Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp2555968rwb; Mon, 7 Nov 2022 14:58:19 -0800 (PST) X-Google-Smtp-Source: AMsMyM7/R6EY3GVsLKAZUdIvBcvvqZlx+JJ/vSykHL19RpCMrW9P6QnIT88wCG1PlWZGzf9LHWEA X-Received: by 2002:a05:6402:2893:b0:461:59fd:9b4 with SMTP id eg19-20020a056402289300b0046159fd09b4mr52495269edb.389.1667861898845; Mon, 07 Nov 2022 14:58:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667861898; cv=none; d=google.com; s=arc-20160816; b=CAY2jgy11cbSrVdeTmsI0NRmIap5UqqDDw+SuBcP8pw1tRGeWrvq3b+rl1wqLhvZLK 3IyrEUSuWyz6GUXYTGxoHVwkgUSPsLbZ0kf9uOfJrIgZApw+FrTUeMvvfZDG0QI/nZ8z n5ii3MDF2jEf3Vz/Z2NGG0krkMhL6+NYjG6EpPOLcyrhIXA0OoKmt36EEPIiRm3ZhF79 1Np3fI6k4ALT9pdTYp9A9DfCTklZXmgitYjVsJRfdj/DQhVb5Dt8XM8XEVmsnPBx75p6 8CM97wZhu+yisyEi5fgS68x6m0TFT5+sWZfzBGUQ4QN+I/if4E0NH8nWFx6J1QkpbGdj RlyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=All8fpxQH7+AGdmxvWVwvxabtptSw6mc6/U9gulcORQ=; b=jHhFlwQmNjk/wqdAgJXaOYxrhBmW109puV8tT2fdN6s8dvOaQ24CNieq1GztaOoxC+ mf/CLCahwX9+Od26+FNuQFgxrWKBqn9PLnO9rcQF1qzUWvkrW8TORAlFUjabZoCdGnIP lj0IVAJfZucrQAn5VQK02cJb0ZO5JqGSOsaIwyi4U+/2juYoTPUZAVKj07bAFzuCdkfO QAdGO5epyzwvLHIC1N3rEo3W0M1dPK1GeBvc6IUNcGbf3jz48G4O87gmkbZFP2YgiVc3 2JqnsxOH6MXLSZEk7G/r456q+5l0YYE+Ap8w71jiyv1U2/0mUR9W6Y1qhNFoDCikL2ah B2Pw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Pbwsfgym; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id cs20-20020a170906dc9400b0079b40c09982si10664459ejc.340.2022.11.07.14.57.56; Mon, 07 Nov 2022 14:58:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Pbwsfgym; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232932AbiKGWzc (ORCPT + 92 others); Mon, 7 Nov 2022 17:55:32 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36064 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232693AbiKGWyt (ORCPT ); Mon, 7 Nov 2022 17:54:49 -0500 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 86C941571D; Mon, 7 Nov 2022 14:54:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1667861688; x=1699397688; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=WqEb7bkqzB9awU+zIFi5Shc5FWp2eKID0NmWlt0sCJQ=; b=PbwsfgymAIVonXFszJxQ2sEZmMInoSMtQugjnXwJaYqcRhjFY6cA2fAd MBoM/YYySfXsstmGy9doGRGByne+N2325rzGZ85F7IS0WbYkNDHs6XdDq GRaCpqYVQcq1wm/E5tbMJvbImXMEnUMOfXOUF4IPA9305vIYgBMsQOyDV EihQq3zfafeti/NXz+ZZZgoYstgEjTsVbO8evxtPDFQlpm1x1GnB6aIIy xc1lUnFIeg23oYdQNBM9n0Q1I+ap6pUd5QzDwgjKlepHVJ8pytB6Uzz5a fG7/m15TgSzeK2cw/W37Cgo7vavS3LfyPbJ8wOjSFpo4GwvXYMFZg2up/ A==; X-IronPort-AV: E=McAfee;i="6500,9779,10524"; a="293911836" X-IronPort-AV: E=Sophos;i="5.96,145,1665471600"; d="scan'208";a="293911836" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Nov 2022 14:54:48 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10524"; a="811012988" X-IronPort-AV: E=Sophos;i="5.96,145,1665471600"; d="scan'208";a="811012988" Received: from jithujos.sc.intel.com ([172.25.103.66]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Nov 2022 14:54:47 -0800 From: Jithu Joseph To: hdegoede@redhat.com, markgross@kernel.org Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, gregkh@linuxfoundation.org, jithu.joseph@intel.com, ashok.raj@intel.com, tony.luck@intel.com, linux-kernel@vger.kernel.org, platform-driver-x86@vger.kernel.org, patches@lists.linux.dev, ravi.v.shankar@intel.com, thiago.macieira@intel.com, athenas.jimenez.gonzalez@intel.com, sohil.mehta@intel.com Subject: [PATCH v2 10/14] platform/x86/intel/ifs: Add metadata validation Date: Mon, 7 Nov 2022 14:53:19 -0800 Message-Id: <20221107225323.2733518-11-jithu.joseph@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221107225323.2733518-1-jithu.joseph@intel.com> References: <20221021203413.1220137-1-jithu.joseph@intel.com> <20221107225323.2733518-1-jithu.joseph@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The data portion of IFS test image file contains a metadata region containing possibly multiple metadata structures in addition to test data and hashes. Introduce the layout of this meta_data structure and validate the sanity of certain fields of the new image before loading. Tweak references to IFS test image chunks to reflect the updated layout of the test image. Reviewed-by: Tony Luck Signed-off-by: Jithu Joseph --- drivers/platform/x86/intel/ifs/ifs.h | 2 + drivers/platform/x86/intel/ifs/load.c | 53 +++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) diff --git a/drivers/platform/x86/intel/ifs/ifs.h b/drivers/platform/x86/intel/ifs/ifs.h index 3ff1d9aaeaa9..98ca91bdd5ca 100644 --- a/drivers/platform/x86/intel/ifs/ifs.h +++ b/drivers/platform/x86/intel/ifs/ifs.h @@ -196,6 +196,7 @@ union ifs_status { * @valid_chunks: number of chunks which could be validated. * @status: it holds simple status pass/fail/untested * @scan_details: opaque scan status code from h/w + * @cur_batch: number indicating the currently loaded test file */ struct ifs_data { int integrity_cap_bit; @@ -205,6 +206,7 @@ struct ifs_data { int valid_chunks; int status; u64 scan_details; + int cur_batch; }; struct ifs_work { diff --git a/drivers/platform/x86/intel/ifs/load.c b/drivers/platform/x86/intel/ifs/load.c index 7c0d8602817b..f361fd42a320 100644 --- a/drivers/platform/x86/intel/ifs/load.c +++ b/drivers/platform/x86/intel/ifs/load.c @@ -8,7 +8,23 @@ #include "ifs.h" +struct meta_data { + unsigned int meta_type; // metadata type + unsigned int meta_size; // size of this entire struct including hdrs. + unsigned int test_type; // IFS test type + unsigned int fusa_info; // Fusa info + unsigned int total_images; // Total number of images + unsigned int current_image; // Current Image # + unsigned int total_chunks; // Total number of chunks in this image + unsigned int starting_chunk; // Starting chunk number in this image + unsigned int size_per_chunk; // size of each chunk + unsigned int chunks_per_stride; // number of chunks in a stride + unsigned int reserved[54]; // Align to 256 bytes for chunk alignment. +}; + #define IFS_HEADER_SIZE (sizeof(struct microcode_header_intel)) +#define META_TYPE_IFS 1 +#define IFS_CHUNK_ALIGNMENT 256 static struct microcode_header_intel *ifs_header_ptr; /* pointer to the ifs image header */ static u64 ifs_hash_ptr; /* Address of ifs metadata (hash) */ static u64 ifs_test_image_ptr; /* 256B aligned address of test pattern */ @@ -129,6 +145,40 @@ static void copy_hashes_authenticate_chunks(struct work_struct *work) complete(&ifs_done); } +static int validate_ifs_metadata(struct device *dev) +{ + struct ifs_data *ifsd = ifs_get_data(dev); + struct meta_data *ifs_meta; + char test_file[64]; + int ret = -EINVAL; + + snprintf(test_file, sizeof(test_file), "%02x-%02x-%02x-%02x.scan", + boot_cpu_data.x86, boot_cpu_data.x86_model, + boot_cpu_data.x86_stepping, ifsd->cur_batch); + + ifs_meta = (struct meta_data *)ifs_find_meta_data(ifs_header_ptr, META_TYPE_IFS); + if (!ifs_meta) { + dev_err(dev, "IFS Metadata missing in file %s\n", test_file); + return ret; + } + + ifs_test_image_ptr = (u64)ifs_meta + sizeof(struct meta_data); + + /* Scan chunk start must be 256 byte aligned */ + if (!IS_ALIGNED(ifs_test_image_ptr, IFS_CHUNK_ALIGNMENT)) { + dev_err(dev, "Scan pattern offset is not 256 byte aligned in %s\n", test_file); + return ret; + } + + if (ifs_meta->current_image != ifsd->cur_batch) { + dev_warn(dev, "Mismatch between filename %s and batch metadata 0x%02x\n", + test_file, ifs_meta->current_image); + return ret; + } + + return 0; +} + /* * IFS requires scan chunks authenticated per each socket in the platform. * Once the test chunk is authenticated, it is automatically copied to secured memory @@ -145,6 +195,9 @@ static int scan_chunks_sanity_check(struct device *dev) if (!package_authenticated) return ret; + ret = validate_ifs_metadata(dev); + if (ret) + return ret; ifsd->loading_error = false; ifsd->loaded_version = ifs_header_ptr->rev; -- 2.25.1