The SBL core revision has not been updated since the creation of
the project. Now with more and more platforms being enabled with
SBL, it is the proper time to upgrade the core revision to be 1.0.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
When redundant partition is enabled, the FSP-T microcode base UPD
always points to the microcode region in 1st partition. Instead,
it should points to the microcode rgion in its own partition. This
patch fixed this issue.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This will check the minimum required toolchain versions
before starting build process.
If any of these toolchains does not meet the required version,
the build process will stop immediately.
Here are the initial minimum toolchain versions.
- python : 3.6.0
- nasm : 2.12.02
- iasl : 20160422
- openssl: 1.1.0g
- git : 2.20.0
- vs : 2015
- gcc : 7.3
- clang : 9.0.0
Signed-off-by: Aiden Park <aiden.park@intel.com>
SBL can support IA32 and X64 build. But this info is not indicated
in the SBL version info. This patch added one bit to indicate the
SBL is IA32 or X64.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
For non UEFI payload, SBL will install dummy SMI handler for
security concern. For UEFI payload, SMM rebasing is expected
to be done itself. This patch enabled this feature for APL and
CFL platform.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch will enable CLANG toolchain build on Linux and Windows.
Currently CLANG toolchain build still needs Visual Studio to provide
nmake utility in Windows.
To build with CLANG, please add build option "-t clang". It assume
CLANG is installed at default path. It has been tested with SBL
QEMU x86 build.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Current SBL always uses the latest VS toolchain detected to build
SBL. However, sometimes a different verion might be preferred.
This patch added a build option "-t" to specify the perferred VS
toolchain version. It is useful when mulitple VS toolchain versions
are installed.
For example, add '-t vs2015' to use VS2015 as the toolchain for
SBL build.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch added X2APIC support. It is to enable the case when
APIC ID is greater than 255. This patch only handle core wakeup
portion. Platform still needs to handle ACPI related changes for
X2APIC.
X2APIC lib is backward compatible with XAPIC lib. So there is no
need to use XAPIC lib anymore.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This introduces an additional PCI Enumeration option.
- self._PCI_ENUM_FLAG_ALLOC_PMEM_FIRST
By deafult, the option will allocate PCI resource by ascending order
(MEM32->PMEM32->MEM64->PMEM64). If it's set to 1, by reversed order.
Signed-off-by: Aiden Park <aiden.park@intel.com>
This will allow inherited BoardConfig from the existing one
in the same BoardPkg. It will be useful when a new BoardConfig
has very minimum difference from the existing one.
See Platform/QemuBoardPkg/BoardConfigOverride.py as a reference.
Signed-off-by: Aiden Park <aiden.park@intel.com>
Python 3.4 and above have deprecated imp module in favor of
importlib. This patch removed imp module usage from SBL, and
used importlib instead.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Openssl 1.1.1 is an installable and it creates
openssl.exe in a bin folder.
default slimboot path: c:\Openssl\bin\openssl.exe
Added support to populate OPENSSL_PATH
from bin dir incase its available.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch fixed one issue on the WORKSPACE path. The current
script used "realpath" instead of "abspath". It will cause issue
if "subst" is used for the drive path since it returns the real
path before "subst". The expected behavior is to use the
path after "subst".
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Current SBL code will build pointers in E/F segment for ACPI
and SMBIOS table. On some platforms, E/F segment is not supported.
So a new configuration ENABLE_LEGACY_EF_SEG is added. When
it is enabled, SBL will not use legacy E/F segment memory.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
In current SBL BootloaderCorePkg dsc and fdf files, it contains
hard-coded INF file path for SOC or board, such as ACPI INF
file and SOC/Board init library INF file. It makes it hard for
platform to provide its own overriding using different path.
This patch addressed this issue by allowing platform to override
the default paths in BoardConfig.py.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Use the default path only when MICROCODE_INF_FILE
is not defined in platform board. Currently it will
override the one defined in platform.
Signed-off-by: Guo Dong <guo.dong@intel.com>
Microcode module locates in different place.
so each platform could specify the path by
MICROCODE_INF_FILE in BoardConfig.py.
By default, it uses the same path if there
is no MICROCODE_INF_FILE defined in platform.
Signed-off-by: Guo Dong <guo.dong@intel.com>
In 64-bit operation, some PCI devices have high mmio BARs,
but 32-bit FSP can only access 32-bit memory space.
This introduces and additional PCI resource downgrade option
to downgrade all PCI devices under Bus-0.
- self._PCI_ENUM_DOWNGRADE_BUS0 = 1
Force to have 32-bit BAR for all Bus-0 devices
Signed-off-by: Aiden Park <aiden.park@intel.com>
Current SBL build needs the actual FSP binary to pass the build.
This patch enables a mode to test the build without the actual FSP
bianry. It is useful for test before the FSP binary is available.
It is controlled by HAVE_FSP_BIN option. It can be overriden in
BoardConfig.py file.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Currently the build tool will always find FSP binaries from
Silicon'\self._board.SILICON_PKG_NAME\FspBin folder.
This patch enhance the build tool to support to get FSP from
_FSP_PATH_NAME. If _FSP_PATH_NAME is not specified, the default
behavior is same with current build.
If user wants to use a different one, they could override it
in BoardConfig.py as below:
self._FSP_PATH_NAME = 'Silicon/Fsp'
Signed-off-by: Guo Dong <guo.dong@intel.com>
This patch added support to allow platform to add specific include
folders for the build. All include paths will be relative to the
SBL $(WORKSPACE).
To eanable this feature, please add similar definitions as below
into BoardConfig.py. For example,
self._EXTRA_INC_PATH = ['Silicon/QemuSocPkg/Include/Fsp']
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
When HAVE_VERIFIED_BOOT is disabed in the latest SBL, the build will
fail because of missing key hashes. This patch resolved this issue.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch added support to launch payload module on top of OsLoader.
Comparing with payload binary, payload module will utilize the API
services provided by OsLoader, so it will have smaller size. Other
than this, the concept is exactly same as normal payload. For payload
module, additional parameter is required to pass into the payload
module entry point.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch added SBL python setup script. It can run on either host
or target MicroPython environment. A new PCD PcdEnableSetup is added
to control if Setup feature should be supported by core.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
A device in boot options can have a BAR greater than 4GB depending on PCI
64Mem/PMem resource policy.
This will allow Payload to build a paging table to cover high MMIO area.
Signed-off-by: Aiden Park <aiden.park@intel.com>
Current SBL build script can only be used to build SBL image.
It would be helpful if it can be extended to support build individual
DSC component, such as some other standalone payload. This patch
introduced a new subcommand "build_dsc" to enable this capability.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
When the Stage FD size is set to be smaller than the FSP component
size, it will produce negative FV size value in DSC file and cause
build exception. This patch added more checks to catch this in the
pre-build process.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Add support for security version check for
config data blob update. SVN is checked
for redundant region which would be updated.
Fixed python errors in CfgDataTool and
GenCapsuleFirmware.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Add option -k with SBL build for key generation.
This is to enable user who do not generate keys
for signing as pre-build step.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Add svn field to container generation. SVN need
to be verified while doing container capsule
update. svn is added as end parameter to layout.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
KEY IDs are extended to include key type and sizes.
Platforms can configure corresponding RSA2048 and
RSA3072 KEY IDs. Updated tools to adjust hash type
based on key size.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch enables usage of key id for private keys
in slimboot repo. Key ids are configured in
BuildLoader and platform BoardConfig files.
SLIMBOOT_KEY_DIR is set to default folder outside
sblopen.
Generation of extrenal Keyhash OS key hash to be configured
for QEMU/CGL/APL with appropriate keys.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Maintaining individual public hashes for external key hash and
considering SHA384 sizes this value increases.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
SIGN_HASH_TYPE and IPP_HASH_LIB_SUPPORTED_MASK are derived from
_SIGN_HASH. AT times only _SIGN_HASH is configured in
BoardConfig.py which causes in incorrect hash set to
respective PCDs.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
FSP 2.1 introduced new requirement to use bootloader stack for FSP-M. It
will cause issue for SBL since SBL only uses a small stack in Stage1. To
address this issue, a new PCD PcdFSPMStackTop is added to control the
stack settings for FSP-M.
- If it is 0, it will not switch stack before calling FspMemoryInit API.
- If it is 0xffffffff, it will switch to the new default FSP stack
before calling FspMemoryInit API.
- For other values, it will switch to the new stack at specified value
before calling FspMemoryInit API.
This PCD will be set automatically by FSP_M_STACK_TOP variable in
BoardConfig.py file.
This code has been tested on UP Extreme board with latest FSP version.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This will support PCI SR-IOV(Single Root I/O Virtualization).
- Controlled by PcdSrIovSupport (SUPPORT_SR_IOV in BoardConfig)
- Disabled by default
Signed-off-by: Aiden Park <aiden.park@intel.com>
If Platform code assigns 64-bit BAR address to XHCI,
get the full 64-bit address to access MMIO space.
Behavior is undefined if building IA32 and assigning
64-bit XHCI resources.
Signed-off-by: Sai Talamudupula <sai.kiran.talamudupula@intel.com>
This patch added build hooks for boards so that each board can do
specific actions in different build phases. This patch also added
an example for QEMU to use build hook to generate new binaries into
the flash layout.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
PcdVerifiedBootHashMask is no longer used while
verification except for stage1B. Remove Hash mask and
added PcdVerifiedBootStage1B for stage1B verification.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Added an build config _SIGNING_SCHEME for
selection of signing schmemes. Updated tools
with param for selecting the signing scheme when
they are run in stand alone mode. Authtypes in
container are updated.
Supported Signing schemes - RSA_PCKS_1_5, RSA_PSS
Intel Crypto recommends PSS and same defaulted in
SlimBoot.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch adjusted the Stage1A heap size and OsLoader size to
satisfy CFL build and boot requirment. This has been tested on
UPX board. It has dependeny on preivous PR #636.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Current build only allows board to customize the DSC libraries.
It is better to allow more flexible DSC customization. This patch
enabled this capability. Board can override library, PCDs, etc.
As part of it, the old GetDscLibrary() interface will be deprecated.
Please use GetPlatformDsc() instead.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
* [QEMU] Enable Stage1A boot in X64 mode
This patch added necessary changes to enable QEMU boot through
Stage1A in SBL X64 build.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
* [QEMU] Enable QEMU Linux boot in X64 mode
This patch enabled SBL X64 boot for Linux. At this moment, since
FSP is still in 32 bit mode, it is required to thunk back into
32 bit mode to call FSP APIs.
It fixed#622.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
* Add missing X64 MdePkg Library
This adds some missing Library from EDKII Stable201911.
- MdePkg/Library/BaseMemoryLibRepStr/X64
- MdePkg/Library/BaseSynchronizationLib/X64
Signed-off-by: Aiden Park <aiden.park@intel.com>
* Make X64 target buildable
This is just to build X64 target - Not functional.
Signed-off-by: Aiden Park <aiden.park@intel.com>
This an initial patch to add x64 build for SBL. A new build flag
'-x64' is added to indicate x64 arch build. This cannot be fully
used at this moment because it has many dependencies on other x64
libraries. Only VTF reset vector x64 build is tested.
VTF x64 flow is different from IA32. It switches to 32 bit
mode as usual and then calls into FspTempRamInit to set up CAR.
Once CAR is ready, it builds 4GB identical mapping page table for
x64 and then switches to x64 long mode. Finally, it locates the
STAGE1A entry point and tranfers the control to STAGE1A in pure
64 bit mode.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Maurice Ma