100644 libstb/secvar_api.c


More information about the Skiboot mailing list