This patch converted key hash store in SBL image into container
format. In this way unified data structure can be used to
simplify code.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
A PPB PCI_IO_DEVICE instance has BIT31 in its Address field to identify
the device as PPB type. But, the bit is set after scanning the PPB.
This skips PPB type check in PciGetMaxBusNumber() and let a caller
guarantee PPB type check instead of adding a field in PCI_IO_DEVICE
for PPB device.
Signed-off-by: Aiden Park <aiden.park@intel.com>
Dummy keys are generated for Os Image Pub Key.
This is to get key hash component generated along
with PUBKEY_OS. User need to replace OS1_TestKey_Pub_**
with appropriate keys.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch enables usage of key id for private keys
in slimboot repo. Key ids are configured in
BuildLoader and platform BoardConfig files.
SLIMBOOT_KEY_DIR is set to default folder outside
sblopen.
Generation of extrenal Keyhash OS key hash to be configured
for QEMU/CGL/APL with appropriate keys.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
At PciScanBus, a PCI bridge sets PCI Bridge Subordinate Bus to 0xFF
temporary to go thru any PPB. But, a platform has some reserved buses
(ex. 0xFB-0xFF) on PCI hierarchy, and writing 0xFF regardless of
reserved bus ranges causes system hang.
Therefore, PciGetMaxBusNumber will be used for PCI Bridge Subordinate
Bus and it gets the number of buses from PCI Enum Policy to skip the
reserved buses.
Signed-off-by: Aiden Park <aiden.park@intel.com>
The unnecessary wbinvd() is removed from the common ResetSystemLib,
and it moves to a platform specific reset routine.
Signed-off-by: Aiden Park <aiden.park@intel.com>
Maintaining individual public hashes for external key hash and
considering SHA384 sizes this value increases.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
- Created BaseIpcLib
- Sideband Interface picked from
tianocore/edk2-platforms
branch: devel-IntelAtomProcessorE3900
commit: 181f9e6c6ccde6e3fa62278b3a8b39cfb5844a7c
- IPC Interface picked from
tianocore/edk2-platforms
branch: devel-IntelAtomProcessorE3900
commit: 181f9e6c6ccde6e3fa62278b3a8b39cfb5844a7c
- Updated Stage1BBoardInitLib.C with a test function
Signed-off-by: Andrey Vinokurtsev <avinok@gmail.com>
RSA keys are generated based on key ids defined.
User can append signing_keys as per their requirements.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch adds support to key ids in single sign script.
Following pre-requistes to enable usage of key ids,
- Generate required RSA keys as per GenerateKeys.py
- SLIMBOOT_KEY_DIR env variable set to key folder
- Set private key paths to respective ids in
buildloader.py and boardconfigs files
- Update key hash store generation to use respective key ids
Enabling keyids in slimboot would be done subsequently.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
SPI driver is updated to support read linux from
BIOS and PDR region, When boot device SPI is
selected.
Signed-off-by: Mutha <naga.naveen.mutha@intel.com>
TestSigningPrivateKey is defaulted for container
creation in non-layout form and key dir is used.
In CfgDataStitch also TestSigningPrivateKey is
defaulted when key dir is specified.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
FspsUpd variable made global so that it could be accessed out of
FspSilicon function.
Patchable PCD has been created for FspsUpd and Memory pool allocated.
Signed-off-by: Perni <ramesh.chandra.perni@intel.com>
CommonUtility.py – It contains common functionality
for signing and extraction Of public key info.
It adds the necessary structures for signed data.
SingleSign.py – It contains core functionality related
to openssl for sign operations. This script will
be enhanced for accessing key store.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch fixed OsLoader boot from SD card issue on Intel APL CRB
borads. The SD/eMMC library was updated to follow the proper sequence
for SD card. Also platform code was updated to detect SD card and
apply SD card power using proper GPIO pins.
It fixed#729.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
IA32 UEFI payload uses PE format and X64 UEFI payload uses
PE+ format. So update LitePeCofflib to support both PE and
PE+.
Signed-off-by: Guo Dong <guo.dong@intel.com>
- Default SMBIOS Table initialized when SMBIOS is enabled.
- If required, Every Platform can override platform specific information.
- Enable SMBIOS in Qemu platform.
- Update Memory allocation for SmbiosStringsPtr for 32 entries.
Signed-off-by: Sm NARAYANAN <s.m.narayanan@intel.com>
SIGN_HASH_TYPE and IPP_HASH_LIB_SUPPORTED_MASK are derived from
_SIGN_HASH. AT times only _SIGN_HASH is configured in
BoardConfig.py which causes in incorrect hash set to
respective PCDs.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This will fix an unexpected exception when AhciHcPciBase is invalid
or the PCI config space is not enabled.
Signed-off-by: Aiden Park <aiden.park@intel.com>
Current SBL supports container header verification. If the container
signature is BOOT, it will use HASH_USAGE_PUBKEY_OS. Otherwise, it
will use HASH_USAGE_PUBKEY_CONTAINER_DEF. This patch added OEM signed
container support. If a container signature between OEM0 to OEM7 is
found, it will be verified use HASH_USAGE_PUBKEY_OEM(x) where x is 0
to 7. To add an OEM public key hash, it can be done by updating
pub_key_list in GetKeyHashList() in file BoardConfig.py.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
FSP 2.1 introduced new requirement to use bootloader stack for FSP-M. It
will cause issue for SBL since SBL only uses a small stack in Stage1. To
address this issue, a new PCD PcdFSPMStackTop is added to control the
stack settings for FSP-M.
- If it is 0, it will not switch stack before calling FspMemoryInit API.
- If it is 0xffffffff, it will switch to the new default FSP stack
before calling FspMemoryInit API.
- For other values, it will switch to the new stack at specified value
before calling FspMemoryInit API.
This PCD will be set automatically by FSP_M_STACK_TOP variable in
BoardConfig.py file.
This code has been tested on UP Extreme board with latest FSP version.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch adds generic functionality to
process Flash descriptor lock. It follows
Capsule Firmware update flow and interface
is updated. Command (CMDI) interface is added
to GenCapsuleFirmware which takes file with
command as input.
Sample Command format in text file input,
{FLASHDESCLOCK}
{Command2}
{Command3}
Firmware update lib handler parses high level commands
Specific command process and functionlity would be
performed by platform specific libraries.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This will support PCI SR-IOV(Single Root I/O Virtualization).
- Controlled by PcdSrIovSupport (SUPPORT_SR_IOV in BoardConfig)
- Disabled by default
Signed-off-by: Aiden Park <aiden.park@intel.com>
This patch will generate a SW smi on S3 resume path when using
UEFI payload. Handler for this Sw smi in UEFI payload will
program SMRR base and mask for BSP and all AP's.
Signed-off-by: Raghava Gudla <raghava.gudla@intel.com>
Boot Options updated for selecting boot device as SPI.
Use the “Memory” setting in the ConfigEditor to select
SPI as boot device.
Signed-off-by: Mutha <naga.naveen.mutha@intel.com>
This will enable ARI(Alternative Routing-ID Interpretation).
- Controlled by PcdAriSupport (SUPPORT_ARI in BoardConfig)
- Disabled by default
Signed-off-by: Aiden Park <aiden.park@intel.com>
Klocwork reports a potential dereferencing of a NULL
pointer. This patch addresses the issue.
Signed-off-by: Sai Talamudupula <sai.kiran.talamudupula@intel.com>
Platform debug mode is extended to PCR[7]
as part of secure boot policy. Updated bit setting
to LoaderPlatformInfo for payloads to consume.
Debug mode is checked in payload.
ArchitecturalMsr.h ported fom EDK2 repo.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This will allow necessary messages to be printed to consoles.
These macros will redirect debug message to consoles.
CONSOLE_PRINT
CONSOLE_PRINT_UNICODE
These conditional macros will redirect debug message to consoles or
DEBUG(). The PrintLevel is valid only when redirected to DEBUG().
CONSOLE_PRINT_CONDITION
CONSOLE_PRINT_UNICODE_CONDITION
Signed-off-by: Aiden Park <aiden.park@intel.com>
To help debug boot performance, add a MTRR print function.
This function could be invoked multiple times with different
string to know where this MTRR data is printed.
Signed-off-by: Guo Dong <guo.dong@intel.com>
This patch enhances MapMemoryRegion subroutine to
add PDP entries for mapping addresses > 4GiB.
Only 1:1 mapping is provided for Above4Gb addresses.
And linear addresses are mapped to 1GiB pages.
Signed-off-by: Sai Talamudupula <sai.kiran.talamudupula@intel.com>
This issue is seen on a WHL board on X64 build when high 32-bit
BAR does not exist. In that case, MmioRead64 returns (UINT64)(-1).
To avoid this, read high 32-bit BAR only if BAR type is 64-bit
address space.
Signed-off-by: Aiden Park <aiden.park@intel.com>
This will support S3 resume path on X64 thru 16-bit waking vector.
- Port WakeUp code from EDKII
- Remove duplicated calls of FindS3Info from CpuInit
- Verified with Yocto on a WHL board
- TBD: 64-bit waking vector with supported OS
Signed-off-by: Aiden Park <aiden.park@intel.com>
This will fix MpInit failure on X64 build.
The ApFunc() gets invalid parameters due to mismatched calling convention.
- Add EFIAPI to match calling convention
This can be verified with '-smp' option on QEMU target.
qemu-system-x86_64
-machine q35 -m 256 -nographic -serial mon:stdio
-pflash Outputs/qemu/SlimBootloader.bin
-smp 255
Signed-off-by: Aiden Park <aiden.park@intel.com>
PublicKey hashes stored in HashStore use hash alg type of
PcdCompSignHash defined with Build config. In container we
support cases where hash type could differ from Sbl default
signing hash.
Adjust the hash algorithm in external KeyHashStore manifest
based on key size. Use SHA256 for size 2K and SHA384 for 3K.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>