Skip to content

Commit

Permalink
Collect better FFDC on ROM verification errors
Browse files Browse the repository at this point in the history 
Collect both the UTIL and RUNTIME component traces on a ROM
verify failure
Added a new Errlog User Details sections "Verify Info" containing
the component name, ID(s), measured, and expected hashes

Change-Id: I0d0408128e05807bb906be5ee365d56d1416693f
CQ:SW413889
Backport:release-fips910
Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/52593
Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com>
Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com>
Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com>
Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com>
Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com>
Reviewed-by: Marshall J. Wilks <mjwilks@us.ibm.com>
Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
  • Loading branch information
@dcrowell77
Stephen Cprek authored and dcrowell77 committed Jan 31, 2018
1 parent d999ed1 commit 8443a65
Show file tree
Hide file tree
Showing 14 changed files with 319 additions and 22 deletions.
13 changes: 12 additions & 1 deletion src/build/buildpnor/genPnorImages.pl
View file
Expand Up @@ -6,7 +6,7 @@
#
# OpenPOWER HostBoot Project
#
# Contributors Listed Below - COPYRIGHT 2016,2017
# Contributors Listed Below - COPYRIGHT 2016,2018
# [+] International Business Machines Corp.
#
#
Expand Down Expand Up @@ -950,6 +950,17 @@ sub manipulateImages
}
}
}
# Corrupt section if user specified to do so, before ECC injection.
if ($secureboot && exists $partitionsToCorrupt{$eyeCatch})
{
# If no protected file ($tempImages{PAYLOAD_TEXT}) exists
# for this partition, then that means there is no unprotected
# section. A protected file is only created when there's a need
# to split up the partition for signing purposes.
corrupt_partition($eyeCatch, $protectedOffset,
$tempImages{PAYLOAD_TEXT},
$tempImages{PAD_PHASE});
}
}
if ($eyeCatch eq "SBKT" && $emitEccless)
{
Expand Down
9 changes: 8 additions & 1 deletion src/include/securerom/ROM.H
View file
Expand Up @@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2016,2017 */
/* Contributors Listed Below - COPYRIGHT 2016,2018 */
/* [+] International Business Machines Corp. */
/* */
/* */
Expand All @@ -31,6 +31,7 @@
#include <securerom/ecverify.H>
#include <string.h>
#include <array>
#include <vector>

/**
* @brief Indicates container header section versions
Expand Down Expand Up @@ -345,4 +346,10 @@ enum SB_FUNC_VERS : sbFuncVer_t
*/
extern const std::array<sbFuncType_t, SB_FUNC_TYPES::MAX_TYPES> SecRomFuncTypes;

/**
* @brief Vector of IDds (PNOR or Lid Id(s)) associated with the blob that is
* being verified.
*/
typedef std::vector<uint32_t> RomVerifyIds;

#endif
1 change: 1 addition & 0 deletions src/include/usr/secureboot/secure_reasoncodes.H
View file
Expand Up @@ -84,6 +84,7 @@ namespace SECUREBOOT
SECURE_UDT_SYSTEM_HW_KEY_HASH = 0x1,
SECURE_UDT_TARGET_HW_KEY_HASH = 0x2,
SECURE_UDT_SECURITY_SETTINGS = 0x3,
SECURE_UDT_VERIFY_INFO = 0x4,
};

}
Expand Down
6 changes: 5 additions & 1 deletion src/include/usr/secureboot/service.H
View file
Expand Up @@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2013,2017 */
/* Contributors Listed Below - COPYRIGHT 2013,2018 */
/* [+] International Business Machines Corp. */
/* */
/* */
Expand Down Expand Up @@ -216,12 +216,16 @@ namespace SECUREBOOT
* @brief Verify Signed Container
*
* @param[in] i_container Void pointer to effective address of container
* @param[in] i_ids Vector of IDs (PNOR or Lid Id(s)) associated with
* the blob that is being verified.
* [default = empty vector]
* @param[in] i_hwKeyHash Custom hw keys' hash to test against
* [default = nullptr, use current hw hash key]
*
* @return errlHndl_t NULL on success
*/
errlHndl_t verifyContainer(void * i_container,
const RomVerifyIds& i_ids = RomVerifyIds(),
const SHA512_t* i_hwKeyHash = nullptr);

/**
Expand Down
12 changes: 11 additions & 1 deletion src/include/usr/util/utilmclmgr.H
View file
Expand Up @@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2017 */
/* Contributors Listed Below - COPYRIGHT 2017,2018 */
/* [+] International Business Machines Corp. */
/* */
/* */
Expand All @@ -30,6 +30,7 @@
#include <secureboot/containerheader.H>
#include <errl/errlentry.H>
#include <usr/vmmconst.h>
#include <securerom/ROM.H>

// Forward declarations
class MasterContainerLidMgrTest;
Expand Down Expand Up @@ -222,6 +223,15 @@ void compIdToString(const ComponentID i_compId, CompIdString o_compIdStr);
*/
uint64_t compIdToInt(const ComponentID i_compId);

/**
* @brief Extract list of lid ids from lid info vector
*
* @param[in] i_lidIds - Vector to pull lid ids out of
*
* @return RomVerifyIds - IDs associated with secure component
*/
RomVerifyIds extractLidIds(const std::vector<LidInfo>& i_lidIds);

// @brief Class to manager the Master Container Lid provided by the FSP
class MasterContainerLidMgr
{
Expand Down
5 changes: 3 additions & 2 deletions src/usr/pnor/spnorrp.C
View file
Expand Up @@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2011,2017 */
/* Contributors Listed Below - COPYRIGHT 2011,2018 */
/* [+] International Business Machines Corp. */
/* */
/* */
Expand Down Expand Up @@ -531,7 +531,7 @@ uint64_t SPnorRP::verifySections(SectionId i_id,
// verify while in temp space
if (SECUREBOOT::enabled())
{
l_errhdl = SECUREBOOT::verifyContainer(l_tempAddr);
l_errhdl = SECUREBOOT::verifyContainer(l_tempAddr, {i_id});
if (l_errhdl)
{
TRACFCOMP(g_trac_pnor, ERR_MRK"SPnorrRP::verifySections - section "
Expand Down Expand Up @@ -1460,6 +1460,7 @@ errlHndl_t SPnorRP::keyTransitionCheck(const uint8_t *i_vaddr) const
}

l_errl = SECUREBOOT::verifyContainer(l_nestedVaddr,
{PNOR::SBKT},
l_nestedConHdr.hwKeyHash());
if (l_errl)
{
Expand Down
53 changes: 45 additions & 8 deletions src/usr/secureboot/base/securerommgr.C
View file
Expand Up @@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2013,2017 */
/* Contributors Listed Below - COPYRIGHT 2013,2018 */
/* [+] International Business Machines Corp. */
/* */
/* */
Expand Down Expand Up @@ -42,6 +42,7 @@
#include <config.h>
#include <console/consoleif.H>
#include <secureboot/containerheader.H>
#include "../common/errlud_secure.H"

// Quick change for unit testing
//#define TRACUCOMP(args...) TRACFCOMP(args)
Expand Down Expand Up @@ -69,12 +70,15 @@ errlHndl_t initializeSecureRomManager(void)
/**
* @brief Verify Signed Container
*/
errlHndl_t verifyContainer(void * i_container, const SHA512_t* i_hwKeyHash)
errlHndl_t verifyContainer(void * i_container, const RomVerifyIds& i_ids,
const SHA512_t* i_hwKeyHash)
{
errlHndl_t l_errl = nullptr;

l_errl = Singleton<SecureRomManager>::instance().
verifyContainer(i_container,i_hwKeyHash);
verifyContainer(i_container,
i_ids,
i_hwKeyHash);

return l_errl;
}
Expand Down Expand Up @@ -317,7 +321,8 @@ errlHndl_t SecureRomManager::initialize()
* @brief Verify Container against system hash keys
*/
errlHndl_t SecureRomManager::verifyContainer(void * i_container,
const SHA512_t* i_hwKeyHash)
const RomVerifyIds& i_ids,
const SHA512_t* i_hwKeyHash)
{
TRACDCOMP(g_trac_secure,ENTER_MRK"SecureRomManager::verifyContainer(): "
"i_container=%p", i_container);
Expand Down Expand Up @@ -407,10 +412,42 @@ errlHndl_t SecureRomManager::verifyContainer(void * i_container,
l_rc,
l_hw_parms.log,
true /*Add HB Software Callout*/ );
// Callout code to force a rewrite of the contents
//@todo RTC:93870 - Define new callout for verification fail
l_errl->collectTrace(PNOR_COMP_NAME,ERROR_TRACE_SIZE);
l_errl->collectTrace(SECURE_COMP_NAME,ERROR_TRACE_SIZE);
l_errl->collectTrace(PNOR_COMP_NAME);
l_errl->collectTrace(SECURE_COMP_NAME);
l_errl->collectTrace(UTIL_COMP_NAME);
l_errl->collectTrace(RUNTIME_COMP_NAME);

ContainerHeader l_conHdr;
auto l_hdrParseErr = l_conHdr.setHeader(i_container);
if (l_hdrParseErr)
{
TRACFCOMP(g_trac_secure, ERR_MRK"SecureRomManager::verifyContainer(): setheader failed");
// Link parse error log to existing errorlog plid and commit error
l_hdrParseErr->plid(l_errl->plid());
ERRORLOG::errlCommit(l_hdrParseErr, RUNTIME_COMP_ID);

// Add UD data without data needed from Container Header
UdVerifyInfo("UNKNOWN", 0, i_ids, {}, {}).addToLog(l_errl);
}
else
{
// Measure protected section. Note it starts one page after the
// vaddr passed in for verification
auto l_pProtectedSec =
reinterpret_cast<const uint8_t*>(i_container) + PAGESIZE;
SHA512_t l_measuredHash = {0};
SECUREBOOT::hashBlob(l_pProtectedSec,
l_conHdr.payloadTextSize(),
l_measuredHash);
// Add UD data to errorlog
UdVerifyInfo(l_conHdr.componentId(),
l_conHdr.payloadTextSize(),
i_ids,
l_measuredHash,
*l_conHdr.payloadTextHash()
).addToLog(l_errl);
}

break;

}
Expand Down
6 changes: 5 additions & 1 deletion src/usr/secureboot/base/securerommgr.H
View file
Expand Up @@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2013,2017 */
/* Contributors Listed Below - COPYRIGHT 2013,2018 */
/* [+] International Business Machines Corp. */
/* */
/* */
Expand Down Expand Up @@ -53,12 +53,16 @@ class SecureRomManager
*
* @param[in] i_container Void pointer to effective address
* of container
* @param[in] i_ids Vector of IDs (PNOR or Lid Id(s)) associated with
* the blob that is being verified.
* [default = empty vector]
* @param[in] i_hwKeyHash Custom hw keys' hash to test against
* [default = nullptr, use current hw hash key
*
* @return errlHndl_t NULL on success
*/
errlHndl_t verifyContainer(void * i_container,
const RomVerifyIds& i_ids = RomVerifyIds(),
const SHA512_t* i_hwKeyHash = nullptr);

/**
Expand Down
3 changes: 2 additions & 1 deletion src/usr/secureboot/base/test/securerommgrtest.H
View file
Expand Up @@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2013,2017 */
/* Contributors Listed Below - COPYRIGHT 2013,2018 */
/* [+] International Business Machines Corp. */
/* */
/* */
Expand Down Expand Up @@ -147,6 +147,7 @@ class SecureRomManagerTest : public CxxTest::TestSuite
printkd("test_verify(): expect to see 'mfsr r2 to CFAR handled': ");

l_errl = SECUREBOOT::verifyContainer(signedFile_pageAddr,
{},
&hw_key_hash);
if (l_errl)
{
Expand Down
51 changes: 50 additions & 1 deletion src/usr/secureboot/common/errlud_secure.C
View file
Expand Up @@ -5,7 +5,7 @@
/* */
/* OpenPOWER HostBoot Project */
/* */
/* Contributors Listed Below - COPYRIGHT 2014,2017 */
/* Contributors Listed Below - COPYRIGHT 2014,2018 */
/* [+] International Business Machines Corp. */
/* */
/* */
Expand All @@ -31,6 +31,10 @@
#include <secureboot/secure_reasoncodes.H>
#include "errlud_secure.H"
#include <kernel/bltohbdatamgr.H>
#include <util/utilmem.H>
#include <securerom/ROM.H>
#include <errl/errlentry.H>
#include <errl/errlmanager.H>

namespace SECUREBOOT
{
Expand Down Expand Up @@ -164,5 +168,50 @@ UdSecuritySettings::~UdSecuritySettings()

}

//------------------------------------------------------------------------------
// SECURE Verify Info User Details
//------------------------------------------------------------------------------
UdVerifyInfo::UdVerifyInfo(const char* i_compId,
const uint64_t i_protectedSize,
const RomVerifyIds& i_ids,
const SHA512_t& i_measuredHash,
const SHA512_t& i_expectedHash)
{
// Set up Ud instance variables
iv_CompId = SECURE_COMP_ID;
iv_Version = SECURE_UDT_VERSION_1;
iv_SubSection = SECURE_UDT_VERIFY_INFO;

//***** Version SECURE_UDT_VERSION_1 Memory Layout *****
// 9 bytes Max : Component ID (8 byte string + NULL) use strlen
// 8 bytes : Protected Payload Size
// 4 bytes : Number of IDs
// 4*N bytes : IDs (PNOR id or LidID) multiplied by number of ids
// 64 bytes : Measured Hash
// 64 bytes : Expected Hash

UtilMem l_memBuf {};
l_memBuf.write(i_compId, strlen(i_compId)+1);
l_memBuf << i_protectedSize;
l_memBuf << static_cast<uint32_t>(i_ids.size());
for (auto id : i_ids)
{
l_memBuf << id;
}
l_memBuf.write(i_measuredHash, PARSER_SIZEOF_SHA512_t);
l_memBuf.write(i_expectedHash, PARSER_SIZEOF_SHA512_t);

auto l_memBufErr = l_memBuf.getLastError();
if(l_memBufErr)
{
errlCommit(l_memBufErr,SECURE_COMP_ID);
}
else
{
char * l_pBuf = reinterpret_cast<char *>(reallocUsrBuf(l_memBuf.size()));
memcpy(l_pBuf, l_memBuf.base(), l_memBuf.size());
}
}

} // end SECUREBOOT namespace

0 comments on commit 8443a65

Please sign in to comment.