Verify HBI pages via its hash page table

Stephen Cprek · dcrowell77 · commit efd80db76c6e · 2016-07-20T17:41:46.000-04:00
Change-Id: I43aeff07912d1744e3f5706a96fbe24ecfe18896 RTC: 125298 ForwardPort: yes Reviewed-on: http://ralgit01.raleigh.ibm.com/gerrit1/24097 Tested-by: Jenkins Server <pfd-jenkins+hostboot@us.ibm.com> Tested-by: Jenkins OP Build CI <op-jenkins+hostboot@us.ibm.com> Tested-by: FSP CI Jenkins <fsp-CI-jenkins+hostboot@us.ibm.com> Reviewed-by: Nicholas E. Bofferding <bofferdn@us.ibm.com> Tested-by: Jenkins OP HW <op-hw-jenkins+hostboot@us.ibm.com> Reviewed-by: Michael Baiocchi <mbaiocch@us.ibm.com> Reviewed-by: Daniel M. Crowell <dcrowell@us.ibm.com>
diff --git a/img/.gitignore b/img/.gitignore
@@ -18,3 +18,4 @@ errlparser
 *.prf
 test_signed_container
 secureboot_signed_container
+secureboot_hash_page_table_container
diff --git a/src/build/buildpnor/genPnorImages.pl b/src/build/buildpnor/genPnorImages.pl
@@ -172,9 +172,9 @@ sub manipulateImages
         PROTECTED_PAYLOAD => "$bin_dir/$parallelPrefix.protected_payload.bin"
     );
 
-    # @TODO RTC:125298 add HBI to this list, not supported until vfsrp code
-    # is modified.
-    my %hashPageTablePartitions = ();
+    # Partitions that have a hash page table at the beginning of the section
+    # for secureboot purposes.
+    my %hashPageTablePartitions = (HBI => 1);
 
     foreach my $key ( keys %{$i_binFilesRef})
     {
@@ -292,6 +292,13 @@ sub manipulateImages
             run_command("cp $tempImages{PAD_PHASE} $fsp_file");
         }
 
+        # Hack HBI page to fail verification, Ensure location is past hash page table
+        if ($eyeCatch eq "HBI")
+        {
+            # Leave in here for now
+            # run_command("printf \'\\xa1\' | dd conv=notrunc of=$tempImages{PAD_PHASE} bs=1 seek=\$((0x00013000))");
+        }
+
         # ECC Phase
         if( ($sectionHash{$layoutKey}{ecc} eq "yes") )
         {
@@ -436,7 +443,7 @@ sub gen_test_containers
     # Create a signed test container with a hash page table
     # name = secureboot_hash_page_table_container (no prefix in hb cacheadd)
     $test_container = "$bin_dir/secureboot_hash_page_table_container";
-    run_command("dd if=/dev/urandom count=50 ibs=4096 | tr \"\\000\" \"\\377\" > $tempImages{TEST_CONTAINER_DATA}");
+    run_command("dd if=/dev/urandom count=5 ibs=4096 | tr \"\\000\" \"\\377\" > $tempImages{TEST_CONTAINER_DATA}");
     $tempImages{hashPageTable} = genHashPageTable($tempImages{TEST_CONTAINER_DATA}, "secureboot_test");
     run_command("$SIGNING_DIR/build -good -if $SECUREBOOT_HDR -of $tempImages{PROTECTED_PAYLOAD} -bin $tempImages{hashPageTable} $SIGN_BUILD_PARAMS");
     run_command("cat $tempImages{PROTECTED_PAYLOAD} $tempImages{TEST_CONTAINER_DATA} > $test_container ");
diff --git a/src/include/errno.h b/src/include/errno.h
@@ -5,7 +5,9 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* COPYRIGHT International Business Machines Corp. 2011,2014              */
+/* Contributors Listed Below - COPYRIGHT 2011,2016                        */
+/* [+] International Business Machines Corp.                              */
+/*                                                                        */
 /*                                                                        */
 /* Licensed under the Apache License, Version 2.0 (the "License");        */
 /* you may not use this file except in compliance with the License.       */
@@ -23,13 +25,20 @@
 #ifndef _ERRNO_H
 #define _ERRNO_H
 
+#include <map>
+
+// Map to to store strings of errorno codes
+typedef std::map<int, const char*> ErrorNoNames;
+
+// Add new ERRNO's to ErrorNoNames init function
 #define ENOENT           2      // No such file or directory
 #define	EIO              5      // I/O error
 #define ENXIO            6      // No such device or address
 #define ENOEXEC          8      // Exec format error
 #define EBADF            9      // Bad file descriptor
 #define EAGAIN          11      // Try again
-#define	EFAULT          14      // Bad address
+#define EACCES          13      // Permission denied
+#define EFAULT          14      // Bad address
 #define EINVAL          22      // Invalid argument
 #define ENFILE          23      // Too many open files in system
 #define EDEADLK         35      // Operation would cause deadlock.
@@ -38,4 +47,27 @@
 
 #define EWOULDBLOCK     EAGAIN  // operation would block
 
+// @Brief Initialize an ErrorNoNames map
+//  Note: All keys and values are preceded with a '-', this is because the
+//  the errno's will be set to 2's complement when there's an error.
+inline ErrorNoNames init_map()
+{
+    ErrorNoNames l_map;
+    l_map[-ENOENT]      = "-ENOENT";
+    l_map[-EIO]         = "-EIO";
+    l_map[-ENXIO]       = "-ENXIO";
+    l_map[-ENOEXEC]     = "-ENOEXEC";
+    l_map[-EBADF]       = "-EBADF";
+    l_map[-EAGAIN]      = "-EAGAIN";
+    l_map[-EACCES]      = "-EACCES";
+    l_map[-EFAULT]      = "-EFAULT";
+    l_map[-EINVAL]      = "-EINVAL";
+    l_map[-ENFILE]      = "-ENFILE";
+    l_map[-EDEADLK]     = "-EDEADLK";
+    l_map[-ETIME]       = "-ETIME";
+    l_map[-EALREADY]    = "-EALREADY";
+    l_map[-EWOULDBLOCK] = "-EWOULDBLOCK";
+    return l_map;
+};
+
 #endif
diff --git a/src/include/kernel/msghandler.H b/src/include/kernel/msghandler.H
@@ -5,7 +5,9 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* COPYRIGHT International Business Machines Corp. 2011,2014              */
+/* Contributors Listed Below - COPYRIGHT 2011,2016                        */
+/* [+] International Business Machines Corp.                              */
+/*                                                                        */
 /*                                                                        */
 /* Licensed under the Apache License, Version 2.0 (the "License");        */
 /* you may not use this file except in compliance with the License.       */
@@ -31,6 +33,8 @@
 #include <kernel/msg.H>
 #include <kernel/spinlock.H>
 #include <util/locked/list.H>
+#include <map>
+#include <errno.h>
 
 // Forward declaration.
 namespace Systemcalls { void MsgRespond(task_t*); };
@@ -165,6 +169,9 @@ class MessageHandler
         virtual HandleResult handleResponse(msg_sys_types_t i_type, void* i_key,
                                             task_t* i_task, int i_rc);
 
+        // @brief Map to print out string of errorno received by msg handler
+        static ErrorNoNames iv_errnoNames;
+
     protected:
         /** @brief 'Recv message' interface.
          *  Called by the msg_respond sys-call handler to relay the response
diff --git a/src/include/sys/vfs.h b/src/include/sys/vfs.h
@@ -100,6 +100,8 @@ extern VfsSystemModule VFS_MODULES[VFS_MODULE_MAX];
 
 extern uint64_t VFS_LAST_ADDRESS;
 
+#define VFS_MODULE_TABLE_SIZE (VFS_EXTENDED_MODULE_MAX * sizeof(VfsSystemModule))
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/include/usr/secureboot/service.H b/src/include/usr/secureboot/service.H
@@ -87,6 +87,23 @@ namespace SECUREBOOT
      */
      void getHwHashKeys(sha2_hash_t o_hash);
 
+    /*
+     * @brief Hash the concatenation of two Blobs
+     *
+     *  Asserts if either blobs are NULL
+     *
+     * @param[in]  i_blob1      Void pointer to effective address of blob1
+     * @param[in]  i_blob1Size  Size of blob1 in bytes
+     * @param[in]  i_blob2      Void pointer to effective address of blob2
+     * @param[in]  i_blob2Size  Size of blob2 in bytes
+     * @param[out] o_hash       SHA512 hash
+     *
+     * @return errlHndl_t  NULL on success
+     */
+    errlHndl_t hashConcatBlobs (const void* i_blob1, size_t i_blob1Size,
+                                const void* i_blob2, size_t i_blob2Size,
+                                SHA512_t o_buf);
+
 }
 
 #endif
diff --git a/src/include/usr/vfs/vfs_reasoncodes.H b/src/include/usr/vfs/vfs_reasoncodes.H
@@ -5,7 +5,9 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* COPYRIGHT International Business Machines Corp. 2011,2014              */
+/* Contributors Listed Below - COPYRIGHT 2011,2016                        */
+/* [+] International Business Machines Corp.                              */
+/*                                                                        */
 /*                                                                        */
 /* Licensed under the Apache License, Version 2.0 (the "License");        */
 /* you may not use this file except in compliance with the License.       */
@@ -45,7 +47,7 @@ namespace VFS
         VFS_PERMS_VMEM_FAILED =     VFS_COMP_ID | 0x04,
         VFS_MODULE_DOES_NOT_EXIST = VFS_COMP_ID | 0x05,
         VFS_INVALID_DATA_MODULE   = VFS_COMP_ID | 0x06,
-        VFS_TASK_CRASHED          = VFS_COMP_ID | 0x07,
+        VFS_TASK_CRASHED          = VFS_COMP_ID | 0x07
     };
 };
 
diff --git a/src/kernel/msghandler.C b/src/kernel/msghandler.C
@@ -5,7 +5,9 @@
 /*                                                                        */
 /* OpenPOWER HostBoot Project                                             */
 /*                                                                        */
-/* COPYRIGHT International Business Machines Corp. 2011,2014              */
+/* Contributors Listed Below - COPYRIGHT 2011,2016                        */
+/* [+] International Business Machines Corp.                              */
+/*                                                                        */
 /*                                                                        */
 /* Licensed under the Apache License, Version 2.0 (the "License");        */
 /* you may not use this file except in compliance with the License.       */
@@ -30,6 +32,8 @@
 #include <kernel/taskmgr.H>
 #include <kernel/console.H>
 
+ErrorNoNames MessageHandler::iv_errnoNames = init_map();
+
 void MessageHandler::sendMessage(msg_sys_types_t i_type, void* i_key,
                                  void* i_data, task_t* i_task)
 {
@@ -172,8 +176,18 @@ int MessageHandler::recvMessage(msg_t* i_msg)
         else if (UNHANDLED_RC == rc)
         {
             // Unsuccessful, unhandled response.  Kill task.
-            printk("Unhandled msg rc %d for key %p on task %d @ %p\n",
+            // Print the errorno string if we have mapped it in errno.h
+            if (iv_errnoNames.count(msg_rc) > 0)
+            {
+                printk("Unhandled msg rc %s for key %p on task %d @ %p\n",
+                                iv_errnoNames[msg_rc], key, deferred_task->tid,
+                                deferred_task->context.nip);
+            }
+            else
+            {
+                printk("Unhandled msg rc %d for key %p on task %d @ %p\n",
                    msg_rc, key, deferred_task->tid, deferred_task->context.nip);
+            }
             endTaskList.insert(deferred_task);
         }
         else if (CONTINUE_DEFER == rc)
diff --git a/src/makefile b/src/makefile
@@ -307,6 +307,7 @@ hbicore_test_DATA_MODULES += ${hbicore_DATA_MODULES}
 hbicore_test_DATA_MODULES += testdata
 ifndef SKIP_BINARY_FILES
 hbicore_test_DATA_MODULES += secureboot_signed_container
+hbicore_test_DATA_MODULES += secureboot_hash_page_table_container
 endif
 
 hbirt_OBJECTS += ${RUNTIME_OBJECTS}
diff --git a/src/usr/pnor/pnor_common.C b/src/usr/pnor/pnor_common.C
@@ -449,8 +449,10 @@ errlHndl_t PNOR::parseTOC(uint8_t* i_toc0Buffer, uint8_t* i_toc1Buffer,
                                             ((o_TOC[secId].size * 8 ) / 9);
                     }
 
-                    // TODO RTC:96009 handle version header w/secureboot
-                    if (o_TOC[secId].version == FFS_VERS_SHA512)
+                    // @TODO RTC:153773 move header handling to secure pnor rp
+                    // Don't skip header if verification is needed.
+                    if (o_TOC[secId].version == FFS_VERS_SHA512
+                        && strcmp(cur_entry->name,"HBI") != 0)
                     {
                         TRACFCOMP(g_trac_pnor, "PNOR::parseTOC: Incrementing"
                                 " Flash Address for SHA Header");
@@ -477,7 +479,6 @@ errlHndl_t PNOR::parseTOC(uint8_t* i_toc0Buffer, uint8_t* i_toc1Buffer,
                         }
                     }
 
-
                     if((o_TOC[secId].flashAddr + o_TOC[secId].size) >
                             (l_ffs_hdr->block_count*PAGESIZE))
                     {
diff --git a/src/usr/pnor/pnorrp.C b/src/usr/pnor/pnorrp.C
@@ -1354,7 +1354,7 @@ errlHndl_t PnorRP::clearSection(PNOR::SectionId i_section)
     TRACFCOMP(g_trac_pnor, "PnorRP::clearSection Section id = %d", i_section);
     errlHndl_t l_errl = NULL;
     const uint64_t CLEAR_BYTE = 0xFF;
-    uint8_t* l_buf = new uint8_t[PAGESIZE];
+    uint8_t* l_buf = new uint8_t[PAGESIZE]();
     uint8_t* l_eccBuf = NULL;
 
     do
@@ -1390,7 +1390,7 @@ errlHndl_t PnorRP::clearSection(PNOR::SectionId i_section)
         // apply ECC to data if needed
         if(l_ecc)
         {
-            l_eccBuf = new uint8_t[PAGESIZE_PLUS_ECC];
+            l_eccBuf = new uint8_t[PAGESIZE_PLUS_ECC]();
             PNOR::ECC::injectECC( reinterpret_cast<uint8_t*>(l_buf),
                                   PAGESIZE,
                                   reinterpret_cast<uint8_t*>(l_eccBuf) );
diff --git a/src/usr/secureboot/base/containerheader.C b/src/usr/secureboot/base/containerheader.C
@@ -139,7 +139,6 @@ void ContainerHeader::safeMemCpyAndInc(void* i_dest, const uint8_t* &io_hdr,
 
     // Determine if the memcpy is within the bounds of the container header
     iv_hdrBytesRead = io_hdr - iv_pHdrStart;
-    TRACFCOMP(g_trac_secure,"checkBounds:: header content size 0x%X", iv_hdrBytesRead);
     assert( (iv_hdrBytesRead + i_size) <= MAX_SECURE_HEADER_SIZE);
 
     memcpy(i_dest, io_hdr, i_size);
diff --git a/src/usr/secureboot/base/securerom.C b/src/usr/secureboot/base/securerom.C
@@ -81,7 +81,18 @@ errlHndl_t verifyContainer(void * i_container, size_t i_size)
 errlHndl_t hashBlob(void * i_blob, size_t i_size, SHA512_t io_buf)
 {
     return Singleton<SecureROM>::instance().hashBlob(i_blob, i_size, io_buf);
+}
 
+/**
+ * @brief Hash concatenation of 2 Blobs
+ *
+ */
+errlHndl_t hashConcatBlobs(const void* i_blob1, size_t i_blob1Size,
+                           const void* i_blob2, size_t i_blob2Size,
+                           SHA512_t o_buf)
+{
+    return Singleton<SecureROM>::instance().hashConcatBlobs(i_blob1,
+                                    i_blob1Size, i_blob2, i_blob2Size, o_buf);
 }
 
 /*
@@ -391,7 +402,7 @@ errlHndl_t SecureROM::verifyContainer(void * i_container, size_t i_size)
 /**
  * @brief Hash Blob
  */
-errlHndl_t SecureROM::hashBlob(void * i_blob, size_t i_size, SHA512_t io_buf)
+errlHndl_t SecureROM::hashBlob(void * i_blob, size_t i_size, SHA512_t io_buf) const
 {
 
     TRACDCOMP(g_trac_secure,INFO_MRK"SecureROM::hashBlob() NOT "
@@ -427,6 +438,33 @@ errlHndl_t SecureROM::hashBlob(void * i_blob, size_t i_size, SHA512_t io_buf)
     return l_errl;
 }
 
+/**
+ * @brief Hash concatenation of 2 Blobs
+ */
+errlHndl_t SecureROM::hashConcatBlobs(const void* i_blob1, size_t i_blob1Size,
+                                      const void* i_blob2, size_t i_blob2Size,
+                                      SHA512_t o_buf) const
+{
+    errlHndl_t l_errl = NULL;
+
+    assert(i_blob1 != NULL);
+    assert(i_blob2 != NULL);
+
+    size_t l_concatSize = i_blob1Size + i_blob2Size;
+    uint8_t* l_concatBuf = new uint8_t[l_concatSize]();
+
+    // Copy first blob
+    memcpy(l_concatBuf, i_blob1, i_blob1Size);
+    // Copy second blob
+    memcpy(l_concatBuf + i_blob1Size, i_blob2, i_blob2Size);
+
+    // Call hash blob on new concatenated buffer
+    l_errl = hashBlob(l_concatBuf,l_concatSize,o_buf);
+
+    delete[] l_concatBuf;
+    l_concatBuf = NULL;
+    return l_errl;
+}
 
 /********************
  Internal Methods
@@ -610,5 +648,3 @@ SecureROM& SecureROM::getInstance()
 {
     return Singleton<SecureROM>::instance();
 }
-
-
diff --git a/src/usr/secureboot/base/securerom.H b/src/usr/secureboot/base/securerom.H
@@ -65,7 +65,7 @@ class SecureROM
          *
          * @return errlHndl_t  NULL on success
          */
-        errlHndl_t hashBlob(void * i_blob, size_t i_size, SHA512_t io_buf);
+        errlHndl_t hashBlob(void * i_blob, size_t i_size, SHA512_t io_buf) const;
 
         /**
          * @brief Retrieve the internal hardware hash key from secure ROM
@@ -76,6 +76,23 @@ class SecureROM
          */
         void getHwHashKeys(sha2_hash_t o_hash);
 
+        /*
+         * @brief Hash the concatenation of two Blobs
+         *
+         *  Asserts if either blobs are NULL
+         *
+         * @param[in]  i_blob1      Void pointer to effective address of blob1
+         * @param[in]  i_blob1Size  Size of blob1 in bytes
+         * @param[in]  i_blob2      Void pointer to effective address of blob2
+         * @param[in]  i_blob2Size  Size of blob2 in bytes
+         * @param[out] o_hash       SHA512 hash
+         *
+         * @return errlHndl_t  NULL on success
+         */
+        errlHndl_t hashConcatBlobs (const void* i_blob1, size_t i_blob1Size,
+                                    const void* i_blob2, size_t i_blob2Size,
+                                    SHA512_t o_buf) const;
+
     protected:
 
         /**
diff --git a/src/usr/secureboot/base/test/makefile b/src/usr/secureboot/base/test/makefile
@@ -28,6 +28,6 @@ MODULE = testsecureboot
 TESTS = *.H
 
 BINARY_FILES = $(IMGDIR)/secureboot_signed_container:7cff7a85f0db014016a61eac856c3775cd266240
+BINARY_FILES += $(IMGDIR)/secureboot_hash_page_table_container:16ccaff1e3c94cf17c2858e3a917dd9d64528848
 
 include ${ROOTPATH}/config.mk
-
diff --git a/src/usr/secureboot/base/test/secureromtest.H b/src/usr/secureboot/base/test/secureromtest.H
diff --git a/src/usr/vfs/vfsrp.C b/src/usr/vfs/vfsrp.C
diff --git a/src/usr/vfs/vfsrp.H b/src/usr/vfs/vfsrp.H

Original file line number	Diff line number	Diff line change
`@@ -100,6 +100,8 @@ extern VfsSystemModule VFS_MODULES[VFS_MODULE_MAX];`
`100`	`100`
`101`	`101`	`extern uint64_t VFS_LAST_ADDRESS;`
`102`	`102`
	`103`	`+#define VFS_MODULE_TABLE_SIZE (VFS_EXTENDED_MODULE_MAX * sizeof(VfsSystemModule))`
	`104`	`+`
`103`	`105`	`#ifdef __cplusplus`
`104`	`106`	`}`
`105`	`107`	`#endif`
Original file line number	Diff line number	Diff line change
`@@ -449,8 +449,10 @@ errlHndl_t PNOR::parseTOC(uint8_t* i_toc0Buffer, uint8_t* i_toc1Buffer,`
`449`	`449`	`((o_TOC[secId].size * 8 ) / 9);`
`450`	`450`	`}`
`451`	`451`
`452`		`- // TODO RTC:96009 handle version header w/secureboot`
`453`		`- if (o_TOC[secId].version == FFS_VERS_SHA512)`
	`452`	`+ // @TODO RTC:153773 move header handling to secure pnor rp`
	`453`	`+ // Don't skip header if verification is needed.`
	`454`	`+ if (o_TOC[secId].version == FFS_VERS_SHA512`
	`455`	`+ && strcmp(cur_entry->name,"HBI") != 0)`
`454`	`456`	`{`
`455`	`457`	`TRACFCOMP(g_trac_pnor, "PNOR::parseTOC: Incrementing"`
`456`	`458`	`" Flash Address for SHA Header");`
`@@ -477,7 +479,6 @@ errlHndl_t PNOR::parseTOC(uint8_t* i_toc0Buffer, uint8_t* i_toc1Buffer,`
`477`	`479`	`}`
`478`	`480`	`}`
`479`	`481`
`480`		`-`
`481`	`482`	`if((o_TOC[secId].flashAddr + o_TOC[secId].size) >`
`482`	`483`	`(l_ffs_hdr->block_count*PAGESIZE))`
`483`	`484`	`{`