Update copyright years
Initialize pointers to NULL
Check pointers for NULL before de-reference
Standardize debug logs
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
* [ADL] Update TPM event logging to match BIOS
If measured boot disabled via BtG profile but enabled via SBL
config flag, skip logging startup locality TPM event
If measured boot enabled via BtG profile or SBL config flag, log
CRTM version TPM event
Set startup locality based off startup locality on ACM policy status
Log detail and authority PCR events based off SCTRM status on ACM
policy status
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
* Initialize startup locality and remove measured boot check
Initialize startup locality variable used in setting up event
log
Remove measured boot check as it is not seen in BIOS and it
occurs at higher level
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
---------
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
This Patch add the support to set UFS clock frequency.
- Added the function to read or write specified attribute of a UFS device
- Shifted function which switch the link power mode and gear after ref_clock setting
because if an unsuported clock frequency being set, it won't be able to overwrite
the corrupted UFS attributes.
Signed-off-by: Aakash Panwar <aakash.panwar@intel.com>
Whenever EV_EFI_VARIABLE_DRIVER_CONFIG is specified as TPM event type,
the data that accompanies it is expected to be an UEFI variable in the
appropriate format
This change fixes an erroneously typed TPM event so that the tpm2_eventlog
command works in Linux
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
* OsLoader: set default status to EFI_UNSUPPORTED when parsing a boot image
This was set to EFI_SUCCESS which resulted in ParseBootImages() returning
EFI_SUCCESS even if the boot image was not a container or a component.
Thus, the boot would continue and fail at a later stage due to the
LoadedImage structure not being populated correctly.
Setting it to EFI_UNSUPPORTED will result in ParseBootImages() returning
EFI_UNSUPPORTED if a non-supported boot image is provided and OsLoader
will attempt to boot the next entry in the boot options list.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* Remove PcdContainerBootEnabled PCD
SBL requires boot images to be packaged as a container or a component
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
---------
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
On platforms where only serial console input is enabled, enabling
source debug will lead to an infinite loop in ConsoleRead(). Newer
compilers detect this and generate a build error.
Signed-off-by: Bejean Mosher <bejean.mosher@intel.com>
In BIOS, all stage measurements are of type
EV_EFI_PLATFORM_FIRMWARE_BLOB. This change aligns SBL
with BIOS.
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
Currently, loading an ELF image will relocate the image (to its
preferred load address) only if there is at least one ELF segment
that is not completely contained in the file loaded (i.e. the memory
segment size is larger than the size inside the file. This behavior
is generally triggered by the segment that contains the .bss section).
Consequently, images that contain initialized data only (e.g. QNX IFS
files) don't get relocated, and will usually crash when jumping to the
image entry point.
This change checks whether the ELF image is already loaded at the
preferred address, and forces image relocation if not.
Signed-off-by: Bruno Achauer <bruno.achauer@intel.com>
instance 0 was hardcoded, so not able to read the devices from other
instances. Now read the instances number from the device table and
enumerate all USB instances one by one.
Signed-off-by: Biswas Arghya <arghya.biswas@intel.com>
* Add Name field to IMAGE_DATA structure
Add a name field to the structure to be used by container parsing
functions. It will be useful to determine the name of the container
component when dealing with special files like ACPI blobs.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* OsLoader: save the name of the component when creating array of components
Saving the name will help us deal with special files like ACPI blobs
more easily
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* OsLoader: streamline container types
Update container functionality to streamline container types:
- Normal: PE32, FV, ELF images. Supports ACPI table update.
- Classic (Linux): Used for a traditional Linux boot setup.
(cmdline, bzImage, initrd). Additionally supports ACPI table update.
- Multiboot: Used for Multiboot/Multiboot-2 compliant ELF images.
Supports ACPI table update.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* Rename CLASSIC container to CLASSIC_LINUX
This type of container is to be used for a traditional Linux
boot setup consisting of a cmdline, bzImage, initrd(optional),
and other binary blobs or ACPI blobs.
Rename it to CLASSIC_LINUX to make the purpose of the container
clearer.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* OsLoader: copy Linux ExtraBlobs to reserved mem and add to cmdline
Until now, SBL loaded the Extra blobs with the Linux kernel
into memory. However, there was no way for the OS to know where
these blobs resided in memory. The blobs were also loaded in
memory that was not marked as reserved.
This patch copies the blobs to reserved memory and adds the
blob addresses into an expected placeholder in the Linux cmdline.
If the placeholder is not present, nothing related to that blob
will be added to the cmdline.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
---------
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
0x03 is ACPI Reclaim Memory
0x04 is ACPI NVS Memory
As defined in BootloaderCommonPkg/Include/Guid/MemoryMapInfoGuid.h
and ACPI Specification Chapter 15.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
When running "perf" command from OsLoader shell, it would
print the performance data but it is difficult to know what
they are mean. The patch adds the description to performance
data.
Signed-off-by: Guo Dong <guo.dong@intel.com>
Signed-off-by: Guo Dong <guo.dong@intel.com>
* OsLoader: remove references to IAS images
Change IAS references to 'Boot Image' since IAS support is deprecated.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* ContainerLib: add container type defines
Add comments to indicate the use cases of each container type
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* OsLoader: Use container defines instead of IAS defines
This commit also changes some comments referencing IAS instead of a container.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* OsLoader: remove ParseIasImage() since it is deprecated
Remove deprecated functionality and header include.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
Signed-off-by: Chirag Vijay Kolhe <chirag.vijay.kolhe@intel.com>
* OsLoader: add check for normal container type and fix comment
NORMAL type of container is usually used with FV, regular ELF images, etc.
This commit adds the check for it and removes the "non valid use case" comment.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* GenContainer: add comments explaining container types
Add comments explaining use cases of each container type
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* OsLoader: add a check for number of files in classic container
Classic Container needs to have the boot file in it. According
to the fixed order, this is the second file in the container.
Add a check to make sure there are atleast 2 files before attempting
boot.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* QEMU: replace IAS references in boot options with container
Clean up IAS reference from boot options list
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
Signed-off-by: Chirag Vijay Kolhe <chirag.vijay.kolhe@intel.com>
This patch fixes 2 issues related to symbolic links:
1. when "fs ls" a directory, symbolic links are not shown.
It is because Ext2fsLs() only shows regular files and directories.
2. when "fs ls <symbolic_link>" the output is incorrect.
It is because File->FileNamePtr points to a local variable,
"NameBuf" in Ext2fsOpen(), if the file is a symbolic link
This patch replaces File->FileNamePtr with FileNameBuf.
It slightly increases Ext2fsLs/Ext2fsOpen/SearchDirectory time,
because of the use of strcpy and strcat.
Test method:
1. create a regular file, "a", in directory "x"
2. create a symbolic link file, "b", pointing to "a".
3. under the shell of OSLoader,
"fs ls x"
- expected result: a, b (symbolic link)
"fs ls x/a"
- expected result: a and its file size is shown
"fs ls x/b"
- expected result: b -> a, and the file size of a is shown
Verify: TGL-UP3 RVP
Signed-off-by: Stanley Chang <stanley.chang@intel.com>
This patch fixes an issue that SBL fails to load a file in Ext4 partition,
when
1. the ext4 partition uses Extent
2. the inode's first extent block is an internal node
3. the node has only one entry (i.e., eh_entries = 1)
Under the above conditions, the data block may point to the child of
first ei_block when accessing the data within the range of child node.
Test method:
1. Install Ubuntu 20.04.5 LTS/(min install) in an eMMC disk
Note: this issue is only reproducible when loading a file
satisfying all conditions mentioned above (i.e., eh_entries = 1).
So far, the /boot/initrd.img after installing Ubuntu in an eMMC
(where part table: 500MB(FAT), 20GB (EXT4), 4GB (Swap)) satisfies
the conditions. However, for some reasons, when using USB SATA disk,
it will not generate a /boot/initr.rd meeting the conditions.
2. Boot to OSLoader
3. "fs init 2:0 0 1" the eMMC disk (assume the HW:SW-part is 0 1)
4. "fs load boot/initrd.img"
Expected result:
1. With this patch: successfully load the file.
2. Without this patch: ASSERT [OsLoader] ..
Verified: EHL CRB
Signed-off-by: Stanley Chang <stanley.chang@intel.com>
In the Ubuntu ISO image, it has 0xF8 partition entries.
The partition library could not work as expected since
it expects the partition entries are no more than 128.
Potentially it could have more partition entries, so just
remove the check.
Signed-off-by: Guo Dong <guo.dong@intel.com>
Signed-off-by: Guo Dong <guo.dong@intel.com>
This patch fixes an invalid memory access issue caused by
the fs->Ext2FsGDSize is smaller than the size of EXT2GD.
The EXT2GD is a 64-byte structure, but fs->Ext2FsGDSize is not always 32.
Before this patch, Ext2fsOpen() allocates a smaller memory than expected:
i.e., Ext2FsGrpDes = AllocatePool (Ext2FsGDSize * Ext2FsNumCylinder);
When ReadGDBlock() loads data (E2FS_CGLOAD) into fs->Ext2FsGrpDes,
it possibly accesses mem out of the allocated Ext2FsGrpDes space.
This patch loads each element into fs->Ext2FsGrpDes.
This patch also
1. prints informative messages when OS Loader fails to load Linux files.
2. increase EHL's PLD_HEAP_SIZE (since the size of initrd in Ubuntu LiveCD
is over 130MB)
Test method:
1. create a huge EXT FS (says, at least 36GB)
2. In the fs, place the following file/dir:
a: non-empty file
b: dir
b/c: non-empty file
3. boot with SBL OS Loader and enter Shell.
4. execute "fs init <...skip...>" to init the fs
5. execute "fs ls"
6. execute "fs ls b/c"
7. execute "fs load a"
8. execute "fs load b/c"
Verify:
1. 10MB/10GB/100GB/200GB EXT2/EXT3/EXT4 FS
2. EHL CRB
Signed-off-by: Stanley Chang <stanley.chang@intel.com>
Currently SBL would return when preferred graphics mode is set
in the multiboot image. This patch would continue boot and print
the preferred graphics mode information.
Signed-off-by: Guo Dong <guo.dong@intel.com>
Currently, only a single redundant SBL component, the configuration data
component, is allowed per update session. However, with support added for
ACM and uCode component updates, the user might desire to update multiple
redundant SBL components in the same session. This change allows this to
happen.
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
Adds build-time PCD that hides corruptcomp
tool by default
Renames corruptcomponent to corruptcomp
Enhances error checking/logs
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
Create a tool that corrupts SBL components so that
the SBL resiliency feature can more easily be tested
and demonstrated
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
While iterating over a USB descriptor in GetExpectedDescriptor(),
the "Len" variable always uses the 1st byte in the buffer,
This is only true for the 1st iteration, thereafter the variable should
advance as the descriptor advances.
Signed-off-by: Leon Theunissen <leon.theunissen@etion.co.za>
PcdTccEnabled was declared as a FeaturePcd which evaluates to a code symbol
and can't be used in a #if. From the preprocessor perspective it is always
undefined. Changed this pcd to a FixedPcd instead.
Signed-off-by: Bejean Mosher <bejean.mosher@intel.com>
Signed-off-by: Bejean Mosher <bejean.mosher@intel.com>
Universal paayload hobs are updated for secure boot
and measured boot. Event logs Hobs are created to consume
by TCG2Dxe in uefi payload.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Argument DataLen of function InternalGetVariable() inside Reclaim()
function is not initialized. This uninitialized value is assigned
to another variable and compared, resulting in EFI_BUFFER_TOO_SMALL
error when Data is NULL. Hence added Data NULL conditional check with
DataLen to overcome EFI_BUFFER_TOO_SMALL error when Data is NULL.
Signed-off-by: M Karuppasamy <karuppasamy.m@intel.com>
Signed-off-by: Sachin Kamat <sachin.kamat@intel.com>
Signed-off-by: M Karuppasamy <karuppasamy.m@intel.com>
Signed-off-by: Sachin Kamat <sachin.kamat@intel.com>
library
Migrates FW resiliency APIs of Stage1B.c to
FirmwareResiliencyLib
Migrates FW update status types from FirmwareUpdateLib.h and
BootloaderCommonLib.h to FirmwareUpdateStatus.h
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
If TS bit flipped and it does not match FWU state,
assume ACM detected corruption in SG1A or SG1B and
recover broken BP
Add WDT trigger for recovery
Add ADL-specific WDT trigger for TS
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
This change makes sure that, during each recovery,
the FW update status structure is cleared and
repopulated
Without this change, in the event that there is
a full recovery and then an interrupted recovery,
the interrupted recovery is unable to resume
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
New shell command 'usbdev' added to enumerate USB bus and list down
all the USB devices that are found on the bus.
Signed-off-by: Biswas Arghya <arghya.biswas@intel.com>
Signed-off-by: Sachin Kamat <sachin.kamat@intel.com>
This Patch adds the support for UFS(Universal Flash Storage)
as a boot media.
- Added support to Enable all Lun's for UFS
- Added support to change power modes in UFS
- Enable Bus master for proper PCI addressing
Signed-off-by: Aakash Panwar <aakash.panwar@intel.com>
Signed-off-by: Sachin Kamat <sachin.kamat@intel.com>
Signed-off-by: Chirag Vijay Kolhe <chirag.vijay.kolhe@intel.com>
Signed-off-by: Aakash Panwar <aakash.panwar@intel.com>
- If BIOS update is followed by any payload,
reboot to ensure the update is completed.
- Before processing CMDI payload, ensure CSME update has
taken effect to prevent {OEMKEYREVOCATION} command failure.
Signed-off-by: Vincent Chen <vincent.chen@intel.com>
The steps of OEM key revocation are:
1. Replace OEM KM (signed with key2) by updating CSME
2. Replace BIOS region (signed with key2)
3. Reboot with new BIOS region (to make key1 inactive)
4. Revoke key1
Before this patch, it requires 2 firmware updates and 2 capsules for
step 1~2 and step 4 respectively. The patch combines them into a single
update/capsule.
To implement the feature, the patch:
1. Double max # of payloads to allow CSME/CSMD/BIOS/CMDI update
in one capsule image.
2. Prevent from failing update of a critical component.
e.g., if step 1(CSME) fails, step 2(BIOS) should be skipped
Verified cases:
Case 1: Capsule having CSMD/CSMD/BIOS/CMDI.
Expectation: successful
$ python BootloaderCorePkg/Tools/GenCapsuleFirmware.py \
-p CSME FWUpdate.bin \
-p CSMD CsmeUpdateDriver.efi \
-p BIOS new_BiosRegion.bin \
-p CMDI cmdi.txt \
...(skip)
Case 2: Capsule having CSME/BIOS/CMDI but no CSMD.
Expectation: no update
Case 3: Inject fault flow (no partition switch after first flash),
Capsule having CSME/CSMD/BIOS/CMDI.
Expectation: no CMDI update
Verification: EHL CRB
Signed-off-by: Stanley Chang <stanley.chang@intel.com>
In A/B update, after FWU updates partition B, it switches to and boots
with partition B. If boot fails because of anything wrong with the update,
CSME will switch back to booting with partition A.
Before this patch, unfortunately, the EnforceFwUpdatePolicy will
immediately try to boot again with partition B, which results in
an infinite FWU loop:
try B -> failed -> boot A -> try B -> failed ...
(Same for initial with "try A -> failed" scheme.)
This patch adds a retry count field in FW_UPDATE_STATUS.
Using retry count field to determine if retry also reaches a
max times. If so, stop the loop.
To simplify the implementation for SPI, the retry count field is
implemented as continuous 1 (ONE) of a bit array.
Test scenarios:
Case 1. update bios region. Expectation: PASS
Case 2. update non-bios region. Expectation: PASS
Case 3. Inject fault flow (no partition switch after first flash),
and update bios region. Expectation: Stop retry after few times.
Verify: EHL RVP
Signed-off-by: Stanley Chang <stanley.chang@intel.com>
Sean McGinn