1 /* Copyright 2013-2016 IBM Corp.
2 *
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
12 * implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <chip.h>
18 #include <string.h>
19 #include <skiboot.h>
20 #include "../rom.h"
21 #include "sha512.h"
22 #include "sw_driver.h"
23
24 static sha2_hash_t *hw_key_hash = NULL;
25
stb_software_verify(void * container __unused)26 static int stb_software_verify(void *container __unused)
27 {
28 return -100;
29 }
30
stb_software_sha512(const uint8_t * data,size_t len,uint8_t * digest)31 static void stb_software_sha512(const uint8_t *data, size_t len, uint8_t *digest)
32 {
33 mbedtls_sha512_context ctx;
34 mbedtls_sha512_init(&ctx);
35 memset(digest, 0, sizeof(sha2_hash_t));
36 mbedtls_sha512_starts(&ctx, 0); // SHA512 = 0
37 mbedtls_sha512_update(&ctx, data, len);
38 mbedtls_sha512_finish(&ctx, digest);
39 mbedtls_sha512_free(&ctx);
40 }
41
stb_software_cleanup(void)42 static void stb_software_cleanup(void)
43 {
44 return;
45 }
46
47 static struct rom_driver_ops sw_driver = {
48 .name = "software",
49 .verify = stb_software_verify,
50 .sha512 = stb_software_sha512,
51 .cleanup = stb_software_cleanup
52 };
53
stb_software_probe(const struct dt_node * node)54 void stb_software_probe(const struct dt_node *node)
55 {
56 const char* hash_algo;
57
58 if (!dt_node_is_compatible(node, "ibm,secureboot-v1-softrom")) {
59 return;
60 }
61
62 hash_algo = dt_prop_get(node, "hash-algo");
63 if (strcmp(hash_algo, "sha512")) {
64 /**
65 * @fwts-label ROMHashAlgorithmInvalid
66 * @fwts-advice Hostboot creates the ibm,secureboot node and
67 * the hash-algo property. Check that the ibm,secureboot node
68 * layout has not changed.
69 */
70 prlog(PR_ERR, "ROM: hash-algo=%s not expected\n", hash_algo);
71 return;
72 }
73 hw_key_hash = (sha2_hash_t*) dt_prop_get(node, "hw-key-hash");
74
75 rom_set_driver(&sw_driver);
76 }
77