* OsLoader: set default status to EFI_UNSUPPORTED when parsing a boot image
This was set to EFI_SUCCESS which resulted in ParseBootImages() returning
EFI_SUCCESS even if the boot image was not a container or a component.
Thus, the boot would continue and fail at a later stage due to the
LoadedImage structure not being populated correctly.
Setting it to EFI_UNSUPPORTED will result in ParseBootImages() returning
EFI_UNSUPPORTED if a non-supported boot image is provided and OsLoader
will attempt to boot the next entry in the boot options list.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* Remove PcdContainerBootEnabled PCD
SBL requires boot images to be packaged as a container or a component
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
---------
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
Adds build-time PCD that hides corruptcomp
tool by default
Renames corruptcomponent to corruptcomp
Enhances error checking/logs
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
PcdTccEnabled was declared as a FeaturePcd which evaluates to a code symbol
and can't be used in a #if. From the preprocessor perspective it is always
undefined. Changed this pcd to a FixedPcd instead.
Signed-off-by: Bejean Mosher <bejean.mosher@intel.com>
Signed-off-by: Bejean Mosher <bejean.mosher@intel.com>
Universal paayload hobs are updated for secure boot
and measured boot. Event logs Hobs are created to consume
by TCG2Dxe in uefi payload.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch added support to get csme boot time performance
data and display it in perf command and also before booting
to linux.
Introduced a board config option BOOT_PERFORMANCE_MASK to control
PcdBootPerformanceMask, BIT 2 now enables printing CSME boot
performance data.
Signed-off-by: Raghava Gudla <raghava.gudla@intel.com>
A USB disk behind a hub may take longer time to respond command.
Prior to the patch, a magic 2000 ms is set. This patch introduces
a python control (USB_CMD_TIMEOUT) for customizing the timeout if
need. The patch also extends the default timeout to 4196 ms.
This patch does not impact booting time when a platform boots with
a good-conditioning usb disk, because the timeout only takes effect
when a disk does not respond to a USB inquiry for a long time.
Verified: Ehl RVP
Signed-off-by: Stanley Chang <stanley.chang@intel.com>
Convert the line endings stored for all text files in the repository to
LF. The majority previously used DOS-style CRLF line endings. Add a
.gitattributes file to enforce this and treat certain extensions as
never being text files.
Update PatchCheck.py to insist on LF line endings rather than CRLF.
However, its other checks fail on this commit due to lots of
pre-existing complaints that it only notices because the line endings
have changed.
Silicon/QemuSocPkg/FspBin/Patches/0001-Build-QEMU-FSP-2.0-binaries.patch
needs to be treated as binary since it contains a mixture of line
endings.
This change has implications depending on the client platform you are
using the repository from:
* Windows
The usual configuration for Git on Windows means that text files will
be checked out to the work tree with DOS-style CRLF line endings. If
that's not the case then you can configure Git to do so for the entire
machine with:
git config --global core.autocrlf true
or for just the repository with:
git config core.autocrlf true
Line endings will be normalised to LF when they are committed to the
repository. If you commit a text file with only LF line endings then it
will be converted to CRLF line endings in your work tree.
* Linux, MacOS and other Unices
The usual configuration for Git on such platforms is to check files out
of the repository with LF line endings. This is probably the right thing
for you. In the unlikely even that you are using Git on Unix but editing
or compiling on Windows for some reason then you may need to tweak your
configuration to force the use of CRLF line endings as described above.
* General
For more information see
https://docs.github.com/en/get-started/getting-started-with-git/configuring-git-to-handle-line-endings .
Fixes: https://github.com/slimbootloader/slimbootloader/issues/1400
Signed-off-by: Mike Crowe <mac@mcrowe.com>
UEFI payload built from open sourced EDK2 supports SMM variable now.
So build the required HOBs to work with EDK2.
This patch just changed the common SBL code, so there is no platform
change required.
This patch also added a PCD PcdBuildSmmHobs for old SMM HOBs and new
SMM HOBs. Late old SMM HOBs might be dropped.
Signed-off-by: Guo Dong <guo.dong@intel.com>
Universal Payload uses ELF format. As a result, the ELF loading
library has been enhanced to handle more complicated cases. The
Universal Payload library added an abstract layer on top of
ELF lib to make it easer to use by SBL. OsLoader and Stage2 were
modified to work with the new library interfaces.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
1) Add PCD PcdTccEnabled so that TCC could build out when disabled
2) Add HOB gTccRtctHobGuid produced by FSP if FSP support TCC V2
3) Add a common TCC config data in common platform package
4) Add a common TCC lib to update TCC RTCT table.
Signed-off-by: Guo Dong <guo.dong@intel.com>
This patch added X2APIC support. It is to enable the case when
APIC ID is greater than 255. This patch only handle core wakeup
portion. Platform still needs to handle ACPI related changes for
X2APIC.
X2APIC lib is backward compatible with XAPIC lib. So there is no
need to use XAPIC lib anymore.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
FSP could produce a FSP boot performance HOB.
So add the capability to print FSP performance data.
Also add a PcdBootPerformanceMask to enable/disable
boot performance data print.
Signed-off-by: Guo Dong <guo.dong@intel.com>
This patch adds support for RSA PSS verification.
Ported IPP Crypto for PSS from latest IPP github repo.
Secure boot lib and RSA wrappers functions are
updated. RSA verfication sheme is would be
based on SigType in Signature Header.
PcdCompSignSchemeSupportedMask indicates the signing
scheme included in IPP lib.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This will create a HOB for PCI Root Bridge Resource information.
The PciRootBridgeInfo Hob can be used to update resource ranges of multiple
root bridges in platform PCI tree ASL.
A payload can also use this info to skip duplicated root bridge scan.
Signed-off-by: Aiden Park <aiden.park@intel.com>
When multiple USB mass storage boot devices are connected, current
SBL will only boot from the 1st one enumerated by the USB bus. This
patch added support to boot from the remaining devices. This feature
will be controlled by PcdMultiUsbBootDeviceEnabled. And it can be
overridden by board using ENABLE_MULTI_USB_BOOT_DEV. When it is enabled
for USB block IO interface, the hardware partition in boot option
will be used to indicate the index of the USB mass storage devvice.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch added IoMmuLib support so that device can allocate/free
DMA memory and map/unmap host memory to DMA memory. This lib was
added into AHCI inf file so that it can be tested for build. Later
on more patches will be submitted to enable DMA protection for each
media library such as AHCI, XHCI, eMMC, UFS, NVMe, etc.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Current Slimbootloader supports only TPM for SHA256 PCR.
This patch introduces flexibility for user to select TPM
PCR bank available while build. Support of SHA384 and
SM3 to TPM measured boot are added.
Added/modified TPMLib APIs to support multiple PCR
usecases. Currently one PCR active bank usecase is supported.
For first boot SHA256/default TPM PCR would be available which
is default for most supported TPM's. Selected TPM PCR will be
available after reboot.
TPM selection would be based on PcdMeasuredBootHashMask set at
build time.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch introduces support for RSA3K and SHA384 signing
And verifications support to Slimbootloader. Component hash
verification is done using PcdCompSignHashAlg.
To enable RSA3072 and SHA384,
- Signing hash algorithm SIGN_HASH_TYPE should be set to SHA2_384
- RSA3K private keys should be configured in platform board configs.
- Set IPP_CRYPTO_ALG_MASK to include SHA2_384
- Enable required IPP_CRYPTO_OPTIMIZATION_MASK
- Default siging hash type is set to SHA2_256. Use hash type option
while using the tools as Gencontainer, CfgDataTool in standalone
mode.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
CSME driver is not a component rather it is a driver to
update CSME binary, so it is not required to update status
of the driver to FWST ACPI table.
As part of the above change, gCsmeFWUDriverImageFileGuid is
moved from PayloadPkg.dec to bootloadercommonpkg.dec
Signed-off-by: Raghava Gudla <raghava.gudla@intel.com>
Soemtimes when JTAG based debug is not available, it might be easier
to have Shell access in earlier stage to check lots of platform
settings. Today it is impossible because full Shell has lots of other
dependencies which might not satisfy in early stage. This patch added
a PCD PcdMiniShellEnabled to build a mini Shell with very few
dependencies. This mini Shell can be used in early debug phase for SBL.
To use it, add the following to override the PCD for a specific stage
in BootloaderCorePkg.dsc.
EX:
$(PLATFORM_PACKAGE)/Stage1B/Stage1B.inf {
<PcdsFeatureFlag>
gPlatformCommonLibTokenSpaceGuid.PcdMiniShellEnabled | TRUE
...
}
Then include ShellLib.h in stage C code and add ShellLib in related
stage INF file. If adding it into Stage1A, it needs to be after the
Stage1A banner print out.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
AVX(G9) and SSE4(W7) is added to IPP crypto lib.
PcdCryptoShaOptEnabled is added to enable optimzations
in IPP SHA256 and SHA384.
Default is set to V8 (SSE3) for SHA256. ENABLE_CRYPTO_SHA_OPT has to
be configured in Platform board config files for optimizations
to be enabled.
Signed-off-by: Subash Lakkimsetti <subashx.lakkimsetti@intel.com>
This will fully support PatchCheck.py.
- Remove all trailing whitespace
- Convert LF to CRLF by default
- Update EFI_D_* to DEBUG_*
- Re-enable CRLF check in PatchCheck.py
Signed-off-by: Aiden Park <aiden.park@intel.com>
PcdDebugInterfaceFlags and PcdDebugOutputDeviceMask are defined
for debug devices, so removed PcdDebugInterfaceFlags.
Add a new PCD PcdDebugPortNumber to indicate the serial debug
number.
Signed-off-by: Guo Dong <guo.dong@intel.com>
SerialPortLib sets UART Scratch Register to a known value at the first
initialization to avoid unnecessary re-initialization afterward. But,
one of Windows driver(SIO) re-configures UART Registers while the Scratch
Register is preserved. As a result, SBL skips serial port initialization
after restarting from Windows.
Therefore, force to initialize Serial Port at Stage1A all the time simply.
Signed-off-by: Aiden Park <aiden.park@intel.com>
Functionality to Crypto Hash function is guarded with an
PcdIppHashLibSupportedMask.
PcdIppHashLibSupportedMask indicates IPP crypto algo supported
Signed-off-by: Subash Lakkimsetti <subashx.lakkimsetti@intel.com>
Split PreOsChecker in a separate file and add minimum APIs
- IsPreOsCheckerLoaded ()
- LoadPreOsChecker ()
- StartPreOsChecker ()
Token space has been changed for PcdPreOsCheckerEnabled
- gPlatformModuleTokenSpaceGuid to gPlatformCommonLibTokenSpaceGuid
- Include/Excluded PreOsChecker according to FeaturePcd
Signed-off-by: Aiden Park <aiden.park@intel.com>
This patch allows platform to degrade eMMC HS400 to HS200 using
static configuration. To do this, please add the following into
BoardConfig.py:
self.ENABLE_EMMC_HS400 = 0
This is useful when platform has hardware issue to run at eMMC
HS400 mode.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Add support to load the boot image from container.
Container must be signed using the same private key
as the key used to sign IAS (i.e. IAS_PRIVATE_KEY).
Signed-off-by: Sai Talamudupula <sai.kiran.talamudupula@intel.com>
Users might want to have some parameters that can be set
from UEFI environment. UEFI NVRAM variables provide a way
to achieve this functionality. And they require these vars
to be read from bootloader.
This patch provides a library to get read access to the
UEFI variables stored in NV region. The driver was ported
from MdeModulePkg\Universal\Variable\Pei @ EDKII Open Source.
Signed-off-by: Sai Talamudupula <sai.kiran.talamudupula@intel.com>
This patch added a ContainerLib to support load and location a
component from a specified container. It copies the component
from flash to memory, authenticate it, and then decompress it if
required. It can also be used to support load component from flash
map in SBL stage2 or payload, such as payload or e-payload.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Removing the HOB defined by SBL to use generic HOBs from EDK2.
Update GraphicsLib for above HOB change.
Update osloader and multibootLib for hob change.
update APL and Qemu platform for hob change.
Signed-off-by: Guo Dong <guo.dong@intel.com>
This patch added support for FWST ACPI table. This table
contains generic address structure which has pointer to the
EFI System Resource Table.
ESRT table for now supports only system firmware. This table
will provide the operating system and tools knowledge of what
is the last attempt status and version of the system firmare
update.
Signed-off-by: Raghava Gudla <raghava.gudla@intel.com>
Build a new SMM info HOB to payload to report SMM info.
Add UEFI payload variable region into flash map.
TEST=Tested on LeafHill with UEFI payload.
Signed-off-by: Guo Dong <guo.dong@intel.com>
The patch gives the platform the configuration capability to only build
required file system into final image.
This helps to have a smaller image for fast boot.
Signed-off-by: Guo Dong <guo.dong@intel.com>
Previous USB keyboard console support commit worked fine on APL real
platform, but it has issue on QEMU. This patch further enables USB
keyboard console support for QEMU. A new PcdUsbKeyboardPollingTimeout
is added. It will be used to control the USB keyboard interrupt
transfer polling timeout. For QEMU, it needs a larger number due to
timing issue. As part of it, booting from USB device is also enabled
by this patch. This patch fixes#30.
To test USB keyboard console in QEMU, please first change
CONSOLE_IN _DEVICE_MASK in BoardConfig.py to 3, and then add the
following in the QEMU command line to add XHCI controller and USB KB:
-device qemu-xhci,id=xhci,bus=pcie.0,addr=4 -device usb-kbd,bus=xhci.0
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch simplifies the GraphicsLib code and adds an abstraction layer
for printing to a virtual "console," through the familier
ConsoleWrite(buffer, len) style function call.
ConsoleWrite can be configured to output to either the serial port, or
the display framebuffer, or both. This primarily enables the command
shell to be used with a display and keyboard.
Signed-off-by: Borgerson, Matthew A <matthew.a.borgerson@intel.com>
* Enable DebugAgentLib to support source level debug over serial
By default, source level debug is NOT enabled. ENABLE_SOURCE_DEBUG
needs to be set to 1 in BoardConfig.py of each Platforms.
- self.ENABLE_SOURCE_DEBUG = 1
As an initial drop, there are some limitations on APL platform.
- Stage1A does not include DebugAgentLib due to Stage1A size
limitation(32KB). Further optimization is required.
- DebugAgentLib supports ONLY POSTMEM debugging on APL currently.
Refer to EDKII Debugging:
- https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Debugging
- https://github.com/tianocore/tianocore.github.io/wiki/SourceLevelDebugPkg
Change-Id: Ia28c5470bc5755768f2b380cc1dabbcb8ee60f0d
Signed-off-by: Aiden Park <aiden.park@intel.com>
* Additional changes for DebugAgent
- Adjust stage size depending on ENABLE_SOURCE_DEBUG Pcd value
- Add PeCoffFindAndReportImageInfo
- Fix debugger hang at Shell
Change-Id: I11b41e5ad610fcb2999e9d43e5dd8f8899e8265a
Signed-off-by: Aiden Park <aiden.park@intel.com>
* Move PeCoffFindAndReportImageInfo() from LitePeCoffLib to DebugAgentLib
Change-Id: I2c4ab4f9561dfd0536da1820048f0e5f2660e2ab
Signed-off-by: Aiden Park <aiden.park@intel.com>
Current implementation assumes serial port is the only input console
device supported. But other input console devices can be added later
on. This patch added a ConsoleInLib to abstract the input console
interfaces. It also added PCDs to control enabled input console
devices.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Atharva Lele