aboutsummaryrefslogtreecommitdiffstats
path: root/roms/skiboot/libstb/keys
diff options
context:
space:
mode:
authorAngelos Mouzakitis <a.mouzakitis@virtualopensystems.com>2023-10-10 14:33:42 +0000
committerAngelos Mouzakitis <a.mouzakitis@virtualopensystems.com>2023-10-10 14:33:42 +0000
commitaf1a266670d040d2f4083ff309d732d648afba2a (patch)
tree2fc46203448ddcc6f81546d379abfaeb323575e9 /roms/skiboot/libstb/keys
parente02cda008591317b1625707ff8e115a4841aa889 (diff)
Add submodule dependency filesHEADmaster
Change-Id: Iaf8d18082d3991dec7c0ebbea540f092188eb4ec
Diffstat (limited to 'roms/skiboot/libstb/keys')
-rw-r--r--roms/skiboot/libstb/keys/README.md147
-rw-r--r--roms/skiboot/libstb/keys/hw_key_a.key25
-rw-r--r--roms/skiboot/libstb/keys/hw_key_b.key26
-rw-r--r--roms/skiboot/libstb/keys/hw_key_c.key26
-rw-r--r--roms/skiboot/libstb/keys/sw_key_a.key16
5 files changed, 240 insertions, 0 deletions
diff --git a/roms/skiboot/libstb/keys/README.md b/roms/skiboot/libstb/keys/README.md
new file mode 100644
index 000000000..f70e6c28d
--- /dev/null
+++ b/roms/skiboot/libstb/keys/README.md
@@ -0,0 +1,147 @@
+# Important Information About Secure and Trusted Boot And Signing Keys
+
+## Background
+
+IBM P8 OpenPOWER systems support a limited set of Secure and Trusted Boot
+functionality. Secure Boot implements a processor based chain of trust. The
+chain starts with an implicitly trusted component with other components being
+authenticated and integrity checked before being executed on the host processor
+cores. At the root of this trust chain is the Host Platform Core Root of Trust
+for Measurement (CRTM). Immutable Read Only Memory (ROM - fixed in the POWER
+processor chip) verifies the initial firmware load. That firmware verifies
+cryptographic signatures on all subsequent "to be trusted" firmware that is
+loaded for execution on the P8 cores. Trusted Boot also makes use of this same
+CRTM by measuring and recording FW images via a Trusted Platform Module (TPM)
+before control is passed on to the next layer in the boot stack. The CRTM
+design is based on a Public Key Infrastructure (PKI) process to validate the
+firmware images before they are executed. This process makes use of a set of
+hardware and firmware asymmetric keys. Multiple organizations will want to
+deliver POWER hardware, digitally signed firmware, signed boot code,
+hypervisors, and operating systems. Each platform manufacturer wants to
+maintain control over its own code and sign it with its own keys. A single key
+hash is stored in host processor module SEEPROM representing the anchoring root
+set of hardware keys. The P8 Trusted Boot supports a key management flow that
+makes use of two kinds of hardware root keys, a wide open, well-known, openly
+published public/private key pair (imprint keys) and a set of production keys
+where the private key is protected by a hardware security module (HSM) internal
+to the manufacturing facility of the key owner.
+
+## Purpose Of Imprint Public/Private Keys
+
+It is critical to note that the imprint keys are not to be used for production.
+These are strictly for manufacturing and development level support given the
+open nature of the private part of the Hardware keys. This allows developers
+and testers to sign images and create builds for Secure and Trusted Boot
+development lab testing. Systems must be transitioned to production level
+keys for customer environments.
+
+## Manufacturer Key Management Role
+
+If a system is shipped from the System Manufacturer with imprint keys installed
+rather than production level hardware keys, the system must be viewed as running
+with a set of well-known default keys and vulnerable to exploitation. The
+System Access Administrator must work with the System Manufacturer to insure
+that a key transition process is utilized once a hardware based chain of trust
+is to be enabled as part of Secure or Trusted Boot functionality.
+
+## Intentional Public Release Of Imprint Public/Private Keys
+
+All public and private keys in this directory are being intentionally released
+to enable the developer community to sign code images. For true security, a
+different set of production signing keys should be used, and the private
+production signing key should be carefully guarded. Currently, we do not yet
+support production key signing, only development signing.
+
+### Imprint Private Keys
+
+#### Hardware Private Keys
+
+The following files contain the Imprint private keys, in PEM format:
+
+hw_key_a.key
+hw_key_b.key
+hw_key_c.key
+
+#### Software Private Keys
+
+The project does not contain any Software keys. The sample scripts reuse the
+Hardware keys where input is required for the Software keys. To generate your
+own software keys use the openssl "ecparam" command. The following commands
+will generate private software keys P, Q and R:
+
+$ openssl ecparam -genkey -outform pem -noout -name secp521r1 -out sw_key_p.key
+$ openssl ecparam -genkey -outform pem -noout -name secp521r1 -out sw_key_q.key
+$ openssl ecparam -genkey -outform pem -noout -name secp521r1 -out sw_key_r.key
+
+OpenPOWER secure boot supports three keys for Hardware (HW) key signing and (up
+to) three keys for Software (SW) key signing, This permits a "separation of
+duties" in the firmware signing process, if such a separation is desired. All
+three HW keys are required, but the SW keys allow for the use of one, two or
+three keys. A signature is required (i.e. must be present in the container) by
+*all three* firmare keys, and by every (1-3) SW key in use, to create a
+container that will boot with secure mode on. If a separation of duties is not
+required, the signer may use the same key for all three required HW keys, and
+for the (1-3) required SW keys. The container will boot as long as all required
+signatures are present.
+
+#### Hardware and Software Public Keys
+
+The public keys can be easily extracted from the private keys. Use the openssl
+"pkey" command, for example:
+
+$ openssl pkey -pubout -inform pem -outform pem -in sw_key_p.key -out sw_key_p.pub
+
+To build and sign a container locally, the public keys are not required. The
+signing tool will automatically extract the public key from the private key (for
+inclusion in the container) and will use the private key to create the required
+signatures.
+
+The recommended process for production keys is to not have the private keys
+present on thy system used to build firmware. In this mode you want to create
+the signatures independently from the op-build process. Create your private HW
+and SW keys as described above. Protect the private portion of the key (the
+private key). Add the public portion of the key (the public key) to ./keys
+directory. The signing tool will use the public key to populate the container.
+
+In this mode of operation you must sign the Prefix header and Software header
+with the HW and SW keys, respectively. TODO: Instructions to follow.
+
+#### Hardware Keys Hash
+
+As mentioned above, a single key hash is stored in host processor module SEEPROM
+representing the anchoring root set of HW keys. This is a 64 byte, SHA512 hash
+of the three HW keys. On a running OpenPOWER machine this hash may be read from
+an entry in the device tree:
+
+# cat /proc/device-tree/ibm,secureboot/hw-key-hash | xxd -p
+40d487ff7380ed6ad54775d5795fea0de2f541fea9db06b8466a42a320e6
+5f75b48665460017d907515dc2a5f9fc50954d6ee0c9b67d219dfb708535
+1d01d6d1
+
+Note this file is readable both from the target OS and the petitboot shell
+environment.
+
+OpenPOWER secure boot protects the containerized firmware by comparing this hash
+to the hash of the HW public keys in the container (as well as verifying the
+signatures, of course). If the hashes don't match, the machine won't boot. For
+this reason you might want to check that the HW keys hash will be correct in
+container you are building.
+
+To check the hash of your HW keys, run the "create-container" tool from the
+sb-signing-utils project. This command will create no container, but will
+display the SHA512 hash of the input keys:
+
+$ create-container -v -w0 -a /tmp/keys/hw_key_a.key \
+ -b /tmp/keys/hw_key_b.key \
+ -c /tmp/keys/hw_key_c.key \
+ --payload /dev/zero --imagefile /dev/null \
+ | grep "HW keys hash"
+
+HW keys hash = 40d487ff7380ed6a...
+
+Note this command will work with either public or private keys as input. The
+tool will also display the hash during normal container creation, when the
+program is run in verbose mode.
+
+To check the hash of the HW keys in an existing container, run the
+"print-container" tool: TODO
diff --git a/roms/skiboot/libstb/keys/hw_key_a.key b/roms/skiboot/libstb/keys/hw_key_a.key
new file mode 100644
index 000000000..8cfd2f2c7
--- /dev/null
+++ b/roms/skiboot/libstb/keys/hw_key_a.key
@@ -0,0 +1,25 @@
+!!! Important WARNING About This Private Key !!!
+
+DO NOT STRIP THIS WARNING FROM THIS PRIVATE KEY
+
+This private is being intentionally released by IBM to enable the developer
+community to sign code images. For true security, a different set of production
+signing keys should be used, and the private production signing key should be
+carefully guarded.
+
+-----BEGIN EC PRIVATE KEY-----
+MIICnAIBAQRBVvu38Sbtau77TPvsvEmYHwAD8WY12vTjRE6SowkePCI0+3k5bawC
+J9rKnafuMLCxE2SzTh5JPonVKhBPZeUpaOugggHGMIIBwgIBATBNBgcqhkjOPQEB
+AkIB////////////////////////////////////////////////////////////
+//////////////////////////8wgZ4EQgH/////////////////////////////
+/////////////////////////////////////////////////////////ARBUZU+
+uWGOHJofkpohoLaFQO6i2nJbmbMV87i0iZGO8QnhVhk5Uex+k3sWUsC9O7G/BzVz
+34g9LDTx70Uf1GtQPwADFQDQnogAKRy4U5bMZxc5MoSqoNpkugSBhQQAxoWOBrcE
+BOnNnj7LZiOVtEKcZIE5BT+1Ifgor2BrTT26oUted+/nWSj+HcEnov+o3jNIs8GF
+akKb+X5+McLlvWYBGDkpaniaO8AEXIpftCx9G9mY9URJV5tEaBevvRcnPmYsl+5y
+mV70JkDFULkBP60HYTU8cIaicsJAiL6Udp/RZlACQgH/////////////////////
+//////////////////////pRhoeDvy+Wa3/MAUj3CaXQO7XJuImcR667b7cekThk
+CQIBAaGBiQOBhgAEALseCHiWoJ4wcnQGjefKigKgnFVDj1D03ikeYzefc2y3wnoe
+8neyeB+X071kpXg83nEAVuxqm1Yn1IMJCP9Tz7NhALhglEF2RzciUSwF+GDx8CW7
+RlSBlxbtEPxpODD8/tImnjRig/OngZFce8fds7NPEUxPsoS7xCQ6V+dSAaYM+QYi
+-----END EC PRIVATE KEY-----
diff --git a/roms/skiboot/libstb/keys/hw_key_b.key b/roms/skiboot/libstb/keys/hw_key_b.key
new file mode 100644
index 000000000..60afd2da5
--- /dev/null
+++ b/roms/skiboot/libstb/keys/hw_key_b.key
@@ -0,0 +1,26 @@
+!!! Important WARNING About This Private Key !!!
+
+DO NOT STRIP THIS WARNING FROM THIS PRIVATE KEY
+
+This private is being intentionally released by IBM to enable the developer
+community to sign code images. For true security, a different set of production
+signing keys should be used, and the private production signing key should be
+carefully guarded.
+
+-----BEGIN EC PRIVATE KEY-----
+MIICnQIBAQRCAQ0nt+2t5RDGWJF6S326TEWyHPdI/VHm+pKvFgCCrVujE7P5oUlv
+GP3HZ3qemUX0RgmRjD27RflVdyOL6IlekHSsoIIBxjCCAcICAQEwTQYHKoZIzj0B
+AQJCAf//////////////////////////////////////////////////////////
+////////////////////////////MIGeBEIB////////////////////////////
+//////////////////////////////////////////////////////////wEQVGV
+PrlhjhyaH5KaIaC2hUDuotpyW5mzFfO4tImRjvEJ4VYZOVHsfpN7FlLAvTuxvwc1
+c9+IPSw08e9FH9RrUD8AAxUA0J6IACkcuFOWzGcXOTKEqqDaZLoEgYUEAMaFjga3
+BATpzZ4+y2YjlbRCnGSBOQU/tSH4KK9ga009uqFLXnfv51ko/h3BJ6L/qN4zSLPB
+hWpCm/l+fjHC5b1mARg5KWp4mjvABFyKX7QsfRvZmPVESVebRGgXr70XJz5mLJfu
+cple9CZAxVC5AT+tB2E1PHCGonLCQIi+lHaf0WZQAkIB////////////////////
+///////////////////////6UYaHg78vlmt/zAFI9wml0Du1ybiJnEeuu2+3HpE4
+ZAkCAQGhgYkDgYYABACTA8hhnkYIZKrc1O0tojIuF5Mhs9/XLMoSfPmDeqSXg2X9
+tjq598htT5uDWU/9WfrISQ9w81RR+blEvcY+GctkEQFJPYdOapsX2TVoNwvlJeVp
+gsQFwer4TOkmNV0FVbH7sJiHRw+ROHC5TOmy9YfQHCc2uAqInaZqPKTz13D8zQCG
+Cw==
+-----END EC PRIVATE KEY-----
diff --git a/roms/skiboot/libstb/keys/hw_key_c.key b/roms/skiboot/libstb/keys/hw_key_c.key
new file mode 100644
index 000000000..1bf4dfb56
--- /dev/null
+++ b/roms/skiboot/libstb/keys/hw_key_c.key
@@ -0,0 +1,26 @@
+!!! Important WARNING About This Private Key !!!
+
+DO NOT STRIP THIS WARNING FROM THIS PRIVATE KEY
+
+This private is being intentionally released by IBM to enable the developer
+community to sign code images. For true security, a different set of production
+signing keys should be used, and the private production signing key should be
+carefully guarded.
+
+-----BEGIN EC PRIVATE KEY-----
+MIICnQIBAQRCASomU+ACnQy0UDtFX53VV2bwBrc3GPK3hbMrsU1E98YmU4eh/Dpj
+FYQOyCPV27GRK8V46a1xvWs57per+X4R9LVdoIIBxjCCAcICAQEwTQYHKoZIzj0B
+AQJCAf//////////////////////////////////////////////////////////
+////////////////////////////MIGeBEIB////////////////////////////
+//////////////////////////////////////////////////////////wEQVGV
+PrlhjhyaH5KaIaC2hUDuotpyW5mzFfO4tImRjvEJ4VYZOVHsfpN7FlLAvTuxvwc1
+c9+IPSw08e9FH9RrUD8AAxUA0J6IACkcuFOWzGcXOTKEqqDaZLoEgYUEAMaFjga3
+BATpzZ4+y2YjlbRCnGSBOQU/tSH4KK9ga009uqFLXnfv51ko/h3BJ6L/qN4zSLPB
+hWpCm/l+fjHC5b1mARg5KWp4mjvABFyKX7QsfRvZmPVESVebRGgXr70XJz5mLJfu
+cple9CZAxVC5AT+tB2E1PHCGonLCQIi+lHaf0WZQAkIB////////////////////
+///////////////////////6UYaHg78vlmt/zAFI9wml0Du1ybiJnEeuu2+3HpE4
+ZAkCAQGhgYkDgYYABAFUBCtSjR9PiJqVhg/EIsNGp0phvJ8gE5XBFTnox8n8a+Ji
+4e7r8Uae9Qea6hnvWa6HzAup1KEJAl6vobyhyItaegDEHRy56UIij9nDVYhSIXia
+EEln8xLVz5cB//hToEtexHUvdax85Nacwco6FyGNxzptGddL+/ds/rkZ05Q1fFUr
+WQ==
+-----END EC PRIVATE KEY-----
diff --git a/roms/skiboot/libstb/keys/sw_key_a.key b/roms/skiboot/libstb/keys/sw_key_a.key
new file mode 100644
index 000000000..548e88000
--- /dev/null
+++ b/roms/skiboot/libstb/keys/sw_key_a.key
@@ -0,0 +1,16 @@
+!!! Important WARNING About This Private Key !!!
+
+DO NOT STRIP THIS WARNING FROM THIS PRIVATE KEY
+
+This private is being intentionally released by IBM to enable the developer
+community to sign code images. For true security, a different set of production
+signing keys should be used, and the private production signing key should be
+carefully guarded.
+
+-----BEGIN EC PRIVATE KEY-----
+MIHcAgEBBEIA1vyq2cSPgwWxVtPIEOqGL3UVsy5juBQz8XekOq6aeYf/nqC9u8u+
+GqCiffgBCPnXfWOWLtkaokYEPuMe7TekzomgBwYFK4EEACOhgYkDgYYABAD8W6NM
+6nVfsYps75ko1gfNrJO9XqbWAuUuyFA/O8S5tPwVP+atGpc4PE+uTEI24t7mkYLa
+kZhnGlmQpjr4fjkFvgAZDwhcQ+hWmzXYEBobYIPgItJi+8GvxBHBZvQWqpVWRfU9
+nSOxLTjjZ3i3dvBnQpCnx4cpTtIJPzFuE+kXqxLDnQ==
+-----END EC PRIVATE KEY-----