/** * \file * Secure Patch System Code * * \version $Revision$ $State$ *  * \date $Date$ * * \author <a href="mailto:Axel.Wachtler@amd.com">Axel Wachtler</a> *  * \par Last changed by: * $Author$ * *****************************************************************************//* * Copyright 2002 ADVANCED MICRO DEVICES, INC. All Rights Reserved. *  * This software and any related documentation (the "Materials") are the * confidential proprietary information of AMD. Unless otherwise provided * in an agreement specifically licensing the Materials, the Materials are * provided in confidence and may not to be used, distributed, modified, or * reproduced in whole or in part by any means. *  * LIMITATION OF LIABILITY: THE MATERIALS ARE PROVIDED "AS IS" WITHOUT ANY * EXPRESS OR IMPLIED WARRANTY OF ANY KIND, INCLUDING BUT NOT LIMITED TO * WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT, TITLE, FITNESS FOR ANY * PARTICULAR PURPOSE, OR WARRANTIES ARISING FORM CONDUCT, COURSE OF * DEALING, OR USAGE OF TRADE.  IN NO EVENT SHALL AMD OR ITS LICENSORS BE * LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, * DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION, OR LOSS OF * INFORMATION) ARISING OUT OF THE USE OF OR INABILITY TO USE THE * MATERIALS, EVEN IF AMD HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH * DAMAGES.  BECAUSE SOME JURISDICTIONS PROHIBIT THE EXCLUSION OR * LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE * ABOVE LIMITATION MAY NOT APPLY TO YOU. *  * AMD does not assume any responsibility for any errors which may appear * in the Materials nor any responsibility to support or update the * Materials.  AMD retains the right to modify the Materials at any time, * without notice, and is not obligated to provide such modified Materials * to you. *  * NO SUPPORT OBLIGATION: AMD is not obligated to furnish, support, or make * any further information, software, technical information, know-how, or * show-how available to you. *  *//******************************************************************************  Includes*****************************************************************************/#include "sec.h"#include "ssfif.h"#include "sps.h"#include "dve_api.h"#include "sps_hc.h"/******************************************************************************  Data*****************************************************************************//******************************************************************************  Static Function Declarations*****************************************************************************//** \defgroup SpsFunctions SPS Functions*//**\{*//** * \brief * Initialize the SPS context. * * The context data are hold in a global structure. * This function have to be called before the first  *  * * \param i is an int * \return SIS_SUCCESS or SIS_FAILURE */SpsSuccess_t SpsInitCtx(SpsContext_t * pCtx){    SpsSuccess_t ret;    ret = SPS_UNSUCCESSFUL;    do {	if (pCtx == NULL) {	    ret = SPS_NULL_PTR_FAIL;	    break;	}	if (pCtx->Magic == SPS_MAGIC) {	    ret = SPS_INIT_FAIL;	    break;	}	ssf_memset(pCtx, 0, sizeof(SpsContext_t));	pCtx->Magic = SPS_MAGIC;	pCtx->OverFlowObserved = FALSE;	/* be sure, cause we do not know, if false is 0 */	ret = SPS_SUCCESSFUL;    }    while (0);    /* show memory diagnostics if apropriate bit is 0 */    if ((SsfGetSecurityEnableMask() & SECURITY_ENABLE_PRNMEMSTAT) == 0) {	SsfUtilMemoryPrintPoolInfo();    }    return ret;}/** * @brief process the info field of a patch package and store *        information in the sps context structure * * @param pCtx  pointer to sps context structure * @param pInfo pointer to patch package info structure * * @return  */SpsSuccess_t SpsProcessInfo(SpsContext_t * pCtx, SpsPpPatchInfo_t * pInfo,			    Int32 Size){    SpsSuccess_t ret;    ret = SPS_UNSUCCESSFUL;    DP0(("==> SpsProcessInfo: SecMask=0x%08x SecDisabled=%d",	 SsfGetSecurityEnableMask(), SsfIsSecurityDisabled()));    do {	if ((pCtx == NULL) || (pInfo == NULL) || (Size < PP_INFO_LENGTH)) {	    ret = SPS_NULL_PTR_FAIL;	    break;	}	/* reset all variables, which depend on a patch package */	SpsResetContext(pCtx);	ret = SpsEvaluatePatchInfo(pInfo);	if (ret != SPS_SUCCESSFUL) {	    break;	}	ret = SpsSecurityInit(pCtx, pInfo);    }    while (0);    /* show memory diagnostics */    if ((SsfGetSecurityEnableMask() & SECURITY_ENABLE_PRNMEMSTAT) == 0) {	SsfUtilMemoryPrintPoolInfo();    }    return ret;}/** * @brief process the header field of a patch package and store *        information in the sps context structure *        (with each call of this function, the offset  *         for the patch buffer is reseted to 0) * * @param pCtx  pointer to sps context structure * @param pData pointer to patch package header structure * * @retval  pNbPatchRecords number of patch records, that stored *                          in the patch package * @retval  pPatchSize netto size of the patch package, e.g. if *                     if 2 records with lenths and 4 and 22,  *                     the return value is: *                             2 * sizeof(Addr)      8  *                          +  2 * sizeof(Length)    8  *                          +  4 * sizeof(int8)      4 (rec 1) *                          + 32 * sizeof(int8)     22 (rec 2) *                          pPatchSize            = 42   *  * @return  */SpsSuccess_t SpsProcessHeader(SpsContext_t * pCtx,			      Int8 * pData, Int32 Size, Int32 * pPatchSize){    SpsSuccess_t ret;    Int32 PrFragNb;    Int32 rsize;#if HSS_SAVE_ALIGMENT    SpsPpPatchHeader_t Hdr;#endif    SpsPpPatchHeader_t *pHdr;    DP0(("==> SpsProcessHeader"));    pHdr = NULL;    ret = SPS_UNSUCCESSFUL;    do {	if ((pCtx == NULL) || (pData == NULL) ||	    (Size != PP_HEADER_LENGTH) || (pPatchSize == NULL)) {	    ret = SPS_NULL_PTR_FAIL;	    break;	}#if HSS_SAVE_ALIGMENT	hss_memcpy(&Hdr, pData, PP_HEADER_LENGTH);	pHdr = &Hdr;#else	pHdr = (SpsPpPatchHeader_t *) pData;#endif	rsize = SpsSecurityUpdate(pCtx, (Int8 *) pHdr, Size);	if (rsize != Size) {	    DP0(("ERROR: invalid patch header"));	    break;	}	ret = SpsEvaluatePatchHeader(pHdr);	if (ret != SPS_SUCCESSFUL) {	    break;	}	ssf_memcpy(&(pCtx->patchheader), pHdr, PP_HEADER_LENGTH);	pCtx->PatchBufferOffset = 0;	PrFragNb = pCtx->patchheader.PrSize / PP_FRAGMENTATION_SIZE;	if ((pCtx->patchheader.PrSize % PP_FRAGMENTATION_SIZE) != 0) {	    PrFragNb++;	}	/* former alignment code for Bug 2105 	 *pPatchSize = pCtx->patchheader.PrSize + sizeof(Int32);	 */	*pPatchSize = pCtx->patchheader.PrSize;	ret = SpsAssignPatchBufferToContext(pCtx);    }    while (0);    /* show memory diagnostics if apropriate bit is 0 */    if ((SsfGetSecurityEnableMask() & SECURITY_ENABLE_PRNMEMSTAT) == 0) {	SsfUtilMemoryPrintPoolInfo();    }    return ret;}/** * @brief * process the patch fragment and copy the patch data to the assigned buffer. *  * * @param pCtx SPS context structure * @param pEpr pointer to a encapsulated patch record * * @return  *         SPS_SUCCESSFUL if operation was ok *         SPS_NULL_PTR_FAIL  if one of the input pointers is NULL *         SPS_NO_BUFFER_FAIL if there was no buffer assigned with SpsAssignMemory() *         SPS_SMALL_BUFFER_FAIL if the buffer is smaller then the expected *                               patch size *  */SpsSuccess_t SpsProcessPrFragment(SpsContext_t * pCtx, Int8 * pData,				  Int32 Size){    SpsSuccess_t ret;    DP0(("==> SpsProcessPrFragment"));    ret = SPS_UNSUCCESSFUL;    do {	if ((pCtx == NULL) || (pData == NULL) || (Size == 0)) {	    ret = SPS_NULL_PTR_FAIL;	    break;	}	/* update security values */	SpsSecurityUpdate(pCtx, (Int8 *) pData, Size);	/* copy values to buffer, if possible */	if (pCtx->pPatchBuffer == NULL) {	    ret = SPS_NO_BUFFER_FAIL;	    break;	}	if ((pCtx->PatchBufferOffset + Size) > pCtx->PatchBufferSize) {	    pCtx->OverFlowObserved = TRUE;	    ret = SPS_SMALL_BUFFER_FAIL;	    break;	}	ssf_memcpy(&pCtx->pPatchBuffer[pCtx->PatchBufferOffset], pData,		   Size);	pCtx->PatchBufferOffset += Size;	/* fix for Bug 2093 */	pCtx->PatchRecordCnt++;	ret = SPS_SUCCESSFUL;    }    while (0);    /* show memory diagnostics if apropriate bit is 0 */    if ((SsfGetSecurityEnableMask() & SECURITY_ENABLE_PRNMEMSTAT) == 0) {	SsfUtilMemoryPrintPoolInfo();    }    return ret;}/** * @brief finish the processing of a patch package *  * @param  pCtx              sps context pointer  * @retval pNbPatchRecords   number of patch records, which are received * @retval pTrustLevel       trust level of the patch (5 is highest) * @retval pVersionInfo      8 byte array of the patch version (2 * Int32) * @retval ppPatchData       address of the shadow buffer with the patch data  * * @return SPS_SUCCESSFUL or errorcode in case of  *         any suspectness of the received patch * */SpsSuccess_t SpsFinalizePp(SpsContext_t * pCtx, Int8 * pTrustLevel,			   char *pVersionInfo, Int8 ** ppPatchData){    SpsSuccess_t ret;    ret = SPS_UNSUCCESSFUL;    DP0(("==> SpsFinalizePp"));    do {	/* at first check for all fatal errors, which invalidate 	   the patch completely */	if ((pCtx == NULL) ||	    (pTrustLevel == NULL) ||	    (pVersionInfo == NULL) || (ppPatchData == NULL)) {	    DP0(("  SPS_NULL_PTR_FAIL\n"));	    ret = SPS_NULL_PTR_FAIL;	    break;	}	if (pCtx->pPatchBuffer == NULL) {	    DP0(("ERROR: SPS_NO_BUFFER_FAIL\n"));	    ret = SPS_NO_BUFFER_FAIL;	    break;	}	if (pCtx->OverFlowObserved != FALSE) {	    DP0(("ERROR: SPS_SMALL_BUFFER_FAIL\n"));	    ret = SPS_SMALL_BUFFER_FAIL;	    break;	}	ret =	    SpsEvaluatePatchBuffer(pCtx->pPatchBuffer,				   pCtx->PatchBufferOffset,				   pCtx->patchheader.PrSize);	if (ret != SPS_SUCCESSFUL) {	    DP0(("ERROR: unconsistent package ret=%d\n", ret));	    break;	}	/* init the return parameters */	*pTrustLevel = SpsComputeTrustLevel(pCtx);	ssf_memcpy(pVersionInfo, &(pCtx->patchheader.VersionInfo[0]),		   PP_VERSION_LENGTH);	*ppPatchData = pCtx->pPatchBuffer;	/* reinitialize the hash chain for the next package */	if ((SsfGetSecurityEnableMask() & SECURITY_ENABLE_HCRESET) != 0) {	    if (*pTrustLevel >= 5) {		/* we can trust this hash value, it is from a good package */		SpsHashChainReset((SpsHashChainWorkspace_t *) pCtx->				  pHashChainWorkspace,				  &pCtx->patchheader.sha1[0]);	    } else {		/* forget the hash value in this package, it is probably poison */		SpsHashChainReset((SpsHashChainWorkspace_t *) pCtx->				  pHashChainWorkspace, NULL);	    }	}	pCtx->PatchPkgCounter++;	DP0(("pakage %d processed [size=%d, truslevel=%d]",	     pCtx->PatchPkgCounter, pCtx->patchheader.PrSize,	     *pTrustLevel));	ret = SPS_SUCCESSFUL;    }    while (0);    SpsResetContext(pCtx);    /* show memory diagnostics if apropriate bit is 0 */    if ((SsfGetSecurityEnableMask() & SECURITY_ENABLE_PRNMEMSTAT) == 0) {	SsfUtilMemoryPrintPoolInfo();    }    return ret;}/* ------------------------------------------------------------------------- *//** \defgroup SpsInternalFunctions SPS Internal Functions*//**\{*//** * @brief evaluate patch info structure * * @param pInfo pointer to structure *  * @return SPS_SUCCESSFUL in case of success *         SPS_NULL_PTR_FAIL in case of null pointer *         SPS_PINFO_FAIL if magic number is wrong */SpsSuccess_t SpsEvaluatePatchInfo(SpsPpPatchInfo_t * pInfo){    SpsSuccess_t ret;    ret = SPS_UNSUCCESSFUL;    do {	if (pInfo == NULL) {	    ret = SPS_NULL_PTR_FAIL;	    break;	}	if (pInfo->MagicNb != PP_MAGIC_NUMBER) {	    ret = SPS_PINFO_FAIL;	    break;	}	ret = SPS_SUCCESSFUL;    }    while (0);    return ret;}/** * @brief evaluate patch header structure * * @param pHeader pointer to structure *