This patch added support to boot from a component inside a container
from OsLoader. Now a boot option for SPI/memory device can be used
to boot from container component by specifying the boot image name
as '!AAAA/BBBB' format. AAAA is the container name and BBBB is
the component name. This component can be FV/TE/PE image format.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch fixed an issue in firmware update. During the saved capsule
signature verification against the capsule signature to make sure
that the capsule did not change during the reboot, instead of using
length of the signature, used the size of the macro that indicate the
length of the signature.
Verified that firmware update is able to pass on WHL.
Signed-off-by: Raghava Gudla <raghava.gudla@intel.com>
This patch added new DrawFrameBuffer interface. It will draw the
framebuffer from a VGA like text buffer. Payload can use this
to sync its own text buffer onto framebuffer screen. It aslo added
extend ASCII char support so that some table char can be displayed.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
All child devices under a PPB must be in scope of its PPB's decode space.
Therefore, all PPB checks the decode capability and downgrades its child
devices' resources accordingly.
Signed-off-by: Aiden Park <aiden.park@intel.com>
This patch added new function to build a full set of the CFGDATA set
from the memory for current platform. It is useful for exporting
current platform CFGDATA for further processing.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch added an example on how to build a HelloWorld payload
from separate DSC file.
To build a standalone HelloWorld payload, use the following command:
BuildLoader.py build_dsc -p PayloadPkg\PayloadPkg.dsc
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Current SBL build script can only be used to build SBL image.
It would be helpful if it can be extended to support build individual
DSC component, such as some other standalone payload. This patch
introduced a new subcommand "build_dsc" to enable this capability.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
ME PCI device number is platform dependent and
heci base address is provided with common
CBnT GetBootGuardInfo.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
CFGDATA json can be used for CFGDATA representation. This patch
enabled generating CFGDATA json file. It can be used by target
to parse CFGDATA items.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch allowed GenContainer to search for the input
component binaries from both input and output directory.
It is useful when the component binary is in build FV
directory.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
The following commit 9fcb3a6be1
caused a regression on PCI bridge resource allocation. At minimum
the PCI bridge needs to have IO apperture aligned at 4KB and MMIO
apperture aligned at 1MB. The new code did not adjust the
alignment for P2P bridge following this rule. This patch fixed
this issue.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Linux framebuffer screen_info has been extended to support 64bit
address. This patch added extra fields and set the upper 32 bit
for the framebuffer base.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
When the Stage FD size is set to be smaller than the FSP component
size, it will produce negative FV size value in DSC file and cause
build exception. This patch added more checks to catch this in the
pre-build process.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch added the missing general configuration settings for
QEMU platform. It also addressed a build issue due to non-ascii
chars in the IPP file.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch adjusted some alignment on PCI resource allocation so
that PCI resource is more efficently utilized. It aslo adjusted
the framebuffer MTRR range to match PCI resource allocation.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch aligns IPP crypto repo sources and headers,
- Update license headers as per IPP crypto
- Naming convention updates
- Partial clean up.
ASM updates will be addressed in next patches.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch adds initial support for external public
key hash store generation in container format.
It uses layout file as input with usage and key file or id.
Common functionality available is resued for KEYH
component generation.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch moved GetHashToExtend function from BootloaderCommonLib
to SecureBootLib. It is a better place to contain this interface.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
When multiple level of PCI bridges exists on a platform, current
SBL PCI bus library could not find all devices. This issue was
caused by incorrect root bridge bus limit got from the data
structure. This patch fixed this issue.
It also fixed#800.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Add support for security version check for
config data blob update. SVN is checked
for redundant region which would be updated.
Fixed python errors in CfgDataTool and
GenCapsuleFirmware.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch enables OS to allocate 64bit PCI resource on APL platform.
It will help resolve some cases where 32bit PCI resource is very
limited.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Capsule payload size is checked for 4K block allign
and this restriction is not required. Updates as container
or other components generated capsule size can be
any size.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch will enforce to use python 3.6 or above to build SBL.
Python 2.x is EOL, so drop the support from now.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
When a SATA controller has no Ports Implemented
behind it, AHCI mode init returns error even before
allocating buffers for RFis, CommandTable, CommandList.
So, AHCI de-init expects them to be NULL, else any
garbage value for these fields forces the code to do
a FreePool on non-allocated memory.
Signed-off-by: Sai Talamudupula <sai.kiran.talamudupula@intel.com>
This script is intended to be called by firmware update
application to triggere firmware update after receiving
update capsule in Linux. This script is provided as a
reference implementation and does the following:
1. Copies the capsule to a known location where SBL
will look for (/boot/efi/FwuImage.bin)
2. Signals FW update to SBL using the WMI interface
provided by SBL. The WMI interface is provided
by the ASL (https://github.com/slimbootloader/slimbootloader
/blob/master/Platform/CommonBoardPkg/AcpiTables/Dsdt/FwuWmi.asl)
and linux kernel driver (https://lkml.org/lkml/2020/4/27/1289)
Reboot command was removed from the script, need to be
included if required.
Signed-off-by: Raghava Gudla <raghava.gudla@intel.com>
The final generated YAML file under Build folder should include
everything required. However, current tool will not expand the
embedded binary file. This patch addressed it.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
The new YAML format represented some data structure a little bit
differently from original DSC format. This patch did minor adjustment
to make the build pass on APL platform.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch modified required tools ConfigEditor, GenCfgData, etc to
support YAML CFGDATA format.
To convert existing DSC to YAML, Dsc2Yaml tool can be used.
For example, to convert QEMU DSC to YAML, the following can be used:
python Dsc2Yaml.py -i Platform\QemuBoardPkg\CfgData\CfgDataDef.dsc
It will generate all required YAML files at current directory.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
As discussed in the RFC, SBL will use YAML format for CFGDATA format
going forward. This patch converted CFGDATA files from DSC format into
YAML format for QEMU, CFL and APL platforms.
To convert existing DSC file into YAML file, please use tool:
python BootloaderCorePkg\Tools\Dsc2Yaml.py <Path to CfgDataDef.dsc>
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
This patch fixed some ACPI issue on APL platform. When VT-d is
disabled, DMAR table should not be populated in ACPI. This patch
fixed it.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
The pre-OS checker/payload flow can support more than
just Linux image type launching; there are use cases
for adding multiboot image support to this flow and
there may be others in the future.
Signed-off-by: James Gutbub <james.gutbub@intel.com>
Currently this tools creates keys and replaces existing ones.
Added user confirmation before existings ones are replaced.
Selecting all replaces subsequent keys getting generated.
Update OS private key name to OS1_TestKey_Priv_RSA3072.pem.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Current Linux payload support in SBL only loads command line and
kernel image, and it does not load InitRd image. It is possible
to have the InitRd image built into the keneral image, but it is
more convenient to have separate InitRd support. This patch added
this.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Capsule Command support added for anti rollback
security version number. User can create command
in text file and create capsule with CMDI mode.
{ARBSVNCOMMIT}
Platform APIs would be invoked to do SVN
commit operations by useing HECI interfaces.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
LocateComponentEntry is modified to locate only container
entry. Additional checks are required at consumer end
for Container entry and CompEntry.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Use default svn while creation of container using command line
when user do not specify svn. Using layout format, user still need
to specify the SVN value.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
The current MulitBoot loading code in SBL did not follow the specification.
The spec stated "The offset in the OS image file at which to start loading
is defined by the offset at which the header was found, minus
(header_addr - load_addr)". However, the current code always copies from
offset 0 of the image file. It caused exception when loading some valid
multiboot image.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Add support for security version check for
container and its components with ones available
in flash for capsule updates.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
This patch fixed incorrect hiding conditions for CFL GPIO pins.
Verified the GPIO configuration options can show/hide depending
on the state of GPIO skip option. It fixed#762.
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Add option -k with SBL build for key generation.
This is to enable user who do not generate keys
for signing as pre-build step.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>