coreboot-gerrit January 2019

coreboot-gerrit@coreboot.org

1 participants
1296 discussions

Change in ...coreboot[master]: lib/prog_loaders.c: Add prog_locate_hook() for measured and verified ...
by Frans Hendriks (Code Review) 28 Oct '19

28 Oct '19

Frans Hendriks has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/30811 Change subject: lib/prog_loaders.c: Add prog_locate_hook() for measured and verified boot. ...................................................................... lib/prog_loaders.c: Add prog_locate_hook() for measured and verified boot. Before images are loaded from cbfs it needs to be measured and/or verified. prog_locate_hook() is added and can be used to start measured/verified boot. BUG=N/A TEST=Created verified binary and verify logging on Facebook FBG-1701 Change-Id: I12207fc8f2e9ca45d048cf8c8d9c057f53e5c2c7 Signed-off-by: Frans Hendriks <fhendriks(a)eltan.com> --- M src/include/program_loading.h M src/lib/prog_loaders.c 2 files changed, 7 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/11/30811/1 diff --git a/src/include/program_loading.h b/src/include/program_loading.h index 468f0b3..a382daf 100644 --- a/src/include/program_loading.h +++ b/src/include/program_loading.h @@ -3,6 +3,7 @@ * * Copyright 2015 Google Inc. * Copyright (C) 2014 Imagination Technologies + * Copyright (C) 2018 Eltan B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -136,6 +137,7 @@ /* Locate the identified program to run. Return 0 on success. < 0 on error. */ int prog_locate(struct prog *prog); +int prog_locate_hook(struct prog *prog); /* Run the program described by prog. */ void prog_run(struct prog *prog); diff --git a/src/lib/prog_loaders.c b/src/lib/prog_loaders.c index b763417..4fa9a03 100644 --- a/src/lib/prog_loaders.c +++ b/src/lib/prog_loaders.c @@ -2,6 +2,7 @@ * This file is part of the coreboot project. * * Copyright 2015 Google Inc. + * Copyright (C) 2018 Eltan B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -39,6 +40,9 @@ { struct cbfsf file; + if (prog_locate_hook(prog)) + return -1; + cbfs_prepare_program_locate(); if (cbfs_boot_locate(&file, prog_name(prog), NULL)) @@ -74,6 +78,7 @@ halt(); } +int __weak prog_locate_hook(struct prog *prog) {return 0; } void __weak stage_cache_add(int stage_id, const struct prog *stage) {} void __weak stage_cache_load_stage(int stage_id, -- To view, visit https://review.coreboot.org/c/coreboot/+/30811 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I12207fc8f2e9ca45d048cf8c8d9c057f53e5c2c7 Gerrit-Change-Number: 30811 Gerrit-PatchSet: 1 Gerrit-Owner: Frans Hendriks <fhendriks(a)eltan.com> Gerrit-MessageType: newchange

9 45

Change in ...coreboot[master]: src/soc/intel/fsp_baytrail/smm.c: add bootstate entry for locking SMI
by Michał Żygowski (Code Review) 14 Oct '19

14 Oct '19

Michał Żygowski has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/30753 Change subject: src/soc/intel/fsp_baytrail/smm.c: add bootstate entry for locking SMI ...................................................................... src/soc/intel/fsp_baytrail/smm.c: add bootstate entry for locking SMI Signed-off-by: Michał Żygowski <michal.zygowski(a)3mdeb.com> Change-Id: Ia296a680217a38136c063cae6ed619df0c497795 --- M src/soc/intel/fsp_baytrail/smm.c 1 file changed, 14 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/53/30753/1 diff --git a/src/soc/intel/fsp_baytrail/smm.c b/src/soc/intel/fsp_baytrail/smm.c index 84f8d28..149272d 100644 --- a/src/soc/intel/fsp_baytrail/smm.c +++ b/src/soc/intel/fsp_baytrail/smm.c @@ -20,6 +20,7 @@ #include <arch/io.h> #include <cpu/x86/smm.h> #include <string.h> +#include <bootstate.h> #include <soc/iomap.h> #include <soc/pmc.h> @@ -124,3 +125,16 @@ "d" (APM_CNT) ); } + +static void finalize_chipset(void *unused) +{ + printk(BIOS_DEBUG, "Finalizing SMM.\n"); + /* Lock sleep stretching policy and set SMI lock. */ + write32((void *)(PMC_BASE_ADDRESS + GEN_PMCON2), + read32((void *)(PMC_BASE_ADDRESS + GEN_PMCON2)) + | SLPSX_STR_POL_LOCK | SMI_LOCK); + outb(APM_CNT_FINALIZE, APM_CNT); +} + +BOOT_STATE_INIT_ENTRY(BS_OS_RESUME, BS_ON_ENTRY, finalize_chipset, NULL); +BOOT_STATE_INIT_ENTRY(BS_PAYLOAD_LOAD, BS_ON_EXIT, finalize_chipset, NULL); -- To view, visit https://review.coreboot.org/c/coreboot/+/30753 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Ia296a680217a38136c063cae6ed619df0c497795 Gerrit-Change-Number: 30753 Gerrit-PatchSet: 1 Gerrit-Owner: Michał Żygowski <michal.zygowski(a)3mdeb.com> Gerrit-MessageType: newchange

4 4

Change in ...coreboot[master]: sb/intel/i82801gx: Add a mb hook to override the SPI opmenu
by Arthur Heymans (Code Review) 13 Oct '19

13 Oct '19

Arthur Heymans has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/30888 Change subject: sb/intel/i82801gx: Add a mb hook to override the SPI opmenu ...................................................................... sb/intel/i82801gx: Add a mb hook to override the SPI opmenu By default the SPI configuration gets locked down, but the default opmenu setting could not work with some SPI flashes. This fixes unmodified flashrom not being able to flash the Thinkpad X60 with CONFIG_INTEL_CHIPSET_LOCKDOWN set. Change-Id: I43e6abcc5c761720b31bc023016cb71b860e76ed Signed-off-by: Arthur Heymans <arthur(a)aheymans.xyz> --- M src/mainboard/lenovo/x60/mainboard.c M src/southbridge/intel/i82801gx/i82801gx.h M src/southbridge/intel/i82801gx/lpc.c 3 files changed, 126 insertions(+), 47 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/88/30888/1 diff --git a/src/mainboard/lenovo/x60/mainboard.c b/src/mainboard/lenovo/x60/mainboard.c index 5cf0d26..f770cf9 100644 --- a/src/mainboard/lenovo/x60/mainboard.c +++ b/src/mainboard/lenovo/x60/mainboard.c @@ -22,10 +22,12 @@ #include <arch/io.h> #include <ec/acpi/ec.h> #include <northbridge/intel/i945/i945.h> +#include <southbridge/intel/i82801gx/i82801gx.h> #include "dock.h" #include <drivers/intel/gma/int15.h> #include <drivers/lenovo/lenovo.h> #include <arch/acpigen.h> +#include <spi_flash.h> #define PANEL INT15_5F35_CL_DISPLAY_DEFAULT @@ -68,6 +70,60 @@ return ARRAY_SIZE(cst_entries); } +/* + * SPI lockdown configuration for SST25VF016B. + */ +#define SPI_OPMENU_0 0x01 /* WRSR: Write Status Register */ +#define SPI_OPTYPE_0 0x01 /* Write, no address */ + +#define SPI_OPMENU_1 0x02 /* BYPR: Byte Program */ +#define SPI_OPTYPE_1 0x03 /* Write, address required */ + +#define SPI_OPMENU_2 0x03 /* READ: Read Data */ +#define SPI_OPTYPE_2 0x02 /* Read, address required */ + +#define SPI_OPMENU_3 0x05 /* RDSR: Read Status Register */ +#define SPI_OPTYPE_3 0x00 /* Read, no address */ + +#define SPI_OPMENU_4 0x20 /* SE20: Sector Erase 0x20 */ +#define SPI_OPTYPE_4 0x03 /* Write, address required */ + +#define SPI_OPMENU_5 0x9f /* RDID: Read ID */ +#define SPI_OPTYPE_5 0x00 /* Read, no address */ + +#define SPI_OPMENU_6 0xad /* Auto Address Increment Word Program */ +#define SPI_OPTYPE_6 0x01 /* Write, address required */ + +#define SPI_OPMENU_7 0x04 /* Write Disable */ +#define SPI_OPTYPE_7 0x01 /* Write, no address */ + +#define SPI_OPPREFIX ((0x50 << 8) | 0x06) /* EWSR and WREN */ +#define SPI_OPTYPE ((SPI_OPTYPE_7 << 14) | (SPI_OPTYPE_6 << 12) | \ + (SPI_OPTYPE_5 << 10) | (SPI_OPTYPE_4 << 8) | \ + (SPI_OPTYPE_3 << 6) | (SPI_OPTYPE_2 << 4) | \ + (SPI_OPTYPE_1 << 2) | (SPI_OPTYPE_0 << 0)) +#define SPI_OPMENU_UPPER ((SPI_OPMENU_7 << 24) | (SPI_OPMENU_6 << 16) | \ + (SPI_OPMENU_5 << 8) | (SPI_OPMENU_4 << 0)) +#define SPI_OPMENU_LOWER ((SPI_OPMENU_3 << 24) | (SPI_OPMENU_2 << 16) | \ + (SPI_OPMENU_1 << 8) | (SPI_OPMENU_0 << 0)) +#define SPI_VSCC (WG_64_BYTE | EO(0x20) | BES_4_KB) + +static const struct spi_config spi_config_sst = { + .preop = SPI_OPPREFIX, + .optype = SPI_OPTYPE, + .opmenu = { SPI_OPMENU_LOWER, SPI_OPMENU_UPPER }, +}; + + +void mainboard_override_spi_config(struct spi_config *cfg) +{ + const struct spi_flash *flash = boot_device_spi_flash(); + + if (strcmp(flash->name, "SST25VF016B") == 0) { + memcpy(cfg, &spi_config_sst, sizeof(*cfg)); + } +} + static void mainboard_init(struct device *dev) { struct device *idedev, *sdhci_dev; diff --git a/src/southbridge/intel/i82801gx/i82801gx.h b/src/southbridge/intel/i82801gx/i82801gx.h index 9fd9fd6..0a32201 100644 --- a/src/southbridge/intel/i82801gx/i82801gx.h +++ b/src/southbridge/intel/i82801gx/i82801gx.h @@ -364,51 +364,16 @@ #define C3_RES 0x54 #define TCO1_CNT 0x68 -/* SPIBAR - * - * SPI Opcode Menu setup for SPIBAR lockdown - * should support most common flash chips. +/* + * SPI lockdown configuration. */ +struct spi_config { + uint16_t preop; + uint16_t optype; + uint32_t opmenu[2]; +}; -#define PREOP 0x54 -#define OPTYPE 0x56 -#define OPMENU 0x58 - -#define SPI_OPMENU_0 0x01 /* WRSR: Write Status Register */ -#define SPI_OPTYPE_0 0x01 /* Write, no address */ - -#define SPI_OPMENU_1 0x02 /* BYPR: Byte Program */ -#define SPI_OPTYPE_1 0x03 /* Write, address required */ - -#define SPI_OPMENU_2 0x03 /* READ: Read Data */ -#define SPI_OPTYPE_2 0x02 /* Read, address required */ - -#define SPI_OPMENU_3 0x05 /* RDSR: Read Status Register */ -#define SPI_OPTYPE_3 0x00 /* Read, no address */ - -#define SPI_OPMENU_4 0x20 /* SE20: Sector Erase 0x20 */ -#define SPI_OPTYPE_4 0x03 /* Write, address required */ - -#define SPI_OPMENU_5 0x9f /* RDID: Read ID */ -#define SPI_OPTYPE_5 0x00 /* Read, no address */ - -#define SPI_OPMENU_6 0xd8 /* BED8: Block Erase 0xd8 */ -#define SPI_OPTYPE_6 0x03 /* Write, address required */ - -#define SPI_OPMENU_7 0x0b /* FAST: Fast Read */ -#define SPI_OPTYPE_7 0x02 /* Read, address required */ - -#define SPI_OPMENU_UPPER ((SPI_OPMENU_7 << 24) | (SPI_OPMENU_6 << 16) | \ - (SPI_OPMENU_5 << 8) | SPI_OPMENU_4) -#define SPI_OPMENU_LOWER ((SPI_OPMENU_3 << 24) | (SPI_OPMENU_2 << 16) | \ - (SPI_OPMENU_1 << 8) | SPI_OPMENU_0) - -#define SPI_OPTYPE ((SPI_OPTYPE_7 << 14) | (SPI_OPTYPE_6 << 12) | \ - (SPI_OPTYPE_5 << 10) | (SPI_OPTYPE_4 << 8) | \ - (SPI_OPTYPE_3 << 6) | (SPI_OPTYPE_2 << 4) | \ - (SPI_OPTYPE_1 << 2) | (SPI_OPTYPE_0)) - -#define SPI_OPPREFIX ((0x50 << 8) | 0x06) /* EWSR and WREN */ +void mainboard_override_spi_config(struct spi_config *cfg); #endif /* __ACPI__ */ #endif /* SOUTHBRIDGE_INTEL_I82801GX_I82801GX_H */ diff --git a/src/southbridge/intel/i82801gx/lpc.c b/src/southbridge/intel/i82801gx/lpc.c index e8cfc74..175b33a 100644 --- a/src/southbridge/intel/i82801gx/lpc.c +++ b/src/southbridge/intel/i82801gx/lpc.c @@ -645,21 +645,79 @@ } } +/* SPIBAR + * + * SPI Opcode Menu setup for SPIBAR lockdown + * should support most common flash chips. + */ + +#define PREOP 0x54 +#define OPTYPE 0x56 +#define OPMENU 0x58 + +#define SPI_OPMENU_0 0x01 /* WRSR: Write Status Register */ +#define SPI_OPTYPE_0 0x01 /* Write, no address */ + +#define SPI_OPMENU_1 0x02 /* BYPR: Byte Program */ +#define SPI_OPTYPE_1 0x03 /* Write, address required */ + +#define SPI_OPMENU_2 0x03 /* READ: Read Data */ +#define SPI_OPTYPE_2 0x02 /* Read, address required */ + +#define SPI_OPMENU_3 0x05 /* RDSR: Read Status Register */ +#define SPI_OPTYPE_3 0x00 /* Read, no address */ + +#define SPI_OPMENU_4 0x20 /* SE20: Sector Erase 0x20 */ +#define SPI_OPTYPE_4 0x03 /* Write, address required */ + +#define SPI_OPMENU_5 0x9f /* RDID: Read ID */ +#define SPI_OPTYPE_5 0x00 /* Read, no address */ + +#define SPI_OPMENU_6 0xd8 /* BED8: Block Erase 0xd8 */ +#define SPI_OPTYPE_6 0x03 /* Write, address required */ + +#define SPI_OPMENU_7 0x0b /* FAST: Fast Read */ +#define SPI_OPTYPE_7 0x02 /* Read, address required */ + +#define SPI_OPMENU_UPPER ((SPI_OPMENU_7 << 24) | (SPI_OPMENU_6 << 16) | \ + (SPI_OPMENU_5 << 8) | SPI_OPMENU_4) +#define SPI_OPMENU_LOWER ((SPI_OPMENU_3 << 24) | (SPI_OPMENU_2 << 16) | \ + (SPI_OPMENU_1 << 8) | SPI_OPMENU_0) + +#define SPI_OPTYPE ((SPI_OPTYPE_7 << 14) | (SPI_OPTYPE_6 << 12) | \ + (SPI_OPTYPE_5 << 10) | (SPI_OPTYPE_4 << 8) | \ + (SPI_OPTYPE_3 << 6) | (SPI_OPTYPE_2 << 4) | \ + (SPI_OPTYPE_1 << 2) | (SPI_OPTYPE_0)) + +#define SPI_OPPREFIX ((0x50 << 8) | 0x06) /* EWSR and WREN */ + #define SPIBAR16(x) RCBA16(0x3020 + x) #define SPIBAR32(x) RCBA32(0x3020 + x) +void __weak mainboard_override_spi_config(struct spi_config *cfg) +{ +} + static void lpc_final(struct device *dev) { u16 tco1_cnt; + struct spi_config spi_cfg; if (!IS_ENABLED(CONFIG_INTEL_CHIPSET_LOCKDOWN)) return; - SPIBAR16(PREOP) = SPI_OPPREFIX; + spi_cfg.preop = SPI_OPPREFIX; + spi_cfg.optype = SPI_OPTYPE; + spi_cfg.opmenu[0] = SPI_OPMENU_LOWER; + spi_cfg.opmenu[1] = SPI_OPMENU_UPPER; + + mainboard_override_spi_config(&spi_cfg); + + SPIBAR16(PREOP) = spi_cfg.preop; /* Set SPI opcode menu */ - SPIBAR16(OPTYPE) = SPI_OPTYPE; - SPIBAR32(OPMENU) = SPI_OPMENU_LOWER; - SPIBAR32(OPMENU + 4) = SPI_OPMENU_UPPER; + SPIBAR16(OPTYPE) = spi_cfg.optype; + SPIBAR32(OPMENU) = spi_cfg.opmenu[0]; + SPIBAR32(OPMENU + 4) = spi_cfg.opmenu[1]; /* Lock SPIBAR */ SPIBAR16(0) = SPIBAR16(0) | (1 << 15); -- To view, visit https://review.coreboot.org/c/coreboot/+/30888 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I43e6abcc5c761720b31bc023016cb71b860e76ed Gerrit-Change-Number: 30888 Gerrit-PatchSet: 1 Gerrit-Owner: Arthur Heymans <arthur(a)aheymans.xyz> Gerrit-MessageType: newchange

4 6

Change in ...coreboot[master]: device/pci_device.c: Use verified boot to check oprom
by Frans Hendriks (Code Review) 12 Oct '19

12 Oct '19

Frans Hendriks has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/30810 Change subject: device/pci_device.c: Use verified boot to check oprom ...................................................................... device/pci_device.c: Use verified boot to check oprom Before oprom is executed, no check is performed if rom passes verification. Add call to verified_boot_should_run_oprom() to verify the oprom. BUG=N/A TEST=Created verified binary and verify logging on Portwell PQ-M107 Change-Id: Iec5092e85d34940ea3a3bb1192ea49f3bc3e5b27 Signed-off-by: Frans Hendriks <fhendriks(a)eltan.com> --- M src/device/pci_device.c M src/include/device/pci_rom.h 2 files changed, 22 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/10/30810/1 diff --git a/src/device/pci_device.c b/src/device/pci_device.c index 82033a6..40012f9 100644 --- a/src/device/pci_device.c +++ b/src/device/pci_device.c @@ -16,6 +16,7 @@ * Copyright (C) 2005-2009 coresystems GmbH * (Written by Stefan Reinauer <stepan(a)coresystems.de> for coresystems GmbH) * Copyright (C) 2014 Sage Electronic Engineering, LLC. + * Copyright (C) 2018 Eltan B.V. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -802,6 +803,10 @@ if (!should_run_oprom(dev)) return; + if (IS_ENABLED(CONFIG_VERIFIED_BOOT)) + if (!verified_boot_should_run_oprom(rom)) + return; + run_bios(dev, (unsigned long)ram); gfx_set_init_done(1); printk(BIOS_DEBUG, "VGA Option ROM was run\n"); diff --git a/src/include/device/pci_rom.h b/src/include/device/pci_rom.h index a4aa52a..865fea3 100644 --- a/src/include/device/pci_rom.h +++ b/src/include/device/pci_rom.h @@ -1,3 +1,19 @@ +/* + * This file is part of the coreboot project. + * + * Copyright 2015 Google Inc. + * Copyright (C) 2018 Eltan B.V. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + #ifndef PCI_ROM_H #define PCI_ROM_H #include <endian.h> @@ -47,4 +63,5 @@ u32 map_oprom_vendev(u32 vendev); +int verified_boot_should_run_oprom(struct rom_header *rom_header); #endif -- To view, visit https://review.coreboot.org/c/coreboot/+/30810 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Iec5092e85d34940ea3a3bb1192ea49f3bc3e5b27 Gerrit-Change-Number: 30810 Gerrit-PatchSet: 1 Gerrit-Owner: Frans Hendriks <fhendriks(a)eltan.com> Gerrit-MessageType: newchange

8 12

Change in ...coreboot[master]: vendorcode/eltan/security/verified_boot: Add verified boot support.
by Frans Hendriks (Code Review) 04 Oct '19

04 Oct '19

Frans Hendriks has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/30835 Change subject: vendorcode/eltan/security/verified_boot: Add verified boot support. ...................................................................... vendorcode/eltan/security/verified_boot: Add verified boot support. Create verified boot support, which includes verifiication of bootblock. This feature use the vendorcode/eltan/security/lib. Function verified_boot_bootblock_check(), verified_boot_should_run_oprom() and prog_locate_hook() must be called from coreboot (or mainboard). The next lists will be used for verification: bootblock_verify_list[], romstage_verify_list[] ram_stage_additional_list[], ramstage_verify_list[] BUG=N/A TEST=Created binary and verify logging on Facebook FBG-1701 Change-Id: If6c1423b0b4a309cefb7fe7a29d5100ba289e0b4 Signed-off-by: Frans Hendriks <fhendriks(a)eltan.com> --- A src/vendorcode/eltan/security/verified_boot/Kconfig A src/vendorcode/eltan/security/verified_boot/Makefile.inc A src/vendorcode/eltan/security/verified_boot/vboot_check.c A src/vendorcode/eltan/security/verified_boot/vboot_check.h 4 files changed, 605 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/35/30835/1 diff --git a/src/vendorcode/eltan/security/verified_boot/Kconfig b/src/vendorcode/eltan/security/verified_boot/Kconfig new file mode 100644 index 0000000..0670732 --- /dev/null +++ b/src/vendorcode/eltan/security/verified_boot/Kconfig @@ -0,0 +1,61 @@ +## This file is part of the coreboot project. +## +## Copyright (C) 2018 Eltan B.V. +## +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; version 2 of the License. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## + +menu "Verified Boot (verified_boot)" + +config VERIFIED_BOOT + bool "Enable Verified Boot" + default n + +config VERIFIED_BOOT_SIGNED_MANIFEST + bool "Enable Signed Manifest" + depends on VERIFIED_BOOT + default n + +config VERIFIED_BOOT_USE_SHA512 + bool "SHA512 hashes" + depends on VERIFIED_BOOT + default n + help + Use SHA512 for the vboot operations, this applies to the digest in + the manifest and the manifest digest. + +config OEM_MANIFEST_LOC + hex "Manifest Location" + default 0xFFFFF840 + +config VERIFIED_BOOT_MANIFEST + string "Verified boot manifest file" + default "mainboard/$(MAINBOARD_DIR)/manifest.h" + +config OEM_MANIFEST_ITEMS + int "Manifest Items" + default 10 + +config OEM_MANIFEST_ITEM_SIZE + int + default 64 if VERIFIED_BOOT_USE_SHA512 + default 32 + +config VERIFIED_BOOT_KEY_LOCATION + hex "Verified boot Key Location" + depends on VERIFIED_BOOT_SIGNED_MANIFEST + default 0xFFFFF500 + +config VERIFIED_BOOT_KEY_SIZE + int + default 554 if VERIFIED_BOOT_USE_SHA512 + default 520 + +endmenu # Verified Boot (verified_boot) diff --git a/src/vendorcode/eltan/security/verified_boot/Makefile.inc b/src/vendorcode/eltan/security/verified_boot/Makefile.inc new file mode 100644 index 0000000..23044b4 --- /dev/null +++ b/src/vendorcode/eltan/security/verified_boot/Makefile.inc @@ -0,0 +1,47 @@ +## +## This file is part of the coreboot project. +## +## Copyright (C) 2018 Eltan B.V. +## +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; version 2 of the License. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## + +ifeq ($(CONFIG_VERIFIED_BOOT),y) + +CPPFLAGS_common += -I$(src)/security/verified_boot + +bootblock-$(CONFIG_C_ENVIRONMENT_BOOTBLOCK) += vboot_check.c +romstage-y += vboot_check.c +ramstage-y += vboot_check.c + +cbfs-files-y += oemmanifest.bin +oemmanifest.bin-file := $(obj)/oemmanifest.bin +oemmanifest.bin-position := $(CONFIG_OEM_MANIFEST_LOC) +oemmanifest.bin-type := 0x50 + +$(obj)/oemmanifest.bin: +ifeq ($(CONFIG_VERIFIED_BOOT_SIGNED_MANIFEST),y) + dd if=/dev/zero of=$@ seek=8 bs=$(CONFIG_OEM_MANIFEST_ITEM_SIZE) count=$(CONFIG_OEM_MANIFEST_ITEMS) +else # ($(CONFIG_VERIFIED_BOOT_SIGNED_MANIFEST),y) + dd if=/dev/zero of=$@ bs=$(CONFIG_OEM_MANIFEST_ITEM_SIZE) count=$(CONFIG_OEM_MANIFEST_ITEMS) +endif # ($(CONFIG_VERIFIED_BOOT_SIGNED_MANIFEST),y) + +ifeq ($(CONFIG_VERIFIED_BOOT_SIGNED_MANIFEST),y) +cbfs-files-y += vboot_public_key.bin +vboot_public_key.bin-file := $(obj)/vboot_public_key.bin +vboot_public_key.bin-position := $(CONFIG_VERIFIED_BOOT_KEY_LOCATION) +vboot_public_key.bin-type := 0x50 + +$(obj)/vboot_public_key.bin: + dd if=/dev/zero of=$@ bs=$(CONFIG_VERIFIED_BOOT_KEY_SIZE) count=1 + +endif # ($(CONFIG_VERIFIED_BOOT_SIGNED_MANIFEST),y) + +endif # CONFIG_VERIFIED_BOOT diff --git a/src/vendorcode/eltan/security/verified_boot/vboot_check.c b/src/vendorcode/eltan/security/verified_boot/vboot_check.c new file mode 100644 index 0000000..fb7d1d7 --- /dev/null +++ b/src/vendorcode/eltan/security/verified_boot/vboot_check.c @@ -0,0 +1,414 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2016 Intel Corp. + * Copyright (C) 2017-2018 Eltan B.V. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ +#include <vboot_check.h> + +#define RSA_PUBLICKEY_FILE_NAME "vboot_public_key.bin" + +#if IS_ENABLED(CONFIG_VERIFIED_BOOT_USE_SHA512) +#define DIGEST_SIZE SHA512_DIGEST_SIZE +#else +#define DIGEST_SIZE SHA256_DIGEST_SIZE +#endif + +int verified_boot_check_manifest(void) +{ + struct vb2_public_key key; + uint8_t digest[DIGEST_SIZE]; + size_t size = 0; + uint8_t *signature = NULL; + uint8_t *buffer; + const struct vb2_workbuf wb; + + cbfs_boot_map_with_leak("oemmanifest.bin", CBFS_TYPE_RAW, &size); + + if (size != (CONFIG_OEM_MANIFEST_ITEMS * DIGEST_SIZE) + 256) { + printk(BIOS_ERR, "ERROR: Incorrect manifest size!\n"); + goto fail; + } + + buffer = cbfs_boot_map_with_leak(RSA_PUBLICKEY_FILE_NAME, + CBFS_TYPE_RAW, &size); + + size = DIGEST_SIZE; + if (!vb2_unpack_key_data(&key, buffer, size)) { + printk(BIOS_ERR, "ERROR: Unable to create RSA Public Key !\n"); + goto fail; + } + + if (IS_ENABLED(CONFIG_VERIFIED_BOOT_USE_SHA512)) + key.hash_alg = VB2_HASH_SHA512; + else + key.sig_alg = VB2_HASH_SHA256; + + + // + // Create a big endian digest + // + if (IS_ENABLED(CONFIG_VERIFIED_BOOT_USE_SHA512)) + cb_sha512_ex((const uint8_t *)CONFIG_OEM_MANIFEST_LOC, + CONFIG_OEM_MANIFEST_ITEMS * DIGEST_SIZE, digest, 1); + else + cb_sha256_ex((const uint8_t *)CONFIG_OEM_MANIFEST_LOC, + CONFIG_OEM_MANIFEST_ITEMS * DIGEST_SIZE, digest, 1); + + signature = (uint8_t *)CONFIG_OEM_MANIFEST_LOC + + CONFIG_OEM_MANIFEST_ITEMS * DIGEST_SIZE; + + if (!vb2_rsa_verify_digest(&key, signature, digest, &wb)) { + printk(BIOS_ERR, "ERROR: Signature verification failed for" + "hash table !!\n"); + goto fail; + } + + printk(BIOS_DEBUG, "%s: Successfully verified hash_table signature.\n", + __func__); + return 0; + +fail: + die("HASH table verification failed!\n"); + return -1; +} + +#ifndef __BOOTBLOCK__ + +/* + * + * measure_item + * + * extends the defined pcr using the hash calculated by the verified boot + * routines. + * + * @param[in] pcr PCR to extend + * @param[in] *hashData Pointer to the hash data + * @param[in] hashDataLen Length of the hash data + * @param[in] *event_msg Message to log or display + * @param[in] eventType Event type to use when logging + + * @retval TPM_SUCCESS Operation completed successfully. + * @retval TPM_E_IOERROR Unexpected device behavior. + */ +static int measure_item(uint32_t pcr, uint8_t *hashData, uint32_t hashDataLen, + int8_t *event_msg, TCG_EVENTTYPE eventType) +{ + int status = TPM_SUCCESS; + EFI_TCG2_EVENT_ALGORITHM_BITMAP ActivePcrs; + TCG_PCR_EVENT2_HDR tcgEventHdr; + + ActivePcrs = tpm2_get_active_pcrs(); + + memset(&tcgEventHdr, 0, sizeof(tcgEventHdr)); + tcgEventHdr.pcrIndex = pcr; + tcgEventHdr.eventType = eventType; + if (event_msg) { + status = mboot_hash_extend_log(ActivePcrs, MBOOT_HASH_PROVIDED, + hashData, hashDataLen, &tcgEventHdr, + (uint8_t *)event_msg, 0); + if (status == TPM_SUCCESS) { + printk(BIOS_DEBUG, "%s: Success! %s measured to pcr" + "%d.\n", __func__, event_msg, pcr); + } else { + printk(BIOS_DEBUG, "%s: Fail! %s can't be measured. " + "ABORTING!!!\n", __func__, event_msg); + return status; + } + } + return status; +} +#endif + +static void verified_boot_check_buffer(const char *name, void *start, + size_t size, uint32_t hash_index, int32_t pcr) +{ + uint8_t digest[DIGEST_SIZE]; +#ifndef __BOOTBLOCK__ + int status; +#endif + printk(BIOS_INFO, "%s: %s HASH verification buffer %p size %d\n", + __func__, name, start, (int) size); + + if (start && size) { + if (IS_ENABLED(CONFIG_VERIFIED_BOOT_USE_SHA512)) + cb_sha512((const uint8_t *)start, size, digest); + else + cb_sha256((const uint8_t*)start, size, digest); + + if (memcmp((void *)((uint8_t *)CONFIG_OEM_MANIFEST_LOC + + sizeof(digest) * hash_index), digest, sizeof(digest))) { + printk(BIOS_INFO, "%s: buffer hash\n", __func__); + hexdump(digest, sizeof(digest)); + printk(BIOS_INFO, "%s: manifest hash\n", __func__); + hexdump((void *)((uint8_t *)CONFIG_OEM_MANIFEST_LOC + + sizeof(digest) * hash_index), sizeof(digest)); + printk(BIOS_EMERG, "%s ", name); + die("HASH verification failed!\n"); + } else { +#ifndef __BOOTBLOCK__ + if (IS_ENABLED(CONFIG_MBOOT)) { + if (pcr != -1) { + printk(BIOS_INFO, "%s: measuring %s\n", + __func__, name); + status = measure_item(pcr, digest, + sizeof(digest), + (int8_t *)name, 0); + } + } +#endif + printk(BIOS_INFO, "%s HASH verification success\n", + name); + } + } else { + printk(BIOS_EMERG, "Invalid buffer "); + die("HASH verification failed!\n"); + } +} + +void verified_boot_check_cbfsfile(const char *name, uint32_t type, + uint32_t hash_index, void **buffer, uint32_t *filesize, + int32_t pcr) +{ + void *start; + size_t size; + + start = cbfs_boot_map_with_leak(name, type & ~VERIFIED_BOOT_COPY_BLOCK, + &size); + if (start && size) { + /* + * Speed up processing by copying the file content to memory + * first + */ +#ifndef __PRE_RAM__ + if ((type & VERIFIED_BOOT_COPY_BLOCK) && (buffer) && + (*buffer) && + ((uint32_t) start > (uint32_t)(~(CONFIG_CBFS_SIZE-1)))) { + printk(BIOS_INFO, "%s: move buffer to " + "memory\n", __func__); + /* Move the file to a memory bufferof which we know it + * doesn't harm + */ + memcpy(*buffer, start, size); + start = *buffer; + printk(BIOS_INFO, "%s: done\n", __func__); + } +#endif // __PRE_RAM__ + verified_boot_check_buffer(name, start, size, hash_index, pcr); + } else { + printk(BIOS_EMERG, "CBFS Failed to get file content for %s\n", + name); + die("HASH verification failed!\n"); + } + if (buffer) + *buffer = start; + if (filesize) + *filesize = size; +} + +void process_verify_list(const verify_item_t list[]) +{ + int i = 0; + + while (list[i].type != VERIFY_TERMINATOR) { + switch (list[i].type) { + case VERIFY_FILE: + verified_boot_check_cbfsfile(list[i].name, + list[i].data.file.cbfs_type, + list[i].hash_index, NULL, NULL, + list[i].pcr); + if (list[i].data.file.related_items) { + printk(BIOS_SPEW, "process related items\n"); + process_verify_list((verify_item_t *) + list[i].data.file.related_items); + } + break; + case VERIFY_BLOCK: + verified_boot_check_buffer(list[i].name, + (void *) list[i].data.block.start, + list[i].data.block.size, + list[i].hash_index, list[i].pcr); + break; + default: + printk(BIOS_EMERG, "INVALID TYPE IN VERIFY" + "LIST 0x%x\n", list[i].type); + die("HASH verification failed!\n"); + } + i++; + } +} +#ifndef __BOOTBLOCK__ + +static void process_named_list(const verify_item_t list[], const char *name, + void **buffer, uint32_t *size) +{ + int i = 0; + + while (list[i].type != VERIFY_TERMINATOR) { + switch (list[i].type) { + case VERIFY_FILE: + if (!strcmp(name, list[i].name)) { + if (list[i].data.file.related_items) { + printk(BIOS_SPEW, "process related" + "items\n"); + process_verify_list((verify_item_t *)list[i].data.file.related_items); + printk(BIOS_SPEW, "process related items done\n"); + } + verified_boot_check_cbfsfile(list[i].name, + list[i].data.file.cbfs_type, + list[i].hash_index, buffer, size, + list[i].pcr); + return; + } + break; + default: + printk(BIOS_EMERG, "INVALID TYPE IN NAMED LIST" + "0x%x\n", list[i].type); + die("HASH verification failed!\n"); + } + i++; + } + printk(BIOS_EMERG, "%s NOT IN LIST\n", name); + die("HASH verification failed!\n"); +} +#endif + +#ifdef __BOOTBLOCK__ +/* + * BOOTBLOCK + */ + +extern verify_item_t bootblock_verify_list[]; + +void verified_boot_bootblock_check(void) +{ + printk(BIOS_SPEW, "%s: processing bootblock items\n", __func__); + + if (IS_ENABLED(CONFIG_VERIFIED_BOOT_SIGNED_MANIFEST)) { + printk(BIOS_SPEW, "%s: check the manifest\n", __func__); + if (verified_boot_check_manifest() != 0) + die("invalid manifest"); + } + printk(BIOS_SPEW, "%s: process bootblock verify list\n", __func__); + process_verify_list(bootblock_verify_list); +} + +#endif //__BOOTBLOCK__ + + +#ifdef __ROMSTAGE__ +/* + * ROMSTAGE + */ + +extern verify_item_t ramstage_verify_list[]; + +int prog_locate_hook(struct prog *prog) +{ + if (prog->type == PROG_RAMSTAGE) { + process_named_list(ramstage_verify_list, prog->name, NULL, + NULL); + } + return 0; +} + +extern verify_item_t romstage_verify_list[]; + +void verified_boot_early_check(void) +{ + printk(BIOS_SPEW, "%s: processing early items\n", __func__); + + if (!IS_ENABLED(CONFIG_C_ENVIRONMENT_BOOTBLOCK) && + IS_ENABLED(CONFIG_VERIFIED_BOOT_SIGNED_MANIFEST)) { + printk(BIOS_SPEW, "%s: check the manifest\n", __func__); + if (verified_boot_check_manifest() != 0) + die("invalid manifest"); + } + printk(BIOS_SPEW, "%s: process early verify list\n", __func__); + process_verify_list(romstage_verify_list); +} +#endif //__ROMSTAGE__ + +#ifdef __RAMSTAGE__ +/* + * RAM STAGE + */ + +static int process_oprom_list(const verify_item_t list[], + struct rom_header *rom_header) +{ + int i = 0; + struct pci_data *rom_data; + uint32_t viddevid = 0; + + if (le32_to_cpu(rom_header->signature) != PCI_ROM_HDR) { + printk(BIOS_ERR, "Incorrect expansion ROM header " + "signature %04x DONT START\n", + le32_to_cpu(rom_header->signature)); + return 0; + } + + rom_data = (((void *)rom_header) + le32_to_cpu(rom_header->data)); + + viddevid |= (rom_data->vendor << 16); + viddevid |= rom_data->device; + + while (list[i].type != VERIFY_TERMINATOR) { + switch (list[i].type) { + case VERIFY_OPROM: + if (viddevid == list[i].data.oprom.viddev) { + verified_boot_check_buffer(list[i].name, + (void *) rom_header, + rom_header->size * 512, + list[i].hash_index, list[i].pcr); + if (list[i].data.oprom.related_items) { + printk(BIOS_SPEW, "%s: process" + " related items\n", __func__); + process_verify_list((verify_item_t *)list[i].data.oprom.related_items); + } + printk(BIOS_SPEW, "%s: option rom can be" + " started\n", __func__); + return 1; + } + break; + default: + printk(BIOS_EMERG, "%s: INVALID TYPE IN OPTION ROM LIST" + "0x%x\n", __func__, list[i].type); + die("HASH verification failed!\n"); + } + i++; + } + printk(BIOS_ERR, "%s: option rom not in list DONT START\n", __func__); + return 0; +} + +extern verify_item_t payload_verify_list[]; + +int prog_locate_hook(struct prog *prog) +{ + if (prog->type == PROG_PAYLOAD) { + void *buffer = (void*) 0x01000000; + printk(BIOS_SPEW, "%s: requesting %s\n", __func__, prog->name); + process_named_list(payload_verify_list, prog->name, &buffer, + NULL); + printk(BIOS_SPEW, "%s: running allowed\n", __func__); + } + return 0; +} + +extern verify_item_t oprom_verify_list[]; + +int verified_boot_should_run_oprom(struct rom_header *rom_header) +{ + return process_oprom_list(oprom_verify_list, rom_header); +} +#endif //__PRE_RAM__ diff --git a/src/vendorcode/eltan/security/verified_boot/vboot_check.h b/src/vendorcode/eltan/security/verified_boot/vboot_check.h new file mode 100644 index 0000000..34186f3 --- /dev/null +++ b/src/vendorcode/eltan/security/verified_boot/vboot_check.h @@ -0,0 +1,83 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2016 Intel Corp. + * Copyright (C) 2017-2018 Eltan B.V. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#ifndef VBOOT_CHECK_H +#define VBOOT_CHECK_H + +#include <cbfs.h> +#include <device/device.h> +#include <device/pci.h> +#include <lib.h> +#include CONFIG_VERIFIED_BOOT_MANIFEST +#include <console/console.h> +#include <cryptolib.h> +#include <string.h> +#include <program_loading.h> +#if IS_ENABLED(CONFIG_MBOOT) +#include <mboot.h> +#endif + +#define VERIFIED_BOOT_COPY_BLOCK 0x80000000 +/* These method verifies the SHA256 hash over the 'named' CBFS component. + * 'type' denotes the type of CBFS component i.e. stage, payload or fsp. + */ +#ifdef __BOOTBLOCK__ +void verified_boot_bootblock_check(void); +#endif +#ifdef __ROMSTAGE__ +void verified_boot_early_check(void); +#endif + +int verified_boot_check_manifest(void); + +void verified_boot_check_cbfsfile(const char *name, uint32_t type, + uint32_t hash_index, void **buffer, uint32_t *filesize, int32_t pcr); + +typedef enum { + + VERIFY_TERMINATOR = 0, + VERIFY_FILE, + VERIFY_BLOCK, + VERIFY_OPROM + +} verify_type; + +typedef struct { + verify_type type; + const char *name; + union { + struct { + const void *related_items; + uint32_t cbfs_type; + } file; + struct { + const void *start; + uint32_t size; + } block; + struct { + const void *related_items; + uint32_t viddev; + } oprom; + } data; + uint32_t hash_index; +#if IS_ENABLED(CONFIG_MBOOT) + int32_t pcr; +#endif //IS_ENABLED(CONFIG_MBOOT) +} verify_item_t; + +void process_verify_list(const verify_item_t list[]); + +#endif //VBOOT_CHECK_H -- To view, visit https://review.coreboot.org/c/coreboot/+/30835 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: If6c1423b0b4a309cefb7fe7a29d5100ba289e0b4 Gerrit-Change-Number: 30835 Gerrit-PatchSet: 1 Gerrit-Owner: Frans Hendriks <fhendriks(a)eltan.com> Gerrit-MessageType: newchange

3 17

Change in ...coreboot[master]: vendorcode/eltan/security/mboot: Add measured boot support.
by Frans Hendriks (Code Review) 04 Oct '19

04 Oct '19

Frans Hendriks has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/30833 Change subject: vendorcode/eltan/security/mboot: Add measured boot support. ...................................................................... vendorcode/eltan/security/mboot: Add measured boot support. Create measured boot. This feature uses the vendorcode/eltan/security/lib. The function mb_measure() is starting point for the support. BUG=N/A TEST=Created binary and verify logging on Facebook FBG-1701 Change-Id: I7f880a17e240515dd42d57383b5ddddf576985b0 Signed-off-by: Frans Hendriks <fhendriks(a)eltan.com> --- A src/vendorcode/eltan/security/mboot/Kconfig A src/vendorcode/eltan/security/mboot/Makefile.inc A src/vendorcode/eltan/security/mboot/mboot.c A src/vendorcode/eltan/security/mboot/mboot.h A src/vendorcode/eltan/security/mboot/mboot_func.c 5 files changed, 813 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/33/30833/1 diff --git a/src/vendorcode/eltan/security/mboot/Kconfig b/src/vendorcode/eltan/security/mboot/Kconfig new file mode 100644 index 0000000..b262f6d --- /dev/null +++ b/src/vendorcode/eltan/security/mboot/Kconfig @@ -0,0 +1,43 @@ +## This file is part of the coreboot project. +## +## Copyright (C) 2018 Eltan B.V. +## +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; version 2 of the License. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## + +menu "Measured Boot (mboot)" + +config MBOOT + bool "Measure firmware with mboot." + default n + help + Enabling MBOOT will use mboot to measure the components of the firmware + (stages, payload, etc). + +config CRTM_VERSION_STRING + string "default CRTM version" + default "default CRTM version" + +config MBOOT_UEFI_SUPPORT + bool "Enable mboot UEFI support" + default n + depends on MBOOT + help + Add some specific items for UEFI support (not implemented yet) + +config MBOOT_EVENTLOG + bool "Enable mboot eventlog" + default n + default y if MBOOT_UEFI_SUPPORT + depends on MBOOT + help + Not only extend the PCRS but also log the events (not implemented yet) + +endmenu # Measured Boot (mboot) diff --git a/src/vendorcode/eltan/security/mboot/Makefile.inc b/src/vendorcode/eltan/security/mboot/Makefile.inc new file mode 100644 index 0000000..b586052 --- /dev/null +++ b/src/vendorcode/eltan/security/mboot/Makefile.inc @@ -0,0 +1,25 @@ +## +## This file is part of the coreboot project. +## +## Copyright (C) 2018 Eltan B.V. +## +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; version 2 of the License. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## + +ifeq ($(CONFIG_MBOOT),y) + +CPPFLAGS_common += -I$(src)/security/mboot + +ramstage-y += mboot.c +ramstage-y += mboot_func.c + +romstage-y += mboot.c + +endif # CONFIG_MBOOT diff --git a/src/vendorcode/eltan/security/mboot/mboot.c b/src/vendorcode/eltan/security/mboot/mboot.c new file mode 100644 index 0000000..4e7e314 --- /dev/null +++ b/src/vendorcode/eltan/security/mboot/mboot.c @@ -0,0 +1,581 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2015 Intel Corporation + * Copyright (C) 2018 Eltan B.V. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <mboot.h> +#include <assert.h> +#include <build.h> +#include <vb2_api.h> + +/* + * Get the list of currently active PCR banks in TPM. + * + * @retval A map of active PCR banks. + */ +EFI_TCG2_EVENT_ALGORITHM_BITMAP tpm2_get_active_pcrs(void) +{ + int status; + TPML_PCR_SELECTION Pcrs; + EFI_TCG2_EVENT_ALGORITHM_BITMAP tpmHashAlgorithmBitmap = 0; + uint32_t activePcrBanks = 0; + uint32_t index; + + status = tpm2_get_capability_pcrs(&Pcrs); + if (status != TPM_SUCCESS) { + tpmHashAlgorithmBitmap = EFI_TCG2_BOOT_HASH_ALG_SHA1; + activePcrBanks = EFI_TCG2_BOOT_HASH_ALG_SHA1; + } else { + for (index = 0; index < Pcrs.count; index++) { + switch (Pcrs.pcrSelections[index].hash) { + case TPM_ALG_SHA1: + tpmHashAlgorithmBitmap |= + EFI_TCG2_BOOT_HASH_ALG_SHA1; + if (!is_zero_buffer(Pcrs.pcrSelections[index].pcrSelect, + Pcrs.pcrSelections[index].sizeofSelect)) + activePcrBanks |= + EFI_TCG2_BOOT_HASH_ALG_SHA1; + break; + case TPM_ALG_SHA256: + tpmHashAlgorithmBitmap |= + EFI_TCG2_BOOT_HASH_ALG_SHA256; + if (!is_zero_buffer(Pcrs.pcrSelections[index].pcrSelect, + Pcrs.pcrSelections[index].sizeofSelect)) + activePcrBanks |= + EFI_TCG2_BOOT_HASH_ALG_SHA256; + break; + case TPM_ALG_SHA384: + case TPM_ALG_SHA512: + case TPM_ALG_SM3_256: + default: + printk(BIOS_DEBUG, "%s: unsupported algorithm " + "reported - 0x%x\n", __func__, + Pcrs.pcrSelections[index].hash); + break; + } + } + } + printk(BIOS_DEBUG, "Tcg2 Capability values from TPM\n"); + printk(BIOS_DEBUG, "tpmHashAlgorithmBitmap - 0x%08x\n", + tpmHashAlgorithmBitmap); + printk(BIOS_DEBUG, "activePcrBanks - 0x%08x\n", + activePcrBanks); + + return activePcrBanks; +} + +/* + * tpm2_get_capability_pcrs + * + * Return the TPM PCR information. + * + * This function parses the data got from tlcl_getcapability and returns the + * PcrSelection. + * + * @param[out] Pcrs The Pcr Selection + * + * @retval TPM_SUCCESS Operation completed successfully. + * @retval TPM_E_IOERROR The command was unsuccessful. + */ +int tpm2_get_capability_pcrs(TPML_PCR_SELECTION *Pcrs) +{ + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + int status; + int index; + + status = tlcl_getcapability(TPM_CAP_PCRS, 0, 1, &MoreData, &TpmCap); + if (status == TPM_SUCCESS) { + Pcrs->count = TpmCap.data.assignedPCR.count; + printk(BIOS_DEBUG, "Pcrs->count = %d\n", Pcrs->count); + for (index = 0; index < Pcrs->count; index++) { + Pcrs->pcrSelections[index].hash = + swab16(TpmCap.data.assignedPCR.pcrSelections[index].hash); + printk(BIOS_DEBUG, "Pcrs->pcrSelections[index].hash =" + "0x%x\n", Pcrs->pcrSelections[index].hash); + Pcrs->pcrSelections[index].sizeofSelect = + TpmCap.data.assignedPCR.pcrSelections[index].sizeofSelect; + memcpy(Pcrs->pcrSelections[index].pcrSelect, + TpmCap.data.assignedPCR.pcrSelections[index].pcrSelect, + Pcrs->pcrSelections[index].sizeofSelect); + } + } + return status; +} + +/* + * mboot_hash_extend_log + * + * Calculates the hash over the data and extends it in active PCR banks and + * then logs them in the event log. + * + * @param[in] activePcr bitmap of active PCR banks in TPM. + * @param[in] flags flags associated with hash data. Currently + * unused. + * @param[in] hashData data to be hashed. + * @param[in] hashDataLen length of the data to be hashed. + * @param[in] newEventHdr event header in TCG_PCR_EVENT2 format. + * @param[in] eventLog description of the event. + * @param[in] invalid invalidate the pcr + * + * @retval TPM_SUCCESS Operation completed successfully. + * @retval TPM_E_IOERROR Unexpected device behavior. + */ +int mboot_hash_extend_log(EFI_TCG2_EVENT_ALGORITHM_BITMAP activePcr, + uint64_t flags, uint8_t *hashData, uint32_t hashDataLen, + TCG_PCR_EVENT2_HDR *newEventHdr, uint8_t *eventLog, uint8_t invalid) +{ + int status; + TPMT_HA *digest = NULL; + int digest_num = 0; + + printk(BIOS_DEBUG, "%s: Hash Data Length: %zu bytes\n", __func__, + (size_t)hashDataLen); + + if (invalid) { + digest = &(newEventHdr->digest.digests[digest_num]); + digest->digest.invalidate_pcrs = 1; + digest->hashAlg = TPM_ALG_ERROR; + digest_num++; + } else { + /* + * Generate SHA1 hash if SHA1 PCR bank is active in TPM + * currently + */ + if (activePcr & EFI_TCG2_BOOT_HASH_ALG_SHA1) { + digest = &(newEventHdr->digest.digests[digest_num]); + if (flags & MBOOT_HASH_PROVIDED) { + /* The hash is provided as data */ + memcpy(digest->digest.sha1, (void *)hashData, + SHA1_DIGEST_SIZE); + } else { + cb_sha1((const uint8_t *)hashData, hashDataLen, + digest->digest.sha1); + } + + digest->hashAlg = TPM_ALG_SHA1; + digest_num++; + + printk(BIOS_DEBUG, "%s: SHA1 Hash Digest:\n", __func__); + mboot_print_buffer(digest->digest.sha1, + SHA1_DIGEST_SIZE); + } + + /* + * Generate SHA256 hash if SHA256 PCR bank is active in TPM + * currently + */ + if (activePcr & EFI_TCG2_BOOT_HASH_ALG_SHA256) { + digest = &(newEventHdr->digest.digests[digest_num]); + if (flags & MBOOT_HASH_PROVIDED) { + /* The hash is provided as data */ + memcpy(digest->digest.sha256, + (void *)hashData, hashDataLen); + } else { + cb_sha256(hashData, hashDataLen, + digest->digest.sha256); + } + digest->hashAlg = TPM_ALG_SHA256; + digest_num++; + + printk(BIOS_DEBUG, "%s: SHA256 Hash Digest:\n", + __func__); + mboot_print_buffer(digest->digest.sha256, + SHA256_DIGEST_SIZE); + } + } + + newEventHdr->digest.count = digest_num; + + status = tlcl_extend_ex( + newEventHdr->pcrIndex, + &(newEventHdr->digest) + ); + + if (IS_ENABLED(CONFIG_MBOOT_EVENTLOG)) { + /* Perform the logging of the measurement */ + if (status == TPM_SUCCESS) { + status = log_event_tcg_20_format(newEventHdr, eventLog); + /* + * If SHA1 PCR bank is active, log the event in TCG 1.2 format + * tool + */ + if (activePcr & EFI_TCG2_BOOT_HASH_ALG_SHA1) + status = log_event_tcg_12_format(newEventHdr, + eventLog); + } + } + if (status != TPM_SUCCESS) + printk(BIOS_DEBUG, "%s: returned 0x%x\n", __func__, status); + + return status; +} + +/* + * invalidate_pcrs + * + * Invalidate PCRs 0-7 with extending 1 after tpm failure. + */ +void invalidate_pcrs(void) +{ + int status, pcr; + TCG_PCR_EVENT2_HDR tcgEventHdr; + EFI_TCG2_EVENT_ALGORITHM_BITMAP ActivePcrs; + uint8_t invalidate; + + ActivePcrs = tpm2_get_active_pcrs(); + invalidate = 1; + + for (pcr = 0; pcr < 8; pcr++) { + printk(BIOS_DEBUG, "%s: Invalidating PCR %d\n", __func__, pcr); + memset(&tcgEventHdr, 0, sizeof(tcgEventHdr)); + tcgEventHdr.pcrIndex = pcr; + tcgEventHdr.eventType = EV_NO_ACTION; + tcgEventHdr.eventSize = (uint32_t) sizeof(invalidate); + + status = mboot_hash_extend_log(ActivePcrs, 0, + (uint8_t *)&invalidate, tcgEventHdr.eventSize, + &tcgEventHdr, (uint8_t *)"Invalidate PCR", invalidate); + + if (status != TPM_SUCCESS) + printk(BIOS_DEBUG, "%s: invalidating pcr %d returned" + " 0x%x\n", __func__, pcr, status); + } +} + +/* + * is_zero_buffer + * + * Check if buffer is all zero. + * + * @param[in] buffer Buffer to be checked. + * @param[in] size Size of buffer to be checked. + * + * @retval TRUE buffer is all zero. + * @retval FALSE buffer is not all zero. + */ +int is_zero_buffer(void *buffer, unsigned int size) +{ + uint8_t *ptr; + + ptr = buffer; + while (size--) { + if (*(ptr++) != 0) + return false; + } + return true; +} + +/* + * Prints command or response buffer for debugging purposes. + * + * @param[in] Buffer Buffer to print. + * @param[in] BufferSize Buffer data length. + * + * @retval None + */ +void mboot_print_buffer(uint8_t *buffer, uint32_t bufferSize) +{ + uint32_t index; + + printk(BIOS_DEBUG, "Buffer Address: 0x%08x, Size: 0x%08x, Value:\n", + (unsigned int)*buffer, bufferSize); + for (index = 0; index < bufferSize; index++) { + printk(BIOS_DEBUG, "%02x ", *(buffer + index)); + if ((index+1) % 16 == 0) + printk(BIOS_DEBUG, "\n"); + } + printk(BIOS_DEBUG, "\n"); +} + +/* + * measures and logs the specified cbfs file. + * + * @param[in] activePcr bitmap of active PCR banks in TPM. + * @param[in] name name of the cbfs file to measure + * @param[in] type data type of the cbfs file. + * @param[in] pcr pcr to extend. + * @param[in] evenType tcg event type. + * @param[in] event_msg description of the event. + * + * @retval TPM_SUCCESS Operation completed successfully. + * @retval TPM_E_IOERROR Unexpected device behavior. + */ +int mb_measure_log_worker(EFI_TCG2_EVENT_ALGORITHM_BITMAP activePcr, + const char *name, uint32_t type, uint32_t pcr, + TCG_EVENTTYPE eventType, const char *event_msg) +{ + int status; + TCG_PCR_EVENT2_HDR tcgEventHdr; + uint8_t *base; + size_t size; + + printk(BIOS_DEBUG, "%s: Measure %s\n", __func__, name); + base = cbfs_boot_map_with_leak(name, type, &size); + + if (base == NULL) { + printk(BIOS_DEBUG, "%s: CBFS locate fail: %s\n", __func__, + name); + return VB2_ERROR_READ_FILE_OPEN; + } + + printk(BIOS_DEBUG, "%s: CBFS locate success: %s\n", + __func__, name); + memset(&tcgEventHdr, 0, sizeof(tcgEventHdr)); + tcgEventHdr.pcrIndex = pcr; + tcgEventHdr.eventType = eventType; + if (event_msg) + tcgEventHdr.eventSize = (uint32_t) strlen(event_msg); + + status = mboot_hash_extend_log(activePcr, 0, base, size, &tcgEventHdr, + (uint8_t *)event_msg, 0); + return status; +} + +#ifdef __PRE_RAM__ +/* + * Called from early romstage + * + *mb_entry + * + * initializes measured boot mechanism, initializes the + * tpm library and starts the tpm called by mb_measure + * + * The function can be overridden at the mainboard level my simply creating a + * function with the same name there. + * + * @param[in] wake_from_s3 1 if we are waking from S3, 0 standard boot + * + * @retval TPM_SUCCESS Operation completed successfully. + * @retval TPM_E_IOERROR Unexpected device behavior. +**/ + +int __attribute__((weak)) mb_entry(int wake_from_s3) +{ + int status; + + /* Initialize TPM driver. */ + printk(BIOS_DEBUG, "%s: tlcl_lib_init\n", __func__); + if (tlcl_lib_init() != VB2_SUCCESS) { + printk(BIOS_ERR, "%s: TPM driver initialization failed.\n", + __func__); + return TPM_E_IOERROR; + } + + if (wake_from_s3) { + printk(BIOS_DEBUG, "%s: tlcl_resume\n", __func__); + status = tlcl_resume(); + } else { + printk(BIOS_DEBUG, "%s: tlcl_startup\n", __func__); + status = tlcl_startup(); + } + + if (status) + printk(BIOS_ERR, "%s: StartUp failed 0x%x!\n", __func__, + status); + + return status; +} + +/* + * + * mb_measure + * + * initial call to the measured boot mechanism, initializes the + * tpm library, starts the tpm and performs the measurements defined by + * the coreboot platform. + * + * The pcrs will be invalidated if the measurement fails + * + * The function can be overridden at the mainboard level my simply creating a + * function with the same name there. + * + * @param[in] wake_from_s3 1 if we are waking from S3, 0 standard boot + * + * @retval TPM_SUCCESS Operation completed successfully. + * @retval TPM_E_IOERROR Unexpected device behavior. + */ + +int __attribute__((weak))mb_measure(int wake_from_s3) +{ + uint32_t status; + + status = mb_entry(wake_from_s3); + if (status == TPM_SUCCESS) { + printk(BIOS_DEBUG, "%s: StartUp, successful!\n", __func__); + status = mb_measure_log_start(); + if (status == TPM_SUCCESS) { + printk(BIOS_DEBUG, "%s: Measuring, successful!\n", + __func__); + } else { + invalidate_pcrs(); + printk(BIOS_ERR, "%s: Measuring returned 0x%x " + "unsuccessful! PCRs invalidated.\n", + __func__, status); + } + } else { + invalidate_pcrs(); + printk(BIOS_ERR, "%s: StartUp returned 0x%x, unsuccessful!" + "PCRs invalidated.\n", __func__, status); + } + return status; +} + +/* + * + * mb_measure_log_start + * + * performs the measurements defined by the the board routines. + * + * The logging is defined by the mb_log_list structure and mb_log_list_count. + * + * These items need to be defined in the mainboard part of the mboot + * implementation + * + * The function can be overridden at the mainboard level my simply creating a + * function with the same name there. + * + * @param[in] none + * + * @retval TPM_SUCCESS Operation completed successfully. + * @retval TPM_E_IOERROR Unexpected device behavior. + */ +int __attribute__((weak))mb_measure_log_start(void) +{ + int status; + EFI_TCG2_EVENT_ALGORITHM_BITMAP ActivePcrs; + uint32_t i; + + ActivePcrs = tpm2_get_active_pcrs(); + + if (ActivePcrs == 0x0) { + printk(BIOS_DEBUG, "%s: No Active PCR Bank in TPM.\n", + __func__); + return TPM_E_IOERROR; + } + + if (IS_ENABLED(CONFIG_MBOOT_UEFI_SUPPORT)) { + status = log_efi_specid_event(ActivePcrs); + + if (status != TPM_SUCCESS) { + printk(BIOS_DEBUG, "%s: Fail! Specification ID version" + "event can't be logged. ABORTING!!!\n", __func__); + return status; + } + } + status = mb_crtm(ActivePcrs); + if (status != TPM_SUCCESS) { + printk(BIOS_DEBUG, "%s: Fail! CRTM Version can't be measured." + " ABORTING!!!\n", __func__); + return status; + } + printk(BIOS_DEBUG, "%s: Success! CRTM Version measured.\n", __func__); + + /* Log the items defined by the mainboard */ + for (i = 0; i < mb_log_list_count; i++) { + status = mb_measure_log_worker( + ActivePcrs, mb_log_list[i].cbfs_name, + mb_log_list[i].cbfs_type, mb_log_list[i].pcr, + mb_log_list[i].eventType, + mb_log_list[i].event_msg); + if (status != TPM_SUCCESS) { + printk(BIOS_DEBUG, "%s: Fail! %s can't be measured." + "ABORTING!!!\n", __func__, + mb_log_list[i].cbfs_name); + return status; + } + printk(BIOS_DEBUG, "%s: Success! %s measured to pcr" + "%d.\n", __func__, mb_log_list[i].cbfs_name, + mb_log_list[i].pcr); + } + return status; +} + +static const uint8_t crtm_version[] = CONFIG_CRTM_VERSION_STRING\ + COREBOOT_VERSION COREBOOT_EXTRA_VERSION " " COREBOOT_BUILD; + +/* + * + * mb_crtm + * + * measures the crtm version. this consists of a string than can be + * defined using make menuconfig and automatically generated version + * information. + * + * The function can be overridden at the mainboard level my simply creating a + * function with the same name there. + * + * @param[in] activePcr bitmap of the support + * + * @retval TPM_SUCCESS Operation completed successfully. + * @retval TPM_E_IOERROR Unexpected device behavior. +**/ +int __attribute__((weak))mb_crtm(EFI_TCG2_EVENT_ALGORITHM_BITMAP activePcr) +{ + int status; + TCG_PCR_EVENT2_HDR tcgEventHdr; + uint8_t hash[SHA256_DIGEST_SIZE]; + uint8_t *msgPtr; + + /* Use FirmwareVersion string to represent CRTM version. */ + printk(BIOS_DEBUG, "%s: Measure CRTM Version\n", __func__); + memset(&tcgEventHdr, 0, sizeof(tcgEventHdr)); + tcgEventHdr.pcrIndex = MBOOT_PCR_INDEX_0; + tcgEventHdr.eventType = EV_S_CRTM_VERSION; + tcgEventHdr.eventSize = sizeof(crtm_version); + printk(BIOS_DEBUG, "%s: EventSize - %u\n", __func__, + tcgEventHdr.eventSize); + + status = mboot_hash_extend_log(activePcr, 0, (uint8_t *)crtm_version, + tcgEventHdr.eventSize, &tcgEventHdr, (uint8_t *)crtm_version, + 0); + if (status) { + printk(BIOS_DEBUG, "Measure CRTM Version returned 0x%x\n", + status); + return status; + } + + status = get_intel_me_hash(hash); + if (status) { + printk(BIOS_DEBUG, "get_intel_me_hash returned 0x%x\n", status); + status = TPM_E_IOERROR; + return status; + } + + /* Add the me hash */ + printk(BIOS_DEBUG, "%s: Add the hash returned by the ME\n", + __func__); + memset(&tcgEventHdr, 0, sizeof(tcgEventHdr)); + tcgEventHdr.pcrIndex = MBOOT_PCR_INDEX_0; + tcgEventHdr.eventType = EV_S_CRTM_CONTENTS; + + if (IS_ENABLED(CONFIG_MBOOT_EVENTLOG)) { + const uint8_t me_message[] = "HASH RETURNED BY ME"; + msgPtr = (uint8_t *)msgPtr; + tcgEventHdr.eventSize = sizeof(me_message); + printk(BIOS_DEBUG, "%s: EventSize - %u\n", __func__, + tcgEventHdr.eventSize); + } else { + msgPtr = NULL; + tcgEventHdr.eventSize = 0; + } + + status = mboot_hash_extend_log(activePcr, MBOOT_HASH_PROVIDED, hash, + sizeof(hash), &tcgEventHdr, msgPtr, 0); + if (status) + printk(BIOS_DEBUG, "Add ME hash returned 0x%x\n", status); + + return status; +} +#endif // __PRE_RAM__ diff --git a/src/vendorcode/eltan/security/mboot/mboot.h b/src/vendorcode/eltan/security/mboot/mboot.h new file mode 100644 index 0000000..45a4732 --- /dev/null +++ b/src/vendorcode/eltan/security/mboot/mboot.h @@ -0,0 +1,136 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2015 Intel Corporation + * Copyright (C) 2018 Eltan B.V. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#ifndef MBOOT_H +#define MBOOT_H + +#include <arch/io.h> +#include <arch/acpi.h> +#include <string.h> +#include <console/console.h> +#include <cryptolib.h> +#include <cbfs.h> +#include <lib.h> +#include <boot/coreboot_tables.h> +#include <security/tpm/tss/tcg-2.0/tss_structures.h> +#include <security/tpm/tss.h> + +/* TPM2 interface */ +#define EFI_TPM2_ACPI_TABLE_START_METHOD_TIS 6 +#define TPM_SHA1_160_HASH_LEN 0x14 + +/* Part 2, section 5.4: TPM_DIGEST */ +typedef struct tdTPM_DIGEST { + int8_t digest[TPM_SHA1_160_HASH_LEN]; +} TPM_DIGEST; + +/* Index to a PCR register */ +typedef uint32_t TPM_PCRINDEX; +typedef uint32_t TCG_EVENTTYPE; +typedef TPM_PCRINDEX TCG_PCRINDEX; +typedef TPM_DIGEST TCG_DIGEST; + +/* TCG_PCR_EVENT_HDR */ +typedef struct tdTCG_PCR_EVENT_HDR { + TCG_PCRINDEX pcrIndex; + TCG_EVENTTYPE eventType; + TCG_DIGEST digest; + uint32_t eventSize; +} __packed TCG_PCR_EVENT_HDR; + +/* TCG_PCR_EVENT2_HDR */ +typedef struct tdTCG_PCR_EVENT2_HDR { + TCG_PCRINDEX pcrIndex; + TCG_EVENTTYPE eventType; + TPML_DIGEST_VALUES digest; + uint32_t eventSize; +} __packed TCG_PCR_EVENT2_HDR; + +typedef uint32_t EFI_TCG2_EVENT_ALGORITHM_BITMAP; + +#define EFI_TCG2_BOOT_HASH_ALG_SHA1 0x00000001 +#define EFI_TCG2_BOOT_HASH_ALG_SHA256 0x00000002 +#define EFI_TCG2_BOOT_HASH_ALG_SHA384 0x00000004 +#define EFI_TCG2_BOOT_HASH_ALG_SHA512 0x00000008 +#define EFI_TCG2_BOOT_HASH_ALG_SM3_256 0x00000010 + +/* Standard event types */ +#define EV_POST_CODE ((TCG_EVENTTYPE) 0x00000001) +#define EV_NO_ACTION ((TCG_EVENTTYPE) 0x00000003) +#define EV_SEPARATOR ((TCG_EVENTTYPE) 0x00000004) +#define EV_S_CRTM_CONTENTS ((TCG_EVENTTYPE) 0x00000007) +#define EV_S_CRTM_VERSION ((TCG_EVENTTYPE) 0x00000008) +#define EV_CPU_MICROCODE ((TCG_EVENTTYPE) 0x00000009) +#define EV_TABLE_OF_DEVICES ((TCG_EVENTTYPE) 0x0000000B) + +#define MBOOT_PCR_INDEX_0 0x0 +#define MBOOT_PCR_INDEX_1 0x1 +#define MBOOT_PCR_INDEX_2 0x2 +#define MBOOT_PCR_INDEX_3 0x3 +#define MBOOT_PCR_INDEX_4 0x4 +#define MBOOT_PCR_INDEX_5 0x5 +#define MBOOT_PCR_INDEX_6 0x6 +#define MBOOT_PCR_INDEX_7 0x7 + +/* + * used to indicate a hash is provide so there is no need to perform the + * measurement + */ +#define MBOOT_HASH_PROVIDED (0x00000001) + + +int is_zero_buffer(void *buffer, unsigned int size); + +int mboot_hash_extend_log(EFI_TCG2_EVENT_ALGORITHM_BITMAP activePcr, + uint64_t flags, uint8_t *hashData, uint32_t hashDataLen, + TCG_PCR_EVENT2_HDR *newEventHdr, uint8_t *eventLog, uint8_t invalid); + +void mboot_print_buffer(uint8_t *buffer, uint32_t bufferSize); + +int mb_crtm(EFI_TCG2_EVENT_ALGORITHM_BITMAP activePcr); + +typedef struct { + const char *cbfs_name; + uint32_t cbfs_type; + uint32_t pcr; + TCG_EVENTTYPE eventType; + const char *event_msg; +} mboot_measure_item_t; + +int mb_measure_log_worker(EFI_TCG2_EVENT_ALGORITHM_BITMAP activePcr, + const char *name, uint32_t type, uint32_t pcr, + TCG_EVENTTYPE eventType, const char *event_msg); + +int mb_measure_log_start(void); +void invalidate_pcrs(void); + +EFI_TCG2_EVENT_ALGORITHM_BITMAP tpm2_get_active_pcrs(void); + +int tpm2_get_capability_pcrs(TPML_PCR_SELECTION *Pcrs); + +extern const mboot_measure_item_t mb_log_list[]; +extern const uint32_t mb_log_list_count; + +int mb_measure(int wake_from_s3); +int mb_entry(int wake_from_s3); + +int log_efi_specid_event(EFI_TCG2_EVENT_ALGORITHM_BITMAP ActivePcrs); +int log_event_tcg_20_format(TCG_PCR_EVENT2_HDR *EventHdr, uint8_t *EventLog); +int log_event_tcg_12_format(TCG_PCR_EVENT2_HDR *EventHdr, uint8_t *EventLog); + +int get_intel_me_hash(uint8_t *hash); + +#endif /* MBOOT_H */ diff --git a/src/vendorcode/eltan/security/mboot/mboot_func.c b/src/vendorcode/eltan/security/mboot/mboot_func.c new file mode 100644 index 0000000..ec66d34 --- /dev/null +++ b/src/vendorcode/eltan/security/mboot/mboot_func.c @@ -0,0 +1,28 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2018 Eltan B.V. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <mboot.h> + +int log_efi_specid_event(EFI_TCG2_EVENT_ALGORITHM_BITMAP ActivePcrs) { + return TPM_SUCCESS; +} + +int log_event_tcg_12_format(TCG_PCR_EVENT2_HDR *EventHdr, uint8_t *EventLog) { + return TPM_SUCCESS; +} + +int log_event_tcg_20_format(TCG_PCR_EVENT2_HDR *EventHdr, uint8_t *EventLog) { + return TPM_SUCCESS; +} -- To view, visit https://review.coreboot.org/c/coreboot/+/30833 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I7f880a17e240515dd42d57383b5ddddf576985b0 Gerrit-Change-Number: 30833 Gerrit-PatchSet: 1 Gerrit-Owner: Frans Hendriks <fhendriks(a)eltan.com> Gerrit-MessageType: newchange

5 18

Change in ...coreboot[master]: [WIP] binaryPI: Drop PSP Secure OS from build
by Kyösti Mälkki (Code Review) 17 Sep '19

17 Sep '19

Kyösti Mälkki has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/31075 Change subject: [WIP] binaryPI: Drop PSP Secure OS from build ...................................................................... [WIP] binaryPI: Drop PSP Secure OS from build For pcengines/apu2 variants we do not even send DRAM ready message to PSP. Possibly some GFX/DRM depends of running PSP but these devices are headless. And we don't support fTPM inside PSP either. Reduces blob footprint in SPI from 466 KiB to 234KiB. Change-Id: I803722171cba9b3601fb0b4a2c0e984566f435ab Signed-off-by: Kyösti Mälkki <kyosti.malkki(a)gmail.com> --- M src/southbridge/amd/pi/hudson/Makefile.inc 1 file changed, 7 insertions(+), 8 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/75/31075/1 diff --git a/src/southbridge/amd/pi/hudson/Makefile.inc b/src/southbridge/amd/pi/hudson/Makefile.inc index e990f9d..81fe7ff 100644 --- a/src/southbridge/amd/pi/hudson/Makefile.inc +++ b/src/southbridge/amd/pi/hudson/Makefile.inc @@ -85,13 +85,12 @@ FIRMWARE_TYPE= PSPBTLDR_FILE=$(top)/$(FIRMWARE_LOCATE)/PspBootLoader.Bypass.sbin -PSPRCVR_FILE=$(top)/$(FIRMWARE_LOCATE)/PspRecovery.sbin -PSPSCUREOS_FILE=$(top)/$(FIRMWARE_LOCATE)/PspSecureOs.sbin -PSPTRUSTLETS_FILE=$(top)/$(FIRMWARE_LOCATE)/trustlets.bin -TRUSTLETKEY_FILE=$(top)/$(FIRMWARE_LOCATE)/Trustlet.tkn.cert +#PSPRCVR_FILE=$(top)/$(FIRMWARE_LOCATE)/PspRecovery.sbin +#PSPSCUREOS_FILE=$(top)/$(FIRMWARE_LOCATE)/PspSecureOs.sbin +#PSPTRUSTLETS_FILE=$(top)/$(FIRMWARE_LOCATE)/trustlets.bin +#TRUSTLETKEY_FILE=$(top)/$(FIRMWARE_LOCATE)/Trustlet.tkn.cert endif - ifeq ($(CONFIG_CPU_AMD_PI_00660F01), y) FIRMWARE_LOCATE=$(dir $(call strip_quotes, $(CONFIG_AMD_PUBKEY_FILE))) FIRMWARE_TYPE=CZ @@ -104,12 +103,12 @@ SMUFIRMWARE2_FILE=$(top)/$(FIRMWARE_LOCATE)/SmuFirmware2_prod_CZ.sbin endif -PUBSIGNEDKEY_FILE=$(top)/$(FIRMWARE_LOCATE)/RtmPubSigned$(FIRMWARE_TYPE).key -PSPNVRAM_FILE=$(top)/$(FIRMWARE_LOCATE)/PspNvram$(FIRMWARE_TYPE).bin +#PUBSIGNEDKEY_FILE=$(top)/$(FIRMWARE_LOCATE)/RtmPubSigned$(FIRMWARE_TYPE).key +#PSPNVRAM_FILE=$(top)/$(FIRMWARE_LOCATE)/PspNvram$(FIRMWARE_TYPE).bin SMUFWM_FILE=$(top)/$(FIRMWARE_LOCATE)/SmuFirmware$(FIRMWARE_TYPE).sbin SMUFWM_FN_FILE=$(top)/$(FIRMWARE_LOCATE)/SmuFirmware$(FIRMWARE_TYPE)_FN.sbin SMUSCS_FILE=$(top)/$(FIRMWARE_LOCATE)/SmuScs$(FIRMWARE_TYPE).bin -PSPSECUREDEBUG_FILE=$(top)/$(FIRMWARE_LOCATE)/PspSecureDebug$(FIRMWARE_TYPE).Key +#PSPSECUREDEBUG_FILE=$(top)/$(FIRMWARE_LOCATE)/PspSecureDebug$(FIRMWARE_TYPE).Key endif -- To view, visit https://review.coreboot.org/c/coreboot/+/31075 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I803722171cba9b3601fb0b4a2c0e984566f435ab Gerrit-Change-Number: 31075 Gerrit-PatchSet: 1 Gerrit-Owner: Kyösti Mälkki <kyosti.malkki(a)gmail.com> Gerrit-MessageType: newchange

3 4

Change in ...coreboot[master]: [WIP] binaryPI: Move Hudson firmware higher in CBFS
by Kyösti Mälkki (Code Review) 17 Sep '19

17 Sep '19

Kyösti Mälkki has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/31074 Change subject: [WIP] binaryPI: Move Hudson firmware higher in CBFS ...................................................................... [WIP] binaryPI: Move Hudson firmware higher in CBFS Move it above 'AGESA' to increase the maximum continuous free space in CBFS from 5.3 MiB to 5.8 MiB. Also fixes build for cases where CBFS_SIZE < ROM_SIZE, thus allowing FMAP regions. NOTE: Due to off-by-one error in binaryPI, offset 0xFFFA0000 that amdfwtool advertises fails for xHCI firmware loading. Change-Id: Ic78520f4248f0943769e66a8825911c0ddcc368c Signed-off-by: Kyösti Mälkki <kyosti.malkki(a)gmail.com> --- M src/southbridge/amd/pi/hudson/Makefile.inc 1 file changed, 5 insertions(+), 0 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/74/31074/1 diff --git a/src/southbridge/amd/pi/hudson/Makefile.inc b/src/southbridge/amd/pi/hudson/Makefile.inc index 22e38c7..e990f9d 100644 --- a/src/southbridge/amd/pi/hudson/Makefile.inc +++ b/src/southbridge/amd/pi/hudson/Makefile.inc @@ -72,7 +72,11 @@ # # EC ROM should be 64K aligned. +ifeq ($(CONFIG_AMDFW_OUTSIDE_CBFS),y) HUDSON_FWM_POSITION=$(call int-add, $(call int-subtract, 0xffffffff $(CONFIG_ROM_SIZE)) 0x20000 1) +else +HUDSON_FWM_POSITION=0xfff20000 +endif ifeq ($(CONFIG_HUDSON_PSP), y) @@ -191,6 +195,7 @@ $(OPT_2SMUFIRMWARE2_FN_FILE) \ $(OPT_2SMUSCS_FILE) \ --flashsize $(CONFIG_ROM_SIZE) \ + --location $(HUDSON_FWM_POSITION) \ --output $@ ifeq ($(CONFIG_AMDFW_OUTSIDE_CBFS),y) -- To view, visit https://review.coreboot.org/c/coreboot/+/31074 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: Ic78520f4248f0943769e66a8825911c0ddcc368c Gerrit-Change-Number: 31074 Gerrit-PatchSet: 1 Gerrit-Owner: Kyösti Mälkki <kyosti.malkki(a)gmail.com> Gerrit-MessageType: newchange

3 6

Change in ...coreboot[master]: [WIP] binaryPI: Refactor Makefile for PSP directory
by Kyösti Mälkki (Code Review) 17 Sep '19

17 Sep '19

Kyösti Mälkki has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/31073 Change subject: [WIP] binaryPI: Refactor Makefile for PSP directory ...................................................................... [WIP] binaryPI: Refactor Makefile for PSP directory Change-Id: I3c2d528519ac26b24159a46400f232d6acd629e9 Signed-off-by: Kyösti Mälkki <kyosti.malkki(a)gmail.com> --- M src/southbridge/amd/pi/hudson/Makefile.inc 1 file changed, 15 insertions(+), 53 deletions(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/73/31073/1 diff --git a/src/southbridge/amd/pi/hudson/Makefile.inc b/src/southbridge/amd/pi/hudson/Makefile.inc index c7cd757..22e38c7 100644 --- a/src/southbridge/amd/pi/hudson/Makefile.inc +++ b/src/southbridge/amd/pi/hudson/Makefile.inc @@ -74,77 +74,39 @@ HUDSON_FWM_POSITION=$(call int-add, $(call int-subtract, 0xffffffff $(CONFIG_ROM_SIZE)) 0x20000 1) -## ifeq ($(CONFIG_HUDSON_PSP), y) -## -### 0 -## ifeq ($(CONFIG_CPU_AMD_PI_00730F01), y) FIRMWARE_LOCATE=$(dir $(call strip_quotes, $(CONFIG_AMD_PUBKEY_FILE))) FIRMWARE_TYPE= + +PSPBTLDR_FILE=$(top)/$(FIRMWARE_LOCATE)/PspBootLoader.Bypass.sbin +PSPRCVR_FILE=$(top)/$(FIRMWARE_LOCATE)/PspRecovery.sbin +PSPSCUREOS_FILE=$(top)/$(FIRMWARE_LOCATE)/PspSecureOs.sbin +PSPTRUSTLETS_FILE=$(top)/$(FIRMWARE_LOCATE)/trustlets.bin +TRUSTLETKEY_FILE=$(top)/$(FIRMWARE_LOCATE)/Trustlet.tkn.cert endif -## + + ifeq ($(CONFIG_CPU_AMD_PI_00660F01), y) FIRMWARE_LOCATE=$(dir $(call strip_quotes, $(CONFIG_AMD_PUBKEY_FILE))) FIRMWARE_TYPE=CZ + +PSPBTLDR_FILE=$(top)/$(FIRMWARE_LOCATE)/PspBootLoader_prod_CZ.sbin +PSPRCVR_FILE=$(top)/$(FIRMWARE_LOCATE)/PspRecoveryBootLoader_prod_CZ.sbin +PSPSCUREOS_FILE=$(top)/$(FIRMWARE_LOCATE)/PspSecureOs_prod_CZ.csbin +PSPTRUSTLETS_FILE=$(top)/$(FIRMWARE_LOCATE)/PspTrustlets_prod_CZ.cbin +TRUSTLETKEY_FILE=$(top)/$(FIRMWARE_LOCATE)/TrustletKey_prod_CZ.sbin +SMUFIRMWARE2_FILE=$(top)/$(FIRMWARE_LOCATE)/SmuFirmware2_prod_CZ.sbin endif -###5 PUBSIGNEDKEY_FILE=$(top)/$(FIRMWARE_LOCATE)/RtmPubSigned$(FIRMWARE_TYPE).key -###1 -ifeq ($(CONFIG_CPU_AMD_PI_00730F01), y) -PSPBTLDR_FILE=$(top)/$(FIRMWARE_LOCATE)/PspBootLoader$(FIRMWARE_TYPE).Bypass.sbin -else ifeq ($(CONFIG_CPU_AMD_PI_00660F01), y) -PSPBTLDR_FILE=$(top)/$(FIRMWARE_LOCATE)/PspBootLoader_prod_$(FIRMWARE_TYPE).sbin -endif - -###3 -ifeq ($(CONFIG_CPU_AMD_PI_00730F01), y) -PSPRCVR_FILE=$(top)/$(FIRMWARE_LOCATE)/PspRecovery$(FIRMWARE_TYPE).sbin -else ifeq ($(CONFIG_CPU_AMD_PI_00660F01), y) -PSPRCVR_FILE=$(top)/$(FIRMWARE_LOCATE)/PspRecoveryBootLoader_prod_$(FIRMWARE_TYPE).sbin -endif - -###2 -ifeq ($(CONFIG_CPU_AMD_PI_00730F01), y) -PSPSCUREOS_FILE=$(top)/$(FIRMWARE_LOCATE)/PspSecureOs$(FIRMWARE_TYPE).sbin -else ifeq ($(CONFIG_CPU_AMD_PI_00660F01), y) -PSPSCUREOS_FILE=$(top)/$(FIRMWARE_LOCATE)/PspSecureOs_prod_$(FIRMWARE_TYPE).csbin -endif - -###4 PSPNVRAM_FILE=$(top)/$(FIRMWARE_LOCATE)/PspNvram$(FIRMWARE_TYPE).bin - -###8 SMUFWM_FILE=$(top)/$(FIRMWARE_LOCATE)/SmuFirmware$(FIRMWARE_TYPE).sbin SMUFWM_FN_FILE=$(top)/$(FIRMWARE_LOCATE)/SmuFirmware$(FIRMWARE_TYPE)_FN.sbin - -###95 SMUSCS_FILE=$(top)/$(FIRMWARE_LOCATE)/SmuScs$(FIRMWARE_TYPE).bin - -###9 PSPSECUREDEBUG_FILE=$(top)/$(FIRMWARE_LOCATE)/PspSecureDebug$(FIRMWARE_TYPE).Key -###12 -ifeq ($(CONFIG_CPU_AMD_PI_00730F01), y) -PSPTRUSTLETS_FILE=$(top)/$(FIRMWARE_LOCATE)/trustlets.bin -else ifeq ($(CONFIG_CPU_AMD_PI_00660F01), y) -PSPTRUSTLETS_FILE=$(top)/$(FIRMWARE_LOCATE)/PspTrustlets_prod_$(FIRMWARE_TYPE).cbin -endif - -###13 -ifeq ($(CONFIG_CPU_AMD_PI_00730F01), y) -TRUSTLETKEY_FILE=$(top)/$(FIRMWARE_LOCATE)/Trustlet.tkn.cert -else ifeq ($(CONFIG_CPU_AMD_PI_00660F01), y) -TRUSTLETKEY_FILE=$(top)/$(FIRMWARE_LOCATE)/TrustletKey_prod_$(FIRMWARE_TYPE).sbin -endif - -###18 -ifeq ($(CONFIG_CPU_AMD_PI_00660F01), y) -SMUFIRMWARE2_FILE=$(top)/$(FIRMWARE_LOCATE)/SmuFirmware2_prod_$(FIRMWARE_TYPE).sbin -endif - endif add_opt_prefix=$(if $(call strip_quotes, $(1)), $(2) $(call strip_quotes, $(1)), ) -- To view, visit https://review.coreboot.org/c/coreboot/+/31073 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I3c2d528519ac26b24159a46400f232d6acd629e9 Gerrit-Change-Number: 31073 Gerrit-PatchSet: 1 Gerrit-Owner: Kyösti Mälkki <kyosti.malkki(a)gmail.com> Gerrit-MessageType: newchange

3 4

Change in ...coreboot[master]: 3rdparty/chromeec: Update to latest master
by Nico Huber (Code Review) 16 Sep '19

16 Sep '19

Hello HAOUAS Elyes, I'd like you to do a code review. Please visit https://review.coreboot.org/c/coreboot/+/30679 to review the following change. Change subject: 3rdparty/chromeec: Update to latest master ...................................................................... 3rdparty/chromeec: Update to latest master It's been some time and there are 1420 new commits. Including one that allows reproducible builds \o/ and one that breaks building with empty $(CC) :-/ Change-Id: I5e81d5a2f1018481b9103fc5a1f4b8c72fb9deec Signed-off-by: Elyes HAOUAS <ehaouas(a)noos.fr> Signed-off-by: Nico Huber <nico.h(a)gmx.de> --- M 3rdparty/chromeec M src/ec/google/chromeec/Makefile.inc 2 files changed, 5 insertions(+), 1 deletion(-) git pull ssh://review.coreboot.org:29418/coreboot refs/changes/79/30679/1 diff --git a/3rdparty/chromeec b/3rdparty/chromeec index 11bd4c0..860fe29 160000 --- a/3rdparty/chromeec +++ b/3rdparty/chromeec @@ -1 +1 @@ -Subproject commit 11bd4c0f4d11357ab830982d7dec164813c886dd +Subproject commit 860fe2962d40ee901369d1dc67f4aa7a7a42ba4d diff --git a/src/ec/google/chromeec/Makefile.inc b/src/ec/google/chromeec/Makefile.inc index 85e2599..f005cbc 100644 --- a/src/ec/google/chromeec/Makefile.inc +++ b/src/ec/google/chromeec/Makefile.inc @@ -62,6 +62,8 @@ $(obj)/mainboard/$(MAINBOARDDIR)/ecrw: $(MAKE) -C $(CHROMEEC_SOURCE) $(if $(CONFIG_CCACHE),,CCACHE=) \ out=$(abspath $(obj)/external/chromeec/$(CONFIG_EC_GOOGLE_CHROMEEC_BOARDNAME)) \ + REPRODUCIBLE_BUILD=1 \ + CC=$(GCC_CC_arm) \ CROSS_COMPILE=$(subst -cpp,-,$(CPP_arm)) \ HOST_CROSS_COMPILE= \ BOARD=$(CONFIG_EC_GOOGLE_CHROMEEC_BOARDNAME) \ @@ -99,6 +101,8 @@ $(obj)/mainboard/$(MAINBOARDDIR)/pdrw: $(MAKE) -C $(CHROMEEC_SOURCE) $(if $(CONFIG_CCACHE),,CCACHE=) \ out=$(abspath $(obj)/external/chromeec/$(CONFIG_EC_GOOGLE_CHROMEEC_PD_BOARDNAME)) \ + REPRODUCIBLE_BUILD=1 \ + CC=$(GCC_CC_arm) \ CROSS_COMPILE=$(subst -cpp,-,$(CPP_arm)) \ HOST_CROSS_COMPILE= \ BOARD=$(CONFIG_EC_GOOGLE_CHROMEEC_PD_BOARDNAME) \ -- To view, visit https://review.coreboot.org/c/coreboot/+/30679 To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings Gerrit-Project: coreboot Gerrit-Branch: master Gerrit-Change-Id: I5e81d5a2f1018481b9103fc5a1f4b8c72fb9deec Gerrit-Change-Number: 30679 Gerrit-PatchSet: 1 Gerrit-Owner: Nico Huber <nico.h(a)gmx.de> Gerrit-Reviewer: HAOUAS Elyes <ehaouas(a)noos.fr> Gerrit-MessageType: newchange

2 2

← Newer
1
2
3
4
5
6
7
8
9
...
130
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

coreboot-gerrit January 2019