r1543 - in cpu/x86/pc: . olpc olpc/via - openfirmware

6 Dec 2009

Author: wmb
Date: 2009-12-06 15:04:38 +0100 (Sun, 06 Dec 2009)
New Revision: 1543
Added:
   cpu/x86/pc/olpc/xpsecure.fth
Modified:
   cpu/x86/pc/biosints.fth
   cpu/x86/pc/linux.fth
   cpu/x86/pc/olpc/fw.bth
   cpu/x86/pc/olpc/sba.fth
   cpu/x86/pc/olpc/security.fth
   cpu/x86/pc/olpc/via/fw.bth
Log:
Integrated XP secure boot into OLPC/Bitfrost security scheme.
Modified: cpu/x86/pc/biosints.fth
===================================================================

--- cpu/x86/pc/biosints.fth	2009-12-06 13:57:39 UTC (rev 1542)
+++ cpu/x86/pc/biosints.fth	2009-12-06 14:04:38 UTC (rev 1543)
@@ -1171,7 +1171,7 @@
       bypass-bios-boot?  if  false exit  then
       " ext:1" ntfs?  if
          " ext:0" set-hd-boot
-     " sound-end" evaluate
+         " sound-end" evaluate
true exit
       then
Modified: cpu/x86/pc/linux.fth
===================================================================
--- cpu/x86/pc/linux.fth	2009-12-06 13:57:39 UTC (rev 1542)
+++ cpu/x86/pc/linux.fth	2009-12-06 14:04:38 UTC (rev 1543)
@@ -191,7 +191,8 @@
 ' ramdisk-buf  " ramdisk" chosen-string
defer load-ramdisk
-: place-ramdisk  ( adr len -- )
+defer place-ramdisk
+: linux-place-ramdisk  ( adr len -- )
    to /ramdisk                                    ( adr )
\ Move ramdisk to top of memory for new kernels.  In principle,
@@ -290,6 +291,7 @@
    false to linux-loaded?
    init-program
    linux-loaded?  if
+      ['] linux-place-ramdisk to place-ramdisk
       claim-params
       memory-limit to linux-memtop  \ load-ramdisk may change this
       ['] load-ramdisk guarded
Modified: cpu/x86/pc/olpc/fw.bth
===================================================================
--- cpu/x86/pc/olpc/fw.bth	2009-12-06 13:57:39 UTC (rev 1542)
+++ cpu/x86/pc/olpc/fw.bth	2009-12-06 14:04:38 UTC (rev 1543)
@@ -360,6 +360,7 @@
 fload ${BP}/cpu/x86/pc/olpc/setwp.fth
 fload ${BP}/cpu/x86/pc/olpc/sound.fth
 fload ${BP}/cpu/x86/pc/olpc/security.fth
+fload ${BP}/cpu/x86/pc/olpc/xpsecure.fth
 fload ${BP}/ofw/gui/ofpong.fth
 fload ${BP}/cpu/x86/pc/olpc/life.fth
 [ifdef] wlan-wackup
Modified: cpu/x86/pc/olpc/sba.fth
===================================================================
--- cpu/x86/pc/olpc/sba.fth	2009-12-06 13:57:39 UTC (rev 1542)
+++ cpu/x86/pc/olpc/sba.fth	2009-12-06 14:04:38 UTC (rev 1543)
@@ -1,18 +1,20 @@
 \ See license at end of file
 purpose: Subrange device to access Secure Boot Area between boot record and first partition
+support-package: secure-boot-area
+
 d# 512 constant /sector
 /sector instance buffer: sector-buf
-0 instance 2value image-size
-0 instance 2value seek-ptr
+0. instance 2value image-size
+0. instance 2value seek-ptr
 external
 \ Expose for the OLPC security scheme
-0 instance 2value offset
+0. instance 2value offset
: clip-size  ( adr len -- adr len' )
    u>d seek-ptr d+                 ( adr d.endptr )
-   2dup image-size d>  if          ( adr d.endptr )
+   image-size 2over d<  if         ( adr d.endptr )
       2drop image-size             ( adr d.endlimit )
    then                            ( adr d.endlimit )
    seek-ptr d- drop                ( adr len' )
@@ -22,17 +24,18 @@
 : ptable-adr  ( -- start )  sector-buf  h# 1be +  ;
: open  ( -- flag )
+   0. " seek" $call-parent  if  false exit  then
    sector-buf /sector " read" $call-parent  /sector <>  if  false exit  then
    sector-buf h# 1fe + le-w@  h# aa55  <>  if  false exit  then      \ FDisk?
-   ptable-adr 4 + c@  7 <>  if  false exit  then   \ NTFS?
-   ptable-adr 8 + le-l@  /sector um* to image-size
-   h# 10 /sector um* to offset
+   ptable-adr 4 + c@  7 <>  if  false exit  then                     \ NTFS?
+   ptable-adr 8 + le-l@  1-  /sector um* to image-size  \ The 1- skips sector 0
+   /sector u>d to offset   \ The SBA starts just after the Master Boot Record sector
    true
 ;
external
 : seek  ( d.offset -- status )
-   2dup image-size d>  if  2drop true  exit  then  \ Seek offset too big
+   image-size 2over d<  if  2drop true  exit  then  \ Seek offset too big
    to seek-ptr
    seek-ptr offset d+  " seek" $call-parent
 ;
@@ -42,8 +45,8 @@
    " read" $call-parent          ( len' )
    update-ptr                    ( len' )
 ;
+end-support-package
-
 \ LICENSE_BEGIN
 \ Copyright (c) 2009 FirmWorks
 \
Modified: cpu/x86/pc/olpc/security.fth
===================================================================
--- cpu/x86/pc/olpc/security.fth	2009-12-06 13:57:39 UTC (rev 1542)
+++ cpu/x86/pc/olpc/security.fth	2009-12-06 14:04:38 UTC (rev 1543)
@@ -1071,7 +1071,7 @@
   " dk" find-tag  dup  if  nip nip  then
 ;
-: all-devices$  ( -- list$ )  " disk: ext: int:"  ;
+: all-devices$  ( -- list$ )  " sba: disk: ext: int:"  ;
: secure-startup  ( -- )
    in-factory?  if
Modified: cpu/x86/pc/olpc/via/fw.bth
===================================================================
--- cpu/x86/pc/olpc/via/fw.bth	2009-12-06 13:57:39 UTC (rev 1542)
+++ cpu/x86/pc/olpc/via/fw.bth	2009-12-06 14:04:38 UTC (rev 1543)
@@ -395,6 +395,7 @@
 fload ${BP}/cpu/x86/pc/olpc/sound.fth
 fload ${BP}/cpu/x86/pc/olpc/via/sound.fth
 fload ${BP}/cpu/x86/pc/olpc/security.fth
+fload ${BP}/cpu/x86/pc/olpc/xpsecure.fth
 fload ${BP}/ofw/gui/ofpong.fth
 fload ${BP}/cpu/x86/pc/olpc/life.fth
 [ifdef] wlan-wackup
Added: cpu/x86/pc/olpc/xpsecure.fth
===================================================================
--- cpu/x86/pc/olpc/xpsecure.fth	                        (rev 0)
+++ cpu/x86/pc/olpc/xpsecure.fth	2009-12-06 14:04:38 UTC (rev 1543)
@@ -0,0 +1,59 @@
+h# b00.0000 constant ramdisk-base
+
+\ Create a new device node implementing a ramdisk device,
+\ supporting the usual block device interface methods.
+
+fload ${BP}/dev/ramdisk.fth
+fload ${BP}/cpu/x86/pc/olpc/sba.fth
+
+devalias sba ext:0//secure-boot-area//zip-file-system
+
+0 value ramdisk-ih  \ Instance handle for accessing ramdisk device
+
+\ Setup the ramdisk driver as the INT 13 data source, from the data at adr,len
+: xpsecure-place-ramdisk  ( adr len -- )
+   " /ramdisk" open-dev to ramdisk-ih             ( adr len )
+
+   \ Tell the ramdisk driver its actual size
+   dup u>d  " set-size" ramdisk-ih $call-method   ( adr len )
+
+   \ Copy in the data
+   ramdisk-base swap move                         ( )
+
+   \ Tell the BIOS INT 13 emulator code to use the ramdisk instead of the SD
+   ramdisk-ih to bios-disk-ih
+   h# 80 to bios-boot-dev#
+;
+
+h# 20000 constant ntldr-base  \ The address where NTLDR expects to be loaded
+
+false value ntldr-prepped?
+: is-ntldr?  ( adr len -- flag )
+   h# 5000 <  if  drop false exit  then
+   " NTLDR is corrupt" rot h# 5000 sindex -1 <>
+;
+
+warning @ warning off
+: execute-buffer  ( -- )
+   ntldr-prepped?  if
+      \ set-mode3  \ Probably unnecessary as NTLDR does it internally
+      visible
+      init-regs ntldr-base rm-run          \ Start NTLDR in real mode
+   then
+   execute-buffer
+;
+
+: init-program  ( -- )
+   loaded is-ntldr?  if
+      prep-rm                                      \ Turn on BIOS emulation
+      loaded ntldr-base swap move                  \ Move NTLDR to its execution address
+      init-regs /rm-regs erase                     \ Setup the initial register values
+      bios-boot-dev#  init-regs >rm-edx c!         \ DL must contain the boot device ID
+      true to ntldr-prepped?                       \ Tell execute-buffer to execute NTLDR
+      ['] xpsecure-place-ramdisk to place-ramdisk  \ Setup ramdisk preparation hook
+      ['] load-ramdisk guarded                     \ Run ramdisk loader
+      exit
+   then
+   init-program
+;
+warning !

    