Unified interface is added in TpmLib to extend stage and
OS Image digest. For Container OS Image this interface
is added as callback functionality. IAS image utilizes same
functionality to extend TPM digest.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
- Added GetHashToExtend to bootloader common API to
retrive digest to extend
- Hash calculations for stage component and config date updated
to use bootloader common API
- Added functionality to extend KeyHashManifest digest
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
LoadComponentCallback is extended to perfom TPM extend
for firmware component stages. Component callback would be
invoked after authentication.
TpmExtendStageHash would extend hash based on hash validity.
TpmExtendConfigData is added to handle the Config data blob extend.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Current Slimbootloader supports only TPM for SHA256 PCR.
This patch introduces flexibility for user to select TPM
PCR bank available while build. Support of SHA384 and
SM3 to TPM measured boot are added.
Added/modified TPMLib APIs to support multiple PCR
usecases. Currently one PCR active bank usecase is supported.
For first boot SHA256/default TPM PCR would be available which
is default for most supported TPM's. Selected TPM PCR will be
available after reboot.
TPM selection would be based on PcdMeasuredBootHashMask set at
build time.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Currently each component inside capsule is identified with GUID
but going forward support is being added to update multiple components
inside sbl and container, so larger number of GUID's are required, also
GUID need to be passed for unknown components through command line.
Instead 4 character unique signature from flash map that is passed
through command line to indentify the component is added to the
component header. This signature is used during runtime to indentify
the component from flash map and container.
Signed-off-by: Raghava Gudla <raghava.gudla@intel.com>
This patch added routine to get component entry from flash map
this is required in case when component entry flags are required.
GetComponentInfoByPartition function will reuse the newly added
routine GetComponentEntryByPartition.
Signed-off-by: Raghava Gudla <raghava.gudla@intel.com>
Hash verification of Public key hash should be based on
hash alg used with Hash store. Previously hash alg in
signature info is used. There would be instances where
hashstore hash alg differs from signing alg.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
FirmwareUpdate.c is already a big file and for convenience
moved update routines to internal file. Also created a internal
header file.
Signed-off-by: Raghava Gudla <raghava.gudla@intel.com>
This patch introduces support for RSA3K and SHA384 signing
And verifications support to Slimbootloader. Component hash
verification is done using PcdCompSignHashAlg.
To enable RSA3072 and SHA384,
- Signing hash algorithm SIGN_HASH_TYPE should be set to SHA2_384
- RSA3K private keys should be configured in platform board configs.
- Set IPP_CRYPTO_ALG_MASK to include SHA2_384
- Enable required IPP_CRYPTO_OPTIMIZATION_MASK
- Default siging hash type is set to SHA2_256. Use hash type option
while using the tools as Gencontainer, CfgDataTool in standalone
mode.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
CSME driver is not a component rather it is a driver to
update CSME binary, so it is not required to update status
of the driver to FWST ACPI table.
As part of the above change, gCsmeFWUDriverImageFileGuid is
moved from PayloadPkg.dec to bootloadercommonpkg.dec
Signed-off-by: Raghava Gudla <raghava.gudla@intel.com>
Soemtimes when JTAG based debug is not available, it might be easier
to have Shell access in earlier stage to check lots of platform
settings. Today it is impossible because full Shell has lots of other
dependencies which might not satisfy in early stage. This patch added
a PCD PcdMiniShellEnabled to build a mini Shell with very few
dependencies. This mini Shell can be used in early debug phase for SBL.
To use it, add the following to override the PCD for a specific stage
in BootloaderCorePkg.dsc.
EX:
$(PLATFORM_PACKAGE)/Stage1B/Stage1B.inf {
<PcdsFeatureFlag>
gPlatformCommonLibTokenSpaceGuid.PcdMiniShellEnabled | TRUE
...
}
Then include ShellLib.h in stage C code and add ShellLib in related
stage INF file. If adding it into Stage1A, it needs to be after the
Stage1A banner print out.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch removed global variable usages in ShellLib. It is
required when running Shell in early stage from flash. In this
case global variable is read-only. All memory should be allocated
from stack or heap.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
If dumping address not aligned at 16 boundary, the current Shell
will print the aligned address in the dump. It makes sense for
a memory block display, but it is a little bit confusing for single
memory address display. This patch fixed this issue by printing the
exact address when the display count is 1.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Add a common SmbusLib support for Intel PCH
Define PLT_MEDIUM_MISC_TYPE in device table for
devices that are not for OS boot.
Signed-off-by: Guo Dong <guo.dong@intel.com>
This patch does the following
1) Enable triggering firmware update from OS
2) When firmware update mode is given control, state machine
is set to capsule processing and firmware update platform
specific trigger is cleared. State machine will be used
hereafter to track firmware update
3) Created CheckStateMachine method in BoardSupportLib.c to
check state machine to see if firmware update is in progress
and set boot mode to firmware update.
4) Removed CMOS way of triggering firmware update and wrote code
to use Over-Clocking WDT Scratchpad (OC_WDT_SCRATCH) bits for
triggering firmware update
5) Update shell fwupdate command to use OC_WDT_SCRATCH bits.
6) Removed extra reset during sbl firmware update
7) Removed reset after updating configuration data update
Signed-off-by: Raghava Gudla <raghava.gudla@intel.com>
Hash and RSA signing parameters were hardcoded in
Crypto wrappers and secure boot libraries. This patch
address support for multiple hash and key sizes.
Signed-off-by: Subash Lakkimsetti <subashx.lakkimsetti@intel.com>
Current SBL hash store has many limitations:
- Only support fixed hash size
- Only support 1:1 public key and usage mapping
- Only support build time key enrollment
This patch addressed this issue by introducing:
- Add a updatable KEYH component to hold extra key hash
- Allow append new hash entries from KEYH
- Use variable length entry for hash
- Introduce "Usage" bit mask for a key usage
This will allow using a single key to sign multiple components, or
using multiple keys to sign a single component. The built-in hash
store will only contain hash for STAGE1B, STAGE2, PAYLOAD,
PAYLOAD_FWU and MASTER public key hash. Master key hash will be used
to verify the KEYH component loaded at runtime in Stage1B. Once KEYH
is loaded, it will be appended into global hash store. The combined
hash store will be used to verify other components on the boot flow.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch implements pubKey and signature updates done
in storage. Added info as sigining types, signing algo,
key sizes which could be used in secureboot and crypto
libraries.
Information from IASImage is transformed to updated
crypto and secure boot implementation. Only RSA2048 and sha256
support is updated as IAS image supports only this combination.
Signed-off-by: Subash Lakkimsetti <subashx.lakkimsetti@intel.com>
This patch moved some library APIs into BootloaderCommonLib, including
GetComponentInfo() and GetComponentHash().
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch add HeaderLength to indicate the length of Hahs Store
header so that common code can be used to skip the header without
using the sizeof() operator.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
HASH_STORE_TABLE is updated and HASH_STORE_DATA is added
to provide info with variable length sizes. Usage bits would
notify for multiple component/key using the same hash.
These data structure would optimize the hash store size
in storage.
PcdHashStoreSize would define the size of Hash store
to allocate in bios bootup.
Signed-off-by: Subash Lakkimsetti <subashx.lakkimsetti@intel.com>
Component Hash is passed with TpmExtendHash if available.
Hash Store is getting optimized on storage and this would avoid
setting component hash in hash table. SetComponent Hash API is
removed in bootloaderlib.
Added HashAlg param to TpmExtendHash for future purposes
where TPM PCR bank would be selected based on HashAlg.
Signed-off-by: Subash Lakkimsetti <subashx.lakkimsetti@intel.com>
System reset occurs after returning from AsmEnableAvx() in Stage1A.c
because ebx register is used for cpuid, but not restored.
- Save/Restore ebx register
- Move AsmEnableAvx () after init idt and serialport
Signed-off-by: Aiden Park <aiden.park@intel.com>
The previoius IPP library updates used UpdateSHA256V8 as default for
SHA256. It works on real platform. However, QEMU's default CPU config
does not support SSE3 instructions and will generate exception. This
patch added the UpdateSHA256Compact as default SHA256 function if no
advanced optimization flags are set. The same is applied for SHA512
functions too.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
AVX(G9) and SSE4(W7) is added to IPP crypto lib.
PcdCryptoShaOptEnabled is added to enable optimzations
in IPP SHA256 and SHA384.
Default is set to V8 (SSE3) for SHA256. ENABLE_CRYPTO_SHA_OPT has to
be configured in Platform board config files for optimizations
to be enabled.
Signed-off-by: Subash Lakkimsetti <subashx.lakkimsetti@intel.com>
EnableAvx ASM is included as part ExtraLibs.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Signed-off-by: Subash Lakkimsetti <subashx.lakkimsetti@intel.com>
This will fully support PatchCheck.py.
- Remove all trailing whitespace
- Convert LF to CRLF by default
- Update EFI_D_* to DEBUG_*
- Re-enable CRLF check in PatchCheck.py
Signed-off-by: Aiden Park <aiden.park@intel.com>
By adding an additional flag for the pre-OS
checker execution flow it is possible to determine
at run time whether to attempt loading/execution
of the pre-OS checker during OS Loader time. From
platform code the decision to attempt to run the
pre-OS checker can be controlled.
Signed-off-by: James Gutbub <james.gutbub@intel.com>
PcdDebugInterfaceFlags and PcdDebugOutputDeviceMask are defined
for debug devices, so removed PcdDebugInterfaceFlags.
Add a new PCD PcdDebugPortNumber to indicate the serial debug
number.
Signed-off-by: Guo Dong <guo.dong@intel.com>
Current SBL does not check the FSP Notify API return status. As a
result, if reset is requested, it is ignored by SBL. This patch
added FSP reset request check for FspMemoryInit, FspSiliconInit and
FspNotifyPhase.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Current SBL has platform specific GetBuiltInConfigData() implementation
because the internal CFGDATA blob is embedded into Stage1B data section.
Instead, it can be put into Stage1B FV FFS file, and then use a PCD to
get the base. In this way, it can be handled directly in core code and
remove platform specific implementation.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
SerialPortLib sets UART Scratch Register to a known value at the first
initialization to avoid unnecessary re-initialization afterward. But,
one of Windows driver(SIO) re-configures UART Registers while the Scratch
Register is preserved. As a result, SBL skips serial port initialization
after restarting from Windows.
Therefore, force to initialize Serial Port at Stage1A all the time simply.
Signed-off-by: Aiden Park <aiden.park@intel.com>
This provides basic insertion sort API for Linked List. As part of change,
this insertion sort is used for PCI BAR calculation by its alignment
and for shell commands list by its name.
Signed-off-by: Aiden Park <aiden.park@intel.com>
While trying to boot all boot options, some allocated memory are not
de-allocated properly. To avoid memory leak while booting next boot
options, OsLoader will track all image data and free the unnecessary
memory at failing to boot current boot option.
Tested and verified with
- Traditional linux image on debug build
- IAS type image
- Container type image
- MultiBoot image
- BootSlot (A/B Boot)
- Trusty image
Signed-off-by: Aiden Park <aiden.park@intel.com>
OsBootOption config data provides addendum field to support multiple boot
option config data into a single boot option.
This patch updates a single boot option properly with multiple addendums.
Signed-off-by: Aiden Park <aiden.park@intel.com>
Functionality to Crypto Hash function is guarded with an
PcdIppHashLibSupportedMask.
PcdIppHashLibSupportedMask indicates IPP crypto algo supported
Signed-off-by: Subash Lakkimsetti <subashx.lakkimsetti@intel.com>
There are multiple instances of sorting use case in SBL. For example,
memory map sorting and CPU APIC ID sorting. This patch added a generic
quick sort library to provide common sort API. As part of the change,
the quick sort API will be used for memory map and CPU APIC ID sorting.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
SHA512_384 and SM3 crypto functions were referenced from
https://github.com/intel/ipp-crypto.git
Selectively taken Ipp Hash methods
Signed-off-by: Subash Lakkimsetti <subashx.lakkimsetti@intel.com>
This allows 'fs ls' command to print directory or file lists to both serial
and display console according to CONSOLE_OUT_DEVICE_MASK.
Signed-off-by: Aiden Park <aiden.park@intel.com>
This patch will print a filename with 16 chars aligned size.
- left justified filename with padding up to 16 chars
- length of filename > 16 chars, full filename is printed as it is
Signed-off-by: Aiden Park <aiden.park@intel.com>