Skip to content

Commit

Permalink
Trace HwKeyHash and Add Errorlog Parser Infrastructure to Secureboot
Browse files Browse the repository at this point in the history 
This commit traces the HwKeyHash to Secureboot-specific error logs.  It also
adds the infrastucture necessary to parse secureboot-specific errorlog user
data sections.  It includes 2 new custom sections: one which is used in this
commit, and another which will be used in a future commit.

Change-Id: Id5fb115ad1214f956e5256d3641236021e4642ab
RTC:165205
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/37901
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
  • Loading branch information
@mabaiocchi @dcrowell77
mabaiocchi authored and dcrowell77 committed Mar 21, 2017
1 parent 5c40d7f commit afd8387
Show file tree
Hide file tree
Showing 10 changed files with 543 additions and 4 deletions.
2 changes: 2 additions & 0 deletions src/build/mkrules/dist.targets.mk
View file
Expand Up @@ -270,6 +270,8 @@ fsp.tar_CONTENTS = \
$(call ROOTPATH_WILDCARD,obj/genfiles/plugins/prdf/*)) \
$(addsuffix :plugins/,\
$(call ROOTPATH_WILDCARD,src/usr/*/plugins/*)) \
$(addsuffix :plugins/,\
$(call ROOTPATH_WILDCARD,src/usr/secureboot/common/plugins/*)) \
src/build/debug/fsp-memdump.sh:src/build/debug/ \
obj/genfiles/hbfw_term_rc.H \
obj/genfiles/srcListing \
Expand Down
12 changes: 12 additions & 0 deletions src/include/usr/secureboot/secure_reasoncodes.H
View file
Expand Up @@ -55,6 +55,18 @@ namespace SECUREBOOT

// Reason codes 0xA0 - 0xEF reserved for trustedboot_reasoncodes.H
};

enum UserDetailsTypes
{
// Version(s)
SECURE_UDT_VERSION_1 = 0x1,

// Formats/User Detail Sections
SECURE_UDT_NO_FORMAT = 0x0,
SECURE_UDT_SYSTEM_HW_KEY_HASH = 0x1,
SECURE_UDT_TARGET_HW_KEY_HASH = 0x2,
};

}

#endif
12 changes: 11 additions & 1 deletion src/usr/secureboot/base/service.C
View file
Expand Up @@ -45,6 +45,7 @@
#include <util/misc.H>

#include "../common/securetrace.H"
#include "../common/errlud_secure.H"

// Quick change for unit testing
//#define TRACUCOMP(args...) TRACFCOMP(args)
Expand Down Expand Up @@ -187,7 +188,16 @@ void handleSecurebootFailure(errlHndl_t &io_err, bool i_waitForShutdown)

// Add security register values
addSecurityRegistersToErrlog(io_err);
io_err->collectTrace(SECURE_COMP_NAME,ERROR_TRACE_SIZE);

// Add HW Keys' Hash to trace and the error log
SHA512_t hash = {0};
getHwKeyHash(hash);

SB_INF_BIN("HwKeyHash", &hash, sizeof(hash));

UdSystemHwKeyHash( hash ).addToLog(io_err);

io_err->collectTrace(SECURE_COMP_NAME,MAX_ERROR_TRACE_SIZE);

errlCommit(io_err, SECURE_COMP_ID);

Expand Down
4 changes: 3 additions & 1 deletion src/usr/secureboot/common/common.mk
View file
Expand Up @@ -5,7 +5,7 @@
#
# OpenPOWER HostBoot Project
#
# Contributors Listed Below - COPYRIGHT 2016
# Contributors Listed Below - COPYRIGHT 2016,2017
# [+] International Business Machines Corp.
#
#
Expand All @@ -24,3 +24,5 @@
# IBM_PROLOG_END_TAG

SECUREBOOT_COMMON_OBJS += securetrace.o
SECUREBOOT_COMMON_OBJS += errlud_secure.o

125 changes: 125 additions & 0 deletions src/usr/secureboot/common/errlud_secure.C
View file
@@ -0,0 +1,125 @@
/* IBM_PROLOG_BEGIN_TAG */
/* This is an automatically generated prolog. */
/* */
/* $Source: src/usr/secureboot/common/errlud_secure.C $ */
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2014,2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
/* Licensed under the Apache License, Version 2.0 (the "License"); */
/* you may not use this file except in compliance with the License. */
/* You may obtain a copy of the License at */
/* */
/* http://www.apache.org/licenses/LICENSE-2.0 */
/* */
/* Unless required by applicable law or agreed to in writing, software */
/* distributed under the License is distributed on an "AS IS" BASIS, */
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */
/* implied. See the License for the specific language governing */
/* permissions and limitations under the License. */
/* */
/* IBM_PROLOG_END_TAG */
/**
* @file errlud_secure.C
*
* @brief Implementation of classes to log SECUREBOOT FFDC
*/
#include <secureboot/service.H>
#include <secureboot/secure_reasoncodes.H>
#include "errlud_secure.H"

namespace SECUREBOOT
{

//------------------------------------------------------------------------------
// Enum defining MAGIC NUMBERS used for checks below
//------------------------------------------------------------------------------
enum {
PARSER_SIZEOF_SHA512_t = 64,
PARSER_SIZEOF_UINT32_t = 4,
PARSER_SIZEOF_UINT8_t = 1,
PARSER_SIZEOF_TARGET_HKH_SECTION = 69,
};

//------------------------------------------------------------------------------
// SECURE System HW Keys Hash User Details
//------------------------------------------------------------------------------
UdSystemHwKeyHash::UdSystemHwKeyHash(const SHA512_t i_hash)
{
// Set up Ud instance variables
iv_CompId = SECURE_COMP_ID;
iv_Version = SECURE_UDT_VERSION_1;
iv_SubSection = SECURE_UDT_SYSTEM_HW_KEY_HASH;

//***** Memory Layout *****
// 64 bytes : SHA512_t of Target HW Key Hash

static_assert(sizeof(SHA512_t) == PARSER_SIZEOF_SHA512_t, "Expected SHA512_t size is 64 bytes");

char * l_pBuf = reinterpret_cast<char *>(
reallocUsrBuf(sizeof(SHA512_t)) );

memcpy(l_pBuf, i_hash, sizeof(SHA512_t));
l_pBuf += sizeof(SHA512_t);
}

//------------------------------------------------------------------------------
UdSystemHwKeyHash::~UdSystemHwKeyHash()
{

}

//------------------------------------------------------------------------------
// SECURE Target HW Keys Hash User Details
//------------------------------------------------------------------------------
UdTargetHwKeyHash::UdTargetHwKeyHash(const TARGETING::Target * i_target,
const uint8_t i_side,
const SHA512_t i_hash)
{
// Set up Ud instance variables
iv_CompId = SECURE_COMP_ID;
iv_Version = SECURE_UDT_VERSION_1;
iv_SubSection = SECURE_UDT_TARGET_HW_KEY_HASH;

//***** Memory Layout *****
// 4 bytes : Target HUID
// 1 byte : SBE EEPROM (Primary or Backup)
// 64 bytes : SHA512_t of Target HW Key Hash

static_assert(sizeof(uint32_t)==PARSER_SIZEOF_UINT32_t, "Expected sizeof(uint32_t) is 4");
static_assert(sizeof(uint8_t)==PARSER_SIZEOF_UINT8_t, "Expected sizeof(uint8_t) is 1");
static_assert(sizeof(SHA512_t) == PARSER_SIZEOF_SHA512_t, "Expected SHA512_t size is 64 bytes");
static_assert((sizeof(uint32_t) + sizeof(uint8_t) + sizeof(SHA512_t)) == PARSER_SIZEOF_TARGET_HKH_SECTION,
"Expected Buffer length is 69 bytes");

char * l_pBuf = reinterpret_cast<char *>(
reallocUsrBuf(sizeof(uint32_t)
+sizeof(uint8_t)
+sizeof(SHA512_t)));

uint32_t tmp32 = 0;
uint8_t tmp8 = 0;

tmp32 = TARGETING::get_huid(i_target);
memcpy(l_pBuf, &tmp32, sizeof(tmp32));
l_pBuf += sizeof(tmp32);

tmp8 = static_cast<uint8_t>(i_side);
memcpy(l_pBuf, &tmp8, sizeof(tmp8));
l_pBuf += sizeof(tmp8);

memcpy(l_pBuf, i_hash, sizeof(SHA512_t));
l_pBuf += sizeof(SHA512_t);
}

//------------------------------------------------------------------------------
UdTargetHwKeyHash::~UdTargetHwKeyHash()
{

}

} // end SECUREBOOT namespace

131 changes: 131 additions & 0 deletions src/usr/secureboot/common/errlud_secure.H
View file
@@ -0,0 +1,131 @@
/* IBM_PROLOG_BEGIN_TAG */
/* This is an automatically generated prolog. */
/* */
/* $Source: src/usr/secureboot/common/errlud_secure.H $ */
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
/* Licensed under the Apache License, Version 2.0 (the "License"); */
/* you may not use this file except in compliance with the License. */
/* You may obtain a copy of the License at */
/* */
/* http://www.apache.org/licenses/LICENSE-2.0 */
/* */
/* Unless required by applicable law or agreed to in writing, software */
/* distributed under the License is distributed on an "AS IS" BASIS, */
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */
/* implied. See the License for the specific language governing */
/* permissions and limitations under the License. */
/* */
/* IBM_PROLOG_END_TAG */
#ifndef ERRL_UD_SECURE_H
#define ERRL_UD_SECURE_H

/**
* @file errlud_secure.H
*
* Defines the classes that logs and parses various Secureboot data
*/

#include <secureboot/service.H>
#include <errl/errluserdetails.H>

namespace SECUREBOOT
{

/**
* @class UdSystemHwKeyHash
*
* Adds System HW Keys Hash to an error log as user detail data
*/
class UdSystemHwKeyHash : public ERRORLOG::ErrlUserDetails
{
public:
/**
* @brief Constructor
*
* @param i_hash System HW Keys Hash represented by SHA512
*/
UdSystemHwKeyHash(const SHA512_t i_hash);

/**
* @brief Destructor
*/
virtual ~UdSystemHwKeyHash();

/**
* Delete Copy Constructor
*/
UdSystemHwKeyHash(const UdSystemHwKeyHash&) = delete;

/**
* Delete Copy Assignment
*/
UdSystemHwKeyHash& operator= (const UdSystemHwKeyHash&) = delete;

/**
* Delete Move Constructor
*/
UdSystemHwKeyHash (UdSystemHwKeyHash&&) = delete;

/**
* Delete Move Assignment
*/
UdSystemHwKeyHash& operator = (UdSystemHwKeyHash&&) = delete;

};

/**
* @class UdTargetHwKeyHash
*
* Adds Target HW Keys Hash to an error log as user detail data
*/
class UdTargetHwKeyHash : public ERRORLOG::ErrlUserDetails
{
public:
/**
* @brief Constructor
*
* @param i_target Processor Target containing HW Keys Hash
* @param i_side SEEPROM side used on the target:
* 0=SBE_PRIMARY, 1=SBE_BACKUP
* @param i_hash Target HW Keys Hash represented by SHA512
*/
UdTargetHwKeyHash(const TARGETING::Target * i_target,
const uint8_t i_buflen,
const SHA512_t i_hash);

/**
* @brief Destructor
*/
virtual ~UdTargetHwKeyHash();

/**
* Delete Copy Constructor
*/
UdTargetHwKeyHash(const UdTargetHwKeyHash&) = delete;

/**
* Delete Copy Assignment
*/
UdTargetHwKeyHash& operator= (const UdTargetHwKeyHash&) = delete;

/**
* Delete Move Constructor
*/
UdTargetHwKeyHash (UdTargetHwKeyHash&&) = delete;

/**
* Delete Move Assignment
*/
UdTargetHwKeyHash& operator = (UdTargetHwKeyHash&&) = delete;
};


} // end SECUREBOOT namespace

#endif
29 changes: 29 additions & 0 deletions src/usr/secureboot/common/plugins/SECURE_COMP_ID_Parse.C
View file
@@ -0,0 +1,29 @@
/* IBM_PROLOG_BEGIN_TAG */
/* This is an automatically generated prolog. */
/* */
/* $Source: src/usr/secureboot/common/plugins/SECURE_COMP_ID_Parse.C $ */
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2017 */
/* [+] International Business Machines Corp. */
/* */
/* */
/* Licensed under the Apache License, Version 2.0 (the "License"); */
/* you may not use this file except in compliance with the License. */
/* You may obtain a copy of the License at */
/* */
/* http://www.apache.org/licenses/LICENSE-2.0 */
/* */
/* Unless required by applicable law or agreed to in writing, software */
/* distributed under the License is distributed on an "AS IS" BASIS, */
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or */
/* implied. See the License for the specific language governing */
/* permissions and limitations under the License. */
/* */
/* IBM_PROLOG_END_TAG */
#include "errludparser.H"
#include "secureUdParserFactory.H"

ERRL_MAKE_UD_PARSER(SECUREBOOT::UserDetailsParserFactory, hbfw::SECURE_COMP_ID)

0 comments on commit afd8387

Please sign in to comment.