util/amdfwtool: Generate hashes for signed AMDFW components

Generate SHA256/SHA384 hash of the signed firmware so that PSP verstage
can pass it to PSP. The PSP will use these hashes to verify the
integrity of those signed firmwares.

BUG=b:203597980
TEST=Build Skyrim BIOS image.

Change-Id: I50d278536ba1eac754eb8a39c4c2e428a2371c44
Signed-off-by: Kangheui Won <khwon@chromium.org>
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60290
Reviewed-by: Jon Murphy <jpmurphy@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This commit is contained in:
Kangheui Won 2021-12-21 15:45:06 +11:00 committed by Martin Roth
parent bb31562e9e
commit 5b84dfd1c1
4 changed files with 233 additions and 8 deletions

View File

@ -1,7 +1,11 @@
# SPDX-License-Identifier: BSD-3-Clause
top ?= $(abspath ../..)
ifneq ($(CC),)
HOSTCC ?= $(CC)
else
HOSTCC ?= cc
endif
READ_SRC = amdfwread.c
READ_OBJ = $(READ_SRC:%.c=%.o)
@ -13,16 +17,24 @@ WERROR=-Werror
CFLAGS=-O2 -Wall -Wextra -Wshadow ${WERROR}
CFLAGS += -I $(top)/src/commonlib/bsd/include
ifneq ($(PKG_CONFIG),)
HOSTPKGCONFIG ?= $(PKG_CONFIG)
else
HOSTPKGCONFIG ?= pkg-config
endif
CFLAGS += $(shell $(HOSTPKGCONFIG) --cflags libcrypto)
LDFLAGS += $(shell $(HOSTPKGCONFIG) --libs libcrypto)
all: $(TARGETS)
amdfwread: $(READ_OBJ)
$(CC) $(READ_OBJ) $(LDFLAGS) -o $@
$(HOSTCC) $(READ_OBJ) $(LDFLAGS) -o $@
amdfwtool: $(TOOL_OBJ)
$(CC) $(TOOL_OBJ) $(LDFLAGS) -o $@
$(HOSTCC) $(TOOL_OBJ) $(LDFLAGS) -o $@
%.o: %.c $(HEADER)
$(CC) $(CFLAGS) -c -o $@ $<
$(HOSTCC) $(CFLAGS) -c -o $@ $<
clean:
@rm -f $(TARGETS) $(READ_OBJ) $(TOOL_OBJ)

View File

@ -5,9 +5,14 @@ amdfwtoolobj = amdfwtool.o data_parse.o
AMDFWTOOLCFLAGS=-O2 -Wall -Wextra -Wshadow -Werror
AMDFWTOOLCFLAGS += -I $(top)/src/commonlib/bsd/include
HOSTPKGCONFIG ?= pkg-config
AMDFWTOOLCFLAGS += $(shell $(HOSTPKGCONFIG) --cflags libcrypto)
LDFLAGS += $(shell $(HOSTPKGCONFIG) --libs libcrypto)
$(objutil)/amdfwtool/%.o: $(top)/util/amdfwtool/%.c # $(HEADER)
$(HOSTCC) $(AMDFWTOOLCFLAGS) $(HOSTCFLAGS) -c -o $@ $<
$(objutil)/amdfwtool/amdfwtool: $(addprefix $(objutil)/amdfwtool/,$(amdfwtoolobj))
printf " AMDFWTOOL\n"
$(HOSTCC) $(addprefix $(objutil)/amdfwtool/,$(amdfwtoolobj)) -o $@
$(HOSTCC) $(addprefix $(objutil)/amdfwtool/,$(amdfwtoolobj)) $(LDFLAGS) -o $@

View File

@ -48,6 +48,7 @@
#include <fcntl.h>
#include <errno.h>
#include <openssl/sha.h>
#include <stdbool.h>
#include <stdio.h>
#include <sys/stat.h>
@ -74,6 +75,17 @@
#define DEFAULT_SOFT_FUSE_CHAIN "0x1"
/* Defines related to hashing signed binaries */
enum hash_header_ver {
HASH_HDR_V1 = 1,
};
/* Signature ID enums are defined by PSP based on the algorithm used. */
enum signature_id {
SIG_ID_RSA2048,
SIG_ID_RSA4096 = 2,
};
#define HASH_FILE_SUFFIX ".hash"
/*
* Beginning with Family 15h Models 70h-7F, a.k.a Stoney Ridge, the PSP
* can support an optional "combo" implementation. If the PSP sees the
@ -655,6 +667,85 @@ static uint16_t get_psp_fw_type(enum platform soc_id, struct amd_fw_header *head
}
}
static int add_single_sha(amd_fw_entry_hash *entry, void *buf, enum platform soc_id)
{
uint8_t hash[SHA384_DIGEST_LENGTH];
struct amd_fw_header *header = (struct amd_fw_header *)buf;
/* Include only signed part for hash calculation. */
size_t len = header->fw_size_signed + sizeof(struct amd_fw_header);
uint8_t *body = (uint8_t *)buf;
if (len > header->size_total)
return -1;
if (header->sig_id == SIG_ID_RSA4096) {
SHA384(body, len, hash);
entry->sha_len = SHA384_DIGEST_LENGTH;
} else if (header->sig_id == SIG_ID_RSA2048) {
SHA256(body, len, hash);
entry->sha_len = SHA256_DIGEST_LENGTH;
} else {
fprintf(stderr, "%s: Unknown signature id: 0x%08x\n",
__func__, header->sig_id);
return -1;
}
memcpy(entry->sha, hash, entry->sha_len);
entry->fw_id = get_psp_fw_type(soc_id, header);
entry->subtype = header->fw_subtype;
return 0;
}
static int get_num_binaries(void *buf, size_t buf_size)
{
struct amd_fw_header *header = (struct amd_fw_header *)buf;
size_t total_len = 0;
int num_binaries = 0;
while (total_len < buf_size) {
num_binaries++;
total_len += header->size_total;
header = (struct amd_fw_header *)(buf + total_len);
}
if (total_len != buf_size) {
fprintf(stderr, "Malformed binary\n");
return -1;
}
return num_binaries;
}
static int add_sha(amd_fw_entry *entry, void *buf, size_t buf_size, enum platform soc_id)
{
struct amd_fw_header *header = (struct amd_fw_header *)buf;
/* Include only signed part for hash calculation. */
size_t total_len = 0;
int num_binaries = get_num_binaries(buf, buf_size);
if (num_binaries <= 0)
return num_binaries;
entry->hash_entries = malloc(num_binaries * sizeof(amd_fw_entry_hash));
if (!entry->hash_entries) {
fprintf(stderr, "Error allocating memory to add FW hash\n");
return -1;
}
entry->num_hash_entries = num_binaries;
/* Iterate through each binary */
for (int i = 0; i < num_binaries; i++) {
if (add_single_sha(&entry->hash_entries[i], buf + total_len, soc_id)) {
free(entry->hash_entries);
return -1;
}
total_len += header->size_total;
header = (struct amd_fw_header *)(buf + total_len);
}
return 0;
}
static void integrate_firmwares(context *ctx,
embedded_firmware *romsig,
amd_fw_entry *fw_table)
@ -747,6 +838,88 @@ static void free_bdt_firmware_filenames(amd_bios_entry *fw_table)
}
}
static void write_or_fail(int fd, void *ptr, size_t size)
{
ssize_t written;
written = write_from_buf_to_file(fd, ptr, size);
if (written < 0 || (size_t)written != size) {
fprintf(stderr, "%s: Error writing %zu bytes - written %zd bytes\n",
__func__, size, written);
exit(-1);
}
}
static void write_one_psp_firmware_hash_entry(int fd, amd_fw_entry_hash *entry)
{
uint16_t type = entry->fw_id;
uint16_t subtype = entry->subtype;
write_or_fail(fd, &type, sizeof(type));
write_or_fail(fd, &subtype, sizeof(subtype));
write_or_fail(fd, entry->sha, entry->sha_len);
}
static void write_psp_firmware_hash(const char *filename,
amd_fw_entry *fw_table)
{
struct psp_fw_hash_table hash_header = {0};
int fd = open(filename, O_RDWR | O_CREAT | O_TRUNC, 0666);
if (fd < 0) {
fprintf(stderr, "Error opening file: %s: %s\n",
filename, strerror(errno));
exit(-1);
}
hash_header.version = HASH_HDR_V1;
for (unsigned int i = 0; fw_table[i].type != AMD_FW_INVALID; i++) {
for (unsigned int j = 0; j < fw_table[i].num_hash_entries; j++) {
if (fw_table[i].hash_entries[j].sha_len == SHA256_DIGEST_LENGTH) {
hash_header.no_of_entries_256++;
} else if (fw_table[i].hash_entries[j].sha_len ==
SHA384_DIGEST_LENGTH) {
hash_header.no_of_entries_384++;
} else if (fw_table[i].hash_entries[j].sha_len) {
fprintf(stderr, "%s: Error invalid sha_len %d\n",
__func__, fw_table[i].hash_entries[j].sha_len);
exit(-1);
}
}
}
write_or_fail(fd, &hash_header, sizeof(hash_header));
/* Add all the SHA256 hash entries first followed by SHA384 entries. PSP verstage
processes the table in that order. Mixing and matching SHA256 and SHA384 entries
will cause the hash verification failure at run-time. */
for (unsigned int i = 0; fw_table[i].type != AMD_FW_INVALID; i++) {
for (unsigned int j = 0; j < fw_table[i].num_hash_entries; j++) {
if (fw_table[i].hash_entries[j].sha_len == SHA256_DIGEST_LENGTH)
write_one_psp_firmware_hash_entry(fd,
&fw_table[i].hash_entries[j]);
}
}
for (unsigned int i = 0; fw_table[i].type != AMD_FW_INVALID; i++) {
for (unsigned int j = 0; j < fw_table[i].num_hash_entries; j++) {
if (fw_table[i].hash_entries[j].sha_len == SHA384_DIGEST_LENGTH)
write_one_psp_firmware_hash_entry(fd,
&fw_table[i].hash_entries[j]);
}
}
close(fd);
for (unsigned int i = 0; fw_table[i].type != AMD_FW_INVALID; i++) {
if (!fw_table[i].num_hash_entries || !fw_table[i].hash_entries)
continue;
free(fw_table[i].hash_entries);
fw_table[i].hash_entries = NULL;
fw_table[i].num_hash_entries = 0;
}
}
/**
* process_signed_psp_firmwares() - Process the signed PSP binaries to keep them separate
* @signed_rom: Output file path grouping all the signed PSP binaries.
@ -765,6 +938,8 @@ static void process_signed_psp_firmwares(const char *signed_rom,
int signed_rom_fd;
ssize_t bytes, align_bytes;
uint8_t *buf;
char *signed_rom_hash;
size_t signed_rom_hash_strlen;
struct amd_fw_header header;
struct stat fd_stat;
/* Every blob in amdfw*.rom has to start at address aligned to 0x100. Prepare an
@ -781,6 +956,9 @@ static void process_signed_psp_firmwares(const char *signed_rom,
}
for (i = 0; fw_table[i].type != AMD_FW_INVALID; i++) {
fw_table[i].num_hash_entries = 0;
fw_table[i].hash_entries = NULL;
if (!(fw_table[i].filename) || fw_table[i].skip_hashing)
continue;
@ -818,10 +996,6 @@ static void process_signed_psp_firmwares(const char *signed_rom,
continue;
}
if (header.size_total != fd_stat.st_size) {
close(fd);
continue;
}
/* PSP binary is not signed and should not be part of signed PSP binaries
set. */
@ -876,6 +1050,9 @@ static void process_signed_psp_firmwares(const char *signed_rom,
}
}
if (add_sha(&fw_table[i], buf, fd_stat.st_size, soc_id))
exit(-1);
/* File is successfully processed and is part of signed PSP binaries set. */
fw_table[i].fw_id = get_psp_fw_type(soc_id, &header);
fw_table[i].addr_signed = signed_start_addr;
@ -888,6 +1065,18 @@ static void process_signed_psp_firmwares(const char *signed_rom,
}
close(signed_rom_fd);
/* signed_rom file name + ".hash" + '\0' */
signed_rom_hash_strlen = strlen(signed_rom) + strlen(HASH_FILE_SUFFIX) + 1;
signed_rom_hash = malloc(signed_rom_hash_strlen);
if (!signed_rom_hash) {
fprintf(stderr, "malloc(%lu) failed\n", signed_rom_hash_strlen);
exit(-1);
}
strcpy(signed_rom_hash, signed_rom);
strcat(signed_rom_hash, HASH_FILE_SUFFIX);
write_psp_firmware_hash(signed_rom_hash, fw_table);
free(signed_rom_hash);
}
static void integrate_psp_ab(context *ctx, psp_directory_table *pspdir,

View File

@ -4,6 +4,7 @@
#define _AMD_FW_TOOL_H_
#include <commonlib/bsd/compiler.h>
#include <openssl/sha.h>
#include <stdint.h>
#include <stdbool.h>
@ -273,6 +274,14 @@ typedef struct _ish_directory_table {
#define PSP_LVL2_AB (1 << 3)
#define PSP_BOTH (PSP_LVL1 | PSP_LVL2)
#define PSP_BOTH_AB (PSP_LVL1_AB | PSP_LVL2_AB)
typedef struct _amd_fw_entry_hash {
uint16_t fw_id;
uint16_t subtype;
uint32_t sha_len;
uint8_t sha[SHA384_DIGEST_LENGTH];
} amd_fw_entry_hash;
typedef struct _amd_fw_entry {
amd_fw_type type;
/* Mendocino and later SoCs use fw_id instead of fw_type. fw_type is still around
@ -292,6 +301,8 @@ typedef struct _amd_fw_entry {
/* Some files that don't have amd_fw_header have to be skipped from hashing. These files
include but not limited to: *iKek*, *.tkn, *.stkn */
bool skip_hashing;
uint32_t num_hash_entries;
amd_fw_entry_hash *hash_entries;
} amd_fw_entry;
/* Most PSP binaries, if not all, have the following header format. */
@ -321,6 +332,14 @@ struct amd_fw_header {
uint8_t reserved_80[128];
} __packed;
struct psp_fw_hash_table {
uint16_t version;
uint16_t no_of_entries_256;
uint16_t no_of_entries_384;
/* The next 2 elements are pointers to arrays of SHA256 and SHA384 entries. */
/* It does not make sense to store pointers in the CBFS file */
} __packed;
typedef struct _amd_cb_config {
bool have_whitelist;
bool unlock_secure;