Secure Boot: Support reading component ID from container's SW header

- Repurposed container SW header reserved field for component ID - Parse component ID when reading container header - Implement user API to read component ID Change-Id: I005f0e1cb20d4022333d05bfe86d88bf706f60de Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/46173 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Stephen M. Cprek <smcprek@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
open-power · Sep 21, 2017 · 229ad66 · 229ad66
1 parent ce2eb29
commit 229ad66
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 5 deletions.
diff --git a/src/include/securerom/ROM.H b/src/include/securerom/ROM.H
@@ -32,10 +32,38 @@
 #include <string.h>
 #include <array>
 
-#define CONTAINER_VERSION   1
-#define HEADER_VERSION      1
-#define HASH_ALG_SHA512     1
-#define SIG_ALG_ECDSA521    1
+/**
+ *  @brief Indicates container header section versions
+ */
+enum CONTAINER_SECTION_VERSION : uint16_t
+{
+    CONTAINER_VERSION = 0x0001,
+    HEADER_VERSION    = 0x0001,
+};
+
+/**
+ *  @brief Indicates sizes of container header fields
+ */
+enum CONTAINER_FIELD_SIZE : size_t
+{
+    SW_HDR_COMP_ID_SIZE_BYTES = 8,
+};
+
+/**
+ *  @brief Unique identifer for the hash algorithm to use
+ */
+enum ROM_HASH_ALGORITHM : uint8_t
+{
+    HASH_ALG_SHA512 = 0x01,
+};
+
+/**
+ *  @brief Unique identifier for the signature algorithm to use
+ */
+enum ROM_SIGNATURE_ALGORITHM : uint8_t
+{
+    SIG_ALG_ECDSA521 = 0x01,
+};
 
 typedef struct
 {
@@ -92,7 +120,7 @@ typedef struct
 {
   ROM_version_raw ver_alg;
   uint64_t        code_start_offset;
-  uint64_t        reserved;
+  char            component_id[SW_HDR_COMP_ID_SIZE_BYTES];
   uint32_t        flags;
   uint8_t         reserved_0;
   uint64_t        payload_size;

diff --git a/src/include/usr/secureboot/containerheader.H b/src/include/usr/secureboot/containerheader.H
@@ -58,6 +58,7 @@ class ContainerHeader
             iv_pHdrStart = reinterpret_cast<const uint8_t*>(i_header);
             memset(&iv_headerInfo, 0x00, sizeof(iv_headerInfo));
             memset(iv_hwKeyHash, 0, sizeof(SHA512_t));
+            memset(iv_componentId,0x00,sizeof(iv_componentId));
             parse_header(i_header);
         };
 
@@ -142,6 +143,14 @@ class ContainerHeader
          */
         bool isValid() const;
 
+        /**
+         *  @brief Returns the container's component ID as an invariant
+         *      character string, or an empty string if none provided.
+         *
+         *  @return const char* Component ID string
+         */
+        const char* componentId() const;
+
     private:
         /**
          * @brief Default Constructor in private to prevent being instantiated
@@ -161,6 +170,13 @@ class ContainerHeader
             ROM_sw_sig_raw sw_sig;
         };
 
+        /**
+         *  @brief Container's component ID (one byte larger than associated
+         *      container header field to allow for a NULL terminator)
+         */
+        char iv_componentId[  sizeof(ROM_sw_header_raw::component_id)
+                            + sizeof(uint8_t) ];
+
         // Entire cached container header content
         SecureHeaderInfo iv_headerInfo;
 

diff --git a/src/usr/secureboot/common/containerheader.C b/src/usr/secureboot/common/containerheader.C
@@ -69,6 +69,8 @@ void ContainerHeader::parse_header(const void* i_header)
     /*---- Parse ROM_sw_header_raw ----*/
     l_size = offsetof(ROM_sw_header_raw, ecid);
     safeMemCpyAndInc(&iv_headerInfo.sw_hdr, l_hdr, l_size);
+    strncpy(iv_componentId,iv_headerInfo.sw_hdr.component_id,
+        sizeof(iv_headerInfo.sw_hdr.component_id));
 
     // Get ECID array
     l_size = iv_headerInfo.sw_hdr.ecid_count * ECID_SIZE;
@@ -126,6 +128,7 @@ void ContainerHeader::print() const
     }
 
     /*---- Print ROM_sw_header_raw ----*/
+    TRACFCOMP(g_trac_secure,"component_id \"%s\"", componentId());
     TRACFCOMP(g_trac_secure,"payload_size 0x%X", iv_headerInfo.sw_hdr.payload_size );
     TRACFBIN(g_trac_secure,"payload_hash", iv_headerInfo.sw_hdr.payload_hash, SHA512_DIGEST_LENGTH);
 
@@ -230,6 +233,11 @@ bool ContainerHeader::isValid() const
     return iv_isValid;
 }
 
+const char* ContainerHeader::componentId() const
+{
+    return iv_componentId;
+}
+
 void ContainerHeader::parseFlags()
 {
     iv_sbFlags.hw_hb_fw = iv_headerInfo.hw_prefix_hdr.flags & HB_FW_FLAG;