From nobody Sat Nov 15 07:42:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1755553685; cv=none; d=zohomail.com; s=zohoarc; b=FrUFxWnxTZdq2HwS4vYqS7Fyy2ARxhF6dEb0uj3K8zAgXRHesKkgdFBcWtjqtKsqCJWzfMFPdVz3A9uThN+UeJsVW7qI20n1/2k61d04KnnQPgZrAdNtSPIHIFoPQdBy8sf2w12qiUppgAvv3w45Kqa1n0nINIUIaHmpDqpkBwI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1755553685; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Ou7jpiUBYA5KMuH93/bxXWUrXKs7BpIY7bqnZib/GM0=; b=a/m3sp23oMW3ZYFQsdURiWgvF5/kats1Tq7hvPWcUtlFkD+fJ9qcOlshGlQe/cpPNBy88VSc8RfZc+X+mLawXSScUG8THPejfiB/bP/2f7uDqwnIhZsNAy8kEYyk4pT1MTN4sDVLsFyDh8R5+78s/RTh2zpT4ZgK7vRoXdsU18k= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1755553685119659.8512748912132; Mon, 18 Aug 2025 14:48:05 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uo7ei-0002ID-Ux; Mon, 18 Aug 2025 17:44:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uo7eN-0001qn-3m; Mon, 18 Aug 2025 17:44:20 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uo7eF-0003o2-Rx; Mon, 18 Aug 2025 17:44:16 -0400 Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 57IJpxL0002979; Mon, 18 Aug 2025 21:43:52 GMT Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 48jhq9ugjk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 18 Aug 2025 21:43:52 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 57IIHhJJ011683; Mon, 18 Aug 2025 21:43:51 GMT Received: from smtprelay05.wdc07v.mail.ibm.com ([172.16.1.72]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 48k4au7r8t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 18 Aug 2025 21:43:51 +0000 Received: from smtpav01.dal12v.mail.ibm.com (smtpav01.dal12v.mail.ibm.com [10.241.53.100]) by smtprelay05.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 57ILhnwR30016148 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 18 Aug 2025 21:43:49 GMT Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0A1835805D; Mon, 18 Aug 2025 21:43:49 +0000 (GMT) Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id F116858058; Mon, 18 Aug 2025 21:43:47 +0000 (GMT) Received: from fedora-workstation.ibmuc.com (unknown [9.61.98.172]) by smtpav01.dal12v.mail.ibm.com (Postfix) with ESMTP; Mon, 18 Aug 2025 21:43:47 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=Ou7jpiUBYA5KMuH93 /bxXWUrXKs7BpIY7bqnZib/GM0=; b=UDkRWFMO1JVB40MqTbI2J/x3LqePFo/hs kJoGuFJbmnLu26D+KH+ZZJsxTOVQUXvyaofV83YIznW7jyv4PK87CWNejIdvpfz+ ESzhBsriCoJnn1sZGW5cATIZvjzznU8piN52M6LjGbrNscg4ZfjNjn97NfvNJxVH DQJ5FGik/MIebz1wV5kD/odXPaOc6KAtAcgsIdJiefhlcJSDLfSP3YTKKAyDZIdR 0W/Ka1fuDwS1vu5J+ABtqrwPr24yJQuV9vZIcFLEKFvFXdc+c2mFoJW1W7pkAU2v CDG27qbsNtNm23w6hpy+QreT1z1zuEEIEQcanPpoEewIVZS5EfaWQ== From: Zhuoying Cai To: thuth@redhat.com, berrange@redhat.com, richard.henderson@linaro.org, david@redhat.com, jrossi@linux.ibm.com, qemu-s390x@nongnu.org, qemu-devel@nongnu.org Cc: walling@linux.ibm.com, jjherne@linux.ibm.com, pasic@linux.ibm.com, borntraeger@linux.ibm.com, farman@linux.ibm.com, mjrosato@linux.ibm.com, iii@linux.ibm.com, eblake@redhat.com, armbru@redhat.com, alifm@linux.ibm.com, zycai@linux.ibm.com Subject: [PATCH v5 20/29] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode Date: Mon, 18 Aug 2025 17:43:13 -0400 Message-ID: <20250818214323.529501-21-zycai@linux.ibm.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20250818214323.529501-1-zycai@linux.ibm.com> References: <20250818214323.529501-1-zycai@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=N50pF39B c=1 sm=1 tr=0 ts=68a39e98 cx=c_pps a=bLidbwmWQ0KltjZqbj+ezA==:117 a=bLidbwmWQ0KltjZqbj+ezA==:17 a=2OwXVqhp2XgA:10 a=VnNF1IyMAAAA:8 a=noympsQM67q5SXC5lO4A:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwODE2MDAyNyBTYWx0ZWRfX8AZYHIIf+kSK qun5EV980wnpxn0ros0EHsjM1v03XARMTiViPHZuhQcBCFIU8nteneYJf5k38clnGNzFLqXTW+v HxneNpVk2hSETmOgJYU9wGe/wDKdMEnaXj1FCEbr8SIq4tlkx9ItB0woycYD5SyiqMSNJM3TMX9 QXmGP8S1LMaO9C2aGE1j/qdHwpLIh72IPKV7wwij6KBe2ektUonFru7K1uyjaCgWOgQEggwgPZe BWx/SL2qqiEK5GDAwUYMq7m+LwYkpxSnMxQRjUUjpIIALhe7f+qu/30VRPQ26wmw6dqRV3zDWae tj0NPIwe5c2xmd0aLx0HMTbxUkFAjwEqUIq4S0gh3OXVOaIhl3bgArnlxvDYfTvZp5ePNmjOTzk lKrHMskk X-Proofpoint-GUID: qZnjRH5cL9L_9CRwtSNiytjRiqzUItl_ X-Proofpoint-ORIG-GUID: qZnjRH5cL9L_9CRwtSNiytjRiqzUItl_ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.1.9,FMLib:17.12.80.40 definitions=2025-08-18_06,2025-08-14_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 phishscore=0 suspectscore=0 impostorscore=0 bulkscore=0 adultscore=0 priorityscore=1501 spamscore=0 clxscore=1015 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2507300000 definitions=main-2508160027 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=zycai@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1755553686446116600 Content-Type: text/plain; charset="utf-8" Enable secure IPL in audit mode, which performs signature verification, but any error does not terminate the boot process. Only warnings will be logged to the console instead. Add a comp_len variable to store the length of a segment in zipl_load_segment. comp_len variable is necessary to store the calculated segment length and is used during signature verification. Return the length on success, or a negative return code on failure. Secure IPL in audit mode requires at least one certificate provided in the key store along with necessary facilities (Secure IPL Facility, Certificate Store Facility and secure IPL extension support). Note: Secure IPL in audit mode is implemented for the SCSI scheme of virtio-blk/virtio-scsi devices. Signed-off-by: Zhuoying Cai --- docs/system/s390x/secure-ipl.rst | 36 ++++ pc-bios/s390-ccw/Makefile | 3 +- pc-bios/s390-ccw/bootmap.c | 39 +++- pc-bios/s390-ccw/bootmap.h | 11 + pc-bios/s390-ccw/main.c | 9 + pc-bios/s390-ccw/s390-ccw.h | 15 ++ pc-bios/s390-ccw/sclp.c | 44 ++++ pc-bios/s390-ccw/sclp.h | 6 + pc-bios/s390-ccw/secure-ipl.c | 357 +++++++++++++++++++++++++++++++ pc-bios/s390-ccw/secure-ipl.h | 93 ++++++++ 10 files changed, 610 insertions(+), 3 deletions(-) create mode 100644 pc-bios/s390-ccw/secure-ipl.c create mode 100644 pc-bios/s390-ccw/secure-ipl.h diff --git a/docs/system/s390x/secure-ipl.rst b/docs/system/s390x/secure-ip= l.rst index 9b3fd25cc4..40a5781c7d 100644 --- a/docs/system/s390x/secure-ipl.rst +++ b/docs/system/s390x/secure-ipl.rst @@ -18,3 +18,39 @@ paths or directories on the command-line: qemu-system-s390x -machine s390-ccw-virtio, \ boot-certs.0.path=3D/.../qemu/certs, \ boot-certs.1.path=3D/another/path/cert.pem = ... + + +IPL Modes +=3D=3D=3D=3D=3D=3D=3D=3D=3D + +The concept of IPL Modes are introduced to differentiate between the IPL c= onfigurations. +These modes are mutually exclusive and enabled based on the ``boot-certs``= option on the +QEMU command line. + +Normal Mode +----------- + +The absence of certificates will attempt to IPL a guest without secure IPL= operations. +No checks are performed, and no warnings/errors are reported. This is the = default mode. + +Configuration: + +.. code-block:: shell + + qemu-system-s390x -machine s390-ccw-virtio ... + +Audit Mode +---------- + +With *only* the presence of certificates in the store, it is assumed that = secure +boot operations should be performed with errors reported as warnings. As s= uch, +the secure IPL operations will be performed, and any errors that stem from= these +operations will report a warning via the SCLP console. + +Configuration: + +.. code-block:: shell + + qemu-system-s390x -machine s390-ccw-virtio, \ + boot-certs.0.path=3D/.../qemu/certs, \ + boot-certs.1.path=3D/another/path/cert.pem = ... diff --git a/pc-bios/s390-ccw/Makefile b/pc-bios/s390-ccw/Makefile index a0f24c94a8..603761a857 100644 --- a/pc-bios/s390-ccw/Makefile +++ b/pc-bios/s390-ccw/Makefile @@ -34,7 +34,8 @@ QEMU_DGFLAGS =3D -MMD -MP -MT $@ -MF $(@D)/$(*F).d .PHONY : all clean build-all distclean =20 OBJECTS =3D start.o main.o bootmap.o jump2ipl.o sclp.o menu.o netmain.o \ - virtio.o virtio-net.o virtio-scsi.o virtio-blkdev.o cio.o dasd-ipl.o + virtio.o virtio-net.o virtio-scsi.o virtio-blkdev.o cio.o dasd-ipl.o \ + secure-ipl.o =20 SLOF_DIR :=3D $(SRC_PATH)/../../roms/SLOF =20 diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c index 4f54c643ff..3922e7cdde 100644 --- a/pc-bios/s390-ccw/bootmap.c +++ b/pc-bios/s390-ccw/bootmap.c @@ -15,6 +15,7 @@ #include "bootmap.h" #include "virtio.h" #include "bswap.h" +#include "secure-ipl.h" =20 #ifdef DEBUG /* #define DEBUG_FALLBACK */ @@ -617,7 +618,7 @@ static int ipl_eckd(void) * Returns: length of the segment on sucess, * negative value on error. */ -static int zipl_load_segment(ComponentEntry *entry, uint64_t address) +int zipl_load_segment(ComponentEntry *entry, uint64_t address) { const int max_entries =3D (MAX_SECTOR_SIZE / sizeof(ScsiBlockPtr)); ScsiBlockPtr *bprs =3D (void *)sec; @@ -735,7 +736,19 @@ static int zipl_run(ScsiBlockPtr *pte) /* Load image(s) into RAM */ entry =3D (ComponentEntry *)(&header[1]); =20 - if (zipl_run_normal(&entry, tmp_sec)) { + switch (boot_mode) { + case ZIPL_BOOT_MODE_SECURE_AUDIT: + if (zipl_run_secure(&entry, tmp_sec)) { + return -1; + } + break; + case ZIPL_BOOT_MODE_NORMAL: + if (zipl_run_normal(&entry, tmp_sec)) { + return -1; + } + break; + default: + puts("Unknown boot mode"); return -1; } =20 @@ -1101,17 +1114,35 @@ static int zipl_load_vscsi(void) * IPL starts here */ =20 +ZiplBootMode zipl_mode(uint8_t hdr_flags) +{ + bool sipl_set =3D hdr_flags & DIAG308_IPIB_FLAGS_SIPL; + bool iplir_set =3D hdr_flags & DIAG308_IPIB_FLAGS_IPLIR; + + if (!sipl_set && iplir_set) { + return ZIPL_BOOT_MODE_SECURE_AUDIT; + } + + return ZIPL_BOOT_MODE_NORMAL; +} + void zipl_load(void) { VDev *vdev =3D virtio_get_device(); =20 if (vdev->is_cdrom) { + if (boot_mode =3D=3D ZIPL_BOOT_MODE_SECURE_AUDIT) { + panic("Secure boot from ISO image is not supported!"); + } ipl_iso_el_torito(); puts("Failed to IPL this ISO image!"); return; } =20 if (virtio_get_device_type() =3D=3D VIRTIO_ID_NET) { + if (boot_mode =3D=3D ZIPL_BOOT_MODE_SECURE_AUDIT) { + panic("Virtio net boot device does not support secure boot!"); + } netmain(); puts("Failed to IPL from this network!"); return; @@ -1122,6 +1153,10 @@ void zipl_load(void) return; } =20 + if (boot_mode =3D=3D ZIPL_BOOT_MODE_SECURE_AUDIT) { + panic("ECKD boot device does not support secure boot!"); + } + switch (virtio_get_device_type()) { case VIRTIO_ID_BLOCK: zipl_load_vblk(); diff --git a/pc-bios/s390-ccw/bootmap.h b/pc-bios/s390-ccw/bootmap.h index 95943441d3..90fd530256 100644 --- a/pc-bios/s390-ccw/bootmap.h +++ b/pc-bios/s390-ccw/bootmap.h @@ -88,9 +88,18 @@ typedef struct BootMapTable { BootMapPointer entry[]; } __attribute__ ((packed)) BootMapTable; =20 +#define DER_SIGNATURE_FORMAT 1 + +typedef struct SignatureInformation { + uint8_t format; + uint8_t reserved[3]; + uint32_t sig_len; +} __attribute__((packed)) SignatureInformation; + typedef union ComponentEntryData { uint64_t load_psw; uint64_t load_addr; + SignatureInformation sig_info; } ComponentEntryData; =20 typedef struct ComponentEntry { @@ -113,6 +122,8 @@ typedef struct ScsiMbr { ScsiBlockPtr pt; /* block pointer to program table */ } __attribute__ ((packed)) ScsiMbr; =20 +int zipl_load_segment(ComponentEntry *entry, uint64_t address); + #define ZIPL_MAGIC "zIPL" #define ZIPL_MAGIC_EBCDIC "\xa9\xc9\xd7\xd3" #define IPL1_MAGIC "\xc9\xd7\xd3\xf1" /* =3D=3D "IPL1" in EBCDIC */ diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c index c9328f1c51..668660e64d 100644 --- a/pc-bios/s390-ccw/main.c +++ b/pc-bios/s390-ccw/main.c @@ -28,6 +28,7 @@ IplParameterBlock *iplb; bool have_iplb; static uint16_t cutype; LowCore *lowcore; /* Yes, this *is* a pointer to address 0 */ +ZiplBootMode boot_mode; =20 #define LOADPARM_PROMPT "PROMPT " #define LOADPARM_EMPTY " " @@ -272,9 +273,17 @@ static int virtio_setup(void) =20 static void ipl_boot_device(void) { + if (boot_mode =3D=3D ZIPL_BOOT_MODE_UNSPECIFIED) { + boot_mode =3D zipl_mode(iplb->hdr_flags); + } + switch (cutype) { case CU_TYPE_DASD_3990: case CU_TYPE_DASD_2107: + if (boot_mode =3D=3D ZIPL_BOOT_MODE_SECURE_AUDIT) { + panic("Passthrough (vfio) device does not support secure boot!= "); + } + dasd_ipl(blk_schid, cutype); break; case CU_TYPE_VIRTIO: diff --git a/pc-bios/s390-ccw/s390-ccw.h b/pc-bios/s390-ccw/s390-ccw.h index b1dc35cded..c2ba40d067 100644 --- a/pc-bios/s390-ccw/s390-ccw.h +++ b/pc-bios/s390-ccw/s390-ccw.h @@ -39,6 +39,9 @@ typedef unsigned long long u64; #define MIN_NON_ZERO(a, b) ((a) =3D=3D 0 ? (b) : \ ((b) =3D=3D 0 ? (a) : (MIN(a, b)))) #endif +#ifndef ROUND_UP +#define ROUND_UP(n, d) (((n) + (d) - 1) & -(0 ? (n) : (d))) +#endif =20 #define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0])) =20 @@ -64,6 +67,8 @@ void sclp_print(const char *string); void sclp_set_write_mask(uint32_t receive_mask, uint32_t send_mask); void sclp_setup(void); void sclp_get_loadparm_ascii(char *loadparm); +bool sclp_is_diag320_on(void); +bool sclp_is_sipl_on(void); int sclp_read(char *str, size_t count); =20 /* virtio.c */ @@ -76,6 +81,16 @@ int virtio_read(unsigned long sector, void *load_addr); /* bootmap.c */ void zipl_load(void); =20 +typedef enum ZiplBootMode { + ZIPL_BOOT_MODE_UNSPECIFIED =3D 0, + ZIPL_BOOT_MODE_NORMAL =3D 1, + ZIPL_BOOT_MODE_SECURE_AUDIT =3D 2, +} ZiplBootMode; + +extern ZiplBootMode boot_mode; + +ZiplBootMode zipl_mode(uint8_t hdr_flags); + /* jump2ipl.c */ void write_reset_psw(uint64_t psw); int jump_to_IPL_code(uint64_t address); diff --git a/pc-bios/s390-ccw/sclp.c b/pc-bios/s390-ccw/sclp.c index 4a07de018d..0b03c3164f 100644 --- a/pc-bios/s390-ccw/sclp.c +++ b/pc-bios/s390-ccw/sclp.c @@ -113,6 +113,50 @@ void sclp_get_loadparm_ascii(char *loadparm) } } =20 +static void sclp_get_fac134(uint8_t *fac134) +{ + + ReadInfo *sccb =3D (void *)_sccb; + + memset((char *)_sccb, 0, sizeof(ReadInfo)); + sccb->h.length =3D SCCB_SIZE; + if (!sclp_service_call(SCLP_CMDW_READ_SCP_INFO, sccb)) { + *fac134 =3D sccb->fac134; + } +} + +bool sclp_is_diag320_on(void) +{ + uint8_t fac134 =3D 0; + + sclp_get_fac134(&fac134); + return fac134 & SCCB_FAC134_DIAG320_BIT; +} + +/* + * Get fac_ipl (byte 136 and byte 137 of the SCLP Read Info block) + * for IPL device facilities. + */ +static void sclp_get_fac_ipl(uint16_t *fac_ipl) +{ + + ReadInfo *sccb =3D (void *)_sccb; + + memset((char *)_sccb, 0, sizeof(ReadInfo)); + sccb->h.length =3D SCCB_SIZE; + if (!sclp_service_call(SCLP_CMDW_READ_SCP_INFO, sccb)) { + *fac_ipl =3D sccb->fac_ipl; + } +} + +bool sclp_is_sipl_on(void) +{ + uint16_t fac_ipl =3D 0; + + sclp_get_fac_ipl(&fac_ipl); + return fac_ipl & SCCB_FAC_IPL_SIPL_BIT; +} + int sclp_read(char *str, size_t count) { ReadEventData *sccb =3D (void *)_sccb; diff --git a/pc-bios/s390-ccw/sclp.h b/pc-bios/s390-ccw/sclp.h index 64b53cad29..cf147f4634 100644 --- a/pc-bios/s390-ccw/sclp.h +++ b/pc-bios/s390-ccw/sclp.h @@ -50,6 +50,8 @@ typedef struct SCCBHeader { } __attribute__((packed)) SCCBHeader; =20 #define SCCB_DATA_LEN (SCCB_SIZE - sizeof(SCCBHeader)) +#define SCCB_FAC134_DIAG320_BIT 0x4 +#define SCCB_FAC_IPL_SIPL_BIT 0x4000 =20 typedef struct ReadInfo { SCCBHeader h; @@ -57,6 +59,10 @@ typedef struct ReadInfo { uint8_t rnsize; uint8_t reserved[13]; uint8_t loadparm[LOADPARM_LEN]; + uint8_t reserved1[102]; + uint8_t fac134; + uint8_t reserved2; + uint16_t fac_ipl; } __attribute__((packed)) ReadInfo; =20 typedef struct SCCB { diff --git a/pc-bios/s390-ccw/secure-ipl.c b/pc-bios/s390-ccw/secure-ipl.c new file mode 100644 index 0000000000..80cbfa41a0 --- /dev/null +++ b/pc-bios/s390-ccw/secure-ipl.c @@ -0,0 +1,357 @@ +/* + * S/390 Secure IPL + * + * Functions to support IPL in secure boot mode (DIAG 320, DIAG 508, + * signature verification, and certificate handling). + * + * For secure IPL overview: docs/system/s390x/secure-ipl.rst + * For secure IPL technical: docs/specs/s390x-secure-ipl.rst + * + * Copyright 2025 IBM Corp. + * Author(s): Zhuoying Cai + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include +#include +#include +#include "bootmap.h" +#include "s390-ccw.h" +#include "secure-ipl.h" + +uint8_t vcssb_data[VCSSB_MIN_LEN] __attribute__((__aligned__(PAGE_SIZE))); + +VCStorageSizeBlock *zipl_secure_get_vcssb(void) +{ + VCStorageSizeBlock *vcssb; + int rc; + + vcssb =3D (VCStorageSizeBlock *)vcssb_data; + /* avoid retrieving vcssb multiple times */ + if (vcssb->length >=3D VCSSB_MIN_LEN) { + return vcssb; + } + + vcssb->length =3D VCSSB_MIN_LEN; + rc =3D diag320(vcssb, DIAG_320_SUBC_QUERY_VCSI); + if (rc !=3D DIAG_320_RC_OK) { + return NULL; + } + + return vcssb; +} + +static uint32_t get_certs_length(void) +{ + VCStorageSizeBlock *vcssb; + uint32_t len; + + vcssb =3D zipl_secure_get_vcssb(); + if (vcssb =3D=3D NULL) { + return 0; + } + + len =3D vcssb->total_vcb_len - VCB_HEADER_LEN - vcssb->total_vc_ct * V= CE_HEADER_LEN; + + return len; +} + +static uint32_t request_certificate(uint64_t *cert, uint8_t index) +{ + VCStorageSizeBlock *vcssb; + VCBlock *vcb; + VCEntry *vce; + uint64_t rc =3D 0; + uint32_t cert_len =3D 0; + + /* Get Verification Certificate Storage Size block with DIAG320 subcod= e 1 */ + vcssb =3D zipl_secure_get_vcssb(); + if (vcssb =3D=3D NULL) { + return 0; + } + + /* + * Request single entry + * Fill input fields of single-entry VCB + */ + vcb =3D malloc(MAX_SECTOR_SIZE * 4); + vcb->in_len =3D ROUND_UP(vcssb->max_single_vcb_len, PAGE_SIZE); + vcb->first_vc_index =3D index + 1; + vcb->last_vc_index =3D index + 1; + + rc =3D diag320(vcb, DIAG_320_SUBC_STORE_VC); + if (rc =3D=3D DIAG_320_RC_OK) { + vce =3D (VCEntry *)vcb->vce_buf; + /* Make sure vce contains a valid certificate */ + if (!is_vce_cert_valid(vce->flags, vce->len)) { + goto out; + } + + cert_len =3D vce->cert_len; + memcpy(cert, (uint8_t *)vce + vce->cert_offset, vce->cert_len); + } + +out: + free(vcb); + return cert_len; +} + +static void cert_list_add(IplSignatureCertificateList *certs, int cert_ind= ex, + uint64_t *cert, uint64_t cert_len) +{ + if (cert_index > MAX_CERTIFICATES - 1) { + printf("Warning: Ignoring cert entry [%d] because it's over %d ent= ires\n", + cert_index + 1, MAX_CERTIFICATES); + return; + } + + certs->cert_entries[cert_index].addr =3D (uint64_t)cert; + certs->cert_entries[cert_index].len =3D cert_len; + certs->ipl_info_header.len +=3D sizeof(certs->cert_entries[cert_index]= ); +} + +static void comp_list_add(IplDeviceComponentList *comps, int comp_index, + int cert_index, uint64_t comp_addr, + uint64_t comp_len, uint8_t flags) +{ + if (comp_index > MAX_CERTIFICATES - 1) { + printf("Warning: Ignoring comp entry [%d] because it's over %d ent= ires\n", + comp_index + 1, MAX_CERTIFICATES); + return; + } + + comps->device_entries[comp_index].addr =3D comp_addr; + comps->device_entries[comp_index].len =3D comp_len; + comps->device_entries[comp_index].flags =3D flags; + comps->device_entries[comp_index].cert_index =3D cert_index; + comps->ipl_info_header.len +=3D sizeof(comps->device_entries[comp_inde= x]); +} + +static int update_iirb(IplDeviceComponentList *comps, IplSignatureCertific= ateList *certs) +{ + IplInfoReportBlock *iirb; + IplDeviceComponentList *iirb_comps; + IplSignatureCertificateList *iirb_certs; + uint32_t iirb_hdr_len; + uint32_t comps_len; + uint32_t certs_len; + + if (iplb->len % 8 !=3D 0) { + panic("IPL parameter block length field value is not multiple of 8= bytes"); + } + + iirb_hdr_len =3D sizeof(IplInfoReportBlockHeader); + comps_len =3D comps->ipl_info_header.len; + certs_len =3D certs->ipl_info_header.len; + if ((comps_len + certs_len + iirb_hdr_len) > sizeof(IplInfoReportBlock= )) { + puts("Not enough space to hold all components and certificates in = IIRB"); + return -1; + } + + /* IIRB immediately follows IPLB */ + iirb =3D &ipl_data.iirb; + iirb->hdr.len =3D iirb_hdr_len; + + /* Copy IPL device component list after IIRB Header */ + iirb_comps =3D (IplDeviceComponentList *) iirb->info_blks; + memcpy(iirb_comps, comps, comps_len); + + /* Update IIRB length */ + iirb->hdr.len +=3D comps_len; + + /* Copy IPL sig cert list after IPL device component list */ + iirb_certs =3D (IplSignatureCertificateList *) (iirb->info_blks + + iirb_comps->ipl_info_hea= der.len); + memcpy(iirb_certs, certs, certs_len); + + /* Update IIRB length */ + iirb->hdr.len +=3D certs_len; + + return 0; +} + +static bool secure_ipl_supported(void) +{ + if (!sclp_is_sipl_on()) { + puts("Secure IPL Facility is not supported by the hypervisor!"); + return false; + } + + if (!is_secure_ipl_extension_supported()) { + puts("Secure IPL extensions are not supported by the hypervisor!"); + return false; + } + + if (!(sclp_is_diag320_on() && is_cert_store_facility_supported())) { + puts("Certificate Store Facility is not supported by the hyperviso= r!"); + return false; + } + + return true; +} + +static void init_lists(IplDeviceComponentList *comps, IplSignatureCertific= ateList *certs) +{ + comps->ipl_info_header.ibt =3D IPL_IBT_COMPONENTS; + comps->ipl_info_header.len =3D sizeof(comps->ipl_info_header); + + certs->ipl_info_header.ibt =3D IPL_IBT_CERTIFICATES; + certs->ipl_info_header.len =3D sizeof(certs->ipl_info_header); +} + +static uint32_t zipl_load_signature(ComponentEntry *entry, uint64_t sig_se= c) +{ + uint32_t sig_len; + + if (zipl_load_segment(entry, sig_sec) < 0) { + return -1; + } + + if (entry->compdat.sig_info.format !=3D DER_SIGNATURE_FORMAT) { + puts("Signature is not in DER format"); + return -1; + } + sig_len =3D entry->compdat.sig_info.sig_len; + + return sig_len; +} + +static int handle_certificate(int *cert_table, uint64_t **cert, + uint64_t cert_len, uint8_t cert_idx, + IplSignatureCertificateList *certs, int cert_= index) +{ + bool unused; + + unused =3D cert_table[cert_idx] =3D=3D -1; + if (unused) { + if (request_certificate(*cert, cert_idx)) { + cert_list_add(certs, cert_index, *cert, cert_len); + cert_table[cert_idx] =3D cert_index; + *cert +=3D cert_len; + } else { + puts("Could not get certificate"); + return -1; + } + + /* increment cert_index for the next cert entry */ + return ++cert_index; + } + + return cert_index; +} + +int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec) +{ + IplDeviceComponentList comps; + IplSignatureCertificateList certs; + ComponentEntry *entry =3D *entry_ptr; + uint64_t *cert =3D NULL; + uint64_t *sig =3D NULL; + int cert_index =3D 0; + int comp_index =3D 0; + uint64_t comp_addr; + int comp_len; + uint32_t sig_len =3D 0; + uint64_t cert_len =3D -1; + uint8_t cert_idx =3D -1; + bool verified; + uint32_t certs_len; + /* + * Store indices of cert entry that have already used for signature ve= rification + * to prevent allocating the same certificate multiple times. + * cert_table index: index of certificate from qemu cert store used fo= r verification + * cert_table value: index of cert entry in cert list that contains th= e certificate + */ + int cert_table[MAX_CERTIFICATES] =3D { [0 ... MAX_CERTIFICATES - 1] = =3D -1}; + int signed_count =3D 0; + + if (!secure_ipl_supported()) { + return -1; + } + + init_lists(&comps, &certs); + certs_len =3D get_certs_length(); + cert =3D malloc(certs_len); + sig =3D malloc(MAX_SECTOR_SIZE); + + while (entry->component_type !=3D ZIPL_COMP_ENTRY_EXEC) { + switch (entry->component_type) { + case ZIPL_COMP_ENTRY_SIGNATURE: + if (sig_len) { + goto out; + } + + sig_len =3D zipl_load_signature(entry, (uint64_t)sig); + if (sig_len < 0) { + goto out; + } + break; + case ZIPL_COMP_ENTRY_LOAD: + comp_addr =3D entry->compdat.load_addr; + comp_len =3D zipl_load_segment(entry, comp_addr); + if (comp_len < 0) { + goto out; + } + + if (!sig_len) { + break; + } + + verified =3D verify_signature(comp_len, comp_addr, sig_len, (u= int64_t)sig, + &cert_len, &cert_idx); + + if (verified) { + cert_index =3D handle_certificate(cert_table, &cert, cert_= len, cert_idx, + &certs, cert_index); + if (cert_index =3D=3D -1) { + goto out; + } + + puts("Verified component"); + comp_list_add(&comps, comp_index, cert_table[cert_idx], + comp_addr, comp_len, + S390_IPL_COMPONENT_FLAG_SC | S390_IPL_COMPON= ENT_FLAG_CSV); + } else { + comp_list_add(&comps, comp_index, -1, + comp_addr, comp_len, + S390_IPL_COMPONENT_FLAG_SC); + zipl_secure_handle("Could not verify component"); + } + + comp_index++; + signed_count +=3D 1; + /* After a signature is used another new one can be accepted */ + sig_len =3D 0; + break; + default: + puts("Unknown component entry type"); + return -1; + } + + entry++; + + if ((uint8_t *)(&entry[1]) > tmp_sec + MAX_SECTOR_SIZE) { + puts("Wrong entry value"); + return -EINVAL; + } + } + + if (signed_count =3D=3D 0) { + zipl_secure_handle("Secure boot is on, but components are not sign= ed"); + } + + if (update_iirb(&comps, &certs)) { + zipl_secure_handle("Failed to write IPL Information Report Block"); + } + + *entry_ptr =3D entry; + free(sig); + + return 0; +out: + free(cert); + free(sig); + + return -1; +} diff --git a/pc-bios/s390-ccw/secure-ipl.h b/pc-bios/s390-ccw/secure-ipl.h new file mode 100644 index 0000000000..5d02f202b6 --- /dev/null +++ b/pc-bios/s390-ccw/secure-ipl.h @@ -0,0 +1,93 @@ +/* + * S/390 Secure IPL + * + * Copyright 2025 IBM Corp. + * Author(s): Zhuoying Cai + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#ifndef _PC_BIOS_S390_CCW_SECURE_IPL_H +#define _PC_BIOS_S390_CCW_SECURE_IPL_H + +#include +#include + +VCStorageSizeBlock *zipl_secure_get_vcssb(void); +int zipl_run_secure(ComponentEntry **entry_ptr, uint8_t *tmp_sec); + +static inline void zipl_secure_handle(const char *message) +{ + switch (boot_mode) { + case ZIPL_BOOT_MODE_SECURE_AUDIT: + IPL_check(false, message); + break; + default: + break; + } +} + +static inline uint64_t diag320(void *data, unsigned long subcode) +{ + register unsigned long addr asm("0") =3D (unsigned long)data; + register unsigned long rc asm("1") =3D 0; + + asm volatile ("diag %0,%2,0x320\n" + : "+d" (addr), "+d" (rc) + : "d" (subcode) + : "memory", "cc"); + return rc; +} + +static inline bool is_vce_cert_valid(uint8_t vce_flags, uint32_t vce_len) +{ + return (vce_flags & DIAG_320_VCE_FLAGS_VALID) && (vce_len > VCE_INVALI= D_LEN); +} + +static inline bool is_cert_store_facility_supported(void) +{ + uint32_t d320_ism; + + diag320(&d320_ism, DIAG_320_SUBC_QUERY_ISM); + return (d320_ism & DIAG_320_ISM_QUERY_SUBCODES) && + (d320_ism & DIAG_320_ISM_QUERY_VCSI) && + (d320_ism & DIAG_320_ISM_STORE_VC); +} + +static inline uint64_t _diag508(void *data, unsigned long subcode) +{ + register unsigned long addr asm("0") =3D (unsigned long)data; + register unsigned long rc asm("1") =3D 0; + + asm volatile ("diag %0,%2,0x508\n" + : "+d" (addr), "+d" (rc) + : "d" (subcode) + : "memory", "cc"); + return rc; +} + +static inline bool is_secure_ipl_extension_supported(void) +{ + uint64_t d508_subcodes; + + d508_subcodes =3D _diag508(NULL, DIAG_508_SUBC_QUERY_SUBC); + return d508_subcodes & DIAG_508_SUBC_SIG_VERIF; +} + +static inline bool verify_signature(uint64_t comp_len, uint64_t comp_addr, + uint64_t sig_len, uint64_t sig_addr, + uint64_t *cert_len, uint8_t *cert_idx) +{ + Diag508SignatureVerificationBlock svb =3D {{}, comp_len, comp_addr, + sig_len, sig_addr }; + + if (_diag508(&svb, DIAG_508_SUBC_SIG_VERIF) =3D=3D DIAG_508_RC_OK) { + *cert_len =3D svb.csi.len; + *cert_idx =3D svb.csi.idx; + return true; + } + + return false; +} + +#endif /* _PC_BIOS_S390_CCW_SECURE_IPL_H */ --=20 2.50.1