coreboot-gerrit October 2018

coreboot-gerrit@coreboot.org

1 participants
1285 discussions

Change in coreboot[master]: security/tpm: Add function to measure a region device
by Werner Zeh (Code Review) 23 Oct '18

23 Oct '18

Werner Zeh has uploaded this change for review. ( https://review.coreboot.org/29234 Change subject: security/tpm: Add function to measure a region device ...................................................................... security/tpm: Add function to measure a region device Add a new function which can hash a given region device and extend a PCR in the TPM with the result. The needed SHA algorithms are included from 3rdparty/vboot and thus not duplicated in the coreboot tree. Change-Id:… [View More] I126cc3500fd039d63743db78002a04d201ab18aa Signed-off-by: Werner Zeh <werner.zeh(a)siemens.com> --- M src/security/tpm/Makefile.inc M src/security/tpm/tspi.h M src/security/tpm/tspi/tspi.c M src/security/tpm/tss_errors.h 4 files changed, 92 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/34/29234/1 diff --git a/src/security/tpm/Makefile.inc b/src/security/tpm/Makefile.inc index 34ead8f..9473083 100644 --- a/src/security/tpm/Makefile.inc +++ b/src/security/tpm/Makefile.inc @@ -43,3 +43,26 @@ postcar-$(CONFIG_VBOOT) += tspi/tspi.c tspi/log.c endif # CONFIG_TPM2 + +## Hashing functions form VBOOT are common to all TPM versions +CFLAGS_common += -I3rdparty/vboot/firmware/2lib/include + +verstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha1.c +verstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha256.c +verstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha512.c +verstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha_utility.c + +postcar-y += ../../../3rdparty/vboot/firmware/2lib/2sha1.c +postcar-y += ../../../3rdparty/vboot/firmware/2lib/2sha256.c +postcar-y += ../../../3rdparty/vboot/firmware/2lib/2sha512.c +postcar-y += ../../../3rdparty/vboot/firmware/2lib/2sha_utility.c + +romstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha1.c +romstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha256.c +romstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha512.c +romstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha_utility.c + +ramstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha1.c +ramstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha256.c +ramstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha512.c +ramstage-y += ../../../3rdparty/vboot/firmware/2lib/2sha_utility.c diff --git a/src/security/tpm/tspi.h b/src/security/tpm/tspi.h index e4ddefc..a1fd1a8 100644 --- a/src/security/tpm/tspi.h +++ b/src/security/tpm/tspi.h @@ -3,6 +3,7 @@ * * Copyright (c) 2013 The Chromium OS Authors. All rights reserved. * Copyright 2018 Facebook Inc. + * Copyright 2018 Siemens AG * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,6 +20,9 @@ #include <security/tpm/tss.h> #include <commonlib/tcpa_log_serialized.h> +#include <commonlib/region.h> + +#define TPM_PCR_MAX_LEN 64 /** * Add table entry for cbmem TCPA log. @@ -51,4 +55,14 @@ */ uint32_t tpm_setup(int s3flag); +/** + * Measure a given region device and extend given PCR with the result. + * @param *rdev Pointer to the region device to measure + * @param pcr Index of the PCR which will be extended by this measure + * @param *rname Name of the region that is measured + * @return TPM error code in case of error otherwise TPM_SUCCESS + */ +uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr, + const char *rname); + #endif /* TSPI_H_ */ diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c index c1779e6..fbe138f 100644 --- a/src/security/tpm/tspi/tspi.c +++ b/src/security/tpm/tspi/tspi.c @@ -3,6 +3,7 @@ * * Copyright (c) 2013 The Chromium OS Authors. All rights reserved. * Copyright 2017 Facebook Inc. + * Copyright 2018 Siemens AG * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -21,6 +22,7 @@ #include <security/tpm/tss.h> #include <stdlib.h> #include <string.h> +#include <2sha.h> #if IS_ENABLED(CONFIG_TPM1) static uint32_t tpm1_invoke_state_machine(void) @@ -206,3 +208,54 @@ return TPM_SUCCESS; } + +uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr, + const char *rname) +{ + uint8_t digset[TPM_PCR_MAX_LEN], digset_len; + uint32_t result; + void *buf; + struct vb2_digest_context ctx; + enum vb2_hash_algorithm hash_alg; + + if (!rdev || !rname) + return TPM_BAD_PARAMETER; + result = tlcl_lib_init(); + if (result != TPM_SUCCESS) { + printk(BIOS_ERR, "TPM: Can't initialize library.\n"); + return result; + } + buf = rdev_mmap_full(rdev); + if (!buf) { + printk(BIOS_ERR, "TPM: Not able to map region device for %s\n", + rname); + return TPM_E_IOERROR; + } + if (IS_ENABLED(CONFIG_TPM1)) + hash_alg = VB2_HASH_SHA1; + else if (IS_ENABLED(CONFIG_TPM2)) + hash_alg = VB2_HASH_SHA256; + else + return TPM_BAD_PARAMETER; + + digset_len = vb2_digest_size(hash_alg); + if (vb2_digest_init(&ctx, hash_alg)) { + printk(BIOS_ERR, "TPM: Error initializing hash.\n"); + return TPM_E_SHA_ERROR; + } + if (vb2_digest_extend(&ctx, buf, region_device_sz(rdev))) { + printk(BIOS_ERR, "TPM: Error extending hash.\n"); + return TPM_E_SHA_ERROR; + } + if (vb2_digest_finalize(&ctx, digset, digset_len)) { + printk(BIOS_ERR, "TPM: Error finalizing hash.\n"); + return TPM_E_SHA_ERROR; + } + result = tpm_extend_pcr(pcr, digset, digset_len, rname); + if (result != TPM_SUCCESS) { + printk(BIOS_ERR, "TPM: Extending hash into PCR failed.\n"); + return result; + } + printk(BIOS_DEBUG, "TPM: Measured %s into PCR %d\n", rname, pcr); + return TPM_SUCCESS; +} diff --git a/src/security/tpm/tss_errors.h b/src/security/tpm/tss_errors.h index e2f1486..7c5d465 100644 --- a/src/security/tpm/tss_errors.h +++ b/src/security/tpm/tss_errors.h @@ -17,6 +17,8 @@ #define TPM_E_AREA_LOCKED ((uint32_t)0x0000003c) #define TPM_E_BADINDEX ((uint32_t)0x00000002) +#define TPM_BAD_PARAMETER ((uint32_t)0x00000003) +#define TPM_E_SHA_ERROR ((uint32_t)0x0000001b) #define TPM_E_BAD_PRESENCE ((uint32_t)0x0000002d) #define TPM_E_IOERROR ((uint32_t)0x0000001f) #define TPM_E_INVALID_POSTINIT ((uint32_t)0x00000026) -- To view, visit https://review.coreboot.org/29234 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I126cc3500fd039d63743db78002a04d201ab18aa Gerrit-Change-Number: 29234 Gerrit-PatchSet: 1 Gerrit-Owner: Werner Zeh <werner.zeh(a)siemens.com> [View Less]

1 0

Change in coreboot[master]: mb/google/poppy: add the smi_events back
by Furquan Shaikh (Code Review) 23 Oct '18

23 Oct '18

Furquan Shaikh has posted comments on this change. ( https://review.coreboot.org/29191 ) Change subject: mb/google/poppy: add the smi_events back ...................................................................... Patch Set 4: (1 comment) https://review.coreboot.org/#/c/29191/1/src/mainboard/google/poppy/ec.c File src/mainboard/google/poppy/ec.c: https://review.coreboot.org/#/c/29191/1/src/mainboard/google/poppy/ec.c@27 PS1, Line 27: .smi_events = MAINBOARD_EC_SMI_EVENTS, > Done. I … [View More]

1 0

Change in coreboot[master]: mb/google/poppy: add the smi_events back
by Furquan Shaikh (Code Review) 23 Oct '18

23 Oct '18

Furquan Shaikh has posted comments on this change. ( https://review.coreboot.org/29191 ) Change subject: mb/google/poppy: add the smi_events back ...................................................................... Patch Set 4: Code-Review+2 -- To view, visit https://review.coreboot.org/29191 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: … [View More]

1 0

Change in coreboot[master]: mb/google/poppy: add the smi_events back
by Zhuohao Lee (Code Review) 23 Oct '18

23 Oct '18

Zhuohao Lee has posted comments on this change. ( https://review.coreboot.org/29191 ) Change subject: mb/google/poppy: add the smi_events back ...................................................................... Patch Set 4: (2 comments) https://review.coreboot.org/#/c/29191/1//COMMIT_MSG Commit Message: https://review.coreboot.org/#/c/29191/1//COMMIT_MSG@12 PS1, Line 12: always keep in S0. > Can you please mention here that this was broken because of CL:28983? Done https://review.… [View More]

1 0

Change in coreboot[master]: mb/google/poppy: add the smi_events back
by Zhuohao Lee (Code Review) 23 Oct '18

23 Oct '18

Hello Nick Vaccaro, build bot (Jenkins), Furquan Shaikh, I'd like you to reexamine a change. Please visit https://review.coreboot.org/29191 to look at the new patch set (#4). Change subject: mb/google/poppy: add the smi_events back ...................................................................... mb/google/poppy: add the smi_events back Before entering the OS, the AP relies on the smi handler to shutdown the system when the lid closes. Without the smi_events setting, the AP will … [View More]

1 0

Change in coreboot[master]: mb/google/poppy: add the smi_events back
by Zhuohao Lee (Code Review) 23 Oct '18

23 Oct '18

Hello Nick Vaccaro, build bot (Jenkins), Furquan Shaikh, I'd like you to reexamine a change. Please visit https://review.coreboot.org/29191 to look at the new patch set (#3). Change subject: mb/google/poppy: add the smi_events back ...................................................................... mb/google/poppy: add the smi_events back Before entering the OS, the AP relies on the smi handler to shutdown the system when the lid closes. Without the smi_events setting, the AP will … [View More]

1 0

Change in coreboot[master]: mb/google/poppy: add the smi_events back
by Zhuohao Lee (Code Review) 23 Oct '18

23 Oct '18

Hello Nick Vaccaro, build bot (Jenkins), Furquan Shaikh, I'd like you to reexamine a change. Please visit https://review.coreboot.org/29191 to look at the new patch set (#2). Change subject: mb/google/poppy: add the smi_events back ...................................................................... mb/google/poppy: add the smi_events back Before entering the OS, the AP relies on the smi handler to shutdown the system when the lid closes. Without the smi_events setting, the AP will … [View More]

1 0

Change in coreboot[master]: Nami: Add field to identify single channel DDR
by Furquan Shaikh (Code Review) 23 Oct '18

23 Oct '18

Furquan Shaikh has posted comments on this change. ( https://review.coreboot.org/29233 ) Change subject: Nami: Add field to identify single channel DDR ...................................................................... Patch Set 1: (1 comment) https://review.coreboot.org/#/c/29233/1//COMMIT_MSG Commit Message: https://review.coreboot.org/#/c/29233/1//COMMIT_MSG@7 PS1, Line 7: Nami mb/google/poppy -- To view, visit https://review.coreboot.org/29233 To unsubscribe, or for help … [View More]

1 0

Change in coreboot[master]: Nami: Add field to identify single channel DDR
by Shelley Chen (Code Review) 23 Oct '18

23 Oct '18

Shelley Chen has uploaded this change for review. ( https://review.coreboot.org/29233 Change subject: Nami: Add field to identify single channel DDR ...................................................................... Nami: Add field to identify single channel DDR Variants of Nami need to accommodate single channel DDR. Will use GPP_D10 on nami for identification. BUG=b:117194353 BRANCH=None TEST=dmidecode | grep Channel and make sure that the correct number of channels gets … [View More]returned. Change-Id: If86ab2c5404c4e818ce496ea935227ab5e51730a Signed-off-by: Shelley Chen <shchen(a)google.com> --- M src/mainboard/google/poppy/romstage.c M src/mainboard/google/poppy/variants/baseboard/include/baseboard/variants.h M src/mainboard/google/poppy/variants/nami/gpio.c M src/mainboard/google/poppy/variants/nami/mainboard.c 4 files changed, 17 insertions(+), 3 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/33/29233/1 diff --git a/src/mainboard/google/poppy/romstage.c b/src/mainboard/google/poppy/romstage.c index f49fbf4..c77fdf0 100644 --- a/src/mainboard/google/poppy/romstage.c +++ b/src/mainboard/google/poppy/romstage.c @@ -163,6 +163,9 @@ memcpy(&mem_cfg->RcompTarget, p.rcomp_target, p.rcomp_target_size); mem_cfg->MemorySpdPtr00 = mainboard_get_spd_data(p.type, p.use_sec_spd); - mem_cfg->MemorySpdPtr10 = mem_cfg->MemorySpdPtr00; + if (p.single_channel) + mem_cfg->MemorySpdPtr10 = 0; + else + mem_cfg->MemorySpdPtr10 = mem_cfg->MemorySpdPtr00; mem_cfg->MemorySpdDataLen = spd_info[p.type].len; } diff --git a/src/mainboard/google/poppy/variants/baseboard/include/baseboard/variants.h b/src/mainboard/google/poppy/variants/baseboard/include/baseboard/variants.h index 7e850b6..7851c31 100644 --- a/src/mainboard/google/poppy/variants/baseboard/include/baseboard/variants.h +++ b/src/mainboard/google/poppy/variants/baseboard/include/baseboard/variants.h @@ -48,6 +48,9 @@ const void *rcomp_target; size_t rcomp_target_size; bool use_sec_spd; + + /* This would be set to true if only have single DDR channel */ + bool single_channel; }; void variant_memory_params(struct memory_params *p); diff --git a/src/mainboard/google/poppy/variants/nami/gpio.c b/src/mainboard/google/poppy/variants/nami/gpio.c index 2d0fea4..8f10f12 100644 --- a/src/mainboard/google/poppy/variants/nami/gpio.c +++ b/src/mainboard/google/poppy/variants/nami/gpio.c @@ -179,8 +179,8 @@ PAD_CFG_NC(GPP_D8), /* D9 : ISH_SPI_CS# ==> HP_IRQ_GPIO */ PAD_CFG_GPI_APIC(GPP_D9, NONE, PLTRST), - /* D10 : ISH_SPI_CLK ==> SPKR_RST_L (unstuffed) */ - PAD_CFG_NC(GPP_D10), + /* D10 : ISH_SPI_CLK ==> SINGLE_CHANNEL */ + PAD_CFG_GPI_GPIO_DRIVER(GPP_D10, 20K_PD, DEEP), /* D11 : ISH_SPI_MISO ==> DCI_CLK (debug header) */ PAD_CFG_NC(GPP_D11), /* D12 : ISH_SPI_MOSI ==> DCI_DATA (debug header) */ @@ -370,6 +370,9 @@ /* E0 : SATAXPCI0 ==> H1_PCH_INT_ODL */ PAD_CFG_GPI_APIC_INVERT(GPP_E0, NONE, PLTRST), + + /* D10 : ISH_SPI_CLK ==> SINGLE_CHANNEL */ + PAD_CFG_GPI_GPIO_DRIVER(GPP_D10, 20K_PD, DEEP), }; const struct pad_config *variant_gpio_table(size_t *num) diff --git a/src/mainboard/google/poppy/variants/nami/mainboard.c b/src/mainboard/google/poppy/variants/nami/mainboard.c index 2052ae0..c7424ad 100644 --- a/src/mainboard/google/poppy/variants/nami/mainboard.c +++ b/src/mainboard/google/poppy/variants/nami/mainboard.c @@ -254,5 +254,10 @@ sku_overwrite_mapping[oem_index].ac_loadline[i]; cfg->domain_vr_config[i].dc_loadline = sku_overwrite_mapping[oem_index].dc_loadline[i]; + } + + /* GPP_D10 set to 0 for dual channel and 1 for single channel */ + if (gpio_get(GPP_D10)) + p->single_channel = 1; } -- To view, visit https://review.coreboot.org/29233 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: If86ab2c5404c4e818ce496ea935227ab5e51730a Gerrit-Change-Number: 29233 Gerrit-PatchSet: 1 Gerrit-Owner: Shelley Chen <shchen(a)google.com> [View Less]

1 0

Change in coreboot[master]: mb/google/poppy: add the smi_events back
by Furquan Shaikh (Code Review) 23 Oct '18

23 Oct '18

Furquan Shaikh has posted comments on this change. ( https://review.coreboot.org/29191 ) Change subject: mb/google/poppy: add the smi_events back ...................................................................... Patch Set 1: (2 comments) https://review.coreboot.org/#/c/29191/1//COMMIT_MSG Commit Message: https://review.coreboot.org/#/c/29191/1//COMMIT_MSG@12 PS1, Line 12: shutdown and will always keep in S0. Can you please mention here that this was broken because of CL:28983? … [View More]

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

coreboot-gerrit October 2018