From nobody Sat Apr 27 19:54:52 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1489135151957347.63568619989496; Fri, 10 Mar 2017 00:39:11 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 57E93803AA; Fri, 10 Mar 2017 00:39:10 -0800 (PST) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 720F8803A9 for ; Fri, 10 Mar 2017 00:39:09 -0800 (PST) Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Mar 2017 00:39:09 -0800 Received: from zwei4-mobl.ccr.corp.intel.com ([10.239.197.177]) by orsmga005.jf.intel.com with ESMTP; 10 Mar 2017 00:39:08 -0800 X-Original-To: edk2-devel@lists.01.org X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.36,139,1486454400"; d="scan'208";a="73855149" From: zwei4 To: edk2-devel@lists.01.org Date: Fri, 10 Mar 2017 16:39:05 +0800 Message-Id: <20170310083905.14984-1-david.wei@intel.com> X-Mailer: git-send-email 2.11.0.windows.1 Subject: [edk2] [Patch][edk2-platforms/devel-MinnowBoard3] Add OBB verification code. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: zwei4 --- .../PlatformPreMemPei/FvCallback.c | 47 ++++++++++++++++++= ++++ .../PlatformPreMemPei/PlatformPreMemPei.inf | 3 +- .../PlatformDsc/Components.IA32.dsc | 7 +++- .../BroxtonPlatformPkg/PlatformDsc/Defines.dsc | 3 +- 4 files changed, 57 insertions(+), 3 deletions(-) diff --git a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPr= eMemPei/FvCallback.c b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/= PlatformPreMemPei/FvCallback.c index 91ac6f5e1..6a2c9fd91 100644 --- a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei= /FvCallback.c +++ b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei= /FvCallback.c @@ -25,6 +25,7 @@ #include #include #include +#include #include "FvCallback.h" =20 #define MAX_DIGEST_SIZE 64 @@ -416,8 +417,54 @@ GetFvNotifyCallback ( { EFI_STATUS Status =3D EFI_SUCCESS; EFI_BOOT_MODE BootMode; + BPDT_PAYLOAD_DATA *BpdtPayloadPtr; + EFI_HOB_GUID_TYPE *GuidHobPtr; + BPDT_HEADER *Bp1HdrPtr; + BPDT_HEADER *Bp2HdrPtr; =20 PeiServicesGetBootMode (&BootMode); + + // + // If the Hob exists, then GetBpdtPayloadAddress() has already been call= ed + // one or more times already, So we do not need to re-enter this flow. + // + GuidHobPtr =3D GetFirstGuidHob (&gEfiBpdtLibBp2DataGuid); + if (GuidHobPtr !=3D NULL) { + DEBUG ((EFI_D_INFO, "GetFvNotifyCallback already called. Skipping.\n")= ); + return Status; + } + =20 + // + // Locate headers of both Boot partion 1 and 2 + // + GetBootPartitionPointer (BootPart1, (VOID **)&Bp1HdrPtr); + GetBootPartitionPointer (BootPart2, (VOID **)&Bp2HdrPtr); + DEBUG ((DEBUG_INFO, "Signature BP1 =3D 0x%x BP2 =3D 0x%x\n",Bp1HdrPtr->S= ignature,Bp2HdrPtr->Signature)); + if (Bp1HdrPtr->Signature !=3D BPDT_SIGN_GREEN || Bp2HdrPtr->Signature != =3D BPDT_SIGN_GREEN) { + DEBUG ((DEBUG_INFO, "FW Recovery needed. \n")); + } + + // + // Get the OBB payload, shadow it, and check the hash before processing= it. + // + GetBpdtPayloadData (BootPart2, BpdtObb, &BpdtPayloadPtr); + +#if (BOOT_GUARD_ENABLE =3D=3D 1) + // + // For Normal boot, just verify OBB, since CSE does hash verify of both = IBBL and IBB. + // IBBL check is done before bringing cores out of reset, + // IBB check is done during RBP and indicated by IBB_VERIFICATION_DONE i= n IBBL + // + + if (BootMode !=3D BOOT_ON_S3_RESUME) { + Status =3D LocateAndVerifyHashBpm (HashObb); + if (EFI_ERROR (Status)) { + DEBUG((EFI_D_ERROR, "Verify OBB failed, Status =3D %r\n", Status)); + CpuDeadLoop(); + } + } +#endif + DEBUG ((EFI_D_INFO, "GetFvNotifyCallback: Processing OBB Payload.\n")); =20 ParseObbPayload ((UINT8*) PcdGet32 (PcdFlashObbPayloadMappedBase), PcdGe= t32 (PcdFlashObbPayloadSize), BootMode); diff --git a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPr= eMemPei/PlatformPreMemPei.inf b/Platform/BroxtonPlatformPkg/Common/Platform= Settings/PlatformPreMemPei/PlatformPreMemPei.inf index 22e9de212..2c3ba738e 100644 --- a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei= /PlatformPreMemPei.inf +++ b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei= /PlatformPreMemPei.inf @@ -34,7 +34,7 @@ # 2. MemoryCallback.c - Includes a memory call back function notified wh= en # MRC is done. # -# Copyright (c) 2012 - 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved.
# # This program and the accompanying materials # are licensed and made available under the terms and conditions of the B= SD License @@ -100,6 +100,7 @@ PeiPolicyInitLib PeiVariableCacheLib FspWrapperApiLib + BpdtLib =20 [Guids] gEfiSetupVariableGuid diff --git a/Platform/BroxtonPlatformPkg/PlatformDsc/Components.IA32.dsc b/= Platform/BroxtonPlatformPkg/PlatformDsc/Components.IA32.dsc index 819f025a6..fe1ea798c 100644 --- a/Platform/BroxtonPlatformPkg/PlatformDsc/Components.IA32.dsc +++ b/Platform/BroxtonPlatformPkg/PlatformDsc/Components.IA32.dsc @@ -1,7 +1,7 @@ ## @file # Platform Components for IA32 Description. # -# Copyright (c) 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
# # This program and the accompanying materials # are licensed and made available under the terms and conditions of the B= SD License @@ -81,6 +81,11 @@ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf CpuPolicyLib|$(PLATFORM_SI_PACKAGE)/Cpu/Library/PeiCpuPolicyLibPreMe= m/PeiCpuPolicyLibPreMem.inf + !if $(BOOT_GUARD_ENABLE) =3D=3D TRUE + *_*_IA32_CC_FLAGS =3D -DBOOT_GUARD_ENABLE=3D1 + !else + *_*_IA32_CC_FLAGS =3D -DBOOT_GUARD_ENABLE=3D0 + !endif !if $(TOOL_CHAIN_TAG) =3D=3D GCC47 gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0 diff --git a/Platform/BroxtonPlatformPkg/PlatformDsc/Defines.dsc b/Platform= /BroxtonPlatformPkg/PlatformDsc/Defines.dsc index ad38d4424..47bb9200b 100644 --- a/Platform/BroxtonPlatformPkg/PlatformDsc/Defines.dsc +++ b/Platform/BroxtonPlatformPkg/PlatformDsc/Defines.dsc @@ -1,7 +1,7 @@ ## @file # Platform Macro Define Description. # -# Copyright (c) 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
# # This program and the accompanying materials # are licensed and made available under the terms and conditions of the B= SD License @@ -97,6 +97,7 @@ DEFINE NVM_VARIABLE_ENABLE =3D TRUE DEFINE USB_DNX_ENABLE =3D FALSE DEFINE SECURE_BOOT_ENABLE =3D TRUE + DEFINE BOOT_GUARD_ENABLE =3D FALSE # # Do not use 0x prefix, pass prefix 0x or postfix h through macro for C = or ASM # --=20 2.11.0.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel