Skip to content

Commit

Permalink
Trustedboot support to log different event types
Browse files Browse the repository at this point in the history 
Change-Id: I811e9bd38c8c365acbcf204fa638ec0eb7302b7e
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/38879
Reviewed-by: Timothy R. Block <block@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
  • Loading branch information
@cjengel @dcrowell77
cjengel authored and dcrowell77 committed Apr 23, 2017
1 parent 5865a92 commit 9349e6e
Show file tree
Hide file tree
Showing 11 changed files with 74 additions and 26 deletions.
27 changes: 27 additions & 0 deletions src/include/usr/secureboot/trustedbootif.H
View file
Expand Up @@ -81,6 +81,31 @@ namespace TRUSTEDBOOT
IMPLEMENTATION_PCR = 24, ///< The number of PCRs implemented by TPM
} TPM_Pcr;

/// TCG PC Client Platform Firmware Profile Spec Family "2.0" v00.50
typedef enum : uint8_t
{
EV_PREBOOT_CERT = 0x00,
EV_POST_CODE = 0x01,
EV_UNUSED = 0x02,
EV_NO_ACTION = 0x03,
EV_SEPARATOR = 0x04,
EV_ACTION = 0x05,
EV_EVENT_TAG = 0x06,
EV_S_CRTM_CONTENTS = 0x07,
EV_S_CRTM_VERSION = 0x08,
EV_CPU_MICROCODE = 0x09,
EV_PLATFORM_CONFIG_FLAGS = 0x0A,
EV_TABLE_OF_DEVICES = 0x0B,
EV_COMPACT_HASH = 0x0C,
EV_IPL = 0x0D, ///< Deprecated
EV_IPL_PARTITION_DATA = 0x0E, ///< Deprecated
EV_NONHOST_CODE = 0x0F,
EV_NONHOST_CONFIG = 0x10,
EV_NONHOST_INFO = 0x11,
EV_OMIT_BOOT_DEVICE_EVENTS = 0x12,
EV_INVALID ///< Used for error checking
} EventTypes;


/**
* @brief Initialize trusted boot/TPM components for the master TPM
Expand All @@ -95,6 +120,7 @@ namespace TRUSTEDBOOT
/**
* @brief Extend a measurement into the TPMs and log atomically
* @param[in] i_pcr PCR to write to
* @param[in] i_eventType Event type to log
* @param[in] i_digest Digest value to write to PCR
* @param[in] i_digestSize Byte size of i_digest data
* @param[in] i_logMsg Null terminated log message, truncated at 128 chars
Expand All @@ -105,6 +131,7 @@ namespace TRUSTEDBOOT
* size being used
*/
errlHndl_t pcrExtend(TPM_Pcr i_pcr,
EventTypes i_eventType,
const uint8_t* i_digest,
size_t i_digestSize,
const char* i_logMsg,
Expand Down
4 changes: 3 additions & 1 deletion src/usr/pnor/pnor_common.C
View file
Expand Up @@ -359,7 +359,9 @@ errlHndl_t PNOR::extendHash(uint64_t i_addr, size_t i_size, const char* i_name)

SHA512_t l_hash = {0};
SECUREBOOT::hashBlob(l_buf, i_size, l_hash);
l_errhdl = TRUSTEDBOOT::pcrExtend(TRUSTEDBOOT::PCR_0, l_hash,
l_errhdl = TRUSTEDBOOT::pcrExtend(TRUSTEDBOOT::PCR_0,
TRUSTEDBOOT::EV_S_CRTM_CONTENTS,
l_hash,
sizeof(SHA512_t), i_name);
delete[] l_buf;

Expand Down
6 changes: 4 additions & 2 deletions src/usr/secureboot/ext/drtm.C
View file
Expand Up @@ -408,8 +408,10 @@ errlHndl_t validateDrtmPayload()
// Extend (arbitrary) measurement to PCR17
SHA512_t hash = {0};
memcpy(hash,DRTM_RIT_PAYLOAD,sizeof(DRTM_RIT_PAYLOAD));
pError = TRUSTEDBOOT::pcrExtend(TRUSTEDBOOT::PCR_DRTM_17, hash,
sizeof(SHA512_t),DRTM_RIT_LOG_TEXT);
pError = TRUSTEDBOOT::pcrExtend(TRUSTEDBOOT::PCR_DRTM_17,
TRUSTEDBOOT::EV_COMPACT_HASH,
hash,
sizeof(SHA512_t),DRTM_RIT_LOG_TEXT);
if(pError)
{
SB_ERR("validateDrtmPayload: Failed in pcrExtend() for PCR 17");
Expand Down
16 changes: 13 additions & 3 deletions src/usr/secureboot/trusted/base/trustedboot_base.C
View file
Expand Up @@ -190,6 +190,7 @@ errlHndl_t pcrExtendSeparator(bool i_sendAsync)
}

errlHndl_t pcrExtend(TPM_Pcr i_pcr,
EventTypes i_eventType,
const uint8_t* i_digest,
size_t i_digestSize,
const char* i_logMsg,
Expand All @@ -209,7 +210,7 @@ errlHndl_t pcrExtend(TPM_Pcr i_pcr,
memset(msgData, 0, sizeof(PcrExtendMsgData));
msgData->mPcrIndex = i_pcr;
msgData->mAlgId = TPM_ALG_SHA256;
msgData->mEventType = EV_ACTION;
msgData->mEventType = i_eventType;
msgData->mDigestSize = (i_digestSize < sizeof(msgData->mDigest) ?
i_digestSize : sizeof(msgData->mDigest));

Expand Down Expand Up @@ -329,18 +330,23 @@ errlHndl_t extendPnorSectionHash(
strcat(swKeyMsg,FW_KEY_HASH_EXT);

TPM_Pcr pnorHashPcr = PCR_0;
EventTypes swKeyHashEventType = TRUSTEDBOOT::EV_PLATFORM_CONFIG_FLAGS;
// PAYLOAD is the only section that needs its hash extended to PCR_4
if (i_sec == PNOR::PAYLOAD)
{
pnorHashPcr = PCR_4;
swKeyHashEventType = TRUSTEDBOOT::EV_COMPACT_HASH;
}
// Extend swKeyHash to the next PCR after the hash extension PCR.
const TPM_Pcr swKeyHashPcr = static_cast<TPM_Pcr>(pnorHashPcr + 1);

if (SECUREBOOT::enabled())
{
// If secureboot is enabled, use protected hash in header
/// @todo RTC 172332 Update log type based on what is being extended
/// EV_POST_CODE or EV_S_CRTM_CONTENTS or EV_COMPACT_HASH
pError = TRUSTEDBOOT::pcrExtend(pnorHashPcr,
TRUSTEDBOOT::EV_POST_CODE,
reinterpret_cast<const uint8_t*>(i_conHdr.payloadTextHash()),
sizeof(SHA512_t),
sectionInfo.name);
Expand All @@ -354,6 +360,7 @@ errlHndl_t extendPnorSectionHash(

// Extend SW public key hash
pError = TRUSTEDBOOT::pcrExtend(swKeyHashPcr,
swKeyHashEventType,
reinterpret_cast<const uint8_t*>(i_conHdr.swKeyHash()),
sizeof(SHA512_t),
swKeyMsg);
Expand All @@ -368,10 +375,13 @@ errlHndl_t extendPnorSectionHash(
else
{
// If secureboot is not enabled, measure protected section
/// @todo RTC 172332 Update log type based on what is being extended
/// EV_POST_CODE or EV_S_CRTM_CONTENTS or EV_COMPACT_HASH
SHA512_t hash = {0};
SECUREBOOT::hashBlob(i_vaddr, protectedSize, hash);
pError = TRUSTEDBOOT::pcrExtend(pnorHashPcr, hash,
sizeof(SHA512_t),
pError = TRUSTEDBOOT::pcrExtend(pnorHashPcr,
TRUSTEDBOOT::EV_POST_CODE,
hash, sizeof(SHA512_t),
sectionInfo.name);
if (pError)
{
Expand Down
4 changes: 2 additions & 2 deletions src/usr/secureboot/trusted/test/tpmLogMgrTest.H
View file
Expand Up @@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2015,2016 */
/* Contributors Listed Below - COPYRIGHT 2015,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
Expand Down Expand Up @@ -212,7 +212,7 @@ class TPMLogMgrTest: public CxxTest::TestSuite

// Get a TCG_PCR_EVENT2
TCG_PCR_EVENT2 eventLog = TpmLogMgr_genLogEventPcrExtend(
pcr, algId,
pcr, EV_NO_ACTION, algId,
digest, digestSize,
TPM_ALG_SHA1, digest,
digestSize, i_logMsg);
Expand Down
1 change: 1 addition & 0 deletions src/usr/secureboot/trusted/test/trustedbootTest.H
View file
Expand Up @@ -794,6 +794,7 @@ class TrustedBootTest: public CxxTest::TestSuite
num_ops++;
pcrExtendSingleTpm(pTpm,
PCR_DEBUG,
EV_POST_CODE,
TPM_ALG_SHA256,
digest,
TPM_ALG_SHA256_SIZE,
Expand Down
5 changes: 3 additions & 2 deletions src/usr/secureboot/trusted/tpmLogMgr.C
View file
Expand Up @@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2015,2016 */
/* Contributors Listed Below - COPYRIGHT 2015,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
Expand Down Expand Up @@ -458,6 +458,7 @@ namespace TRUSTEDBOOT
}

TCG_PCR_EVENT2 TpmLogMgr_genLogEventPcrExtend(TPM_Pcr i_pcr,
EventTypes i_eventType,
TPM_Alg_Id i_algId_1,
const uint8_t* i_digest_1,
size_t i_digestSize_1,
Expand All @@ -478,7 +479,7 @@ namespace TRUSTEDBOOT

memset(&eventLog, 0, sizeof(eventLog));
eventLog.pcrIndex = i_pcr;
eventLog.eventType = EV_ACTION;
eventLog.eventType = i_eventType;

// Update digest information
eventLog.digests.count = 1;
Expand Down
4 changes: 3 additions & 1 deletion src/usr/secureboot/trusted/tpmLogMgr.H
View file
Expand Up @@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2015,2016 */
/* Contributors Listed Below - COPYRIGHT 2015,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
Expand Down Expand Up @@ -206,6 +206,7 @@ namespace TRUSTEDBOOT
* @brief Get a TCG_PCR_EVENT2 populated with required data
*
* @param[in] i_pcr PCR to write to
* @param[in] i_eventType Log event type to use
* @param[in] i_algId_1 Algorithm to use
* @param[in] i_digest_1 Digest value to write to PCR
* @param[in] i_digestSize_1 Byte size of i_digest array
Expand All @@ -217,6 +218,7 @@ namespace TRUSTEDBOOT
* @return TCG_PCR_EVENT2 PCR event log
*/
TCG_PCR_EVENT2 TpmLogMgr_genLogEventPcrExtend(TPM_Pcr i_pcr,
EventTypes i_eventType,
TPM_Alg_Id i_algId_1,
const uint8_t* i_digest_1,
size_t i_digestSize_1,
Expand Down
10 changes: 1 addition & 9 deletions src/usr/secureboot/trusted/trustedTypes.H
View file
Expand Up @@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2015,2016 */
/* Contributors Listed Below - COPYRIGHT 2015,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
Expand Down Expand Up @@ -77,14 +77,6 @@ namespace TRUSTEDBOOT
PCR_SELECT_MAX = (IMPLEMENTATION_PCR+7)/8, ///< PCR selection octet max
};

typedef enum
{
EV_NO_ACTION = 0x3, ///< Event field contains info
EV_SEPARATOR = 0x4, ///< Used to indicate an error
EV_ACTION = 0x5, ///< Must extend a PCR
EV_INVALID ///< Used for error checking
} EventTypes;

/**
* @brief Get the digest size of the selected hash algorithm
* @param[in] i_algId Algorith ID to query
Expand Down
22 changes: 16 additions & 6 deletions src/usr/secureboot/trusted/trustedboot.C
View file
Expand Up @@ -630,7 +630,8 @@ errlHndl_t tpmLogConfigEntries(TRUSTEDBOOT::TpmTarget* const i_pTpm)
l_securitySwitchValue);
// Extend to TPM - PCR_1
memcpy(l_digest, &l_securitySwitchValue, sizeof(l_securitySwitchValue));
l_err = pcrExtend(PCR_1, l_digest, sizeof(l_securitySwitchValue),
l_err = pcrExtend(PCR_1, EV_PLATFORM_CONFIG_FLAGS,
l_digest, sizeof(l_securitySwitchValue),
"Security Switches");
if (l_err)
{
Expand All @@ -651,7 +652,8 @@ errlHndl_t tpmLogConfigEntries(TRUSTEDBOOT::TpmTarget* const i_pTpm)
TRACDCOMP(g_trac_trustedboot, "PVR of chip = 0x%08X", l_pvr);
// Extend to TPM - PCR_1
memcpy(l_digest, &l_pvr, sizeof(l_pvr));
l_err = pcrExtend(PCR_1, l_digest, sizeof(l_pvr),"PVR of Chip");
l_err = pcrExtend(PCR_1, EV_PLATFORM_CONFIG_FLAGS,
l_digest, sizeof(l_pvr),"PVR of Chip");
if (l_err)
{
break;
Expand All @@ -672,7 +674,10 @@ errlHndl_t tpmLogConfigEntries(TRUSTEDBOOT::TpmTarget* const i_pTpm)
const TPM_Pcr l_pcrs[] = {PCR_1,PCR_4,PCR_5,PCR_6};
for (size_t i = 0; i < (sizeof(l_pcrs)/sizeof(TPM_Pcr)) ; ++i)
{
l_err = pcrExtend(l_pcrs[i], l_digest, sizeof(l_nodeid),"Node id");
l_err = pcrExtend(l_pcrs[i],
(l_pcrs[i] == PCR_1 ?
EV_PLATFORM_CONFIG_FLAGS : EV_COMPACT_HASH),
l_digest, sizeof(l_nodeid),"Node id");
if (l_err)
{
break;
Expand All @@ -687,7 +692,8 @@ errlHndl_t tpmLogConfigEntries(TRUSTEDBOOT::TpmTarget* const i_pTpm)
memset(l_digest, 0, sizeof(uint64_t));
bool l_tpmRequired = isTpmRequired();
l_digest[0] = static_cast<uint8_t>(l_tpmRequired);
l_err = pcrExtend(PCR_1, l_digest, sizeof(l_tpmRequired),
l_err = pcrExtend(PCR_1, EV_PLATFORM_CONFIG_FLAGS,
l_digest, sizeof(l_tpmRequired),
"Tpm Required");
if (l_err)
{
Expand All @@ -697,7 +703,8 @@ errlHndl_t tpmLogConfigEntries(TRUSTEDBOOT::TpmTarget* const i_pTpm)
// HW Key Hash
sha2_hash_t l_hw_key_hash;
SECUREBOOT::getHwKeyHash(l_hw_key_hash);
l_err = pcrExtend(PCR_1, l_hw_key_hash,
l_err = pcrExtend(PCR_1, EV_PLATFORM_CONFIG_FLAGS,
l_hw_key_hash,
sizeof(sha2_hash_t),"HW KEY HASH");
if (l_err)
{
Expand All @@ -711,6 +718,7 @@ errlHndl_t tpmLogConfigEntries(TRUSTEDBOOT::TpmTarget* const i_pTpm)

void pcrExtendSingleTpm(TpmTarget* const i_pTpm,
const TPM_Pcr i_pcr,
const EventTypes i_eventType,
TPM_Alg_Id i_algId,
const uint8_t* i_digest,
size_t i_digestSize,
Expand Down Expand Up @@ -758,7 +766,7 @@ void pcrExtendSingleTpm(TpmTarget* const i_pTpm,
hwasState.functional)
{
// Fill in TCG_PCR_EVENT2 and add to log
eventLog = TpmLogMgr_genLogEventPcrExtend(pcr,
eventLog = TpmLogMgr_genLogEventPcrExtend(pcr, i_eventType,
i_algId, i_digest,
i_digestSize,
TPM_ALG_SHA1, i_digest,
Expand Down Expand Up @@ -870,6 +878,7 @@ void pcrExtendSeparator(TpmTarget* const i_pTpm)
{
// Fill in TCG_PCR_EVENT2 and add to log
eventLog = TpmLogMgr_genLogEventPcrExtend(pcr,
EV_SEPARATOR,
TPM_ALG_SHA1,
sha1_digest,
sizeof(sha1_digest),
Expand Down Expand Up @@ -1206,6 +1215,7 @@ void* tpmDaemon(void* unused)
TRUSTEDBOOT::pcrExtendSingleTpm(
tpm,
msgData->mPcrIndex,
msgData->mEventType,
msgData->mAlgId,
msgData->mDigest,
msgData->mDigestSize,
Expand Down
1 change: 1 addition & 0 deletions src/usr/secureboot/trusted/trustedboot.H
View file
Expand Up @@ -131,6 +131,7 @@ errlHndl_t tpmLogConfigEntries(TRUSTEDBOOT::TpmTarget* i_pTpm);
*/
void pcrExtendSingleTpm(TpmTarget* i_pTpm,
TPM_Pcr i_pcr,
const EventTypes i_eventType,
TPM_Alg_Id i_algId,
const uint8_t* i_digest,
size_t i_digestSize,
Expand Down

0 comments on commit 9349e6e

Please sign in to comment.