This patch modified required tools ConfigEditor, GenCfgData, etc to
support YAML CFGDATA format.
To convert existing DSC to YAML, Dsc2Yaml tool can be used.
For example, to convert QEMU DSC to YAML, the following can be used:
python Dsc2Yaml.py -i Platform\QemuBoardPkg\CfgData\CfgDataDef.dsc
It will generate all required YAML files at current directory.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
As discussed in the RFC, SBL will use YAML format for CFGDATA format
going forward. This patch converted CFGDATA files from DSC format into
YAML format for QEMU, CFL and APL platforms.
To convert existing DSC file into YAML file, please use tool:
python BootloaderCorePkg\Tools\Dsc2Yaml.py <Path to CfgDataDef.dsc>
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch fixed some ACPI issue on APL platform. When VT-d is
disabled, DMAR table should not be populated in ACPI. This patch
fixed it.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
The pre-OS checker/payload flow can support more than
just Linux image type launching; there are use cases
for adding multiboot image support to this flow and
there may be others in the future.
Signed-off-by: James Gutbub <james.gutbub@intel.com>
Currently this tools creates keys and replaces existing ones.
Added user confirmation before existings ones are replaced.
Selecting all replaces subsequent keys getting generated.
Update OS private key name to OS1_TestKey_Priv_RSA3072.pem.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Current Linux payload support in SBL only loads command line and
kernel image, and it does not load InitRd image. It is possible
to have the InitRd image built into the keneral image, but it is
more convenient to have separate InitRd support. This patch added
this.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Capsule Command support added for anti rollback
security version number. User can create command
in text file and create capsule with CMDI mode.
{ARBSVNCOMMIT}
Platform APIs would be invoked to do SVN
commit operations by useing HECI interfaces.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
LocateComponentEntry is modified to locate only container
entry. Additional checks are required at consumer end
for Container entry and CompEntry.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Use default svn while creation of container using command line
when user do not specify svn. Using layout format, user still need
to specify the SVN value.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
The current MulitBoot loading code in SBL did not follow the specification.
The spec stated "The offset in the OS image file at which to start loading
is defined by the offset at which the header was found, minus
(header_addr - load_addr)". However, the current code always copies from
offset 0 of the image file. It caused exception when loading some valid
multiboot image.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Add support for security version check for
container and its components with ones available
in flash for capsule updates.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch fixed incorrect hiding conditions for CFL GPIO pins.
Verified the GPIO configuration options can show/hide depending
on the state of GPIO skip option. It fixed#762.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Add option -k with SBL build for key generation.
This is to enable user who do not generate keys
for signing as pre-build step.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Add svn field to container generation. SVN need
to be verified while doing container capsule
update. svn is added as end parameter to layout.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
KEY IDs are extended to include key type and sizes.
Platforms can configure corresponding RSA2048 and
RSA3072 KEY IDs. Updated tools to adjust hash type
based on key size.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Gpio convert tool can be common and accepts a
platform specific config file with Group Info
and other settings as input.
Example for CFL/WHL:
Convert gpio.csv into .dsc format:
python
($SBL)\SblOpen\Platform\CommonBoardPkg\Tools\GpioDataConvert.py
-if gpio.csv
-of dsc
-cf ($SBL)\SblOpen\Platform\CoffeelakeBoardPkg\Script\GpioDataConfig.py
Signed-off-by: Sai Talamudupula <sai.kiran.talamudupula@intel.com>
Smbios spec advises to use 'Handle' field in the
Type header to get the type information. This patch
updates the Handle field with the 'Type' value to
be unique. Also, update the Entry Point struct to
report the number of Types implemented currently.
Signed-off-by: Sai Talamudupula <sai.kiran.talamudupula@intel.com>
Signing interface is updated to use keys generated
from GenerateKeys.py available in tools.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
The 'fs' shell command initializes media device with media type info,
but it's not able to initialize another controller of same media type.
Therefore, 'fs init' accepts device instance number.
ex) SATA(0), SATA device instance 1, hwpart 2, swpart 3
fs init 0:1 2 3
Signed-off-by: Aiden Park <aiden.park@intel.com>
Udated error handling for SBL Key dir and error
messages to guide user to use GenerateKeys tool.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch converted key hash store in SBL image into container
format. In this way unified data structure can be used to
simplify code.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
A PPB PCI_IO_DEVICE instance has BIT31 in its Address field to identify
the device as PPB type. But, the bit is set after scanning the PPB.
This skips PPB type check in PciGetMaxBusNumber() and let a caller
guarantee PPB type check instead of adding a field in PCI_IO_DEVICE
for PPB device.
Signed-off-by: Aiden Park <aiden.park@intel.com>
Dummy keys are generated for Os Image Pub Key.
This is to get key hash component generated along
with PUBKEY_OS. User need to replace OS1_TestKey_Pub_**
with appropriate keys.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch enables usage of key id for private keys
in slimboot repo. Key ids are configured in
BuildLoader and platform BoardConfig files.
SLIMBOOT_KEY_DIR is set to default folder outside
sblopen.
Generation of extrenal Keyhash OS key hash to be configured
for QEMU/CGL/APL with appropriate keys.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
At PciScanBus, a PCI bridge sets PCI Bridge Subordinate Bus to 0xFF
temporary to go thru any PPB. But, a platform has some reserved buses
(ex. 0xFB-0xFF) on PCI hierarchy, and writing 0xFF regardless of
reserved bus ranges causes system hang.
Therefore, PciGetMaxBusNumber will be used for PCI Bridge Subordinate
Bus and it gets the number of buses from PCI Enum Policy to skip the
reserved buses.
Signed-off-by: Aiden Park <aiden.park@intel.com>
The unnecessary wbinvd() is removed from the common ResetSystemLib,
and it moves to a platform specific reset routine.
Signed-off-by: Aiden Park <aiden.park@intel.com>
Maintaining individual public hashes for external key hash and
considering SHA384 sizes this value increases.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
- Created BaseIpcLib
- Sideband Interface picked from
tianocore/edk2-platforms
branch: devel-IntelAtomProcessorE3900
commit: 181f9e6c6ccde6e3fa62278b3a8b39cfb5844a7c
- IPC Interface picked from
tianocore/edk2-platforms
branch: devel-IntelAtomProcessorE3900
commit: 181f9e6c6ccde6e3fa62278b3a8b39cfb5844a7c
- Updated Stage1BBoardInitLib.C with a test function
Signed-off-by: Andrey Vinokurtsev <avinok@gmail.com>
RSA keys are generated based on key ids defined.
User can append signing_keys as per their requirements.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch adds support to key ids in single sign script.
Following pre-requistes to enable usage of key ids,
- Generate required RSA keys as per GenerateKeys.py
- SLIMBOOT_KEY_DIR env variable set to key folder
- Set private key paths to respective ids in
buildloader.py and boardconfigs files
- Update key hash store generation to use respective key ids
Enabling keyids in slimboot would be done subsequently.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
SPI driver is updated to support read linux from
BIOS and PDR region, When boot device SPI is
selected.
Signed-off-by: Mutha <naga.naveen.mutha@intel.com>
TestSigningPrivateKey is defaulted for container
creation in non-layout form and key dir is used.
In CfgDataStitch also TestSigningPrivateKey is
defaulted when key dir is specified.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
FspsUpd variable made global so that it could be accessed out of
FspSilicon function.
Patchable PCD has been created for FspsUpd and Memory pool allocated.
Signed-off-by: Perni <ramesh.chandra.perni@intel.com>
CommonUtility.py – It contains common functionality
for signing and extraction Of public key info.
It adds the necessary structures for signed data.
SingleSign.py – It contains core functionality related
to openssl for sign operations. This script will
be enhanced for accessing key store.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch fixed OsLoader boot from SD card issue on Intel APL CRB
borads. The SD/eMMC library was updated to follow the proper sequence
for SD card. Also platform code was updated to detect SD card and
apply SD card power using proper GPIO pins.
It fixed#729.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
IA32 UEFI payload uses PE format and X64 UEFI payload uses
PE+ format. So update LitePeCofflib to support both PE and
PE+.
Signed-off-by: Guo Dong <guo.dong@intel.com>
- Default SMBIOS Table initialized when SMBIOS is enabled.
- If required, Every Platform can override platform specific information.
- Enable SMBIOS in Qemu platform.
- Update Memory allocation for SmbiosStringsPtr for 32 entries.
Signed-off-by: Sm NARAYANAN <s.m.narayanan@intel.com>