[Skiboot] [RFC 5/6] libstb: add secvar flash storage implementation for pnor-based p9 platforms
Eric Richter
erichte at linux.ibm.com
Fri Mar 29 09:17:53 AEDT 2019
This patch implements the platform specific logic for persisting the
secure variable storage banks across reboots via the SECBOOT PNOR
partition. This is a base implementation meant to provide the minimal
functionality required, and is a work-in-progress.
For POWER 9, all secure variables and updates are stored in the
in the SECBOOT PNOR partition. The partition is split into three
sections: two variable bank sections, and a section for storing
updates. For this initial implementation, the second variable bank
section is ignored, but later patches will alternate writes
between them to provide a back up in the event of a failure.
Forthcoming patches will extend this implementation to utilize the
TPM NV storage space to protect the PNOR storage from external
tampering.
Signed-off-by: Eric Richter <erichte at linux.ibm.com>
---
libstb/Makefile.inc | 2 +-
libstb/secboot_p9.c | 293 ++++++++++++++++++++++++++++++++++++++++++++
libstb/secboot_p9.h | 6 +
libstb/secvar.c | 2 +
4 files changed, 302 insertions(+), 1 deletion(-)
create mode 100644 libstb/secboot_p9.c
create mode 100644 libstb/secboot_p9.h
diff --git a/libstb/Makefile.inc b/libstb/Makefile.inc
index f3a7e716..a4da13bb 100644
--- a/libstb/Makefile.inc
+++ b/libstb/Makefile.inc
@@ -4,7 +4,7 @@ LIBSTB_DIR = libstb
SUBDIRS += $(LIBSTB_DIR)
-LIBSTB_SRCS = container.c tpm_chip.c cvc.c secureboot.c trustedboot.c secvar.c secvar_api.c
+LIBSTB_SRCS = container.c tpm_chip.c cvc.c secureboot.c trustedboot.c secvar.c secvar_api.c secboot_p9.c
LIBSTB_OBJS = $(LIBSTB_SRCS:%.c=%.o)
LIBSTB = $(LIBSTB_DIR)/built-in.a
diff --git a/libstb/secboot_p9.c b/libstb/secboot_p9.c
new file mode 100644
index 00000000..39942356
--- /dev/null
+++ b/libstb/secboot_p9.c
@@ -0,0 +1,293 @@
+/* Copyright 2019 IBM Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef pr_fmt
+#define pr_fmt(fmt) "SECBOOT_P9: " fmt
+#endif
+
+#include <stdlib.h>
+#include <skiboot.h>
+#include "secboot_p9.h"
+#include "secvar.h"
+
+// TODO: Determine reasonable values for these
+#define SECBOOT_VARIABLE_BANK_SIZE 32000
+#define SECBOOT_UPDATE_BANK_SIZE 32000
+
+
+/* 0x5053424b = "PSBK" or Power Secure Boot Keystore */
+#define SECBOOT_MAGIC_NUMBER 0x5053424b
+#define SECBOOT_VERSION 1
+
+struct secboot_header {
+ uint32_t magic_number;
+ uint8_t version;
+ uint8_t reserved[3]; // Fix alignment
+} __packed;
+
+
+struct secboot {
+ struct secboot_header header;
+ char bank0[SECBOOT_VARIABLE_BANK_SIZE];
+ char bank1[SECBOOT_VARIABLE_BANK_SIZE];
+ char update[SECBOOT_UPDATE_BANK_SIZE];
+} __attribute__((packed));
+
+struct secboot *secboot_image;
+
+
+static int secboot_format(void)
+{
+ if (!platform.secboot_write)
+ return -1;
+
+ memset(secboot_image, 0x00, sizeof(struct secboot));
+
+ secboot_image->header.magic_number = SECBOOT_MAGIC_NUMBER;
+ secboot_image->header.version = SECBOOT_VERSION;
+
+ return platform.secboot_write(0, secboot_image, sizeof(struct secboot));
+}
+
+
+static int secboot_serialize_bank(struct list_head *bank, char *target, size_t target_size)
+{
+ struct secvar *var;
+ char *tmp = target;
+
+ if (!bank)
+ return -1;
+ if (!target)
+ return -1;
+
+ list_for_each(bank, var, link) {
+ // Bail early if we are out of storage space
+ if ((tmp - target) + sizeof_secvar(var) > target_size) {
+ return -1;
+ }
+ memcpy(tmp, var->name, sizeof(var->name));
+ tmp += sizeof(var->name);
+ memcpy(tmp, var->vendor, sizeof(var->vendor));
+ tmp += sizeof(var->vendor);
+ memcpy(tmp, &var->attributes, sizeof(var->attributes));
+ tmp += sizeof(var->attributes);
+ memcpy(tmp, &var->data_size, sizeof(var->data_size));
+ tmp += sizeof(var->data_size);
+ memcpy(tmp, var->data, var->data_size);
+ tmp += var->data_size;
+ }
+
+ return 0;
+}
+
+
+static int secboot_write_to_pnor(struct list_head *bank, char *target, size_t max_size)
+{
+ int ret = 0;
+
+ memset(target, 0, max_size);
+
+ ret = secboot_serialize_bank(bank, target, max_size);
+ if (ret)
+ return ret;
+
+ if (!platform.secboot_write) {
+ prlog(PR_ERR, "Failed to write: platform.secboot_write not set\n");
+ return -1;
+ }
+
+ ret = platform.secboot_write(0, secboot_image, sizeof(struct secboot));
+
+ return ret;
+}
+
+
+// Helper function to deserialize a single variable from a PNOR blob
+// var should be initialized already
+// source should point to the beginning of a variable buffer
+// max_size should be how many remaining bytes are in the source buffer
+// returns the number of bytes read in
+static int secvar_deserialize_variable(struct secvar *var, char *source, size_t max_size)
+{
+ int size;
+ char *src = source;
+ char empty[] = {0,0,0,0};
+
+ if (!var)
+ return -1;
+
+ // TODO: Do we want a sequence number, or magic number to signal the start of a variable?
+ if (!memcmp(source, empty, 4)) {
+ return 0;
+ }
+
+ // Ensure the source buffer contains at least the variable header info
+ size = max_size -
+ sizeof(var->name) +
+ sizeof(var->vendor) +
+ sizeof(var->attributes) +
+ sizeof(var->data_size);
+
+ if (size < 0) {
+ return -2;
+ }
+
+ memcpy(var->name, src, sizeof(var->name));
+ src += sizeof(var->name);
+ memcpy(var->vendor, src, sizeof(var->vendor));
+ src += sizeof(var->vendor);
+ memcpy(&var->attributes, src, sizeof(var->attributes));
+ src += sizeof(var->attributes);
+ memcpy(&var->data_size, src, sizeof(var->data_size));
+ src += sizeof(var->data_size);
+
+ if (var->data_size > SECVAR_MAX_DATA_SIZE) {
+ return -3;
+ }
+ // Ensure the source buffer has the expected data size
+ if (var->data_size > size) {
+ return -4;
+ }
+
+ var->data = malloc(var->data_size);
+
+ memcpy(var->data, src, var->data_size);
+ src += var->data_size;
+
+ return src - source;
+}
+
+
+static int secboot_load_from_pnor(struct list_head *bank, char *source, size_t max_size)
+{
+ char *src;
+ struct secvar *tmp;
+ int ret;
+ uint64_t empty = 0;
+
+ src = source;
+
+ while (src < (source + max_size)) {
+ // Peek to see if we are at the end of the bank
+ if (!memcmp(src, &empty, sizeof(empty))) {
+ break;
+ }
+
+ tmp = malloc(sizeof(struct secvar));
+ if (!tmp) {
+ prlog(PR_ERR, "Could not allocate memory for loading secvar from image\n");
+ return -1;
+ }
+
+ ret = secvar_deserialize_variable(tmp, src, (max_size - (src - source)));
+ if (ret == 0) {
+ free(tmp);
+ break;
+ }
+ else if (ret < 0)
+ return ret;
+
+ list_add_tail(bank, &tmp->link);
+ src += ret;
+ }
+
+ return 0;
+}
+
+// TODO: support bank0 vs bank1
+static int secvar_write_variable_bank_p9(struct list_head *variable_bank)
+{
+ return secboot_write_to_pnor(variable_bank, secboot_image->bank0, SECBOOT_VARIABLE_BANK_SIZE);
+}
+
+static int secvar_write_update_bank_p9(struct list_head *update_bank)
+{
+ return secboot_write_to_pnor(update_bank, secboot_image->update, SECBOOT_UPDATE_BANK_SIZE);
+}
+
+static int secvar_load_variable_bank_p9(struct list_head *variable_bank)
+{
+ return secboot_load_from_pnor(variable_bank, secboot_image->bank0, SECBOOT_VARIABLE_BANK_SIZE);
+}
+
+static int secvar_load_update_bank_p9(struct list_head *update_bank)
+{
+ return secboot_load_from_pnor(update_bank, secboot_image->update, SECBOOT_UPDATE_BANK_SIZE);
+}
+
+
+int secboot_p9_init(void)
+{
+ int ret;
+ unsigned secboot_size;
+
+ /* Already initialized */
+ if (secboot_image)
+ return 0;
+
+ if (!platform.secboot_info)
+ return -1;
+
+ prlog(PR_DEBUG, "Initializing for pnor-based p9 platform\n");
+
+ ret = platform.secboot_info(&secboot_size);
+ if (ret) {
+ prlog(PR_ERR, "error %d retrieving keystore info\n", ret);
+ return -1;
+ }
+ if (sizeof(struct secboot) > secboot_size) {
+ prlog(PR_ERR, "secboot partition %d KB too small. min=%ld\n",
+ secboot_size >> 10, sizeof(struct secboot));
+ return -1;
+ }
+
+ secboot_image = memalign(0x1000, sizeof(struct secboot));
+ if (!secboot_image) {
+ prlog(PR_ERR, "Failed to allocate space for the secboot image\n");
+ return -1;
+ }
+
+ /* Read it in */
+ ret = platform.secboot_read(secboot_image, 0, sizeof(struct secboot));
+ if (ret) {
+ prlog(PR_ERR, "failed to read the secboot partition, rc=%d\n", ret);
+ goto out_free;
+ }
+
+ if (secboot_image->header.magic_number != SECBOOT_MAGIC_NUMBER) {
+ prlog(PR_INFO, "Formatting secboot partition...\n");
+ ret = secboot_format();
+ if (ret) {
+ prlog(PR_ERR, "Failed to format secboot!\n");
+ goto out_free;
+ }
+ }
+
+ secvar_load_variable_bank = secvar_load_variable_bank_p9;
+ secvar_load_update_bank = secvar_load_update_bank_p9;
+ secvar_write_variable_bank = secvar_write_variable_bank_p9;
+ secvar_write_update_bank = secvar_write_update_bank_p9;
+
+ return 0;
+
+out_free:
+ if (secboot_image) {
+ free(secboot_image);
+ secboot_image = NULL;
+ }
+
+ return -1;
+}
diff --git a/libstb/secboot_p9.h b/libstb/secboot_p9.h
new file mode 100644
index 00000000..b3914900
--- /dev/null
+++ b/libstb/secboot_p9.h
@@ -0,0 +1,6 @@
+#ifndef _SECBOOT_P9_H_
+#define _SECBOOT_P9_H_
+
+int secboot_p9_init(void);
+
+#endif
diff --git a/libstb/secvar.c b/libstb/secvar.c
index e1bc463f..4b438691 100644
--- a/libstb/secvar.c
+++ b/libstb/secvar.c
@@ -22,6 +22,7 @@
#include <string.h>
#include <skiboot.h>
#include "secvar.h"
+#include "secboot_p9.h"
struct list_head variable_bank;
struct list_head update_bank;
@@ -110,6 +111,7 @@ int secvar_init(void)
prlog(PR_DEBUG, "Initializing secure variables\n");
// Initialize platform storage, etc first
switch (proc_gen) {
+ case proc_gen_p9: ret = secboot_p9_init(); break;
default:
prlog(PR_INFO, "Platform does not support secure boot, skipping...\n");
return 1;
--
2.17.2
More information about the Skiboot
mailing list