Skip to content

Commit

Permalink
Generalize secure boot settings for all processors
Browse files Browse the repository at this point in the history 
Adds the ability to specify which processor target user code is
interested in when querying secure boot settings.

Change-Id: I0375af03ce8f4e33029736ff2e2d60416629a295
RTC:161916
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/32556
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
  • Loading branch information
@popfuture @dcrowell77
popfuture authored and dcrowell77 committed Jan 30, 2017
1 parent 89c55d6 commit 8363cdd
Show file tree
Hide file tree
Showing 13 changed files with 314 additions and 107 deletions.
4 changes: 3 additions & 1 deletion src/include/usr/secureboot/secure_reasoncodes.H
View file
Expand Up @@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2013,2016 */
/* Contributors Listed Below - COPYRIGHT 2013,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
Expand Down Expand Up @@ -37,6 +37,7 @@ namespace SECUREBOOT
MOD_SECURE_ROM_VERIFY = 0x03,
MOD_SECURE_ROM_CLEANUP = 0x04,
MOD_SECURE_ROM_SHA512 = 0x05,
MOD_SECURE_READ_REG = 0x06,
};

enum SECUREReasonCode
Expand All @@ -49,6 +50,7 @@ namespace SECUREBOOT
RC_SET_PERMISSION_FAIL_WRITE = SECURE_COMP_ID | 0x06,
RC_ROM_VERIFY = SECURE_COMP_ID | 0x07,
RC_ROM_SHA512 = SECURE_COMP_ID | 0x08,
RC_SECURE_BAD_TARGET = SECURE_COMP_ID | 0x09,

// Reason codes 0xA0 - 0xEF reserved for trustedboot_reasoncodes.H
};
Expand Down
65 changes: 48 additions & 17 deletions src/include/usr/secureboot/service.H
View file
Expand Up @@ -27,6 +27,8 @@

#include <errl/errlentry.H>
#include <config.h>
#include <secureboot/settings.H>
#include <cstdint>

typedef uint8_t SHA512_t[64];
/* From sha512.h: */
Expand Down Expand Up @@ -82,28 +84,57 @@ namespace SECUREBOOT
#endif
//@fixme-RTC:163094-Remove RUNTIME check once the code is there

/** @brief Returns the state of the secure jumper as reported by the master
* processor.
/** @brief Get security switch register value
* @par Detailed Description:
* Returns the state of the security switch register as
* reported by the given processor (via the supplied target
* pointer).
* @param[out] o_regValue The value read from the register if the
* call was successful. If not successful this value is set to
* zero. Check the return value for a non null error log to
* determine if the call was unsuccessful.
* @param[in] i_targ The target processor to obtain the jumper
* state from. Must not be null. Optional parameter that
* defaults to master processor.
* @return errlHndl_t indicating whether the query was successful.
* @retval null if successful otherwise pointer to error log
*/
errlHndl_t getSecuritySwitch(uint64_t& o_regValue,
TARGETING::Target* i_targ
= TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL);


/** @brief Returns the state of the secure jumper as reported by the
* given processor.
*
* @par Detailed Description:
* Returns the state of the secure jumper as reported by the master
* processor. This should NOT be used to determine whether security is
* enabled, because several conditions are aggregated together to
* determine that. To query whether security is actually enabled or
* not, call the enabled() API. This is a limited-use API intended to
* be called by trusted boot code to determine whether a system shipped
* with a secure jumper applied or removed, in order to decide
* Returns the state of the secure jumper as reported by the
* the given processor. This should NOT be used to determine
* whether security is enabled, because several conditions are
* aggregated together to determine that. To query whether
* security is actually enabled or not, call the enabled() API.
* This is a limited-use API intended to be called by trusted
* boot code to determine whether a system shipped with a
* secure jumper applied or removed, in order to decide
* whether to enforce the "TPM Required" policy or not.
* @param[out] o_state Provides an enum value of type SecureJumperState
* that can be either SECURITY_DEASSERTED or SECURITY_ASSERTED
* indicating the given processor's secure jumper state.
* Asserted means it is configured to request HW security. This
* does not necessarily imply security is enabled, because the
* HW can be overridden by some functions. Use the getEnabled()
* API to determine whether security is actually enabled.
* Deasserted means the jumper is configured to disble HW security.
* @param[in] i_targ The target processor to obtain the jumper
* state from. Must not be null. Optional parameter that
* defaults to master processor.
*
* @return Boolean indicating acting master processor's secure jumper state
* @retval true Jumper is configured to request HW security. This does not
* necessarily imply security is enabled, because an open SBE can
* override the HW policy. Use the enabled() API to determine whether
* security is actually enabled.
* @retval false Jumper is configured to disble HW security.
* @return errlHndl_t indicating whether the query was successful.
* @retval null if successful otherwise pointer to error log.
*/
bool getJumperState();

errlHndl_t getJumperState(SecureJumperState& o_state,
TARGETING::Target* i_targ
= TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL);

/**
* @brief Verify Signed Container
Expand Down
69 changes: 43 additions & 26 deletions src/usr/secureboot/settings.H → src/include/usr/secureboot/settings.H
View file
@@ -1,11 +1,11 @@
/* IBM_PROLOG_BEGIN_TAG */
/* This is an automatically generated prolog. */
/* */
/* $Source: src/usr/secureboot/settings.H $ */
/* $Source: src/include/usr/secureboot/settings.H $ */
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2013,2016 */
/* Contributors Listed Below - COPYRIGHT 2013,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
Expand All @@ -26,9 +26,18 @@
#define __SECUREBOOT_SETTINGS_H

#include <stdint.h>
#include <targeting/common/target.H>
#include <targeting/common/targetservice.H>
#include <cstdint>

namespace SECUREBOOT
{
enum class SecureJumperState : uint8_t
{
SECURITY_DEASSERTED = 0b0,
SECURITY_ASSERTED = 0b1,
};

/** @class Settings
*
* @brief Caches and parses the hardware settings for Secureboot.
Expand All @@ -42,37 +51,45 @@ namespace SECUREBOOT
/** @brief Determine if Secureboot is enabled. */
bool getEnabled() const;

/** @brief Get security switch register value */
uint64_t getSecuritySwitch() const;
/** @brief Get security switch register value. See wrapper
* in Secureboot's service.H for documentation
*/
errlHndl_t getSecuritySwitch(uint64_t& o_regValue,
TARGETING::Target* i_targ
= TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL) const;

/** @brief Returns the state of the secure jumper as reported by the
* master processor.
*
* @par Detailed Description:
* Returns the state of the secure jumper as reported by the
* master processor. This should NOT be used to determine
* whether security is enabled, because several conditions are
* aggregated together to determine that. To query whether
* security is actually enabled or not, call the enabled() API.
* This is a limited-use API intended to be called by trusted
* boot code to determine whether a system shipped with a
* secure jumper applied or removed, in order to decide
* whether to enforce the "TPM Required" policy or not.
* @return Boolean indicating acting master processor's secure
* jumper state
* @retval true Jumper is configured to request HW security. This
* does not necessarily imply security is enabled, because an
* open SBE can override the HW policy. Use the getEnabled()
* API to determine whether security is actually enabled.
* @retval false Jumper is configured to disble HW security.
* given processor. See wrapper in Secureboot's service.H
* for documenation.
*/
bool getJumperState() const;
errlHndl_t getJumperState(SecureJumperState& o_state,
TARGETING::Target* i_targ
= TARGETING::MASTER_PROCESSOR_CHIP_TARGET_SENTINEL) const;

private:
void _init();

/** helper function to encapsulate the details of register reads */
uint64_t readSecurityRegister(const uint64_t i_scomAddress) const;
/** @brief This helper method encapsulates the details of
* register reads.
* @par Detailed Description:
* Reads a register at a given scom address and
* provides its result via the supplied register
* value reference. Returns an error if unsuccesful.
* @param [in] i_targ The target processor to obtain the
* jumper state from. Must not be null.
* @param [in] i_scomAddress A uint64_t corresponding to
* desired scomAddress to read.
* @param [out] o_regValue A uint64_t reference to be
* populated with the contents of the requested
* register upon successful read.
*
* @return errHndl_t Indicates whether the query was
* successful.
* @retval null if successful otherwise pointer to error log
*/
errlHndl_t readSecurityRegister(TARGETING::Target* i_targ,
const uint64_t i_scomAddress,
uint64_t& o_regValue) const;

/** Cached secure boot enabled value */
bool iv_enabled;
Expand Down
2 changes: 1 addition & 1 deletion src/usr/pnor/pnorrp.C
View file
Expand Up @@ -53,7 +53,7 @@
#ifdef CONFIG_SECUREBOOT
#include <secureboot/service.H>
#include <secureboot/containerheader.H>
//#include <secureboot/settings.H> TODO securebootp9 include settings.H
#include <secureboot/settings.H>
#include <secureboot/header.H>
#include <secureboot/trustedbootif.H>
#endif
Expand Down
6 changes: 5 additions & 1 deletion src/usr/secureboot/base/makefile
View file
Expand Up @@ -5,7 +5,7 @@
#
# OpenPOWER HostBoot Project
#
# Contributors Listed Below - COPYRIGHT 2013,2016
# Contributors Listed Below - COPYRIGHT 2013,2017
# [+] International Business Machines Corp.
#
#
Expand Down Expand Up @@ -36,6 +36,10 @@ OBJS += trustedboot_base.o
OBJS += $(if $(CONFIG_TPMDD),trustedbootMsg.o,)
OBJS += containerheader.o
OBJS += ${SECUREBOOT_COMMON_OBJS}
OBJS += targutilbase.o

VPATH += $(ROOTPATH)/src/usr/targeting/common
EXTRAINCDIR += $(ROOTPATH)/src/include/usr

VPATH += ../common

Expand Down
4 changes: 2 additions & 2 deletions src/usr/secureboot/base/securerom.C
View file
Expand Up @@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2013,2016 */
/* Contributors Listed Below - COPYRIGHT 2013,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
Expand Down Expand Up @@ -35,7 +35,7 @@
#include "../common/securetrace.H"

#include "securerom.H"
#include "../settings.H"
#include <secureboot/settings.H>

// Quick change for unit testing
//#define TRACUCOMP(args...) TRACFCOMP(args)
Expand Down
13 changes: 9 additions & 4 deletions src/usr/secureboot/base/service.C
View file
Expand Up @@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2013,2016 */
/* Contributors Listed Below - COPYRIGHT 2013,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
Expand Down Expand Up @@ -35,7 +35,7 @@
#include <errl/errlmanager.H>
#include <errl/errludtarget.H>
#include <initservice/initserviceif.H>
#include "settings.H"
#include <secureboot/settings.H>
#include <secureboot/header.H>
#include "purge.H"
#include <kernel/misc.H>
Expand Down Expand Up @@ -97,9 +97,14 @@ bool enabled()
return Singleton<Settings>::instance().getEnabled();
}

bool getJumperState()
errlHndl_t getSecuritySwitch(uint64_t& o_regValue, TARGETING::Target* i_targ)
{
return Singleton<Settings>::instance().getJumperState();
return Singleton<Settings>::instance().getSecuritySwitch(o_regValue,i_targ);
}

errlHndl_t getJumperState(SecureJumperState& o_state, TARGETING::Target* i_targ)
{
return Singleton<Settings>::instance().getJumperState(o_state, i_targ);
}

void handleSecurebootFailure(errlHndl_t &io_err, bool i_waitForShutdown)
Expand Down

0 comments on commit 8363cdd

Please sign in to comment.