Read and measure CBFS files into initrd

[flammit]

Closes #182 and depends on PR #355. Allows the user to add files such as keys to the reproducibly-build coreboot.rom via cbfstool as long as there CBFS name is prefixed as initrd/*:

./build/coreboot-4.7/x230/cbfstool ./build/x230/coreboot.rom add -t raw -f ~/.ssh/id_rsa.pub -n "initrd/.ssh/authorized_keys"
./build/coreboot-4.7/x230/cbfstool ./build/x230/coreboot.rom add -t raw -f ~/.gnupg/pubring.gpg -n "initrd/.gnupg/pubring.gpg"
./build/coreboot-4.7/x230/cbfstool ./build/x230/coreboot.rom add -t raw -f ~/.gnupg/secring.gpg -n "initrd/.gnupg/secring.gpg"
./build/coreboot-4.7/x230/cbfstool ./build/x230/coreboot.rom add -t raw -f ~/.gnupg/trustdb.gpg -n "initrd/.gnupg/trustdb.gpg"

Tested on x230.

[flammit]

Also successfully tested measurement by altering CBFS file name and data with flashtool on x230 after TOTP seal

[paulmenzel]

The verb is spelled with a space Set up.

[paulmenzel]

The verb is spelled with a space Set up.

[paulmenzel]

The verb is spelled with a space Set up.

[paulmenzel]

The modules are device specific, right? Should that depend on some configuration?

[flammit]

They are device specific. I could use the variables in module/linux that control the inclusion of the kernel modules (CONFIG_LINUX_E1000, CONFIG_LINUX_E1000E, CONFIG_LINUX_IGB, CONFIG_LINUX_SFC, CONFIG_LINUX_MLX4) and export them in all the board configs, but that's equivalent to testing for existence in the initrd. @osresearch what do you think?

[osresearch]

I'm so excited to merge this so that we can move the user config and volatile things out of the initrd.

The cbfs reader patch should be sent as a patch to https://github.com/osresearch/flashtools so that we don't have the maintain it as a patch. I hear the owner of that tree accepts PRs.

In QEMU when I last tried to read the ROM from /dev/mem it fails due to something not being mapped. /proc/iomem does not contain physmap-flash, which is likely why it doesn't show up. As a total hack, if I comment out this check in read_mem() in linux-4.9.80/drivers/char/mem.c, qemu is able to dump the contents of the ROM via /dev/mem:

if (!valid_phys_addr_range(p, count))

So it is something in the way that the memory map is being communicated to qemu that prevents us from being able to see the ROM.

We could patch the Heads kernel to allow this, although it would be good to know why it is not communicated.

[flammit]

Confirmed, in QEMU the /dev/mem reads fail in the current cbfs command, but using the busybox devmem tool and your peek work:

~# devmem 0xfffffffc
0xFF900138
~# devmem 0xff900138
0x4342524F

I'll fix cbfs.c up to work in QEMU by using your map_physical before pushing the patch to https://github.com/osresearch/flashtools.

[kakaroto]

I really like this solution! Great work!
flashtools doesn't work for me (on skylake) but I already reviewed the skylake port of flashrom so I should still know what needs to be done for it to work and I'll look into it soon.

[kakaroto]

Another review will probably happen on the flashtools repo once you send the PR but here's a preliminary one!

[kakaroto]

Indentation is wrong here

[kakaroto]

Indentation of this closing bracket is wrong.

[kakaroto]

The magic number here should be made into a macro.. I'm assuming 0x50 is FILE_TYPE_RAW?
Also, I don't think it's necessary for the specific task the tool was written for but the file type could/should probably be given as argument to the program.

[kakaroto]

Instead of an infinite loop (which breaks when it's outside the bounds of the cbfs), it would be better to do :
while (off < end) {

[kakaroto]

Verify file_data was allocated correctly.. A corrupted image could cause you to try and allocate GBs of data which would fail.

[kakaroto]

name is allocated but never freed.

[kakaroto]

Maybe break once the file is read ?

[kakaroto]

Since you print the file to stdout, all the verbose printfs should probably go to sdterr.

[flammit]

@kakaroto thanks for the comments! I'll incorporate them into the upcoming https://github.com/osresearch/flashtools PR

[flammit]

The cbfs command PR is now up at osresearch/flashtools#3. Please review there and I'll adjust this PR once that is merged.

[flammit]

@osresearch PTAL should be good to review and merge. I've tested on qemu-coreboot.

You should now be able to add keys just as:

./build/coreboot-4.7/qemu-coreboot/cbfstool ./build/qemu-coreboot/coreboot.rom add -t raw -f ~/.ssh/id_rsa.pub -n "initrd/.ssh/authorized_keys"
./build/coreboot-4.7/qemu-coreboot/cbfstool ./build/qemu-coreboot/coreboot.rom add -t raw -f ~/keys/49FFCE9C.key -n "initrd/.gnupg/keys/49FFCE9C.key"

[flammit]

Minor change to require that cbfs file names be prefixed as heads/initrd/*. The idea is that any CBFS file with the prefix heads/ will attempt to be preserved between ROM updates.

./build/coreboot-4.7/qemu-coreboot/cbfstool ./build/qemu-coreboot/coreboot.rom add -t raw -f ~/.ssh/id_rsa.pub -n "heads/initrd/.ssh/authorized_keys"
./build/coreboot-4.7/qemu-coreboot/cbfstool ./build/qemu-coreboot/coreboot.rom add -t raw -f ~/keys/49FFCE9C.key -n "heads/initrd/.gnupg/keys/49FFCE9C.key"

[flammit]

By default, both flashrom-x230.sh and flashrom-kgpe-d16.sh now use preserve_rom in /etc/function to inject previously loaded, non-conflicting heads/* files into new update ROMs prior to flashing.

Tested on x230 and kgpe-d16

[osresearch]

What is $CUSTOMPWD?