coreboot V2 with crypto library

Submitter	René Reuter
Date	2009-07-28 11:55:38
Message ID	<6b2fa9aa0907280455r552ac1e4i156d51445f7aca42@mail.gmail.com>
Download	mbox \| patch
Permalink	/patch/79/
State	Not Applicable
Headers	show Return-path: <coreboot-bounces@coreboot.org> Envelope-to: patchwork@coreboot.org DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=OFY1XWC+3KNLYL6h5b/EDvpTOiI330ekHrNK8Tw7WhQ7jznAifkIx2FeIgr8hGoQUG HSV6o8m2NECFVmeACEWjeIXZGLj+FTrDL+dREcBIlBGmFBwpp1LxKaXV9tqUky/ZO+LA eds2HtGM0aN0hd1hZ/HlECkaMSgttkUyHdEVA= MIME-Version: 1.0 In-Reply-To: <6b2fa9aa0907280434s5fc42e43u39dd88ba96be6dbb@mail.gmail.com> References: <6b2fa9aa0907270401k3ad65e2pcd9ce45c96ab13ff@mail.gmail.com> <13426df10907270822j1e12bd4bib0f4a35e3845f95c@mail.gmail.com> <4A6DCC99.7080501@coresystems.de> <13426df10907270948o418e5f15y3189ea1083e59c97@mail.gmail.com> <6b2fa9aa0907280236l36b900e0hf97baf4be96aa4e0@mail.gmail.com> <4A6ECB4C.7030303@gmx.net> <6b2fa9aa0907280305p48c0d482t4cbd1e075c1f32b9@mail.gmail.com> <4A6ED5E2.8090002@gmx.net> <6b2fa9aa0907280346m1ef1bbf9kd91d5b4ed13d06ca@mail.gmail.com> <6b2fa9aa0907280434s5fc42e43u39dd88ba96be6dbb@mail.gmail.com> Date: Tue, 28 Jul 2009 13:55:38 +0200 Message-ID: <6b2fa9aa0907280455r552ac1e4i156d51445f7aca42@mail.gmail.com> From: =?UTF-8?B?UmVuw6kgUmV1dGVy?= <reuter.rene@googlemail.com> To: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net> Cc: coreboot@coreboot.org Subject: Re: [coreboot] coreboot V2 with crypto library Precedence: list Content-Type: multipart/mixed; boundary="===============7974516759881827921==" Sender: coreboot-bounces@coreboot.org Errors-To: coreboot-bounces@coreboot.org

Comments

René Reuter - 2009-07-28 11:55:38

Sorry didn't used the svn diff tool:



Regards,

René

Patch

Index: src/mainboard/emulation/qemu-x86/Options.lb
===================================================================
--- src/mainboard/emulation/qemu-x86/Options.lb    (Revision 4200)
+++ src/mainboard/emulation/qemu-x86/Options.lb    (Arbeitskopie)
@@ -37,6 +37,7 @@ 
 uses OBJCOPY
 uses CONFIG_PCI_ROM_RUN
 uses CONFIG_PCI_OPTION_ROM_RUN_VM86
+uses CONFIG_GDB_STUB

 uses CONFIG_CONSOLE_SERIAL8250
 uses USE_DCACHE_RAM
@@ -51,7 +52,6 @@ 
 default DEFAULT_CONSOLE_LOGLEVEL=8
 default MAXIMUM_CONSOLE_LOGLEVEL=8
 default CONFIG_CBFS=0
-
 ## ROM_SIZE is the size of boot ROM that this board will use.
 default ROM_SIZE  = 256*1024

@@ -124,5 +124,5 @@ 
 ##
 default CC="$(CROSS_COMPILE)gcc -m32"
 default HOSTCC="gcc"
-
+default CONFIG_GDB_STUB=1
 end
Index: src/boot/elfboot.c
===================================================================
--- src/boot/elfboot.c    (Revision 4200)
+++ src/boot/elfboot.c    (Arbeitskopie)
@@ -27,6 +27,8 @@ 
 #include <stdint.h>
 #include <stdlib.h>
 #include <string.h>
+#include <openssl/sha.h>
+#include <openssl/evp.h>

 /* Maximum physical address we can use for the coreboot bounce buffer.
  */
@@ -34,9 +36,14 @@ 
 #define MAX_ADDR -1UL
 #endif

+#define SHA256_DIGEST_LENGTH    32
+
 extern unsigned char _ram_seg;
 extern unsigned char _eram_seg;

+static void measure_elf(unsigned char *header, size_t length);
+static int measure_and_extend(unsigned char hash);
+
 struct segment {
     struct segment *next;
     struct segment *prev;
@@ -61,6 +68,30 @@ 
     unsigned short ip_checksum;
 };

+static void measure_elf(unsigned char *header, size_t length) {
+        unsigned char md[SHA256_DIGEST_LENGTH];
+
+        EVP_Digest(header,length,md,NULL,EVP_sha256(),NULL);
+         //   if (memcmp(md,header,sizeof(header)))
+         //   {   fflush(stdout);
+         //       fprintf(stderr,"\nMemcpy failed.\n");
+         //       return 1;
+         //   }
+        // unsigned char hash = fflush(stdout);
+
+         //write_log_entry_in_tcpa(hash); // Write hash to the acpi table
+
+         measure_and_extend(md); //Write hash to the tpm
+         return 1;
+}
+
+/*
+ * Dummy function for tpm capability
+ */
+static int measure_and_extend(unsigned char hash) {
+        return 1;
+}
+
 int verify_ip_checksum(
     struct verify_callback *vcb,
     Elf_ehdr *ehdr, Elf_phdr *phdr, struct segment *head)
@@ -500,6 +531,7 @@ 
                 len = ptr->s_filesz;
             }
             memcpy(dest, &header[start_offset], len);
+                        measure_elf(&header[start_offset], len); //Pass the
elf code to the measurement function
             dest += len;
         }

Index: src/config/Config.lb
===================================================================
--- src/config/Config.lb    (Revision 4200)
+++ src/config/Config.lb    (Arbeitskopie)
@@ -10,7 +10,7 @@ 
 makedefine GCC_INC_DIR := $(shell LC_ALL=C $(GCC) -print-search-dirs | sed
-ne "s/install: \(.*\)/\1include/gp")

 makedefine CPPFLAGS := -I$(TOP)/src/include
-I$(TOP)/src/arch/$(ARCH)/include -I$(GCC_INC_DIR) $(CPUFLAGS)
-makedefine CFLAGS := $(CPU_OPT) $(DISTRO_CFLAGS) $(CPPFLAGS) -Os -nostdinc
-nostdlib -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs
-Werror-implicit-function-declaration -Wstrict-aliasing -Wshadow -fno-common
-ffreestanding -fno-builtin -fomit-frame-pointer
+makedefine CFLAGS := $(CPU_OPT) $(DISTRO_CFLAGS) $(CPPFLAGS) -O2 -g
-nostdinc -nostdlib -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs
-Werror-implicit-function-declaration -Wstrict-aliasing -Wshadow -fno-common
-ffreestanding -fno-builtin -fomit-frame-pointer

 if ASSEMBLER_DEBUG
 makedefine DEBUG_CFLAGS := -g -dA -fverbose-asm
Index: src/arch/i386/boot/boot.c
===================================================================
--- src/arch/i386/boot/boot.c    (Revision 4200)
+++ src/arch/i386/boot/boot.c    (Arbeitskopie)
@@ -84,13 +84,13 @@ 
     adjusted_boot_notes = (unsigned long)&elf_boot_notes;
     adjusted_boot_notes += adjust;

-    printk_spew("entry    = 0x%08lx\n", (unsigned long)entry);
-    printk_spew("lb_start = 0x%08lx\n", lb_start);
-    printk_spew("lb_size  = 0x%08lx\n", lb_size);
-    printk_spew("adjust   = 0x%08lx\n", adjust);
-    printk_spew("buffer   = 0x%08lx\n", buffer);
-    printk_spew("     elf_boot_notes = 0x%08lx\n", (unsigned
long)&elf_boot_notes);
-    printk_spew("adjusted_boot_notes = 0x%08lx\n", adjusted_boot_notes);
+    printk_debug("entry    = 0x%08lx\n", (unsigned long)entry);
+    printk_debug("lb_start = 0x%08lx\n", lb_start);
+    printk_debug("lb_size  = 0x%08lx\n", lb_size);
+    printk_debug("adjust   = 0x%08lx\n", adjust);
+    printk_debug("buffer   = 0x%08lx\n", buffer);
+    printk_debug("     elf_boot_notes = 0x%08lx\n", (unsigned
long)&elf_boot_notes);
+    printk_debug("adjusted_boot_notes = 0x%08lx\n", adjusted_boot_notes);

     /* Jump to kernel */
     __asm__ __volatile__(
Index: src/arch/i386/include/stddef.h
===================================================================
--- src/arch/i386/include/stddef.h    (Revision 4200)
+++ src/arch/i386/include/stddef.h    (Arbeitskopie)
@@ -3,8 +3,10 @@ 

 typedef long ptrdiff_t;
 typedef unsigned long size_t;
-typedef long ssize_t;

+// hacked
+//typedef long ssize_t;
+
 typedef int wchar_t;
 typedef unsigned int wint_t;

Patchwork coreboot V2 with crypto library

Comments

Patch