Verify ComponentID and Extend PAYLOAD

While verifying the PAYLOAD in memory before moving it to its final
location, this commit parses the PAYLOAD's header and verifies that
it has the correct componentId.  It also extends the PAYLOAD
information to the TPM.

Change-Id: Ie333d1ba5919b36919b207f25ad60806359ed710
RTC:168745
Backport: release-fips910
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/52837
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>

src/include/usr/util/utilmclmgr.H

@@ -48,6 +48,7 @@ typedef char CompIdString[17];
 // Constants to simplify checking for the MCL and POWERVM comp ids
 extern const ComponentID g_MclCompId;
 extern const ComponentID g_PowervmCompId;
+extern const ComponentID g_OpalCompId;
 
 // @enum Permission Types for MCL Component
 enum class CompFlags : uint16_t
@@ -255,6 +256,17 @@ class MasterContainerLidMgr
      */
     errlHndl_t processComponents();
 
+    /**
+     * @brief TPM extend information for secure components
+     *
+     * @param[in] i_compId - Component Id
+     * @param[in] i_conHdr - Container header with information to extend
+     *
+     * @return Error handle if error
+     */
+    static errlHndl_t tpmExtend(const ComponentID& i_compId,
+                                const SECUREBOOT::ContainerHeader& i_conHdr);
+
     protected:
 
     /**
@@ -358,17 +370,6 @@ class MasterContainerLidMgr
     errlHndl_t verifyExtend(const ComponentID& i_compId,
                             CompInfo& io_compInfo);
 
-    /**
-     * @brief TPM extend information for secure components
-     *
-     * @param[in] i_compId - Component Id
-     * @param[in] i_conHdr - Container header with information to extend
-     *
-     * @return Error handle if error
-     */
-    errlHndl_t tpmExtend(const ComponentID& i_compId,
-                         const SECUREBOOT::ContainerHeader& i_conHdr) const;
-
     // Physical addresses reserved for the MCL itself
     uint64_t iv_mclAddr;
 
@@ -408,4 +409,4 @@ class MasterContainerLidMgr
 
 } // end namespace MCL
 
-#endif
+#endif

src/usr/isteps/istep21/call_host_runtime_setup.C

@@ -38,9 +38,11 @@
 #include <targeting/common/util.H>
 #include <vpd/vpd_if.H>
 #include <util/utiltce.H>
+#include <util/utilmclmgr.H>
 #include <map>
 
 #include <secureboot/service.H>
+#include <secureboot/containerheader.H>
 #include <sys/mm.h>
 //SBE interfacing
 #include    <sbeio/sbeioif.H>
@@ -115,6 +117,12 @@ errlHndl_t verifyAndMovePayload(void)
         break;
     }
 
+    // Setup componend IDs and strings
+    const MCL::ComponentID l_compId = is_phyp ? MCL::g_PowervmCompId
+                                              : MCL::g_OpalCompId;
+    MCL::CompIdString l_IdStr = {};
+    MCL::compIdToString(l_compId, l_IdStr);
+
     // Get Temporary Virtual Address To Payload
     uint64_t payload_tmp_phys_addr = MCL_TMP_ADDR;
     uint64_t payload_size          = MCL_TMP_SIZE;
@@ -136,9 +144,23 @@ errlHndl_t verifyAndMovePayload(void)
     }
 
     TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace,"verifyAndMovePayload() "
-               "Processing PAYLOAD_KIND = %d (is_phyp=%d): "
+               "Processing PAYLOAD_KIND = %d (Id='%s') (is_phyp=%d): "
                "physAddr=0x%.16llX, virtAddr=0x%.16llX",
-               payload_kind, is_phyp, payload_tmp_phys_addr, payload_tmp_virt_addr );
+               payload_kind, l_IdStr, is_phyp, payload_tmp_phys_addr,
+               payload_tmp_virt_addr );
+
+
+    // Parse Container Header
+    SECUREBOOT::ContainerHeader l_conHdr;
+    l_err = l_conHdr.setHeader(payload_tmp_virt_addr);
+    if (l_err)
+    {
+        TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace,
+                   ERR_MRK"verifyAndMovePayload(): Fail to parse container "
+                   "header at payload_tmp_virt_addr = 0x%.16llX",
+                   payload_tmp_virt_addr);
+        break;
+    }
 
     // If in Secure Mode Verify PHYP at Temporary TCE-related Memory Location
     if (SECUREBOOT::enabled() && is_phyp)
@@ -147,6 +169,7 @@ errlHndl_t verifyAndMovePayload(void)
                    "Verifying PAYLOAD: physAddr=0x%.16llX, virtAddr=0x%.16llX",
                    payload_tmp_phys_addr, payload_tmp_virt_addr );
 
+        // Verify Container
         l_err = SECUREBOOT::verifyContainer(payload_tmp_virt_addr);
         if (l_err)
         {
@@ -156,12 +179,35 @@ errlHndl_t verifyAndMovePayload(void)
             SECUREBOOT::handleSecurebootFailure(l_err);
             assert(false,"Bug! handleSecurebootFailure shouldn't return!");
         }
+
+        // Get PAYLOAD size from verified Header
+        payload_size = l_conHdr.payloadTextSize() + PAGESIZE;
+        assert(payload_size <= MCL_TMP_SIZE, "verifyAndMovePayload payload_size 0x%X must be <= MCL_TMP_SIZE (0x%X)", payload_size, MCL_TMP_SIZE );
+
+        // Verify ASCII Component Id in the Secure Header matches expected value
+        l_err = SECUREBOOT::verifyComponentId(l_conHdr, l_IdStr);
+        if (l_err)
+        {
+            TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace,
+                       ERR_MRK"verifyAndMovePayload(): Fail to verify component"
+                       "Id %s in header at payload_tmp_virt_addr = 0x%.16llX",
+                       l_IdStr, payload_tmp_virt_addr);
+            break;
+        }
     }
 
-    // @TODO RTC 168745 - Verify Component ID with ASCII
-    // @TODO RTC 168745 - Extend PAYLOAD
+    // Extend PAYLOAD
+    l_err = MCL::MasterContainerLidMgr::tpmExtend(l_compId, l_conHdr);
+    if (l_err)
+    {
+        TRACFCOMP( ISTEPS_TRACE::g_trac_isteps_trace,
+                   ERR_MRK"verifyAndMovePayload(): Fail to tpmExend "
+                   "Id %s in header at payload_tmp_virt_addr = 0x%.16llX",
+                   l_IdStr, payload_tmp_virt_addr);
+        break;
+    }
 
-    // Move PHYP to Final Location
+    // Move PAYLOAD to Final Location
     // Get Target Service, and the system target.
     TargetService& tS = targetService();
     TARGETING::Target* sys = nullptr;
@@ -186,7 +232,6 @@ errlHndl_t verifyAndMovePayload(void)
         payload_size -= PAGESIZE;
     }
 
-    // @TODO RTC 168745 - Use ContainerHeader to get accurate payload size
     payloadBase_virt_addr = mm_block_map(
                                reinterpret_cast<void*>(payloadBase),
                                payload_size);

src/usr/secureboot/base/securerommgr.C

@@ -104,7 +104,7 @@ errlHndl_t verifyComponentId(
         TRACFCOMP(g_trac_secure,ERR_MRK"SECUREROM::verifyComponentId: "
             "Secure Boot verification failure; container's component ID of "
             "[%s] does not match expected component ID of [%s] (truncated "
-            "from [%s]",
+            "from [%s])",
             i_containerHeader.componentId(),
             pTruncatedComponentId,
             i_pComponentId);

src/usr/secureboot/trusted/tpmLogMgr.C

@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2015,2017                        */
+/* Contributors Listed Below - COPYRIGHT 2015,2018                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -595,6 +595,7 @@ namespace TRUSTEDBOOT
         memset(i_val->eventLogInMem, 0, i_maxSize);
         memcpy(i_val->eventLogInMem, i_val->eventLog, i_val->logSize);
         i_val->newEventPtr = i_val->eventLogInMem + i_val->logSize;
+        i_val->logMaxSize = i_maxSize;
 
         mutex_unlock( &i_val->logMutex );
 

src/usr/util/utilmclmgr.C

@@ -42,6 +42,7 @@ const size_t MclCompSectionPadSize = 16;
 
 const ComponentID g_MclCompId {"MSTCONT"};
 const ComponentID g_PowervmCompId {"POWERVM"};
+const ComponentID g_OpalCompId {"OPAL"};
 
 void compIdToString(const ComponentID i_compId, CompIdString o_compIdStr)
 {
@@ -605,21 +606,6 @@ errlHndl_t MasterContainerLidMgr::verifyExtend(const ComponentID& i_compId,
     if( (io_compInfo.flags & CompFlags::SIGNED_PRE_VERIFY) ==
          CompFlags::SIGNED_PRE_VERIFY)
     {
-        // Only verify the lids if in secure mode
-        if (SECUREBOOT::enabled())
-        {
-            // Verify Container - some combination of Lids
-
-            l_errl = SECUREBOOT::verifyContainer(iv_pVaddr,
-                                             extractLidIds(io_compInfo.lidIds));
-            if (l_errl)
-            {
-                UTIL_FT(ERR_MRK"MasterContainerLidMgr::verifyExtend - failed verifyContainer");
-                SECUREBOOT::handleSecurebootFailure(l_errl);
-                assert(false,"Bug! handleSecurebootFailure shouldn't return!");
-            }
-        }
-
         // Parse Container Header
         SECUREBOOT::ContainerHeader l_conHdr;
         l_errl = l_conHdr.setHeader(iv_pVaddr);
@@ -635,15 +621,34 @@ errlHndl_t MasterContainerLidMgr::verifyExtend(const ComponentID& i_compId,
         io_compInfo.unprotectedSize = l_conHdr.totalContainerSize() -
                                       l_conHdr.payloadTextSize();
 
-        // Verify the component in the Secure Header matches the MCL
-        l_errl = SECUREBOOT::verifyComponentId(l_conHdr, iv_curCompIdStr);
+        // Only verify the lids if in secure mode
+        if (SECUREBOOT::enabled())
+        {
+            // Verify Container - some combination of Lids
+            l_errl = SECUREBOOT::verifyContainer(iv_pVaddr,
+                                             extractLidIds(io_compInfo.lidIds));
+            if (l_errl)
+            {
+                UTIL_FT(ERR_MRK"MasterContainerLidMgr::verifyExtend - failed verifyContainer");
+                SECUREBOOT::handleSecurebootFailure(l_errl);
+                assert(false,"Bug! handleSecurebootFailure shouldn't return!");
+            }
+
+            // Verify the component in the Secure Header matches the MCL
+            l_errl = SECUREBOOT::verifyComponentId(l_conHdr, iv_curCompIdStr);
+            if (l_errl)
+            {
+                l_errl->collectTrace(UTIL_COMP_NAME);
+                break;
+            }
+        }
+
+        l_errl = tpmExtend(i_compId, l_conHdr);
         if (l_errl)
         {
             l_errl->collectTrace(UTIL_COMP_NAME);
             break;
         }
-
-        tpmExtend(i_compId, l_conHdr);
     }
     } while(0);
 
@@ -653,7 +658,7 @@ errlHndl_t MasterContainerLidMgr::verifyExtend(const ComponentID& i_compId,
 }
 
 errlHndl_t MasterContainerLidMgr::tpmExtend(const ComponentID& i_compId,
-                            const SECUREBOOT::ContainerHeader& i_conHdr) const
+                            const SECUREBOOT::ContainerHeader& i_conHdr)
 {
     UTIL_DT(ENTER_MRK"MasterContainerLidMgr::tpmExtend");
 
@@ -681,7 +686,7 @@ errlHndl_t MasterContainerLidMgr::tpmExtend(const ComponentID& i_compId,
     if (l_errl)
     {
         UTIL_FT(ERR_MRK "MasterContainerLidMgr::tpmExtend - pcrExtend() (payload text hash) failed for component %s",
-                  iv_curCompIdStr);
+                  i_conHdr.componentId());
         break;
     }
 
@@ -694,7 +699,7 @@ errlHndl_t MasterContainerLidMgr::tpmExtend(const ComponentID& i_compId,
     if (l_errl)
     {
         UTIL_FT(ERR_MRK "MasterContainerLidMgr::tpmExtend - pcrExtend() (FW key hash) failed for component %s",
-                iv_curCompIdStr);
+                i_conHdr.componentId());
         break;
     }