linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jithu Joseph <jithu.joseph@intel.com>
To: hdegoede@redhat.com, markgross@kernel.org
Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
	dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com,
	gregkh@linuxfoundation.org, jithu.joseph@intel.com,
	ashok.raj@intel.com, tony.luck@intel.com,
	linux-kernel@vger.kernel.org,
	platform-driver-x86@vger.kernel.org, patches@lists.linux.dev,
	ravi.v.shankar@intel.com, thiago.macieira@intel.com,
	athenas.jimenez.gonzalez@intel.com, sohil.mehta@intel.com
Subject: [PATCH v2 10/14] platform/x86/intel/ifs: Add metadata validation
Date: Mon,  7 Nov 2022 14:53:19 -0800	[thread overview]
Message-ID: <20221107225323.2733518-11-jithu.joseph@intel.com> (raw)
In-Reply-To: <20221107225323.2733518-1-jithu.joseph@intel.com>

The data portion of IFS test image file contains a metadata
region containing possibly multiple metadata structures in
addition to test data and hashes.

Introduce the layout of this meta_data structure and validate
the sanity of certain fields of the new image before loading.

Tweak references to IFS test image chunks to reflect the updated
layout of the test image.

Reviewed-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Jithu Joseph <jithu.joseph@intel.com>
---
 drivers/platform/x86/intel/ifs/ifs.h  |  2 +
 drivers/platform/x86/intel/ifs/load.c | 53 +++++++++++++++++++++++++++
 2 files changed, 55 insertions(+)

diff --git a/drivers/platform/x86/intel/ifs/ifs.h b/drivers/platform/x86/intel/ifs/ifs.h
index 3ff1d9aaeaa9..98ca91bdd5ca 100644
--- a/drivers/platform/x86/intel/ifs/ifs.h
+++ b/drivers/platform/x86/intel/ifs/ifs.h
@@ -196,6 +196,7 @@ union ifs_status {
  * @valid_chunks: number of chunks which could be validated.
  * @status: it holds simple status pass/fail/untested
  * @scan_details: opaque scan status code from h/w
+ * @cur_batch: number indicating the currently loaded test file
  */
 struct ifs_data {
 	int	integrity_cap_bit;
@@ -205,6 +206,7 @@ struct ifs_data {
 	int	valid_chunks;
 	int	status;
 	u64	scan_details;
+	int	cur_batch;
 };
 
 struct ifs_work {
diff --git a/drivers/platform/x86/intel/ifs/load.c b/drivers/platform/x86/intel/ifs/load.c
index 7c0d8602817b..f361fd42a320 100644
--- a/drivers/platform/x86/intel/ifs/load.c
+++ b/drivers/platform/x86/intel/ifs/load.c
@@ -8,7 +8,23 @@
 
 #include "ifs.h"
 
+struct meta_data {
+	unsigned int meta_type;		// metadata type
+	unsigned int meta_size;		// size of this entire struct including hdrs.
+	unsigned int test_type;		// IFS test type
+	unsigned int fusa_info;		// Fusa info
+	unsigned int total_images;	// Total number of images
+	unsigned int current_image;	// Current Image #
+	unsigned int total_chunks;	// Total number of chunks in this image
+	unsigned int starting_chunk;	// Starting chunk number in this image
+	unsigned int size_per_chunk;	// size of each chunk
+	unsigned int chunks_per_stride;	// number of chunks in a stride
+	unsigned int reserved[54];	// Align to 256 bytes for chunk alignment.
+};
+
 #define IFS_HEADER_SIZE	(sizeof(struct microcode_header_intel))
+#define META_TYPE_IFS	1
+#define IFS_CHUNK_ALIGNMENT	256
 static  struct microcode_header_intel *ifs_header_ptr;	/* pointer to the ifs image header */
 static u64 ifs_hash_ptr;			/* Address of ifs metadata (hash) */
 static u64 ifs_test_image_ptr;			/* 256B aligned address of test pattern */
@@ -129,6 +145,40 @@ static void copy_hashes_authenticate_chunks(struct work_struct *work)
 	complete(&ifs_done);
 }
 
+static int validate_ifs_metadata(struct device *dev)
+{
+	struct ifs_data *ifsd = ifs_get_data(dev);
+	struct meta_data *ifs_meta;
+	char test_file[64];
+	int ret = -EINVAL;
+
+	snprintf(test_file, sizeof(test_file), "%02x-%02x-%02x-%02x.scan",
+		 boot_cpu_data.x86, boot_cpu_data.x86_model,
+		 boot_cpu_data.x86_stepping, ifsd->cur_batch);
+
+	ifs_meta = (struct meta_data *)ifs_find_meta_data(ifs_header_ptr, META_TYPE_IFS);
+	if (!ifs_meta) {
+		dev_err(dev, "IFS Metadata missing in file %s\n", test_file);
+		return ret;
+	}
+
+	ifs_test_image_ptr = (u64)ifs_meta + sizeof(struct meta_data);
+
+	/* Scan chunk start must be 256 byte aligned */
+	if (!IS_ALIGNED(ifs_test_image_ptr, IFS_CHUNK_ALIGNMENT)) {
+		dev_err(dev, "Scan pattern offset is not 256 byte aligned in %s\n", test_file);
+		return ret;
+	}
+
+	if (ifs_meta->current_image != ifsd->cur_batch) {
+		dev_warn(dev, "Mismatch between filename %s and batch metadata 0x%02x\n",
+			 test_file, ifs_meta->current_image);
+		return ret;
+	}
+
+	return 0;
+}
+
 /*
  * IFS requires scan chunks authenticated per each socket in the platform.
  * Once the test chunk is authenticated, it is automatically copied to secured memory
@@ -145,6 +195,9 @@ static int scan_chunks_sanity_check(struct device *dev)
 	if (!package_authenticated)
 		return ret;
 
+	ret = validate_ifs_metadata(dev);
+	if (ret)
+		return ret;
 
 	ifsd->loading_error = false;
 	ifsd->loaded_version = ifs_header_ptr->rev;
-- 
2.25.1


  parent reply	other threads:[~2022-11-07 22:55 UTC|newest]

Thread overview: 193+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-10-21 20:33 [PATCH 00/14] IFS multi test image support and misc changes Jithu Joseph
2022-10-21 20:34 ` [PATCH 01/14] platform/x86/intel/ifs: Remove unused selection Jithu Joseph
2022-10-21 20:34 ` [PATCH 02/14] platform/x86/intel/ifs: Propagate load failure error code Jithu Joseph
2022-10-24 22:52   ` Sohil Mehta
2022-10-24 23:17     ` Joseph, Jithu
2022-10-21 20:34 ` [PATCH 03/14] platform/x86/intel/ifs: return a more appropriate Error code Jithu Joseph
2022-10-24 22:57   ` Sohil Mehta
2022-10-24 23:01     ` Luck, Tony
2022-10-21 20:34 ` [PATCH 04/14] platform/x86/intel/ifs: Remove image loading during init Jithu Joseph
2022-10-24 23:50   ` Sohil Mehta
2022-10-25  0:41     ` Joseph, Jithu
2022-10-25  6:06       ` Sohil Mehta
2022-10-26 23:53         ` Joseph, Jithu
2022-11-01  7:00           ` Sohil Mehta
2022-10-21 20:34 ` [PATCH 05/14] x86/microcode/intel: Expose find_matching_signature() for IFS Jithu Joseph
2022-11-02 19:03   ` Borislav Petkov
2022-11-02 21:32     ` Joseph, Jithu
2022-10-21 20:34 ` [PATCH 06/14] x86/microcode/intel: Use appropriate type in microcode_sanity_check() Jithu Joseph
2022-10-21 20:34 ` [PATCH 07/14] x86/microcode/intel: Expose microcode_sanity_check() Jithu Joseph
2022-11-01  7:28   ` Sohil Mehta
2022-11-01 19:06     ` Joseph, Jithu
2022-11-03 11:33   ` Borislav Petkov
2022-11-03 19:25     ` Ashok Raj
2022-11-03 23:32       ` Borislav Petkov
2022-11-04  6:15     ` Joseph, Jithu
2022-11-04 10:50       ` Borislav Petkov
2022-11-04 22:02         ` Joseph, Jithu
2022-11-04 22:14           ` Borislav Petkov
2022-10-21 20:34 ` [PATCH 08/14] x86/microcode/intel: Meta-data support in microcode file Jithu Joseph
2022-11-01  8:51   ` Sohil Mehta
2022-11-01 18:05     ` Joseph, Jithu
2022-11-03 11:35   ` Borislav Petkov
2022-10-21 20:34 ` [PATCH 09/14] platform/x86/intel/ifs: Use generic microcode headers and functions Jithu Joseph
2022-11-01 18:37   ` Sohil Mehta
2022-11-01 21:07     ` Joseph, Jithu
2022-10-21 20:34 ` [PATCH 10/14] platform/x86/intel/ifs: Add metadata validation Jithu Joseph
2022-11-01 20:28   ` Sohil Mehta
2022-11-09 23:10   ` Sohil Mehta
2022-10-21 20:34 ` [PATCH 11/14] platform/x86/intel/ifs: Remove reload sysfs entry Jithu Joseph
2022-10-21 20:34 ` [PATCH 12/14] platform/x86/intel/ifs: Add current_batch " Jithu Joseph
2022-11-01 22:26   ` Sohil Mehta
2022-11-01 23:27     ` Joseph, Jithu
2022-11-03  8:03       ` Sohil Mehta
2022-10-21 20:34 ` [PATCH 13/14] Documentation/ABI: Update IFS ABI doc Jithu Joseph
2022-11-01 22:34   ` Sohil Mehta
2022-11-01 22:48     ` Joseph, Jithu
2022-11-01 22:59       ` Sohil Mehta
2022-11-02 22:10         ` Joseph, Jithu
2022-11-03  7:49           ` Sohil Mehta
2022-10-21 20:34 ` [PATCH 14/14] Revert "platform/x86/intel/ifs: Mark as BROKEN" Jithu Joseph
2022-11-03  8:21 ` [PATCH 00/14] IFS multi test image support and misc changes Sohil Mehta
2022-11-07  9:24 ` Hans de Goede
2022-11-07 23:01   ` Joseph, Jithu
2022-11-07 22:53 ` [PATCH v2 " Jithu Joseph
2022-11-07 22:53   ` [PATCH v2 01/14] platform/x86/intel/ifs: Remove unused selection Jithu Joseph
2022-11-09  1:52     ` Sohil Mehta
2022-11-10 21:03     ` Hans de Goede
2022-11-07 22:53   ` [PATCH v2 02/14] platform/x86/intel/ifs: return a more appropriate Error code Jithu Joseph
2022-11-09  1:57     ` Sohil Mehta
2022-11-10 21:04     ` Hans de Goede
2022-11-07 22:53   ` [PATCH v2 03/14] platform/x86/intel/ifs: Remove image loading during init Jithu Joseph
2022-11-09  1:59     ` Sohil Mehta
2022-11-10 21:06     ` Hans de Goede
2022-11-07 22:53   ` [PATCH v2 04/14] x86/microcode/intel: Expose find_matching_signature() for IFS Jithu Joseph
2022-11-09  2:06     ` Sohil Mehta
2022-11-11 13:44     ` Borislav Petkov
2022-11-07 22:53   ` [PATCH v2 05/14] x86/microcode/intel: Use appropriate type in microcode_sanity_check() Jithu Joseph
2022-11-09  2:47     ` Sohil Mehta
2022-11-11 13:46     ` Borislav Petkov
2022-11-07 22:53   ` [PATCH v2 06/14] x86/microcode/intel: Expose microcode_sanity_check() Jithu Joseph
2022-11-09  3:03     ` Sohil Mehta
2022-11-09  3:29       ` Joseph, Jithu
2022-11-11 14:33     ` Borislav Petkov
2022-11-11 21:39       ` Joseph, Jithu
2022-11-07 22:53   ` [PATCH v2 07/14] x86/microcode/intel: Use a reserved field for metasize Jithu Joseph
2022-11-09  3:06     ` Sohil Mehta
2022-11-11 14:37     ` Borislav Petkov
2022-11-07 22:53   ` [PATCH v2 08/14] platform/x86/intel/ifs: Add metadata support Jithu Joseph
2022-11-09  3:25     ` Sohil Mehta
2022-11-10 21:08     ` Hans de Goede
2022-11-11 16:16     ` Borislav Petkov
2022-11-07 22:53   ` [PATCH v2 09/14] platform/x86/intel/ifs: Use generic microcode headers and functions Jithu Joseph
2022-11-09  3:29     ` Sohil Mehta
2022-11-10 21:11     ` Hans de Goede
2022-11-11 16:23     ` Borislav Petkov
2022-11-11 20:41       ` Joseph, Jithu
2022-11-16 17:26       ` Tony Luck
2022-11-16 18:53         ` Borislav Petkov
2022-11-16 19:02           ` Luck, Tony
2022-11-07 22:53   ` Jithu Joseph [this message]
2022-11-09 23:15     ` [PATCH v2 10/14] platform/x86/intel/ifs: Add metadata validation Sohil Mehta
2022-11-10  1:22       ` Joseph, Jithu
2022-11-10  9:40         ` Sohil Mehta
2022-11-10 21:18     ` Hans de Goede
2022-11-11 18:39     ` Borislav Petkov
2022-11-11 18:48       ` Dave Hansen
2022-11-11 20:30         ` Joseph, Jithu
2022-11-11 21:29         ` Ashok Raj
2022-11-07 22:53   ` [PATCH v2 11/14] platform/x86/intel/ifs: Remove reload sysfs entry Jithu Joseph
2022-11-09 23:16     ` Sohil Mehta
2022-11-10 21:19     ` Hans de Goede
2022-11-07 22:53   ` [PATCH v2 12/14] platform/x86/intel/ifs: Add current_batch " Jithu Joseph
2022-11-09 23:46     ` Sohil Mehta
2022-11-10 21:22     ` Hans de Goede
2022-11-12 16:26     ` Borislav Petkov
2022-11-12 18:21       ` Thiago Macieira
2022-11-12 19:20         ` Borislav Petkov
2022-11-12 19:58           ` Ashok Raj
2022-11-13  2:06           ` Thiago Macieira
2022-11-12 18:33       ` Luck, Tony
2022-11-12 19:28         ` Borislav Petkov
2022-11-12 23:32           ` Luck, Tony
2022-11-13  2:35             ` Thiago Macieira
2022-11-13  7:37         ` gregkh
2022-11-13 11:48           ` Borislav Petkov
2022-11-13 15:15             ` Ashok Raj
2022-11-13 15:58               ` Borislav Petkov
2022-11-13 17:01                 ` Ashok Raj
2022-11-13 18:41                   ` Borislav Petkov
2022-11-13 21:40                 ` Thiago Macieira
2022-11-13 22:59                   ` Borislav Petkov
2022-11-14 18:13                 ` Dave Hansen
2022-11-14 18:25                   ` Luck, Tony
2022-11-14 19:03                   ` Borislav Petkov
2022-11-14 19:07                     ` Luck, Tony
2022-11-14 19:17                       ` Borislav Petkov
2022-11-14 19:38                         ` Luck, Tony
2022-11-14 19:51                           ` Borislav Petkov
2022-11-13 16:41             ` Joseph, Jithu
2022-11-13 16:58               ` Borislav Petkov
2022-11-13 17:55                 ` Joseph, Jithu
2022-11-13 18:27                   ` Borislav Petkov
2022-11-13 21:33                     ` Tony Luck
2022-11-13 22:55                       ` Borislav Petkov
2022-11-13 21:21                 ` Thiago Macieira
2022-11-13 22:40                   ` Borislav Petkov
2022-11-13 21:51             ` Thiago Macieira
2022-11-13 23:05               ` Borislav Petkov
2022-11-14  8:28                 ` Hans de Goede
2022-11-14  7:15             ` gregkh
2022-11-14 15:33               ` Tony Luck
2022-11-14 15:47                 ` Borislav Petkov
2022-11-19 16:24     ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-07 22:53   ` [PATCH v2 13/14] Documentation/ABI: Update IFS ABI doc Jithu Joseph
2022-11-09 23:55     ` Sohil Mehta
2022-11-10  1:16       ` Joseph, Jithu
2022-11-10 21:33     ` Hans de Goede
2022-11-07 22:53   ` [PATCH v2 14/14] Revert "platform/x86/intel/ifs: Mark as BROKEN" Jithu Joseph
2022-11-09 23:57     ` Sohil Mehta
2022-11-10 21:34     ` Hans de Goede
2022-11-10  9:59   ` [PATCH v2 00/14] IFS multi test image support and misc changes Borislav Petkov
2022-11-10 21:37     ` Hans de Goede
2022-11-10 21:58       ` Joseph, Jithu
2022-11-17  3:59   ` [PATCH v3 00/16] " Jithu Joseph
2022-11-17  3:59     ` [PATCH v3 01/16] platform/x86/intel/ifs: Remove unused selection Jithu Joseph
2022-11-19 16:24       ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17  3:59     ` [PATCH v3 02/16] platform/x86/intel/ifs: Return a more appropriate Error code Jithu Joseph
2022-11-19 16:24       ` [tip: x86/microcode] platform/x86/intel/ifs: Return a more appropriate error code tip-bot2 for Jithu Joseph
2022-11-17  3:59     ` [PATCH v3 03/16] platform/x86/intel/ifs: Remove image loading during init Jithu Joseph
2022-11-19 16:24       ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17  3:59     ` [PATCH v3 04/16] platform/x86/intel/ifs: Remove memory allocation from load path Jithu Joseph
2022-11-17  8:51       ` Hans de Goede
2022-11-17 17:29         ` Jithu Joseph
2022-11-17 18:01           ` Hans de Goede
2022-11-17 19:59             ` Jithu Joseph
2022-11-17 21:13               ` Hans de Goede
2022-11-17 22:44                 ` Joseph, Jithu
2022-11-19 16:24               ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17  3:59     ` [PATCH v3 05/16] x86/microcode/intel: Reuse find_matching_signature() Jithu Joseph
2022-11-19 16:24       ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17  3:59     ` [PATCH v3 06/16] x86/microcode/intel: Use appropriate type in microcode_sanity_check() Jithu Joseph
2022-11-19 16:24       ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17  3:59     ` [PATCH v3 07/16] x86/microcode/intel: Reuse microcode_sanity_check() Jithu Joseph
2022-11-19 16:24       ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17  3:59     ` [PATCH v3 08/16] x86/microcode/intel: Add hdr_type to intel_microcode_sanity_check() Jithu Joseph
2022-11-19 16:24       ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17  3:59     ` [PATCH v3 09/16] x86/microcode/intel: Use a reserved field for metasize Jithu Joseph
2022-11-19 16:24       ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17  3:59     ` [PATCH v3 10/16] platform/x86/intel/ifs: Add metadata support Jithu Joseph
2022-11-19 16:24       ` [tip: x86/microcode] " tip-bot2 for Ashok Raj
2022-11-17  3:59     ` [PATCH v3 11/16] platform/x86/intel/ifs: Use generic microcode headers and functions Jithu Joseph
2022-11-17 22:50       ` Jithu Joseph
2022-11-19 16:24         ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17  3:59     ` [PATCH v3 12/16] platform/x86/intel/ifs: Add metadata validation Jithu Joseph
2022-11-17 23:04       ` Jithu Joseph
2022-11-19 16:24         ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17  3:59     ` [PATCH v3 13/16] platform/x86/intel/ifs: Remove reload sysfs entry Jithu Joseph
2022-11-19 16:24       ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17  3:59     ` [PATCH v3 14/16] platform/x86/intel/ifs: Add current_batch " Jithu Joseph
2022-11-17  3:59     ` [PATCH v3 15/16] Documentation/ABI: Update IFS ABI doc Jithu Joseph
2022-11-19 16:23       ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph
2022-11-17  3:59     ` [PATCH v3 16/16] Revert "platform/x86/intel/ifs: Mark as BROKEN" Jithu Joseph
2022-11-19 16:23       ` [tip: x86/microcode] " tip-bot2 for Jithu Joseph

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221107225323.2733518-11-jithu.joseph@intel.com \
    --to=jithu.joseph@intel.com \
    --cc=ashok.raj@intel.com \
    --cc=athenas.jimenez.gonzalez@intel.com \
    --cc=bp@alien8.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=hdegoede@redhat.com \
    --cc=hpa@zytor.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=markgross@kernel.org \
    --cc=mingo@redhat.com \
    --cc=patches@lists.linux.dev \
    --cc=platform-driver-x86@vger.kernel.org \
    --cc=ravi.v.shankar@intel.com \
    --cc=sohil.mehta@intel.com \
    --cc=tglx@linutronix.de \
    --cc=thiago.macieira@intel.com \
    --cc=tony.luck@intel.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).