WIP 2

Signed-off-by: Krystian Hebel <[email protected]>

Author: krystian-hebel

Makefile

@@ -57,18 +57,23 @@ all: skl.bin
 -include Makefile.local
 
 # Generate a flat binary
-ifeq ($(AMDSL), n)
 # As a sanity check, look for the SKL UUID at its expected offset in the binary
 # image.  One reason this might fail is if the linker decides to put an
 # unreferenced section ahead of .text, in which case link.lds needs adjusting.
 skl.bin: skl Makefile
-	objcopy -O binary -S -R '.note.*' -R '.got.plt' $< $@
+	@# first binary skips signature-related sections to ease up signing process
+	objcopy -O binary -S -R '.note.*' -R '.got.plt' -R '.skl_sig' -R '.skl_pubkey_hdr' -R '.skl_pubkey_modulus' $< $@
+	@./sanity_check.sh
+ifeq ($(AMDSL), y)
+	# create signature
+	openssl dgst -sha384 -sign testPrivateKey.pem -out signature_rev.bin -binary -sigopt rsa_padding_mode:pss $@
+	# reverse byte order
+	xxd -c1 -p signature_rev.bin | tac | xxd -r -p > signature.bin
+	# get the modulus for pubkey header, reverse byte order
+	openssl rsa -in testPrivateKey.pem -modulus -noout | sed -e "s/Modulus=//" -e "s/../&\n/g" | tac | xxd -r -p > pubkey_mod.bin
+	# stitch binary again with all the pieces in place
+	objcopy -O binary -S -R '.note.*' -R '.got.plt' --update-section .skl_sig=signature.bin --update-section .skl_pubkey_modulus=pubkey_mod.bin $< $@
 	@./sanity_check.sh
-else
-skl.bin: skl Makefile
-	objcopy -O binary -S $< $@
-	python3 header_tool.py --image=skl.bin --version=0x02000200 --spl=0x00000001 --output=AmdSl_debug.BIN
-	./AmdSlSigningTool -i AmdSl_debug.BIN -o AmdSl_debug.BIN.sign
 endif
 
 skl: link.lds $(OBJ) Makefile
@@ -109,6 +114,7 @@ cscope:
 
 .PHONY: clean
 clean:
+	# rm -f *.bin
 	rm -f skl.bin skl $(TESTS) *.d *.o *.gcov *.gcda *.gcno tpmlib/*.d tpmlib/*.o cscope.*
 
 # Compiler-generated header dependencies.  Should be last.

head.S

@@ -46,7 +46,7 @@ GLOBAL(sl_header)
 	.word	_end_of_measured /* SL header SKL measured length */
 	.byte	0xda, 0x75, 0xc4, 0x0e, 0xd0, 0xd3, 0x5d, 0x48, 0xb6, 0xae, 0x3c, 0xb2, 0xf, 0xb7, 0xad, 0x3a
 	.long	0xffffffff       /* Reserved */
-	.long	0xaaaa5555       /* Total Length including signature and pubkey raw data */
+	.long	_end_of_signed + 0x640 /* Total Length including signature and pubkey raw data */
 	.word	soc_flag         /* Offset to SOCFLAG Structure, see below */
 	.word	skl_info         /* Offset to SKL info with UUID and version */
 	.word	bootloader_data  /* Offset to SLRT filled by the bootloader */
@@ -320,11 +320,42 @@ gdt:
 .Lgdt_end:
 ENDDATA(gdt)
 
-/*
-	.section .skinit_reserved, "a", @progbits
-GLOBAL(skinit_reserved)
-	.fill 0x740, 1, 0x00
-*/
+#ifdef AMDSL
+	.section .skl_sig_hdr, "a", @progbits
+	.fill 16, 1, 0x00            /* Nonce */
+	.long 0x31534124             /* HeaderVersion, "$AS1" */
+	.long _end_of_signed         /* Signed Fw Size in bytes */
+	.fill 4+4+16, 1, 0x00        /* Encryption options, algorithm ID and parameters */
+	.long 1                      /* SigOption, 1 - signed */
+	.long 0                      /* SigAlgID, unknown encoding */
+	.byte KEY_ID                 /* Key ID */
+	.long 0                      /* Compression option */
+	.long 1                      /* Security patch level */
+	.fill 4+4+8, 1, 0x00         /* Uncompr. size, compr. size, compr. parameters */
+	.long 0x02000200             /* ImageVersion */
+	.fill 4+4, 1, 0x00           /* APU Family ID and Firmware Load Address */
+	.long _end_of_signed + 0x200 /* FW size with signature */
+	.fill 4+4+4+1+1+2+16+16+96   /* The rest */
+
+	/* Signature is filled during final objcopy */
+	.section .skl_sig, "a", @progbits
+	.fill 0x200, 1, 0x00
+
+	.section .skl_pubkey_hdr, "a", @progbits
+	.long 2                      /* Version ID */
+	.byte KEY_ID                 /* Key ID */
+	.byte KEY_ID                 /* Certifying key ID */
+	.fill 4+1+1+14, 1, 0x00      /* Key usage, platform vendor ID, model ID, reserved */
+	.long 4096                   /* Public exponent size in bits */
+	.long 4096                   /* Modulus size in bits */
+
+	.long 0x10001                /* Exponent */
+	.fill 508, 1, 0x00           /* XXX: does it have to be so oversized? */
+
+	/* Modulus is stored in a dedicated section, filled during final objcopy */
+	.section .skl_pubkey_modulus, "a", @progbits
+	.fill 0x200, 1, 0x00
+#endif
 
 #ifdef __x86_64__
 	/* 64bit Pagetables, identity map of the first 4G of RAM. */

include/defs.h

@@ -128,4 +128,6 @@
 
 #define MULTIBOOT2_BOOTLOADER_MAGIC     0x36d76289
 
+#define KEY_ID 0x93, 0xE5, 0x43, 0x34, 0x3B, 0x41, 0x46, 0xFF, 0x96, 0x8A, 0xA2, 0x4D, 0xF5, 0x12, 0x02, 0x9A
+
 #endif /* __DEFS_H__ */

link.lds

@@ -36,9 +36,8 @@ SECTIONS
 		 * PCR 17 is extended with SKL padded with zeros up to a size that is
 		 * aligned up to the multiply of 4B. To keep functions in util.sh
 		 * simple, _end_of_measured is explicitly aligned. This may increase
-		 * skl.bin size by up to 3 bytes, but since next section is aligned to
-		 * 4K anyway this doesn't reduce the amount of available space, neither
-		 * does it increase the real size of data sent to TPM to be measured.
+		 * skl.bin size by up to 3 bytes, but it doesn't increase the real size
+		 * of data sent to TPM to be measured.
 		 *
 		 * Note that this padding must be part of .rodata to be included in
 		 * skl.bin, both for 'dd' used in util.sh and for checks performed by
@@ -49,8 +48,6 @@ SECTIONS
 
 	_end_of_measured = .;
 
-	. = ALIGN(16);
-
 	.skl_sig_hdr : {
 		*(.skl_sig_hdr)
 	}
@@ -61,8 +58,12 @@ SECTIONS
 		*(.skl_sig)
 	}
 
-	.skl_pubkey : {
-		*(.skl_pubkey)
+	.skl_pubkey_hdr : {
+		*(.skl_pubkey_hdr)
+	}
+
+	.skl_pubkey_modulus : {
+		*(.skl_pubkey_modulus)
 	}
 
 	.bss : {
@@ -89,8 +90,6 @@ SECTIONS
 		*(.bootloader_data)
 	}
 
-	. = 0xFFF4;
-
 	_end = .;
 
 	/* This section is expected to be empty. */
@@ -121,6 +120,11 @@ ASSERT(_end <= 0x10000, "Landing Zone exceeds 64k");
 ASSERT(SIZEOF(.got) == 0, ".got section not empty - non-hidden symbols used?");
 ASSERT(SIZEOF(.data) == 0, ".data section not empty - initialized data used?");
 
+ASSERT(!SIZEOF(.skl_sig_hdr) || SIZEOF(.skl_sig_hdr) == 0x100,
+       ".skl_sig_hdr size not 256 bytes");
+ASSERT(!SIZEOF(.skl_pubkey_hdr) || SIZEOF(.skl_pubkey_hdr) == 0x240,
+       ".skl_pubkey_hdr size not 0x240 bytes");
+
 /*
  * At least GNU ld 2.30 and earlier fail to discard the generic part of
  * .got.plt when no actual entries were allocated. Permit this case alongside

main.c

@@ -40,51 +40,6 @@ const skl_info_t __used skl_info = {
     .version = 0,
 };
 
-#if !defined(AMDSL)
-typedef struct tdFW_SIG_HEADER
-{
-    u8 Nonce[16];          /* [0x00] Unique image id */
-    u32 HeaderVersion;     /* [0x10] Version of the header */
-    u32 SizeFWSigned;      /* [0x14] Signed Fw Size in bytes */
-    u32 EncOption;         /* [0x18] 0 - Not encrypted, 1 - encrypted */
-    u32 EncAlgID;          /* [0x1C] Encryption algorithm id */
-    u8 EncParameters[16];  /* [0x20] Encryption Parameters */
-    u32 SigOption;         /* [0x30] 0 - not signed 1 - signed */
-    u32 SigAlgID;          /* [0x34] Signature algorithm ID */
-    u8 SigParameters[16];  /* [0x38] Signature parameter */
-    u32 CompOption;        /* [0x48] Compression option */
-    u32 SecPatchLevel;     /* [0x4C] Security patch level */
-    u32 UnCompImageSize;   /* [0x50] Uncompressed Image Size */
-    u32 CompImageSize;     /* [0x54] compressed Image Size */
-    u8 CompParameters[8];  /* [0x58] Compression Parameters */
-    u32 ImageVersion;      /* [0x60] Off Chip Firmware Version */
-    u32 APUFamilyID;       /* [0x64] APU Family ID or SoC ID */
-    u32 FirmwareLoadAddr;  /* [0x68] Firmware Load address (default 0) */
-    u32 SizeImage;         /* [0x6C] FW size with signature */
-    u32 SizeFWUnSigned;    /* [0x70] Size of Un-signed portion of the FW */
-    u32 FirmwareSplitAddr; /* [0x74] Offset of Nwd OS */
-    u32 SigFlags;          /* [0x78] Flags for FW signing options, perm, etc */
-    u8 FwType;             /* [0x7C] FwType */
-    u8 SubType;            /* [0x7D] SubType identifies FW */
-    u8 Reserved1[2];       /* [0x7E] *** RESERVED *** */
-    u8 EncKey[16];         /* [0x80] Encryption Key (Wrapped MEK) */
-    u8 SigningInfo[16];    /* [0x90] Signing tool specific information */
-    u8 Padd[96];           /* [0xA0] *** RESERVED *** */
-} FW_SIG_HEADER; /* Total 256 bytes */
-
-extern char _end_of_signed[];
-
-FW_SIG_HEADER __section(".skl_sig_hdr") __used hdr = {
-    .HeaderVersion = 0x31534124, /* "$AS1" */
-    .SizeFWSigned  = _u(_end_of_signed),
-    .SigOption     = 1,
-    .SigParameters = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
-                      0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, /* TBD! */
-    .ImageVersion  = 0x02000200,
-    .SizeImage     = _u(_end_of_signed) + 0x200,
-};
-#endif
-
 #if !defined(AMDSL)
 static void extend_pcr(struct tpm *tpm, void *data, u32 size, u32 pcr, char *ev)
 {