If a submodule is being updated in a
commit there is inadvertently some line
ending issues that will cause PatchCheck.py
to report an error; since we cannot change
the line ending in the submodule files
we should skip over a line in a patch that
matches the format of a submodule being
updated.
Signed-off-by: James Gutbub <james.gutbub@intel.com>
With the lastest EDK2 201911 BaseTools, the generated Makefile has
missing dependcy file for the map file target. It results in staled
map file when source code is modified. This patch added the missing
dependencies.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
With EDK201911 BaseTools update, a ACPI binary is not included into ACPI
table section properly and it mis-leads some other ACPI tables as well.
This will add 'RAW BIN' type in ACPITABLE override rule and use it for
ACPI binary integration into ACPI table section.
Signed-off-by: Aiden Park <aiden.park@intel.com>
FPDT size should be FIRMWARE_PERFORMANCE_TABLE. And updated
this logic to correct the size and adjust next ACPI table
starting address.
Signed-off-by: Guo Dong <guo.dong@intel.com>
This will allow OsLoader payload to boot to 64-bit kernel entry point.
If CPU supports 64-bit mode and a kernel image has 64-bit entry point,
OsLoader will switch to 64-bit long mode and jump to the 64-bit entry
point. Otherwise, continue to boot to 32-bit entry point.
- Ported necessary code from EDK2 VitualMemory.c in MdeModulePkg
- Moved PagingLib from BootloaderCorePkg to BootloaderCommonPkg
- Removed unused FlushCacheLine
- TBD: 64-bit IDT
Next step is to support 64-bit Payload.
- 32-bit compatible mode
- 64-bit CryptoLib
- etc.
Signed-off-by: Aiden Park <aiden.park@intel.com>
1) GetComponentInfoByPartition does not check FlashMapPtr, added code
to return error if FlashMapPtr is NULL
2) In GetComponentHash function, there is no check for if HashEntryPtr is
greater than or equal to HashEndPtr. In this case HashEntryData will be
corrupted.
3) In InitFirmwareUpdate function, if we could not find corresponding
image in capsule, there is an error message but after that we continue
to update reserved region based on ImageHdr which is not valid.
Added code to continue if image is not found in capsule.
4) In UpdateSblComponent function, Status is uninitialized.
Initialized Status to not found.
Signed-off-by: Raghava Gudla <raghava.gudla@intel.com>
This patch printed out the loaded data from the test containere.
It is helpful for tool to parse the boot log and verify if the
component inside the container has been loaded properly.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
In order to sync up with EDK201911 stable release, it is required
to add missing header files in the INF file. Otherwise, the build
will throw warnings. This patch added the missing headers in INF
files.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
After erasing flash on QEMU, it needs to be returned to normal
read state to allow normal read access. However, this is missing
in current SBL QEMU SpiFlashLib. This patched added the code to
switch back to read mode. It also fixed#552.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Currently BN buf is statically defined and this
would increase stack sizes. Allocate required memory.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
After memory init, FSP reset request is handled by FspResetHandler.
Remove unnecessary duplicated code.
Signed-off-by: Aiden Park <aiden.park@intel.com>
This patch allows the platform to add EMPTY component in the
flash layout definition in BoardConfig.py. Without this patch,
it will cause build error because it expects EMPTY as an actual
component file.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Current FLASH_MAP address is hard-coded at 0xFFFFFFF8. It will work
in most of the cases. However, if region is added on top of the
Stage1A FV, it will cause FLASH_MAP address shift. Instead, the code
can use relative address to locate FLASH_MAP. The address can be
calculated with (Stage1AFvBase + Stage1AFvSize + 0xFFFFFFF8).
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
There are many parameter passing to AcpiPatchPssTable().
A single PSS_PARAMS structure pointer will be passed to simplify.
Signed-off-by: Aiden Park <aiden.park@intel.com>
This will allow update PSS table in a common way.
For a platform specific power calculation,
a function pointer can be provided.
Signed-off-by: Aiden Park <aiden.park@intel.com>
Unified interface is added in TpmLib to extend stage and
OS Image digest. For Container OS Image this interface
is added as callback functionality. IAS image utilizes same
functionality to extend TPM digest.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
- Added GetHashToExtend to bootloader common API to
retrive digest to extend
- Hash calculations for stage component and config date updated
to use bootloader common API
- Added functionality to extend KeyHashManifest digest
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
- Update of comment in Fwst.aslc for coffeelake as per review comment.
- Update of comment in Boardconfig.py for qemu.
- Removal of vtf0.bsf in BootloaderCorePkg.
Signed-off-by: SM <s.m.narayanan@intel.com>
This patch added following enhancement to GenContainer script:
- Fixed python3 errors in some specific condition
- Added more error handling to notifce the user on failure
- Removed -od option and use directory of -o option instead
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Allocate pages is used now to allocate memory during block update
but was freed using freepool which is throwing exception. Changed
code to use FreePages
Also removed an unused function
Signed-off-by: Raghava Gudla <raghava.gudla@intel.com>
This patch added routines to support update for any
component identified by flash map. Also, if the capsule
container components inside the container, Support is added
to update these container components.
Signed-off-by: Raghava Gudla <raghava.gudla@intel.com>
LoadComponentCallback is extended to perfom TPM extend
for firmware component stages. Component callback would be
invoked after authentication.
TpmExtendStageHash would extend hash based on hash validity.
TpmExtendConfigData is added to handle the Config data blob extend.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Current Slimbootloader supports only TPM for SHA256 PCR.
This patch introduces flexibility for user to select TPM
PCR bank available while build. Support of SHA384 and
SM3 to TPM measured boot are added.
Added/modified TPMLib APIs to support multiple PCR
usecases. Currently one PCR active bank usecase is supported.
For first boot SHA256/default TPM PCR would be available which
is default for most supported TPM's. Selected TPM PCR will be
available after reboot.
TPM selection would be based on PcdMeasuredBootHashMask set at
build time.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Currently each component inside capsule is identified with GUID
but going forward support is being added to update multiple components
inside sbl and container, so larger number of GUID's are required, also
GUID need to be passed for unknown components through command line.
Instead 4 character unique signature from flash map that is passed
through command line to indentify the component is added to the
component header. This signature is used during runtime to indentify
the component from flash map and container.
Signed-off-by: Raghava Gudla <raghava.gudla@intel.com>
In GenContainer tool auth definitions for RSA cases were
updated to include hash alg used. In current implementation
auth type is generated from hash type and private key while
container created. This patch removes hash type param
and auth type is used for hash alg generation.
Platform code to be updated as per updated auth definitions
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch allows to setup Stage1 stack/data in any CAR range.
By default, the stack base offset is 0 from CarBase.
Signed-off-by: Aiden Park <aiden.park@intel.com>
If running GenContainer tool with python3, 'view' sub-command will
throw out errors. This patch fixed it.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch added routine to get component entry from flash map
this is required in case when component entry flags are required.
GetComponentInfoByPartition function will reuse the newly added
routine GetComponentEntryByPartition.
Signed-off-by: Raghava Gudla <raghava.gudla@intel.com>
Hash verification of Public key hash should be based on
hash alg used with Hash store. Previously hash alg in
signature info is used. There would be instances where
hashstore hash alg differs from signing alg.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
FirmwareUpdate.c is already a big file and for convenience
moved update routines to internal file. Also created a internal
header file.
Signed-off-by: Raghava Gudla <raghava.gudla@intel.com>
Since Python 2.7 is EOL already. SBL needs to drop the support.
This patch switched to use python version 3.6 or above for SBL
build. If lower version is used, warning message will be printed
out.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This sample key can be used for RSA3072 signing purposes.
To test with RSA3072 private key,
- user could rename TestSigningPrivateKey_RSA3072.pem to
TestSigningPrivateKey.pem
- This key would be included in signing tools for RSA3072
usecase similar to RSA2048
- Same key should be used by tools for CapsuleFirmwareUpdate
and other which gets executed outside from SBL build
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
The PatchCheck.py will skip specified file types in skip_check_file_types.
As of now, .patch and .pem files are in skip list.
Signed-off-by: Aiden Park <aiden.park@intel.com>
This patch enabled Visual Studio 2017 Community 2017 build support.
The following were done:
- Added new method to detect VS2017 installation path and version
- Droped VS2005, VS2008, VS2010 and VS2012 build support. Only
VS2013 and VS2015 are supported.
- Fixed build issue in FspApiLib due to new compiler optimizations
- Synced the build support for QEMU FSP patch
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
In Python 3 built-in function next() is used to get the next
result from an iterator. next method causes post build failure.
Fixed an issue in GenContainer for byte array comparison.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch will run version check only for SBL update and will
skip for all other components.
Version check for all other components will be added in future
patches.
Signed-off-by: Raghava Gudla <raghava.gudla@intel.com>
This patch introduces support for RSA3K and SHA384 signing
And verifications support to Slimbootloader. Component hash
verification is done using PcdCompSignHashAlg.
To enable RSA3072 and SHA384,
- Signing hash algorithm SIGN_HASH_TYPE should be set to SHA2_384
- RSA3K private keys should be configured in platform board configs.
- Set IPP_CRYPTO_ALG_MASK to include SHA2_384
- Enable required IPP_CRYPTO_OPTIMIZATION_MASK
- Default siging hash type is set to SHA2_256. Use hash type option
while using the tools as Gencontainer, CfgDataTool in standalone
mode.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
CSME driver is not a component rather it is a driver to
update CSME binary, so it is not required to update status
of the driver to FWST ACPI table.
As part of the above change, gCsmeFWUDriverImageFileGuid is
moved from PayloadPkg.dec to bootloadercommonpkg.dec
Signed-off-by: Raghava Gudla <raghava.gudla@intel.com>
CSME update is working only from primary partition, added
code to check the current boot partition and if booting from
back up partition, switch to primary partition.
Signed-off-by: Raghava Gudla <raghava.gudla@intel.com>
Soemtimes when JTAG based debug is not available, it might be easier
to have Shell access in earlier stage to check lots of platform
settings. Today it is impossible because full Shell has lots of other
dependencies which might not satisfy in early stage. This patch added
a PCD PcdMiniShellEnabled to build a mini Shell with very few
dependencies. This mini Shell can be used in early debug phase for SBL.
To use it, add the following to override the PCD for a specific stage
in BootloaderCorePkg.dsc.
EX:
$(PLATFORM_PACKAGE)/Stage1B/Stage1B.inf {
<PcdsFeatureFlag>
gPlatformCommonLibTokenSpaceGuid.PcdMiniShellEnabled | TRUE
...
}
Then include ShellLib.h in stage C code and add ShellLib in related
stage INF file. If adding it into Stage1A, it needs to be after the
Stage1A banner print out.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch removed global variable usages in ShellLib. It is
required when running Shell in early stage from flash. In this
case global variable is read-only. All memory should be allocated
from stack or heap.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
James Gutbub