From eeb5e1ac10159b960e2ca2ed5026f9bf672d7362 Mon Sep 17 00:00:00 2001 From: Praveen Hp Date: Fri, 22 Jan 2021 00:26:21 +0800 Subject: [PATCH] Fix Secureboot status in PSD MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CFL, CML, EHL, TGL platforms are using PSD version 0.3. as per PSD Spec v0.3 secureboot status indication as ber below, 000 – Secure boot is Disabled 001 – UEFI Secure boot is enabled 010 – Boot Guard is Enabled 100 – Bootloader Verified boot is Enabled Signed-off-by: Praveen Hp --- Silicon/CoffeelakePkg/Library/PsdLib/PsdLib.c | 4 ++-- Silicon/CometlakePkg/Library/PsdLib/PsdLib.c | 4 ++-- Silicon/CometlakevPkg/Library/PsdLib/PsdLib.c | 4 ++-- Silicon/ElkhartlakePkg/Library/PsdLib/PsdLib.c | 4 ++-- Silicon/TigerlakePkg/Library/PsdLib/PsdLib.c | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Silicon/CoffeelakePkg/Library/PsdLib/PsdLib.c b/Silicon/CoffeelakePkg/Library/PsdLib/PsdLib.c index 1af1313e..5ff25834 100644 --- a/Silicon/CoffeelakePkg/Library/PsdLib/PsdLib.c +++ b/Silicon/CoffeelakePkg/Library/PsdLib/PsdLib.c @@ -338,8 +338,8 @@ UpdateAcpiPsdTable ( return EFI_UNSUPPORTED; } - //00 - Secure boot is Disabled; 01 - Verified boot is enabled; 11 - Secure boot (verified + PcdVerifiedBootEnabled) enabled. - mPsdt->SecureBoot = (UINT8)(((PlatformData->BtGuardInfo.VerifiedBoot) << 1)| FeaturePcdGet (PcdVerifiedBootEnabled)); + //000 - Secure boot is Disabled; 010 - Boot Guard Enabled; 100 - Bootloader Verified boot Enabled. + mPsdt->SecureBoot = (UINT8)(((PlatformData->BtGuardInfo.VerifiedBoot) << 1)| (FeaturePcdGet (PcdVerifiedBootEnabled)) << 2); //Measured boot enabled. mPsdt->MeasuredBoot = (UINT8)((PlatformData->BtGuardInfo.MeasuredBoot)); diff --git a/Silicon/CometlakePkg/Library/PsdLib/PsdLib.c b/Silicon/CometlakePkg/Library/PsdLib/PsdLib.c index fc2a597a..be4ef433 100644 --- a/Silicon/CometlakePkg/Library/PsdLib/PsdLib.c +++ b/Silicon/CometlakePkg/Library/PsdLib/PsdLib.c @@ -338,8 +338,8 @@ UpdateAcpiPsdTable ( return EFI_UNSUPPORTED; } - //00 - Secure boot is Disabled; 01 - Verified boot is enabled; 11 - Secure boot (verified + PcdVerifiedBootEnabled) enabled. - mPsdt->SecureBoot = (UINT8)(((PlatformData->BtGuardInfo.VerifiedBoot) << 1)| FeaturePcdGet (PcdVerifiedBootEnabled)); + //000 - Secure boot is Disabled; 010 - Boot Guard Enabled; 100 - Bootloader Verified boot Enabled. + mPsdt->SecureBoot = (UINT8)(((PlatformData->BtGuardInfo.VerifiedBoot) << 1)| (FeaturePcdGet (PcdVerifiedBootEnabled)) << 2); //Measured boot enabled. mPsdt->MeasuredBoot = (UINT8)((PlatformData->BtGuardInfo.MeasuredBoot)); diff --git a/Silicon/CometlakevPkg/Library/PsdLib/PsdLib.c b/Silicon/CometlakevPkg/Library/PsdLib/PsdLib.c index ea7649f6..7ee51165 100644 --- a/Silicon/CometlakevPkg/Library/PsdLib/PsdLib.c +++ b/Silicon/CometlakevPkg/Library/PsdLib/PsdLib.c @@ -339,8 +339,8 @@ UpdateAcpiPsdTable ( return EFI_UNSUPPORTED; } - //00 - Secure boot is Disabled; 01 - Verified boot is enabled; 11 - Secure boot (verified + PcdVerifiedBootEnabled) enabled. - mPsdt->SecureBoot = (UINT8)(((PlatformData->BtGuardInfo.VerifiedBoot) << 1)| FeaturePcdGet (PcdVerifiedBootEnabled)); + //000 - Secure boot is Disabled; 010 - Boot Guard Enabled; 100 - Bootloader Verified boot Enabled. + mPsdt->SecureBoot = (UINT8)(((PlatformData->BtGuardInfo.VerifiedBoot) << 1)| (FeaturePcdGet (PcdVerifiedBootEnabled)) << 2); //Measured boot enabled. mPsdt->MeasuredBoot = (UINT8)((PlatformData->BtGuardInfo.MeasuredBoot)); diff --git a/Silicon/ElkhartlakePkg/Library/PsdLib/PsdLib.c b/Silicon/ElkhartlakePkg/Library/PsdLib/PsdLib.c index 3fb1af96..1ded4e3f 100644 --- a/Silicon/ElkhartlakePkg/Library/PsdLib/PsdLib.c +++ b/Silicon/ElkhartlakePkg/Library/PsdLib/PsdLib.c @@ -204,8 +204,8 @@ UpdateAcpiPsdTable ( return EFI_UNSUPPORTED; } - //00 - Secure boot is Disabled; 01 - Verified boot is enabled; 11 - Secure boot (verified + PcdVerifiedBootEnabled) enabled. - mPsdt->SecureBoot = (UINT8)(((PlatformData->BtGuardInfo.VerifiedBoot) << 1)| FeaturePcdGet (PcdVerifiedBootEnabled)); + //000 - Secure boot is Disabled; 010 - Boot Guard Enabled; 100 - Bootloader Verified boot Enabled. + mPsdt->SecureBoot = (UINT8)(((PlatformData->BtGuardInfo.VerifiedBoot) << 1)| (FeaturePcdGet (PcdVerifiedBootEnabled)) << 2); //Measured boot enabled. mPsdt->MeasuredBoot = (UINT8)((PlatformData->BtGuardInfo.MeasuredBoot)); diff --git a/Silicon/TigerlakePkg/Library/PsdLib/PsdLib.c b/Silicon/TigerlakePkg/Library/PsdLib/PsdLib.c index 30c5d96e..843b5126 100644 --- a/Silicon/TigerlakePkg/Library/PsdLib/PsdLib.c +++ b/Silicon/TigerlakePkg/Library/PsdLib/PsdLib.c @@ -203,8 +203,8 @@ UpdateAcpiPsdTable ( return EFI_UNSUPPORTED; } - //00 - Secure boot is Disabled; 01 - Verified boot is enabled; 11 - Secure boot (verified + PcdVerifiedBootEnabled) enabled. - mPsdt->SecureBoot = (UINT8)(((PlatformData->BtGuardInfo.VerifiedBoot) << 1)| FeaturePcdGet (PcdVerifiedBootEnabled)); + //000 - Secure boot is Disabled; 010 - Boot Guard Enabled; 100 - Bootloader Verified boot Enabled. + mPsdt->SecureBoot = (UINT8)(((PlatformData->BtGuardInfo.VerifiedBoot) << 1)| (FeaturePcdGet (PcdVerifiedBootEnabled)) << 2); //Measured boot enabled. mPsdt->MeasuredBoot = (UINT8)((PlatformData->BtGuardInfo.MeasuredBoot));