diff --git a/src/include/usr/secureboot/trustedbootif.H b/src/include/usr/secureboot/trustedbootif.H index 6b54cadebcc..8f79756d902 100644 --- a/src/include/usr/secureboot/trustedbootif.H +++ b/src/include/usr/secureboot/trustedbootif.H @@ -81,6 +81,31 @@ namespace TRUSTEDBOOT IMPLEMENTATION_PCR = 24, ///< The number of PCRs implemented by TPM } TPM_Pcr; + /// TCG PC Client Platform Firmware Profile Spec Family "2.0" v00.50 + typedef enum : uint8_t + { + EV_PREBOOT_CERT = 0x00, + EV_POST_CODE = 0x01, + EV_UNUSED = 0x02, + EV_NO_ACTION = 0x03, + EV_SEPARATOR = 0x04, + EV_ACTION = 0x05, + EV_EVENT_TAG = 0x06, + EV_S_CRTM_CONTENTS = 0x07, + EV_S_CRTM_VERSION = 0x08, + EV_CPU_MICROCODE = 0x09, + EV_PLATFORM_CONFIG_FLAGS = 0x0A, + EV_TABLE_OF_DEVICES = 0x0B, + EV_COMPACT_HASH = 0x0C, + EV_IPL = 0x0D, ///< Deprecated + EV_IPL_PARTITION_DATA = 0x0E, ///< Deprecated + EV_NONHOST_CODE = 0x0F, + EV_NONHOST_CONFIG = 0x10, + EV_NONHOST_INFO = 0x11, + EV_OMIT_BOOT_DEVICE_EVENTS = 0x12, + EV_INVALID ///< Used for error checking + } EventTypes; + /** * @brief Initialize trusted boot/TPM components for the master TPM @@ -95,6 +120,7 @@ namespace TRUSTEDBOOT /** * @brief Extend a measurement into the TPMs and log atomically * @param[in] i_pcr PCR to write to + * @param[in] i_eventType Event type to log * @param[in] i_digest Digest value to write to PCR * @param[in] i_digestSize Byte size of i_digest data * @param[in] i_logMsg Null terminated log message, truncated at 128 chars @@ -105,6 +131,7 @@ namespace TRUSTEDBOOT * size being used */ errlHndl_t pcrExtend(TPM_Pcr i_pcr, + EventTypes i_eventType, const uint8_t* i_digest, size_t i_digestSize, const char* i_logMsg, diff --git a/src/usr/pnor/pnor_common.C b/src/usr/pnor/pnor_common.C index bc5e2b173ce..e6e7bd2a1e3 100644 --- a/src/usr/pnor/pnor_common.C +++ b/src/usr/pnor/pnor_common.C @@ -359,7 +359,9 @@ errlHndl_t PNOR::extendHash(uint64_t i_addr, size_t i_size, const char* i_name) SHA512_t l_hash = {0}; SECUREBOOT::hashBlob(l_buf, i_size, l_hash); - l_errhdl = TRUSTEDBOOT::pcrExtend(TRUSTEDBOOT::PCR_0, l_hash, + l_errhdl = TRUSTEDBOOT::pcrExtend(TRUSTEDBOOT::PCR_0, + TRUSTEDBOOT::EV_S_CRTM_CONTENTS, + l_hash, sizeof(SHA512_t), i_name); delete[] l_buf; diff --git a/src/usr/secureboot/ext/drtm.C b/src/usr/secureboot/ext/drtm.C index 1497e35e3a3..68d59f27eca 100644 --- a/src/usr/secureboot/ext/drtm.C +++ b/src/usr/secureboot/ext/drtm.C @@ -408,8 +408,10 @@ errlHndl_t validateDrtmPayload() // Extend (arbitrary) measurement to PCR17 SHA512_t hash = {0}; memcpy(hash,DRTM_RIT_PAYLOAD,sizeof(DRTM_RIT_PAYLOAD)); - pError = TRUSTEDBOOT::pcrExtend(TRUSTEDBOOT::PCR_DRTM_17, hash, - sizeof(SHA512_t),DRTM_RIT_LOG_TEXT); + pError = TRUSTEDBOOT::pcrExtend(TRUSTEDBOOT::PCR_DRTM_17, + TRUSTEDBOOT::EV_COMPACT_HASH, + hash, + sizeof(SHA512_t),DRTM_RIT_LOG_TEXT); if(pError) { SB_ERR("validateDrtmPayload: Failed in pcrExtend() for PCR 17"); diff --git a/src/usr/secureboot/trusted/base/trustedboot_base.C b/src/usr/secureboot/trusted/base/trustedboot_base.C index fe1784a1793..4d281586285 100644 --- a/src/usr/secureboot/trusted/base/trustedboot_base.C +++ b/src/usr/secureboot/trusted/base/trustedboot_base.C @@ -190,6 +190,7 @@ errlHndl_t pcrExtendSeparator(bool i_sendAsync) } errlHndl_t pcrExtend(TPM_Pcr i_pcr, + EventTypes i_eventType, const uint8_t* i_digest, size_t i_digestSize, const char* i_logMsg, @@ -209,7 +210,7 @@ errlHndl_t pcrExtend(TPM_Pcr i_pcr, memset(msgData, 0, sizeof(PcrExtendMsgData)); msgData->mPcrIndex = i_pcr; msgData->mAlgId = TPM_ALG_SHA256; - msgData->mEventType = EV_ACTION; + msgData->mEventType = i_eventType; msgData->mDigestSize = (i_digestSize < sizeof(msgData->mDigest) ? i_digestSize : sizeof(msgData->mDigest)); @@ -329,10 +330,12 @@ errlHndl_t extendPnorSectionHash( strcat(swKeyMsg,FW_KEY_HASH_EXT); TPM_Pcr pnorHashPcr = PCR_0; + EventTypes swKeyHashEventType = TRUSTEDBOOT::EV_PLATFORM_CONFIG_FLAGS; // PAYLOAD is the only section that needs its hash extended to PCR_4 if (i_sec == PNOR::PAYLOAD) { pnorHashPcr = PCR_4; + swKeyHashEventType = TRUSTEDBOOT::EV_COMPACT_HASH; } // Extend swKeyHash to the next PCR after the hash extension PCR. const TPM_Pcr swKeyHashPcr = static_cast(pnorHashPcr + 1); @@ -340,7 +343,10 @@ errlHndl_t extendPnorSectionHash( if (SECUREBOOT::enabled()) { // If secureboot is enabled, use protected hash in header + /// @todo RTC 172332 Update log type based on what is being extended + /// EV_POST_CODE or EV_S_CRTM_CONTENTS or EV_COMPACT_HASH pError = TRUSTEDBOOT::pcrExtend(pnorHashPcr, + TRUSTEDBOOT::EV_POST_CODE, reinterpret_cast(i_conHdr.payloadTextHash()), sizeof(SHA512_t), sectionInfo.name); @@ -354,6 +360,7 @@ errlHndl_t extendPnorSectionHash( // Extend SW public key hash pError = TRUSTEDBOOT::pcrExtend(swKeyHashPcr, + swKeyHashEventType, reinterpret_cast(i_conHdr.swKeyHash()), sizeof(SHA512_t), swKeyMsg); @@ -368,10 +375,13 @@ errlHndl_t extendPnorSectionHash( else { // If secureboot is not enabled, measure protected section + /// @todo RTC 172332 Update log type based on what is being extended + /// EV_POST_CODE or EV_S_CRTM_CONTENTS or EV_COMPACT_HASH SHA512_t hash = {0}; SECUREBOOT::hashBlob(i_vaddr, protectedSize, hash); - pError = TRUSTEDBOOT::pcrExtend(pnorHashPcr, hash, - sizeof(SHA512_t), + pError = TRUSTEDBOOT::pcrExtend(pnorHashPcr, + TRUSTEDBOOT::EV_POST_CODE, + hash, sizeof(SHA512_t), sectionInfo.name); if (pError) { diff --git a/src/usr/secureboot/trusted/test/tpmLogMgrTest.H b/src/usr/secureboot/trusted/test/tpmLogMgrTest.H index 27ba7c2aa4e..988103928dc 100755 --- a/src/usr/secureboot/trusted/test/tpmLogMgrTest.H +++ b/src/usr/secureboot/trusted/test/tpmLogMgrTest.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ +/* Contributors Listed Below - COPYRIGHT 2015,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -212,7 +212,7 @@ class TPMLogMgrTest: public CxxTest::TestSuite // Get a TCG_PCR_EVENT2 TCG_PCR_EVENT2 eventLog = TpmLogMgr_genLogEventPcrExtend( - pcr, algId, + pcr, EV_NO_ACTION, algId, digest, digestSize, TPM_ALG_SHA1, digest, digestSize, i_logMsg); diff --git a/src/usr/secureboot/trusted/test/trustedbootTest.H b/src/usr/secureboot/trusted/test/trustedbootTest.H index 04f17e0f04b..c092675a457 100755 --- a/src/usr/secureboot/trusted/test/trustedbootTest.H +++ b/src/usr/secureboot/trusted/test/trustedbootTest.H @@ -794,6 +794,7 @@ class TrustedBootTest: public CxxTest::TestSuite num_ops++; pcrExtendSingleTpm(pTpm, PCR_DEBUG, + EV_POST_CODE, TPM_ALG_SHA256, digest, TPM_ALG_SHA256_SIZE, diff --git a/src/usr/secureboot/trusted/tpmLogMgr.C b/src/usr/secureboot/trusted/tpmLogMgr.C index cdc56f07e82..fe773d5f3a2 100644 --- a/src/usr/secureboot/trusted/tpmLogMgr.C +++ b/src/usr/secureboot/trusted/tpmLogMgr.C @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ +/* Contributors Listed Below - COPYRIGHT 2015,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -458,6 +458,7 @@ namespace TRUSTEDBOOT } TCG_PCR_EVENT2 TpmLogMgr_genLogEventPcrExtend(TPM_Pcr i_pcr, + EventTypes i_eventType, TPM_Alg_Id i_algId_1, const uint8_t* i_digest_1, size_t i_digestSize_1, @@ -478,7 +479,7 @@ namespace TRUSTEDBOOT memset(&eventLog, 0, sizeof(eventLog)); eventLog.pcrIndex = i_pcr; - eventLog.eventType = EV_ACTION; + eventLog.eventType = i_eventType; // Update digest information eventLog.digests.count = 1; diff --git a/src/usr/secureboot/trusted/tpmLogMgr.H b/src/usr/secureboot/trusted/tpmLogMgr.H index 5b248d35c76..09adc2f630f 100644 --- a/src/usr/secureboot/trusted/tpmLogMgr.H +++ b/src/usr/secureboot/trusted/tpmLogMgr.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ +/* Contributors Listed Below - COPYRIGHT 2015,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -206,6 +206,7 @@ namespace TRUSTEDBOOT * @brief Get a TCG_PCR_EVENT2 populated with required data * * @param[in] i_pcr PCR to write to + * @param[in] i_eventType Log event type to use * @param[in] i_algId_1 Algorithm to use * @param[in] i_digest_1 Digest value to write to PCR * @param[in] i_digestSize_1 Byte size of i_digest array @@ -217,6 +218,7 @@ namespace TRUSTEDBOOT * @return TCG_PCR_EVENT2 PCR event log */ TCG_PCR_EVENT2 TpmLogMgr_genLogEventPcrExtend(TPM_Pcr i_pcr, + EventTypes i_eventType, TPM_Alg_Id i_algId_1, const uint8_t* i_digest_1, size_t i_digestSize_1, diff --git a/src/usr/secureboot/trusted/trustedTypes.H b/src/usr/secureboot/trusted/trustedTypes.H index 8a4cc434eb8..ee19a720042 100644 --- a/src/usr/secureboot/trusted/trustedTypes.H +++ b/src/usr/secureboot/trusted/trustedTypes.H @@ -5,7 +5,7 @@ /* */ /* OpenPOWER HostBoot Project */ /* */ -/* Contributors Listed Below - COPYRIGHT 2015,2016 */ +/* Contributors Listed Below - COPYRIGHT 2015,2017 */ /* [+] International Business Machines Corp. */ /* */ /* */ @@ -77,14 +77,6 @@ namespace TRUSTEDBOOT PCR_SELECT_MAX = (IMPLEMENTATION_PCR+7)/8, ///< PCR selection octet max }; - typedef enum - { - EV_NO_ACTION = 0x3, ///< Event field contains info - EV_SEPARATOR = 0x4, ///< Used to indicate an error - EV_ACTION = 0x5, ///< Must extend a PCR - EV_INVALID ///< Used for error checking - } EventTypes; - /** * @brief Get the digest size of the selected hash algorithm * @param[in] i_algId Algorith ID to query diff --git a/src/usr/secureboot/trusted/trustedboot.C b/src/usr/secureboot/trusted/trustedboot.C index e92570224a9..45043b3e4f6 100644 --- a/src/usr/secureboot/trusted/trustedboot.C +++ b/src/usr/secureboot/trusted/trustedboot.C @@ -630,7 +630,8 @@ errlHndl_t tpmLogConfigEntries(TRUSTEDBOOT::TpmTarget* const i_pTpm) l_securitySwitchValue); // Extend to TPM - PCR_1 memcpy(l_digest, &l_securitySwitchValue, sizeof(l_securitySwitchValue)); - l_err = pcrExtend(PCR_1, l_digest, sizeof(l_securitySwitchValue), + l_err = pcrExtend(PCR_1, EV_PLATFORM_CONFIG_FLAGS, + l_digest, sizeof(l_securitySwitchValue), "Security Switches"); if (l_err) { @@ -651,7 +652,8 @@ errlHndl_t tpmLogConfigEntries(TRUSTEDBOOT::TpmTarget* const i_pTpm) TRACDCOMP(g_trac_trustedboot, "PVR of chip = 0x%08X", l_pvr); // Extend to TPM - PCR_1 memcpy(l_digest, &l_pvr, sizeof(l_pvr)); - l_err = pcrExtend(PCR_1, l_digest, sizeof(l_pvr),"PVR of Chip"); + l_err = pcrExtend(PCR_1, EV_PLATFORM_CONFIG_FLAGS, + l_digest, sizeof(l_pvr),"PVR of Chip"); if (l_err) { break; @@ -672,7 +674,10 @@ errlHndl_t tpmLogConfigEntries(TRUSTEDBOOT::TpmTarget* const i_pTpm) const TPM_Pcr l_pcrs[] = {PCR_1,PCR_4,PCR_5,PCR_6}; for (size_t i = 0; i < (sizeof(l_pcrs)/sizeof(TPM_Pcr)) ; ++i) { - l_err = pcrExtend(l_pcrs[i], l_digest, sizeof(l_nodeid),"Node id"); + l_err = pcrExtend(l_pcrs[i], + (l_pcrs[i] == PCR_1 ? + EV_PLATFORM_CONFIG_FLAGS : EV_COMPACT_HASH), + l_digest, sizeof(l_nodeid),"Node id"); if (l_err) { break; @@ -687,7 +692,8 @@ errlHndl_t tpmLogConfigEntries(TRUSTEDBOOT::TpmTarget* const i_pTpm) memset(l_digest, 0, sizeof(uint64_t)); bool l_tpmRequired = isTpmRequired(); l_digest[0] = static_cast(l_tpmRequired); - l_err = pcrExtend(PCR_1, l_digest, sizeof(l_tpmRequired), + l_err = pcrExtend(PCR_1, EV_PLATFORM_CONFIG_FLAGS, + l_digest, sizeof(l_tpmRequired), "Tpm Required"); if (l_err) { @@ -697,7 +703,8 @@ errlHndl_t tpmLogConfigEntries(TRUSTEDBOOT::TpmTarget* const i_pTpm) // HW Key Hash sha2_hash_t l_hw_key_hash; SECUREBOOT::getHwKeyHash(l_hw_key_hash); - l_err = pcrExtend(PCR_1, l_hw_key_hash, + l_err = pcrExtend(PCR_1, EV_PLATFORM_CONFIG_FLAGS, + l_hw_key_hash, sizeof(sha2_hash_t),"HW KEY HASH"); if (l_err) { @@ -711,6 +718,7 @@ errlHndl_t tpmLogConfigEntries(TRUSTEDBOOT::TpmTarget* const i_pTpm) void pcrExtendSingleTpm(TpmTarget* const i_pTpm, const TPM_Pcr i_pcr, + const EventTypes i_eventType, TPM_Alg_Id i_algId, const uint8_t* i_digest, size_t i_digestSize, @@ -758,7 +766,7 @@ void pcrExtendSingleTpm(TpmTarget* const i_pTpm, hwasState.functional) { // Fill in TCG_PCR_EVENT2 and add to log - eventLog = TpmLogMgr_genLogEventPcrExtend(pcr, + eventLog = TpmLogMgr_genLogEventPcrExtend(pcr, i_eventType, i_algId, i_digest, i_digestSize, TPM_ALG_SHA1, i_digest, @@ -870,6 +878,7 @@ void pcrExtendSeparator(TpmTarget* const i_pTpm) { // Fill in TCG_PCR_EVENT2 and add to log eventLog = TpmLogMgr_genLogEventPcrExtend(pcr, + EV_SEPARATOR, TPM_ALG_SHA1, sha1_digest, sizeof(sha1_digest), @@ -1206,6 +1215,7 @@ void* tpmDaemon(void* unused) TRUSTEDBOOT::pcrExtendSingleTpm( tpm, msgData->mPcrIndex, + msgData->mEventType, msgData->mAlgId, msgData->mDigest, msgData->mDigestSize, diff --git a/src/usr/secureboot/trusted/trustedboot.H b/src/usr/secureboot/trusted/trustedboot.H index 933435c4c3a..64a3bd7273d 100644 --- a/src/usr/secureboot/trusted/trustedboot.H +++ b/src/usr/secureboot/trusted/trustedboot.H @@ -131,6 +131,7 @@ errlHndl_t tpmLogConfigEntries(TRUSTEDBOOT::TpmTarget* i_pTpm); */ void pcrExtendSingleTpm(TpmTarget* i_pTpm, TPM_Pcr i_pcr, + const EventTypes i_eventType, TPM_Alg_Id i_algId, const uint8_t* i_digest, size_t i_digestSize,