Verify the correct HW Key Hash is used in Customized SBE Image

This commit keeps track of what HW Key Hash is added to HBBL before customizing the SBE Image and then checks that this HW Key Hash is found in the customized SBE Image. It did this by updating getHwKeyHashFromSbeImage() to possibly read the HW Key Hash from system memory along with its default behavior of reading it from a SBE Seeprom. Change-Id: I0139fb959102de74b12874f30e7d2ec0bf918e3f RTC:175330 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/41453 Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Reviewed-by: Martin Gloff <mgloff@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
open-power · Jun 11, 2017 · b7400ba · b7400ba
1 parent c79f8d9
commit b7400ba
Show file tree

Hide file tree

Showing 6 changed files with 275 additions and 134 deletions.
diff --git a/src/include/usr/sbe/sbeif.H b/src/include/usr/sbe/sbeif.H
@@ -103,22 +103,35 @@ namespace SBE
 
     /**
      * @brief Retrieves the HW Key Hash from the Bootloader (HBBL) Section
-     *        of the SBE Image located on a SBE Seeprom
+     *        of the SBE Image. By default, the image is read from a SBE
+     *        SEEPROM (where ECC is removed), but it also can be read from
+     *        a SBE Image in System Memory
      *
      * @param[in] i_target    Target Processor of the SBE SEEPPROM.
      *                        Assert if nullptr.
+     *                        NOTE: Ignored if i_image_ptr specifies an image
+     *                        (ie, != nullptr).
      *
      * @param[in] i_seeprom   Specific SEEPROM on the processor to read the
      *                        HW Key Hash from.
      *                        Assert if neither SBE_PRIMARY nor SBE_BACKUP.
+     *                        NOTE: Ignored if i_image_ptr specifies an image
+     *                        (ie, != nullptr).
      *
      * @param[out] o_hash     HW Key Hash returned from the Processor SEEPROM
      *
+     * @param[in] i_image_ptr  Defaults to nullptr.
+     *                         If nullptr, then read SBE Image from i_target
+     *                         and i_seeprom.
+     *                         If not nullptr, read SBE Image from system
+     *                         memory pointed to by this parameter.
+     *
      * @return errlHndl_t     Error log handle on failure; otherwise nullptr
      */
-    errlHndl_t getHwKeyHashFromSbeSeeprom(TARGETING::Target* i_target,
-                                          EEPROM::eeprom_chip_types_t i_seeprom,
-                                          SHA512_t o_hash);
+    errlHndl_t getHwKeyHashFromSbeImage(TARGETING::Target* i_target,
+                                        EEPROM::eeprom_chip_types_t i_seeprom,
+                                        SHA512_t o_hash,
+                                        const void * i_image_ptr = nullptr);
 
 } //end namespace SBE
 

diff --git a/src/include/usr/sbe/sbereasoncodes.H b/src/include/usr/sbe/sbereasoncodes.H
@@ -103,7 +103,7 @@ enum sbeReasonCode
 
     ERROR_FROM_XIP_DELETE               = SBE_COMP_ID | 0x18,
     ERROR_FROM_XIP_FIND                 = SBE_COMP_ID | 0x19,
-
+    SBE_MISMATCHED_HW_KEY_HASH          = SBE_COMP_ID | 0x1A,
 };
 
 };  // end SBE

diff --git a/src/include/usr/secureboot/service.H b/src/include/usr/secureboot/service.H
@@ -40,7 +40,14 @@ typedef uint8_t SHA512_t[SHA512_DIGEST_LENGTH];
  */
 inline uint32_t sha512_to_u32(SHA512_t i_hash)
 {
-   return *(reinterpret_cast<uint32_t*>(reinterpret_cast<char*>(i_hash)));
+   if (i_hash == nullptr)
+   {
+       return 0;
+   }
+   else
+   {
+       return *(reinterpret_cast<uint32_t*>(reinterpret_cast<char*>(i_hash)));
+   }
 };
 
 typedef std::vector< std::pair<void*,size_t> > blobPair_t;

diff --git a/src/usr/isteps/istep10/call_host_update_redundant_tpm.C b/src/usr/isteps/istep10/call_host_update_redundant_tpm.C
@@ -466,7 +466,7 @@ void* call_host_update_redundant_tpm (void *io_pArgs)
     }
 
     // read the primary sbe HW keys' hash for the master processor
-    err = SBE::getHwKeyHashFromSbeSeeprom(
+    err = SBE::getHwKeyHashFromSbeImage(
                                      mProc,
                                      EEPROM::SBE_PRIMARY,
                                      l_masterHash);
@@ -492,7 +492,7 @@ void* call_host_update_redundant_tpm (void *io_pArgs)
     }
 
     // read the backup sbe HW keys' hash for the master processor
-    err = SBE::getHwKeyHashFromSbeSeeprom(
+    err = SBE::getHwKeyHashFromSbeImage(
                                       mProc,
                                       EEPROM::SBE_BACKUP,
                                       l_backupHash);
@@ -589,7 +589,7 @@ void* call_host_update_redundant_tpm (void *io_pArgs)
         }
 
         // read the primary sbe HW keys' hash for the current processor
-        err = SBE::getHwKeyHashFromSbeSeeprom(
+        err = SBE::getHwKeyHashFromSbeImage(
                                          pProc,
                                          EEPROM::SBE_PRIMARY,
                                          l_slaveHashPri);
@@ -616,7 +616,7 @@ void* call_host_update_redundant_tpm (void *io_pArgs)
         }
 
         // read the backup sbe HW keys' hash for the current processor
-        err = SBE::getHwKeyHashFromSbeSeeprom(
+        err = SBE::getHwKeyHashFromSbeImage(
                                          pProc,
                                          EEPROM::SBE_BACKUP,
                                          l_slaveHashBac);