Update copyright years
Initialize pointers to NULL
Check pointers for NULL before de-reference
Standardize debug logs
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
* [ADL] Update TPM event logging to match BIOS
If measured boot disabled via BtG profile but enabled via SBL
config flag, skip logging startup locality TPM event
If measured boot enabled via BtG profile or SBL config flag, log
CRTM version TPM event
Set startup locality based off startup locality on ACM policy status
Log detail and authority PCR events based off SCTRM status on ACM
policy status
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
* Initialize startup locality and remove measured boot check
Initialize startup locality variable used in setting up event
log
Remove measured boot check as it is not seen in BIOS and it
occurs at higher level
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
---------
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
* Add Name field to IMAGE_DATA structure
Add a name field to the structure to be used by container parsing
functions. It will be useful to determine the name of the container
component when dealing with special files like ACPI blobs.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* OsLoader: save the name of the component when creating array of components
Saving the name will help us deal with special files like ACPI blobs
more easily
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* OsLoader: streamline container types
Update container functionality to streamline container types:
- Normal: PE32, FV, ELF images. Supports ACPI table update.
- Classic (Linux): Used for a traditional Linux boot setup.
(cmdline, bzImage, initrd). Additionally supports ACPI table update.
- Multiboot: Used for Multiboot/Multiboot-2 compliant ELF images.
Supports ACPI table update.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* Rename CLASSIC container to CLASSIC_LINUX
This type of container is to be used for a traditional Linux
boot setup consisting of a cmdline, bzImage, initrd(optional),
and other binary blobs or ACPI blobs.
Rename it to CLASSIC_LINUX to make the purpose of the container
clearer.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* OsLoader: copy Linux ExtraBlobs to reserved mem and add to cmdline
Until now, SBL loaded the Extra blobs with the Linux kernel
into memory. However, there was no way for the OS to know where
these blobs resided in memory. The blobs were also loaded in
memory that was not marked as reserved.
This patch copies the blobs to reserved memory and adds the
blob addresses into an expected placeholder in the Linux cmdline.
If the placeholder is not present, nothing related to that blob
will be added to the cmdline.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
---------
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
When running "perf" command from OsLoader shell, it would
print the performance data but it is difficult to know what
they are mean. The patch adds the description to performance
data.
Signed-off-by: Guo Dong <guo.dong@intel.com>
Signed-off-by: Guo Dong <guo.dong@intel.com>
* OsLoader: remove references to IAS images
Change IAS references to 'Boot Image' since IAS support is deprecated.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* ContainerLib: add container type defines
Add comments to indicate the use cases of each container type
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* OsLoader: Use container defines instead of IAS defines
This commit also changes some comments referencing IAS instead of a container.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* OsLoader: remove ParseIasImage() since it is deprecated
Remove deprecated functionality and header include.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
Signed-off-by: Chirag Vijay Kolhe <chirag.vijay.kolhe@intel.com>
* OsLoader: add check for normal container type and fix comment
NORMAL type of container is usually used with FV, regular ELF images, etc.
This commit adds the check for it and removes the "non valid use case" comment.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* GenContainer: add comments explaining container types
Add comments explaining use cases of each container type
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* OsLoader: add a check for number of files in classic container
Classic Container needs to have the boot file in it. According
to the fixed order, this is the second file in the container.
Add a check to make sure there are atleast 2 files before attempting
boot.
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
* QEMU: replace IAS references in boot options with container
Clean up IAS reference from boot options list
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
Signed-off-by: Atharva Lele <atharva.lele@intel.com>
Signed-off-by: Chirag Vijay Kolhe <chirag.vijay.kolhe@intel.com>
In the Ubuntu ISO image, it has 0xF8 partition entries.
The partition library could not work as expected since
it expects the partition entries are no more than 128.
Potentially it could have more partition entries, so just
remove the check.
Signed-off-by: Guo Dong <guo.dong@intel.com>
Signed-off-by: Guo Dong <guo.dong@intel.com>
Currently, only a single redundant SBL component, the configuration data
component, is allowed per update session. However, with support added for
ACM and uCode component updates, the user might desire to update multiple
redundant SBL components in the same session. This change allows this to
happen.
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
Universal paayload hobs are updated for secure boot
and measured boot. Event logs Hobs are created to consume
by TCG2Dxe in uefi payload.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
library
Migrates FW resiliency APIs of Stage1B.c to
FirmwareResiliencyLib
Migrates FW update status types from FirmwareUpdateLib.h and
BootloaderCommonLib.h to FirmwareUpdateStatus.h
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
If TS bit flipped and it does not match FWU state,
assume ACM detected corruption in SG1A or SG1B and
recover broken BP
Add WDT trigger for recovery
Add ADL-specific WDT trigger for TS
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
This change makes sure that, during each recovery,
the FW update status structure is cleared and
repopulated
Without this change, in the event that there is
a full recovery and then an interrupted recovery,
the interrupted recovery is unable to resume
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
- If BIOS update is followed by any payload,
reboot to ensure the update is completed.
- Before processing CMDI payload, ensure CSME update has
taken effect to prevent {OEMKEYREVOCATION} command failure.
Signed-off-by: Vincent Chen <vincent.chen@intel.com>
The steps of OEM key revocation are:
1. Replace OEM KM (signed with key2) by updating CSME
2. Replace BIOS region (signed with key2)
3. Reboot with new BIOS region (to make key1 inactive)
4. Revoke key1
Before this patch, it requires 2 firmware updates and 2 capsules for
step 1~2 and step 4 respectively. The patch combines them into a single
update/capsule.
To implement the feature, the patch:
1. Double max # of payloads to allow CSME/CSMD/BIOS/CMDI update
in one capsule image.
2. Prevent from failing update of a critical component.
e.g., if step 1(CSME) fails, step 2(BIOS) should be skipped
Verified cases:
Case 1: Capsule having CSMD/CSMD/BIOS/CMDI.
Expectation: successful
$ python BootloaderCorePkg/Tools/GenCapsuleFirmware.py \
-p CSME FWUpdate.bin \
-p CSMD CsmeUpdateDriver.efi \
-p BIOS new_BiosRegion.bin \
-p CMDI cmdi.txt \
...(skip)
Case 2: Capsule having CSME/BIOS/CMDI but no CSMD.
Expectation: no update
Case 3: Inject fault flow (no partition switch after first flash),
Capsule having CSME/CSMD/BIOS/CMDI.
Expectation: no CMDI update
Verification: EHL CRB
Signed-off-by: Stanley Chang <stanley.chang@intel.com>
In A/B update, after FWU updates partition B, it switches to and boots
with partition B. If boot fails because of anything wrong with the update,
CSME will switch back to booting with partition A.
Before this patch, unfortunately, the EnforceFwUpdatePolicy will
immediately try to boot again with partition B, which results in
an infinite FWU loop:
try B -> failed -> boot A -> try B -> failed ...
(Same for initial with "try A -> failed" scheme.)
This patch adds a retry count field in FW_UPDATE_STATUS.
Using retry count field to determine if retry also reaches a
max times. If so, stop the loop.
To simplify the implementation for SPI, the retry count field is
implemented as continuous 1 (ONE) of a bit array.
Test scenarios:
Case 1. update bios region. Expectation: PASS
Case 2. update non-bios region. Expectation: PASS
Case 3. Inject fault flow (no partition switch after first flash),
and update bios region. Expectation: Stop retry after few times.
Verify: EHL RVP
Signed-off-by: Stanley Chang <stanley.chang@intel.com>
*Adds code to support the update of existing uCode FW via capsule
*Does not add code to add new/remove existing uCode FW
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
This patch added support to get csme boot time performance
data and display it in perf command and also before booting
to linux.
Introduced a board config option BOOT_PERFORMANCE_MASK to control
PcdBootPerformanceMask, BIT 2 now enables printing CSME boot
performance data.
Signed-off-by: Raghava Gudla <raghava.gudla@intel.com>
*Adds code to support the updating
of ACM FW via capsule
*Adds code that disallows for the
roll back of ACM FW
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
This patch added a new 64bit base field in the loader serial
port hob to support 64bit resource. The revision is updated
to 2. It is backward compatible with revision 1.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch adds a MpServiceLib for payload so that a payload
can utilize this library to run tasks on specified processor.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch extended the LZ4 library to support both compression and
decompression. It is useful for SBL to support runtime compression
in order to reduce data size. It is in sync with the LZ4 1.7.4 used
in the BaseTools.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Convert the line endings stored for all text files in the repository to
LF. The majority previously used DOS-style CRLF line endings. Add a
.gitattributes file to enforce this and treat certain extensions as
never being text files.
Update PatchCheck.py to insist on LF line endings rather than CRLF.
However, its other checks fail on this commit due to lots of
pre-existing complaints that it only notices because the line endings
have changed.
Silicon/QemuSocPkg/FspBin/Patches/0001-Build-QEMU-FSP-2.0-binaries.patch
needs to be treated as binary since it contains a mixture of line
endings.
This change has implications depending on the client platform you are
using the repository from:
* Windows
The usual configuration for Git on Windows means that text files will
be checked out to the work tree with DOS-style CRLF line endings. If
that's not the case then you can configure Git to do so for the entire
machine with:
git config --global core.autocrlf true
or for just the repository with:
git config core.autocrlf true
Line endings will be normalised to LF when they are committed to the
repository. If you commit a text file with only LF line endings then it
will be converted to CRLF line endings in your work tree.
* Linux, MacOS and other Unices
The usual configuration for Git on such platforms is to check files out
of the repository with LF line endings. This is probably the right thing
for you. In the unlikely even that you are using Git on Unix but editing
or compiling on Windows for some reason then you may need to tweak your
configuration to force the use of CRLF line endings as described above.
* General
For more information see
https://docs.github.com/en/get-started/getting-started-with-git/configuring-git-to-handle-line-endings .
Fixes: https://github.com/slimbootloader/slimbootloader/issues/1400
Signed-off-by: Mike Crowe <mac@mcrowe.com>
SBL might change MTRR to enable framebuffer cache. Current code
only handles BSP MTRR programming, and it is necessary to sync
up the MTRR programming for all APs as well. This patch added
a function to sync up MTRRs for all APs.
Please note, this MTRR sync up is a simplified version for SBL
case since SBL will only add new MTRRs for GFX framebuffer.
To do a full generic MTRRs sync up, it is required to flush cache,
reload TLB, etc. And it will come with some performance impacts.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
UEFI payload built from open sourced EDK2 supports SMM variable now.
So build the required HOBs to work with EDK2.
This patch just changed the common SBL code, so there is no platform
change required.
This patch also added a PCD PcdBuildSmmHobs for old SMM HOBs and new
SMM HOBs. Late old SMM HOBs might be dropped.
Signed-off-by: Guo Dong <guo.dong@intel.com>
When multiple USB mass storage devices are connected to the
target, it is not clear to the end user which one is selected
for boot. This patch added code to print the USB mass storage
device manufacturer and product name string. In this way, it
is easier for the end user to identify specific USB device.
It can also be used to determine the HwPart field for USB boot
option. HwPart for USB boot option is mapped to the USB mass
storage device index detected on the platform. BTW, to allow
boot from multiple USB mass storage devices, the optoin
ENABLE_MULTI_USB_BOOT_DEV needs to be enabled. So this patch
enabled ENABLE_MULTI_USB_BOOT_DEV by default.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
When UART bar is alloaced to 64 bit address, the current SBL API
GetSerialPortBase() only returns the lower 32 bit address, which will
cause problem for UART access. This patch fixed this issue.
Please note the patch did not change the payload HOB interface for
UART info. That needs to be updated to 64bit base address too. But this
patch does not cover that.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Current SBL will build full address paging table supported by CPU
only at the beginning of the OsLoader. It is better to move it to
Stage2 so that all payloads can have the full range address support
in x64 mode. It also allows Stage2 platform code to access 64bit
PCI resource. This patch addressed this issue.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Sometimes it is helpful if SBL can support firmware update from
SBL FW to UEFI FW, or update from incompatible SBL flash layout.
This will need SBL to write full BIOS region without using
redundant partition. To support this, a special capsule image
flag is added to indicate this special update. Please note, this
update might be very risky. This is only for development purpose.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Current SBL code uses MSR(0xce) to calculate the CPU TSC frequency.
However, it is not very accurate. A better way is to use CPUID to
calculate the TSC frequency. This patch added new API to get accurate
TSC frequency. It also added APIs to allow conversion between time
and TSC ticks.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
On SBL, it can support boot option selection through QEMU command line
"-boot order" parameter. However, it does not work anymore. It was
because of the MAX_BOOT_OPTION_CFGDATA_ENTRY adjustment in other commit.
This patch decoupled internal boot option index with the CFGDATA boot
option index so that it does not have impacts on each other. With this
change, QEMU boot option can be altered through command line again.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Universal Payload uses ELF format. As a result, the ELF loading
library has been enhanced to handle more complicated cases. The
Universal Payload library added an abstract layer on top of
ELF lib to make it easer to use by SBL. OsLoader and Stage2 were
modified to work with the new library interfaces.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
SBL defined SetDeviceAddr/GetDeviceAddr to abstract platform
device info. However, currently only boot media devices are
defined. It has cases that other platform device info is needed,
such as GFX device. This patch extended the concept to define
some other platform devices as an extenstion to
OS_BOOT_MEDIUM_TYPE. The enum values should not overlap with
the ones defined in OS_BOOT_MEDIUM_TYPE.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Currently the PLT_DEVICE_TABLE is limited
to only using OS_BOOT_MEDIUM_TYPE devices
but ideally should be capable of mapping
any system device into the table. For the
time being we will remove the OsBootDeviceGraphics
since it created some KW issue in the fs command.
Signed-off-by: James Gutbub <james.gutbub@intel.com>
On Simics or QEMU, BOCHS graphics is used. This patch provides
library to initialize BOCHS graphics. It is useful when GFX
initiailzation is not provided by FSP. In this case, the native
code can be used to initialize graphics.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch allows to use a mailbox register (DWORD) to support debug
port. If CCA debug is connected, it is possible to access certain
SOC register through BSSB. Then this register can be used for debug
console input/output.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch adds DebugPortLib as a platform extention lib to add new
debug port support. It also adds a generic GpioDebugPortLib to allow
GPIO bit bang to emulate UART TX pin.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
As per specification of the IAS-Image format
https://github.com/intel/iasimage/blob/master/docs/02_mcd.md
the signature and public key are optional.
As per specification of the header format
https://github.com/intel/iasimage/blob/master/docs/02_mcd.md#image-type
The 8th bit indicate if the signature is included, while the 9th bit
indicates whether the public key is included.
While the previous solution checked if public key is enabled, it did
not check if the signature is included, but rather assumed that it
is always included.
This will lead to a miss-calculation of the `IAS_IMAGE_END` and
`IAS_IMAGE_SIZE` which on the other hand will cause `IsIasImageValid()`
to fail, which will fail the loading of unsigned IAS-Images.
Signed-off-by: Jan Schlosser <jan.schlosser@outlook.com>
The PCI address consumed by CSME FW update library is in
EFI_PCI_ROOT_BRIDGE_IO_PROTOCOL_PCI_ADDRESS format.
- when register offset is < 0x100, it is : bbddffrr
- when register offset is >= 0x100, it is : rrrbbddff00
Consider the two different cases in CsmePciReadBuffer()
Signed-off-by: Vincent Chen <vincent.chen@intel.com>
This allows to load and execute ELF32 or ELF64 format payloads
regardless of Ia32 or X64 SBL operation modes.
Signed-off-by: Aiden Park <aiden.park@intel.com>
SBL allows extra module to be called before tranfering into the main
boot option. For example, RTCM module can be called for boot option
with TCC feature support. This patch enabled this support. Since the
extra module might have different ARCH mode from current SBL mode,
thunk will be provided if mismatching is detected.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
SBL can support IA32 and X64 build. But this info is not indicated
in the SBL version info. This patch added one bit to indicate the
SBL is IA32 or X64.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
For non UEFI payload, SBL will install dummy SMI handler for
security concern. For UEFI payload, SMM rebasing is expected
to be done itself. This patch enabled this feature for APL and
CFL platform.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch added thunk support from 32bit to 64bit. It allows SBL
to call 64bit API entry from 32 bit compatible mode. It is useful
when the payload mode is different from SBL mode.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>