Use common ROM header files for rom, bootloader, and hostboot

Change-Id: I4d7db7293d44633cf1646f69ab98ddc8d66338ca RTC: 143902 Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/34525 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
open-power · Jan 30, 2017 · b83556b · b83556b
1 parent 6b650f5
commit b83556b
Show file tree

Hide file tree

Showing 7 changed files with 98 additions and 297 deletions.
diff --git a/src/include/securerom/ROM.H b/src/include/securerom/ROM.H
@@ -35,8 +35,6 @@
 #define HASH_ALG_SHA512     1
 #define SIG_ALG_ECDSA521    1
 
-#define ROM_MAGIC_NUMBER     0x17082011
-
 typedef struct
 {
   uint16_t     version;     // (1: see versions above)
@@ -130,4 +128,91 @@ extern void ROM_sreset (void);
 extern "C" ROM_response ROM_verify (ROM_container_raw* container,
                                     ROM_hw_params* params);
 
+/************************* END OF ORIGINAL ROM CODE ***************************/
+
+/* Offsets needed to call functions in jump table at start of ROM code.
+   See img/securerom.list.bz2 and search for SHA512_Hash and ROM_verify
+   E.g.
+    0000000000000018 <_SHA512_Hash>:
+    0000000000000028 <_ROM_verify>:
+*/
+#define SHA512_HASH_FUNCTION_OFFSET 0x18
+#define ROM_VERIFY_FUNCTION_OFFSET 0x28
+
+// Need this for the following definition
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+// Interfaces for Assembly Functions to call into Secure ROM
+// - 1st parameter is address of function offset into Secure ROM,
+//   followed by additional parameters as necssary
+
+/**
+ * @brief Call rom verify code against system hash keys
+ *
+ * @param[in] void*              Address of function offset into Secure ROM
+ * @param[in] ROM_container_raw* Pointer to effective address of container
+ * @param[in] ROM_hw_params*     HW params to pass in. Includes HW keys' hash
+ *
+ * @return ROM_response ROM_DONE on sucess ROM_FAILURE otherwise
+ */
+ROM_response call_rom_verify(void*, ROM_container_raw*, ROM_hw_params*);
+
+/**
+ * @brief Call rom SHA512 code
+ *
+ * @param[in] void*            Address of function offset into Secure ROM
+ * @param[in] sha2_byte*       Pointer to effective address of blob to hash
+ * @param[in] size_t           Size of blob to hash
+ * @param[in/out] sha2_hash_t* Pointer to resulting hash value
+ *
+ * @return N/A
+ */
+void call_rom_SHA512(void*, const sha2_byte *, size_t, sha2_hash_t*);
+
+#ifdef __cplusplus
+}
+#endif
+
+// Consts used for container header validation
+const uint32_t ROM_MAGIC_NUMBER = 0x17082011;
+const uint16_t ROM_VERSION = 1;
+const uint8_t ROM_HASH_ALG = 1;
+const uint8_t ROM_SIG_ALG = 1;
+const uint8_t HW_KEY_COUNT = 3;
+const uint8_t SW_KEY_COUNT_MIN = 1;
+const uint8_t SW_KEY_COUNT_MAX = 3;
+const size_t MAX_SECURE_HEADER_SIZE = 4096;
+
+// Security Flags
+
+// HW Security Flags
+enum HW_SB_FLAGS
+{
+    HB_FW_FLAG = 0x80000000,
+    OPAL_FLAG = 0x40000000,
+    PHYP_FLAG = 0x20000000,
+    KEY_TRANSITION_FLAG = 0x00000001
+};
+
+// SW Security Flags
+enum SW_SB_FLAGS
+{
+    // placeholder
+};
+
+// Structure to store all hw and sw flag values in a container header
+struct sb_flags_t
+{
+    sb_flags_t() : hw_hb_fw(false), hw_opal(false), hw_phyp(false),
+                   hw_key_transition(false) {}
+    bool hw_hb_fw;
+    bool hw_opal;
+    bool hw_phyp;
+    bool hw_key_transition;
+};
+
+
 #endif
diff --git a/src/include/usr/secureboot/containerheader.H b/src/include/usr/secureboot/containerheader.H
@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2016                             */
+/* Contributors Listed Below - COPYRIGHT 2016,2017                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -27,7 +27,7 @@
 
 #include <errl/errlentry.H>
 #include <secureboot/service.H>
-#include <secureboot/rom.H>
+#include <securerom/ROM.H>
 
 // Forward Declaration
 class SecureROMTest;

diff --git a/src/include/usr/secureboot/rom.H b/src/include/usr/secureboot/rom.H
diff --git a/src/usr/pnor/pnorrp.C b/src/usr/pnor/pnorrp.C
@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2011,2016                        */
+/* Contributors Listed Below - COPYRIGHT 2011,2017                        */
 /* [+] Google Inc.                                                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
@@ -562,7 +562,7 @@ errlHndl_t PnorRP::getSectionInfo( PNOR::SectionId i_section,
                 else
                 {
                     uint32_t l_badMagicHeader = 0;
-                    memcpy(&l_badMagicHeader, l_vaddr, sizeof(MAGIC_NUMBER));
+                    memcpy(&l_badMagicHeader, l_vaddr, sizeof(ROM_MAGIC_NUMBER));
                     TRACFCOMP( g_trac_pnor, ERR_MRK"PnorRP::getSectionInfo: magic number not valid to parse container for section = %s magic number = 0x%X",
                                o_info.name, l_badMagicHeader);
                 /*@

diff --git a/src/usr/pnor/spnorrp.C b/src/usr/pnor/spnorrp.C
@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2011,2016                        */
+/* Contributors Listed Below - COPYRIGHT 2011,2017                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -921,7 +921,7 @@ errlHndl_t SPnorRP::keyTransitionCheck(const uint8_t *i_vaddr) const
 
 bool PNOR::cmpSecurebootMagicNumber(const uint8_t* i_vaddr)
 {
-    return memcmp(&MAGIC_NUMBER, i_vaddr, sizeof(MAGIC_NUMBER)) == 0;
+    return memcmp(&ROM_MAGIC_NUMBER, i_vaddr, sizeof(ROM_MAGIC_NUMBER)) == 0;
 }
 
 errlHndl_t PNOR::hasSecurebootMagicNumber(const SectionId i_section,

diff --git a/src/usr/secureboot/base/containerheader.C b/src/usr/secureboot/base/containerheader.C
@@ -5,7 +5,7 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* Contributors Listed Below - COPYRIGHT 2016                             */
+/* Contributors Listed Below - COPYRIGHT 2016,2017                        */
 /* [+] International Business Machines Corp.                              */
 /*                                                                        */
 /*                                                                        */
@@ -44,7 +44,7 @@ void ContainerHeader::parse_header(const void* i_header)
 
     // Early check if magic number is valid, as a quick check to try and prevent
     // any storage exceptions while parsing header.
-    assert(iv_headerInfo.hw_hdr.magic_number == MAGIC_NUMBER,
+    assert(iv_headerInfo.hw_hdr.magic_number == ROM_MAGIC_NUMBER,
            "ContainerHeader: magic number = 0x%08X not valid",
            iv_headerInfo.hw_hdr.magic_number);
 
@@ -195,7 +195,7 @@ const SHA512_t* ContainerHeader::hwKeyHash() const
 void ContainerHeader::validate()
 {
     iv_isValid = (iv_hdrBytesRead <= MAX_SECURE_HEADER_SIZE)
-        && (iv_headerInfo.hw_hdr.magic_number == MAGIC_NUMBER)
+        && (iv_headerInfo.hw_hdr.magic_number == ROM_MAGIC_NUMBER)
         && (iv_headerInfo.hw_hdr.version == ROM_VERSION)
         && (iv_headerInfo.hw_prefix_hdr.ver_alg.version == ROM_VERSION)
         && (iv_headerInfo.hw_prefix_hdr.ver_alg.hash_alg == ROM_HASH_ALG)