2 files changed, 44 insertions(+), 22 deletions(-)
Pavamana:
The change should be merged after new FIT spec is published, because FitGen tool follows the public FIT spec.
Thanks
Liming
发件人: Hv, Pavamana <pavamana.hv@intel.com>
发送时间: 2022年10月26日 23:13
收件人: Holland, Michael <michael.holland@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>; devel@edk2.groups.io; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com>; Lohr, Paul A <paul.a.lohr@intel.com>; Feng, Bob C <bob.c.feng@intel.com>
主题: RE: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Thanks for the review, Liming.
<mailto:bob.c.feng@intel.com> @Feng, Bob C,
What is the next step to merge the change?
Let me know if anything is needed from me.
Thanks for your help again.
Regards,
Pavamana
From: Holland, Michael <michael.holland@intel.com <mailto:michael.holland@intel.com> >
Sent: Tuesday, October 25, 2022 8:36 PM
To: Gao, Liming <gaoliming@byosoft.com.cn <mailto:gaoliming@byosoft.com.cn> >; devel@edk2.groups.io <mailto:devel@edk2.groups.io> ; Hv, Pavamana <pavamana.hv@intel.com <mailto:pavamana.hv@intel.com> >; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com <mailto:rangasai.v.chaganty@intel.com> >; Lohr, Paul A <paul.a.lohr@intel.com <mailto:paul.a.lohr@intel.com> >
Cc: Feng, Bob C <bob.c.feng@intel.com <mailto:bob.c.feng@intel.com> >
Subject: RE: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Hi Liming,
The spec is in process of being published.
<mailto:rangasai.v.chaganty@intel.com> @Chaganty, Rangasai V <mailto:paul.a.lohr@intel.com> @Lohr, Paul A
Any update on FIT spec being published?
Thanks,
Michael
From: gaoliming <gaoliming@byosoft.com.cn <mailto:gaoliming@byosoft.com.cn> >
Sent: Tuesday, October 25, 2022 09:18 PM
To: devel@edk2.groups.io <mailto:devel@edk2.groups.io> ; Hv, Pavamana <pavamana.hv@intel.com <mailto:pavamana.hv@intel.com> >
Cc: Feng, Bob C <bob.c.feng@intel.com <mailto:bob.c.feng@intel.com> >; Holland, Michael <michael.holland@intel.com <mailto:michael.holland@intel.com> >
Subject: 回复: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Pavamana:
The code change looks good. Now, is FIT spec 1.4 public to be downloaded?
Thanks
Liming
发件人: devel@edk2.groups.io <mailto:devel@edk2.groups.io> <devel@edk2.groups.io <mailto:devel@edk2.groups.io> > 代表 Hv, Pavamana
发送时间: 2022年10月26日 5:50
收件人: devel@edk2.groups.io <mailto:devel@edk2.groups.io> ; Gao, Liming <gaoliming@byosoft.com.cn <mailto:gaoliming@byosoft.com.cn> >
抄送: Feng, Bob C <bob.c.feng@intel.com <mailto:bob.c.feng@intel.com> >; Holland, Michael <michael.holland@intel.com <mailto:michael.holland@intel.com> >
主题: Re: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
重要性: 高
Hi Liming,
Any update on this? Please treat this with urgency as we have a release coming up and needs this change.
-Pavamana
From: Hv, Pavamana
Sent: Monday, October 24, 2022 10:05 AM
To: devel@edk2.groups.io <mailto:devel@edk2.groups.io> ; Gao, Liming <gaoliming@byosoft.com.cn <mailto:gaoliming@byosoft.com.cn> >
Subject: RE: [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
<mailto:gaoliming@byosoft.com.cn> @Gao, Liming,
Can you please review the patch and let me know if this can be merged?
Thanks in advance for your help.
Regards,
Pavamana
-----Original Message-----
From: Hv, Pavamana <pavamana.hv@intel.com <mailto:pavamana.hv@intel.com> >
Sent: Wednesday, October 19, 2022 8:57 PM
To: devel@edk2.groups.io <mailto:devel@edk2.groups.io>
Cc: Hv, Pavamana <pavamana.hv@intel.com <mailto:pavamana.hv@intel.com> >
Subject: [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
REF: <https://bugzilla.tianocore.org/show_bug.cgi?id=4086> https://bugzilla.tianocore.org/show_bug.cgi?id=4086
This commit adds support for new FIT record type for Vendor Authorized Boot (VAB) security technology(FIT spec revision 1.4).
VAB defines 3 new following types
Vendor Authorized Boot Provisioning Table (Type 0x1A) Vendor Authorized Boot Image Manifest (Type 0x1B) Vendor Authorized Boot Key Manifest (Type 0x1C) The code has been updated to align these binaries on 64 byte boundary and not to overlap with other regions, similar to Key manifest, Boot Policy manifest and other optional types.
Also added macros to define FIT spec Major and Minor version numbers and print the same instead of hardcoded string.
Signed-off-by: Pavamana Holavanahalli < <mailto:pavamana.hv@intel.com> pavamana.hv@intel.com>
---
Silicon/Intel/Tools/FitGen/FitGen.c | 61 +++++++++++++++++++---------- Silicon/Intel/Tools/FitGen/FitGen.h | 5 ++-
2 files changed, 44 insertions(+), 22 deletions(-)
diff --git a/Silicon/Intel/Tools/FitGen/FitGen.c b/Silicon/Intel/Tools/FitGen/FitGen.c
index 21dfcf1ebb..87123f9922 100644
--- a/Silicon/Intel/Tools/FitGen/FitGen.c
+++ b/Silicon/Intel/Tools/FitGen/FitGen.c
@@ -234,20 +234,24 @@ typedef struct {
#define FLASH_TO_MEMORY(Address, FvBuffer, FvSize) \ (VOID *)(UINTN)((UINTN)(FvBuffer) + (UINTN)(FvSize) - (TOP_FLASH_ADDRESS - (UINTN)(Address))) -#define FIT_TABLE_TYPE_HEADER 0-#define FIT_TABLE_TYPE_MICROCODE 1-#define FIT_TABLE_TYPE_STARTUP_ACM 2-#define FIT_TABLE_TYPE_DIAGNST_ACM 3-#define FIT_TABLE_TYPE_BIOS_MODULE 7-#define FIT_TABLE_TYPE_TPM_POLICY 8-#define FIT_TABLE_TYPE_BIOS_POLICY 9-#define FIT_TABLE_TYPE_TXT_POLICY 10-#define FIT_TABLE_TYPE_KEY_MANIFEST 11-#define FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST 12-#define FIT_TABLE_TYPE_BIOS_DATA_AREA 13-#define FIT_TABLE_TYPE_CSE_SECURE_BOOT 16-#define FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST 12-#define FIT_TABLE_SUBTYPE_ACM_MANIFEST 13+#define FIT_TABLE_TYPE_HEADER 0+#define FIT_TABLE_TYPE_MICROCODE 1+#define FIT_TABLE_TYPE_STARTUP_ACM 2+#define FIT_TABLE_TYPE_DIAGNST_ACM 3+#define FIT_TABLE_TYPE_BIOS_MODULE 7+#define FIT_TABLE_TYPE_TPM_POLICY 8+#define FIT_TABLE_TYPE_BIOS_POLICY 9+#define FIT_TABLE_TYPE_TXT_POLICY 10+#define FIT_TABLE_TYPE_KEY_MANIFEST 11+#define FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST 12+#define FIT_TABLE_TYPE_BIOS_DATA_AREA 13+#define FIT_TABLE_TYPE_CSE_SECURE_BOOT 16+#define FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST 12+#define FIT_TABLE_SUBTYPE_ACM_MANIFEST 13+#define FIT_TABLE_TYPE_VAB_PROVISION_TABLE 26+#define FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST 27+#define FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST 28+ // // With OptionalModule Address isn't known until free space has been@@ -322,8 +326,10 @@ Returns:
--*/ { printf (- "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec revision 1.2."" Version %i.%i\n\n",+ "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec revision %i.%i."" Version %i.%i\n\n", UTILITY_NAME,+ FIT_SPEC_VERSION_MAJOR,+ FIT_SPEC_VERSION_MINOR, UTILITY_MAJOR_VERSION, UTILITY_MINOR_VERSION );@@ -1956,7 +1962,10 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) { // NOTE: It might be virtual address now. Just put a place holder. FitEntryNumber ++; }@@ -2154,8 +2163,11 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {- // Let it 64 byte align+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) {+ // Let it 64 byte align AlignedSize += BIOS_MODULE_ALIGNMENT; AlignedSize &= ~BIOS_MODULE_ALIGNMENT; }@@ -2166,8 +2178,11 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {- // Let it 64 byte align+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) {+ // Let it 64 byte align OptionalModuleAddress = (UINT8 *)((UINTN)OptionalModuleAddress & ~BIOS_MODULE_ALIGNMENT); } @@ -2201,7 +2216,11 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) {+ CheckOverlap (gFitTableContext.OptionalModule[Index].Address, AlignedSize); } }diff --git a/Silicon/Intel/Tools/FitGen/FitGen.h b/Silicon/Intel/Tools/FitGen/FitGen.h
index 80a1423ceb..511ab652ab 100644
--- a/Silicon/Intel/Tools/FitGen/FitGen.h
+++ b/Silicon/Intel/Tools/FitGen/FitGen.h
@@ -31,9 +31,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
// Utility version information // #define UTILITY_MAJOR_VERSION 0-#define UTILITY_MINOR_VERSION 66+#define UTILITY_MINOR_VERSION 67 #define UTILITY_DATE __DATE__ +#define FIT_SPEC_VERSION_MAJOR 1+#define FIT_SPEC_VERSION_MINOR 4+ // // The minimum number of arguments accepted from the command line. //--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#95624): https://edk2.groups.io/g/devel/message/95624
Mute This Topic: https://groups.io/mt/94595307/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Hi Liming,
Please see published FIT spec 1.4: https://edc.intel.com/content/www/us/en/design/products-and-solutions/software-and-services/firmware-and-bios/firmware-interface-table/
Thanks,
Michael
From: gaoliming <gaoliming@byosoft.com.cn>
Sent: Wednesday, October 26, 2022 07:59 PM
To: Hv, Pavamana <pavamana.hv@intel.com>; Holland, Michael <michael.holland@intel.com>; devel@edk2.groups.io; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com>; Lohr, Paul A <paul.a.lohr@intel.com>; Feng, Bob C <bob.c.feng@intel.com>
Subject: 回复: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Pavamana:
The change should be merged after new FIT spec is published, because FitGen tool follows the public FIT spec.
Thanks
Liming
发件人: Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>
发送时间: 2022年10月26日 23:13
收件人: Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>; Gao, Liming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com<mailto:rangasai.v.chaganty@intel.com>>; Lohr, Paul A <paul.a.lohr@intel.com<mailto:paul.a.lohr@intel.com>>; Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>
主题: RE: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Thanks for the review, Liming.
@Feng, Bob C<mailto:bob.c.feng@intel.com>,
What is the next step to merge the change?
Let me know if anything is needed from me.
Thanks for your help again.
Regards,
Pavamana
From: Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>
Sent: Tuesday, October 25, 2022 8:36 PM
To: Gao, Liming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com<mailto:rangasai.v.chaganty@intel.com>>; Lohr, Paul A <paul.a.lohr@intel.com<mailto:paul.a.lohr@intel.com>>
Cc: Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>
Subject: RE: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Hi Liming,
The spec is in process of being published.
@Chaganty, Rangasai V<mailto:rangasai.v.chaganty@intel.com> @Lohr, Paul A<mailto:paul.a.lohr@intel.com>
Any update on FIT spec being published?
Thanks,
Michael
From: gaoliming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>
Sent: Tuesday, October 25, 2022 09:18 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>
Cc: Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>; Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>
Subject: 回复: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Pavamana:
The code change looks good. Now, is FIT spec 1.4 public to be downloaded?
Thanks
Liming
发件人: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> 代表 Hv, Pavamana
发送时间: 2022年10月26日 5:50
收件人: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Gao, Liming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>
抄送: Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>; Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>
主题: Re: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
重要性: 高
Hi Liming,
Any update on this? Please treat this with urgency as we have a release coming up and needs this change.
-Pavamana
From: Hv, Pavamana
Sent: Monday, October 24, 2022 10:05 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Gao, Liming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>
Subject: RE: [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
@Gao, Liming<mailto:gaoliming@byosoft.com.cn>,
Can you please review the patch and let me know if this can be merged?
Thanks in advance for your help.
Regards,
Pavamana
-----Original Message-----
From: Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>
Sent: Wednesday, October 19, 2022 8:57 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Cc: Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>
Subject: [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4086
This commit adds support for new FIT record type for Vendor Authorized Boot (VAB) security technology(FIT spec revision 1.4).
VAB defines 3 new following types
Vendor Authorized Boot Provisioning Table (Type 0x1A) Vendor Authorized Boot Image Manifest (Type 0x1B) Vendor Authorized Boot Key Manifest (Type 0x1C) The code has been updated to align these binaries on 64 byte boundary and not to overlap with other regions, similar to Key manifest, Boot Policy manifest and other optional types.
Also added macros to define FIT spec Major and Minor version numbers and print the same instead of hardcoded string.
Signed-off-by: Pavamana Holavanahalli <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>
---
Silicon/Intel/Tools/FitGen/FitGen.c | 61 +++++++++++++++++++---------- Silicon/Intel/Tools/FitGen/FitGen.h | 5 ++-
2 files changed, 44 insertions(+), 22 deletions(-)
diff --git a/Silicon/Intel/Tools/FitGen/FitGen.c b/Silicon/Intel/Tools/FitGen/FitGen.c
index 21dfcf1ebb..87123f9922 100644
--- a/Silicon/Intel/Tools/FitGen/FitGen.c
+++ b/Silicon/Intel/Tools/FitGen/FitGen.c
@@ -234,20 +234,24 @@ typedef struct {
#define FLASH_TO_MEMORY(Address, FvBuffer, FvSize) \ (VOID *)(UINTN)((UINTN)(FvBuffer) + (UINTN)(FvSize) - (TOP_FLASH_ADDRESS - (UINTN)(Address))) -#define FIT_TABLE_TYPE_HEADER 0-#define FIT_TABLE_TYPE_MICROCODE 1-#define FIT_TABLE_TYPE_STARTUP_ACM 2-#define FIT_TABLE_TYPE_DIAGNST_ACM 3-#define FIT_TABLE_TYPE_BIOS_MODULE 7-#define FIT_TABLE_TYPE_TPM_POLICY 8-#define FIT_TABLE_TYPE_BIOS_POLICY 9-#define FIT_TABLE_TYPE_TXT_POLICY 10-#define FIT_TABLE_TYPE_KEY_MANIFEST 11-#define FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST 12-#define FIT_TABLE_TYPE_BIOS_DATA_AREA 13-#define FIT_TABLE_TYPE_CSE_SECURE_BOOT 16-#define FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST 12-#define FIT_TABLE_SUBTYPE_ACM_MANIFEST 13+#define FIT_TABLE_TYPE_HEADER 0+#define FIT_TABLE_TYPE_MICROCODE 1+#define FIT_TABLE_TYPE_STARTUP_ACM 2+#define FIT_TABLE_TYPE_DIAGNST_ACM 3+#define FIT_TABLE_TYPE_BIOS_MODULE 7+#define FIT_TABLE_TYPE_TPM_POLICY 8+#define FIT_TABLE_TYPE_BIOS_POLICY 9+#define FIT_TABLE_TYPE_TXT_POLICY 10+#define FIT_TABLE_TYPE_KEY_MANIFEST 11+#define FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST 12+#define FIT_TABLE_TYPE_BIOS_DATA_AREA 13+#define FIT_TABLE_TYPE_CSE_SECURE_BOOT 16+#define FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST 12+#define FIT_TABLE_SUBTYPE_ACM_MANIFEST 13+#define FIT_TABLE_TYPE_VAB_PROVISION_TABLE 26+#define FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST 27+#define FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST 28+ // // With OptionalModule Address isn't known until free space has been@@ -322,8 +326,10 @@ Returns:
--*/ { printf (- "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec revision 1.2."" Version %i.%i\n\n",+ "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec revision %i.%i."" Version %i.%i\n\n", UTILITY_NAME,+ FIT_SPEC_VERSION_MAJOR,+ FIT_SPEC_VERSION_MINOR, UTILITY_MAJOR_VERSION, UTILITY_MINOR_VERSION );@@ -1956,7 +1962,10 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) { // NOTE: It might be virtual address now. Just put a place holder. FitEntryNumber ++; }@@ -2154,8 +2163,11 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {- // Let it 64 byte align+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) {+ // Let it 64 byte align AlignedSize += BIOS_MODULE_ALIGNMENT; AlignedSize &= ~BIOS_MODULE_ALIGNMENT; }@@ -2166,8 +2178,11 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {- // Let it 64 byte align+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) {+ // Let it 64 byte align OptionalModuleAddress = (UINT8 *)((UINTN)OptionalModuleAddress & ~BIOS_MODULE_ALIGNMENT); } @@ -2201,7 +2216,11 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) {+ CheckOverlap (gFitTableContext.OptionalModule[Index].Address, AlignedSize); } }diff --git a/Silicon/Intel/Tools/FitGen/FitGen.h b/Silicon/Intel/Tools/FitGen/FitGen.h
index 80a1423ceb..511ab652ab 100644
--- a/Silicon/Intel/Tools/FitGen/FitGen.h
+++ b/Silicon/Intel/Tools/FitGen/FitGen.h
@@ -31,9 +31,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
// Utility version information // #define UTILITY_MAJOR_VERSION 0-#define UTILITY_MINOR_VERSION 66+#define UTILITY_MINOR_VERSION 67 #define UTILITY_DATE __DATE__ +#define FIT_SPEC_VERSION_MAJOR 1+#define FIT_SPEC_VERSION_MINOR 4+ // // The minimum number of arguments accepted from the command line. //--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#95659): https://edk2.groups.io/g/devel/message/95659
Mute This Topic: https://groups.io/mt/94612421/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Michael:
Thanks for your sharing.
Pavamana:
FIT spec 1.4 has been published. So, this change can be merged now.
Thanks
Liming
发件人: Holland, Michael <michael.holland@intel.com>
发送时间: 2022年10月28日 1:41
收件人: Gao, Liming <gaoliming@byosoft.com.cn>; Hv, Pavamana <pavamana.hv@intel.com>; devel@edk2.groups.io; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com>; Lohr, Paul A <paul.a.lohr@intel.com>; Feng, Bob C <bob.c.feng@intel.com>
主题: RE: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Hi Liming,
Please see published FIT spec 1.4: https://edc.intel.com/content/www/us/en/design/products-and-solutions/software-and-services/firmware-and-bios/firmware-interface-table/
Thanks,
Michael
From: gaoliming <gaoliming@byosoft.com.cn <mailto:gaoliming@byosoft.com.cn> >
Sent: Wednesday, October 26, 2022 07:59 PM
To: Hv, Pavamana <pavamana.hv@intel.com <mailto:pavamana.hv@intel.com> >; Holland, Michael <michael.holland@intel.com <mailto:michael.holland@intel.com> >; devel@edk2.groups.io <mailto:devel@edk2.groups.io> ; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com <mailto:rangasai.v.chaganty@intel.com> >; Lohr, Paul A <paul.a.lohr@intel.com <mailto:paul.a.lohr@intel.com> >; Feng, Bob C <bob.c.feng@intel.com <mailto:bob.c.feng@intel.com> >
Subject: 回复: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Pavamana:
The change should be merged after new FIT spec is published, because FitGen tool follows the public FIT spec.
Thanks
Liming
发件人: Hv, Pavamana <pavamana.hv@intel.com <mailto:pavamana.hv@intel.com> >
发送时间: 2022年10月26日 23:13
收件人: Holland, Michael <michael.holland@intel.com <mailto:michael.holland@intel.com> >; Gao, Liming <gaoliming@byosoft.com.cn <mailto:gaoliming@byosoft.com.cn> >; devel@edk2.groups.io <mailto:devel@edk2.groups.io> ; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com <mailto:rangasai.v.chaganty@intel.com> >; Lohr, Paul A <paul.a.lohr@intel.com <mailto:paul.a.lohr@intel.com> >; Feng, Bob C <bob.c.feng@intel.com <mailto:bob.c.feng@intel.com> >
主题: RE: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Thanks for the review, Liming.
<mailto:bob.c.feng@intel.com> @Feng, Bob C,
What is the next step to merge the change?
Let me know if anything is needed from me.
Thanks for your help again.
Regards,
Pavamana
From: Holland, Michael <michael.holland@intel.com <mailto:michael.holland@intel.com> >
Sent: Tuesday, October 25, 2022 8:36 PM
To: Gao, Liming <gaoliming@byosoft.com.cn <mailto:gaoliming@byosoft.com.cn> >; devel@edk2.groups.io <mailto:devel@edk2.groups.io> ; Hv, Pavamana <pavamana.hv@intel.com <mailto:pavamana.hv@intel.com> >; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com <mailto:rangasai.v.chaganty@intel.com> >; Lohr, Paul A <paul.a.lohr@intel.com <mailto:paul.a.lohr@intel.com> >
Cc: Feng, Bob C <bob.c.feng@intel.com <mailto:bob.c.feng@intel.com> >
Subject: RE: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Hi Liming,
The spec is in process of being published.
<mailto:rangasai.v.chaganty@intel.com> @Chaganty, Rangasai V <mailto:paul.a.lohr@intel.com> @Lohr, Paul A
Any update on FIT spec being published?
Thanks,
Michael
From: gaoliming <gaoliming@byosoft.com.cn <mailto:gaoliming@byosoft.com.cn> >
Sent: Tuesday, October 25, 2022 09:18 PM
To: devel@edk2.groups.io <mailto:devel@edk2.groups.io> ; Hv, Pavamana <pavamana.hv@intel.com <mailto:pavamana.hv@intel.com> >
Cc: Feng, Bob C <bob.c.feng@intel.com <mailto:bob.c.feng@intel.com> >; Holland, Michael <michael.holland@intel.com <mailto:michael.holland@intel.com> >
Subject: 回复: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Pavamana:
The code change looks good. Now, is FIT spec 1.4 public to be downloaded?
Thanks
Liming
发件人: devel@edk2.groups.io <mailto:devel@edk2.groups.io> <devel@edk2.groups.io <mailto:devel@edk2.groups.io> > 代表 Hv, Pavamana
发送时间: 2022年10月26日 5:50
收件人: devel@edk2.groups.io <mailto:devel@edk2.groups.io> ; Gao, Liming <gaoliming@byosoft.com.cn <mailto:gaoliming@byosoft.com.cn> >
抄送: Feng, Bob C <bob.c.feng@intel.com <mailto:bob.c.feng@intel.com> >; Holland, Michael <michael.holland@intel.com <mailto:michael.holland@intel.com> >
主题: Re: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
重要性: 高
Hi Liming,
Any update on this? Please treat this with urgency as we have a release coming up and needs this change.
-Pavamana
From: Hv, Pavamana
Sent: Monday, October 24, 2022 10:05 AM
To: devel@edk2.groups.io <mailto:devel@edk2.groups.io> ; Gao, Liming <gaoliming@byosoft.com.cn <mailto:gaoliming@byosoft.com.cn> >
Subject: RE: [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
<mailto:gaoliming@byosoft.com.cn> @Gao, Liming,
Can you please review the patch and let me know if this can be merged?
Thanks in advance for your help.
Regards,
Pavamana
-----Original Message-----
From: Hv, Pavamana <pavamana.hv@intel.com <mailto:pavamana.hv@intel.com> >
Sent: Wednesday, October 19, 2022 8:57 PM
To: devel@edk2.groups.io <mailto:devel@edk2.groups.io>
Cc: Hv, Pavamana <pavamana.hv@intel.com <mailto:pavamana.hv@intel.com> >
Subject: [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
REF: <https://bugzilla.tianocore.org/show_bug.cgi?id=4086> https://bugzilla.tianocore.org/show_bug.cgi?id=4086
This commit adds support for new FIT record type for Vendor Authorized Boot (VAB) security technology(FIT spec revision 1.4).
VAB defines 3 new following types
Vendor Authorized Boot Provisioning Table (Type 0x1A) Vendor Authorized Boot Image Manifest (Type 0x1B) Vendor Authorized Boot Key Manifest (Type 0x1C) The code has been updated to align these binaries on 64 byte boundary and not to overlap with other regions, similar to Key manifest, Boot Policy manifest and other optional types.
Also added macros to define FIT spec Major and Minor version numbers and print the same instead of hardcoded string.
Signed-off-by: Pavamana Holavanahalli < <mailto:pavamana.hv@intel.com> pavamana.hv@intel.com>
---
Silicon/Intel/Tools/FitGen/FitGen.c | 61 +++++++++++++++++++---------- Silicon/Intel/Tools/FitGen/FitGen.h | 5 ++-
2 files changed, 44 insertions(+), 22 deletions(-)
diff --git a/Silicon/Intel/Tools/FitGen/FitGen.c b/Silicon/Intel/Tools/FitGen/FitGen.c
index 21dfcf1ebb..87123f9922 100644
--- a/Silicon/Intel/Tools/FitGen/FitGen.c
+++ b/Silicon/Intel/Tools/FitGen/FitGen.c
@@ -234,20 +234,24 @@ typedef struct {
#define FLASH_TO_MEMORY(Address, FvBuffer, FvSize) \ (VOID *)(UINTN)((UINTN)(FvBuffer) + (UINTN)(FvSize) - (TOP_FLASH_ADDRESS - (UINTN)(Address))) -#define FIT_TABLE_TYPE_HEADER 0-#define FIT_TABLE_TYPE_MICROCODE 1-#define FIT_TABLE_TYPE_STARTUP_ACM 2-#define FIT_TABLE_TYPE_DIAGNST_ACM 3-#define FIT_TABLE_TYPE_BIOS_MODULE 7-#define FIT_TABLE_TYPE_TPM_POLICY 8-#define FIT_TABLE_TYPE_BIOS_POLICY 9-#define FIT_TABLE_TYPE_TXT_POLICY 10-#define FIT_TABLE_TYPE_KEY_MANIFEST 11-#define FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST 12-#define FIT_TABLE_TYPE_BIOS_DATA_AREA 13-#define FIT_TABLE_TYPE_CSE_SECURE_BOOT 16-#define FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST 12-#define FIT_TABLE_SUBTYPE_ACM_MANIFEST 13+#define FIT_TABLE_TYPE_HEADER 0+#define FIT_TABLE_TYPE_MICROCODE 1+#define FIT_TABLE_TYPE_STARTUP_ACM 2+#define FIT_TABLE_TYPE_DIAGNST_ACM 3+#define FIT_TABLE_TYPE_BIOS_MODULE 7+#define FIT_TABLE_TYPE_TPM_POLICY 8+#define FIT_TABLE_TYPE_BIOS_POLICY 9+#define FIT_TABLE_TYPE_TXT_POLICY 10+#define FIT_TABLE_TYPE_KEY_MANIFEST 11+#define FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST 12+#define FIT_TABLE_TYPE_BIOS_DATA_AREA 13+#define FIT_TABLE_TYPE_CSE_SECURE_BOOT 16+#define FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST 12+#define FIT_TABLE_SUBTYPE_ACM_MANIFEST 13+#define FIT_TABLE_TYPE_VAB_PROVISION_TABLE 26+#define FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST 27+#define FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST 28+ // // With OptionalModule Address isn't known until free space has been@@ -322,8 +326,10 @@ Returns:
--*/ { printf (- "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec revision 1.2."" Version %i.%i\n\n",+ "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec revision %i.%i."" Version %i.%i\n\n", UTILITY_NAME,+ FIT_SPEC_VERSION_MAJOR,+ FIT_SPEC_VERSION_MINOR, UTILITY_MAJOR_VERSION, UTILITY_MINOR_VERSION );@@ -1956,7 +1962,10 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) { // NOTE: It might be virtual address now. Just put a place holder. FitEntryNumber ++; }@@ -2154,8 +2163,11 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {- // Let it 64 byte align+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) {+ // Let it 64 byte align AlignedSize += BIOS_MODULE_ALIGNMENT; AlignedSize &= ~BIOS_MODULE_ALIGNMENT; }@@ -2166,8 +2178,11 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {- // Let it 64 byte align+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) {+ // Let it 64 byte align OptionalModuleAddress = (UINT8 *)((UINTN)OptionalModuleAddress & ~BIOS_MODULE_ALIGNMENT); } @@ -2201,7 +2216,11 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) {+ CheckOverlap (gFitTableContext.OptionalModule[Index].Address, AlignedSize); } }diff --git a/Silicon/Intel/Tools/FitGen/FitGen.h b/Silicon/Intel/Tools/FitGen/FitGen.h
index 80a1423ceb..511ab652ab 100644
--- a/Silicon/Intel/Tools/FitGen/FitGen.h
+++ b/Silicon/Intel/Tools/FitGen/FitGen.h
@@ -31,9 +31,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
// Utility version information // #define UTILITY_MAJOR_VERSION 0-#define UTILITY_MINOR_VERSION 66+#define UTILITY_MINOR_VERSION 67 #define UTILITY_DATE __DATE__ +#define FIT_SPEC_VERSION_MAJOR 1+#define FIT_SPEC_VERSION_MINOR 4+ // // The minimum number of arguments accepted from the command line. //--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#95660): https://edk2.groups.io/g/devel/message/95660
Mute This Topic: https://groups.io/mt/94617788/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Hi Pavamana,
I found there are few patch format issues. Please use edk2\BaseTools\Scripts\PatchCheck.py to check the patch and fix them. After that, I’ll merge it.
Thanks,
Bob
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of gaoliming via groups.io
Sent: Friday, October 28, 2022 9:11 AM
To: Holland, Michael <michael.holland@intel.com>; Hv, Pavamana <pavamana.hv@intel.com>; devel@edk2.groups.io; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com>; Lohr, Paul A <paul.a.lohr@intel.com>; Feng, Bob C <bob.c.feng@intel.com>
Subject: 回复: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Michael:
Thanks for your sharing.
Pavamana:
FIT spec 1.4 has been published. So, this change can be merged now.
Thanks
Liming
发件人: Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>
发送时间: 2022年10月28日 1:41
收件人: Gao, Liming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>; Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com<mailto:rangasai.v.chaganty@intel.com>>; Lohr, Paul A <paul.a.lohr@intel.com<mailto:paul.a.lohr@intel.com>>; Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>
主题: RE: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Hi Liming,
Please see published FIT spec 1.4: https://edc.intel.com/content/www/us/en/design/products-and-solutions/software-and-services/firmware-and-bios/firmware-interface-table/
Thanks,
Michael
From: gaoliming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>
Sent: Wednesday, October 26, 2022 07:59 PM
To: Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>; Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com<mailto:rangasai.v.chaganty@intel.com>>; Lohr, Paul A <paul.a.lohr@intel.com<mailto:paul.a.lohr@intel.com>>; Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>
Subject: 回复: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Pavamana:
The change should be merged after new FIT spec is published, because FitGen tool follows the public FIT spec.
Thanks
Liming
发件人: Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>
发送时间: 2022年10月26日 23:13
收件人: Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>; Gao, Liming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com<mailto:rangasai.v.chaganty@intel.com>>; Lohr, Paul A <paul.a.lohr@intel.com<mailto:paul.a.lohr@intel.com>>; Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>
主题: RE: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Thanks for the review, Liming.
@Feng, Bob C<mailto:bob.c.feng@intel.com>,
What is the next step to merge the change?
Let me know if anything is needed from me.
Thanks for your help again.
Regards,
Pavamana
From: Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>
Sent: Tuesday, October 25, 2022 8:36 PM
To: Gao, Liming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com<mailto:rangasai.v.chaganty@intel.com>>; Lohr, Paul A <paul.a.lohr@intel.com<mailto:paul.a.lohr@intel.com>>
Cc: Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>
Subject: RE: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Hi Liming,
The spec is in process of being published.
@Chaganty, Rangasai V<mailto:rangasai.v.chaganty@intel.com> @Lohr, Paul A<mailto:paul.a.lohr@intel.com>
Any update on FIT spec being published?
Thanks,
Michael
From: gaoliming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>
Sent: Tuesday, October 25, 2022 09:18 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>
Cc: Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>; Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>
Subject: 回复: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Pavamana:
The code change looks good. Now, is FIT spec 1.4 public to be downloaded?
Thanks
Liming
发件人: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> 代表 Hv, Pavamana
发送时间: 2022年10月26日 5:50
收件人: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Gao, Liming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>
抄送: Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>; Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>
主题: Re: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
重要性: 高
Hi Liming,
Any update on this? Please treat this with urgency as we have a release coming up and needs this change.
-Pavamana
From: Hv, Pavamana
Sent: Monday, October 24, 2022 10:05 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Gao, Liming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>
Subject: RE: [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
@Gao, Liming<mailto:gaoliming@byosoft.com.cn>,
Can you please review the patch and let me know if this can be merged?
Thanks in advance for your help.
Regards,
Pavamana
-----Original Message-----
From: Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>
Sent: Wednesday, October 19, 2022 8:57 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Cc: Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>
Subject: [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4086
This commit adds support for new FIT record type for Vendor Authorized Boot (VAB) security technology(FIT spec revision 1.4).
VAB defines 3 new following types
Vendor Authorized Boot Provisioning Table (Type 0x1A) Vendor Authorized Boot Image Manifest (Type 0x1B) Vendor Authorized Boot Key Manifest (Type 0x1C) The code has been updated to align these binaries on 64 byte boundary and not to overlap with other regions, similar to Key manifest, Boot Policy manifest and other optional types.
Also added macros to define FIT spec Major and Minor version numbers and print the same instead of hardcoded string.
Signed-off-by: Pavamana Holavanahalli <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>
---
Silicon/Intel/Tools/FitGen/FitGen.c | 61 +++++++++++++++++++---------- Silicon/Intel/Tools/FitGen/FitGen.h | 5 ++-
2 files changed, 44 insertions(+), 22 deletions(-)
diff --git a/Silicon/Intel/Tools/FitGen/FitGen.c b/Silicon/Intel/Tools/FitGen/FitGen.c
index 21dfcf1ebb..87123f9922 100644
--- a/Silicon/Intel/Tools/FitGen/FitGen.c
+++ b/Silicon/Intel/Tools/FitGen/FitGen.c
@@ -234,20 +234,24 @@ typedef struct {
#define FLASH_TO_MEMORY(Address, FvBuffer, FvSize) \ (VOID *)(UINTN)((UINTN)(FvBuffer) + (UINTN)(FvSize) - (TOP_FLASH_ADDRESS - (UINTN)(Address))) -#define FIT_TABLE_TYPE_HEADER 0-#define FIT_TABLE_TYPE_MICROCODE 1-#define FIT_TABLE_TYPE_STARTUP_ACM 2-#define FIT_TABLE_TYPE_DIAGNST_ACM 3-#define FIT_TABLE_TYPE_BIOS_MODULE 7-#define FIT_TABLE_TYPE_TPM_POLICY 8-#define FIT_TABLE_TYPE_BIOS_POLICY 9-#define FIT_TABLE_TYPE_TXT_POLICY 10-#define FIT_TABLE_TYPE_KEY_MANIFEST 11-#define FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST 12-#define FIT_TABLE_TYPE_BIOS_DATA_AREA 13-#define FIT_TABLE_TYPE_CSE_SECURE_BOOT 16-#define FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST 12-#define FIT_TABLE_SUBTYPE_ACM_MANIFEST 13+#define FIT_TABLE_TYPE_HEADER 0+#define FIT_TABLE_TYPE_MICROCODE 1+#define FIT_TABLE_TYPE_STARTUP_ACM 2+#define FIT_TABLE_TYPE_DIAGNST_ACM 3+#define FIT_TABLE_TYPE_BIOS_MODULE 7+#define FIT_TABLE_TYPE_TPM_POLICY 8+#define FIT_TABLE_TYPE_BIOS_POLICY 9+#define FIT_TABLE_TYPE_TXT_POLICY 10+#define FIT_TABLE_TYPE_KEY_MANIFEST 11+#define FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST 12+#define FIT_TABLE_TYPE_BIOS_DATA_AREA 13+#define FIT_TABLE_TYPE_CSE_SECURE_BOOT 16+#define FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST 12+#define FIT_TABLE_SUBTYPE_ACM_MANIFEST 13+#define FIT_TABLE_TYPE_VAB_PROVISION_TABLE 26+#define FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST 27+#define FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST 28+ // // With OptionalModule Address isn't known until free space has been@@ -322,8 +326,10 @@ Returns:
--*/ { printf (- "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec revision 1.2."" Version %i.%i\n\n",+ "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec revision %i.%i."" Version %i.%i\n\n", UTILITY_NAME,+ FIT_SPEC_VERSION_MAJOR,+ FIT_SPEC_VERSION_MINOR, UTILITY_MAJOR_VERSION, UTILITY_MINOR_VERSION );@@ -1956,7 +1962,10 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) { // NOTE: It might be virtual address now. Just put a place holder. FitEntryNumber ++; }@@ -2154,8 +2163,11 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {- // Let it 64 byte align+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) {+ // Let it 64 byte align AlignedSize += BIOS_MODULE_ALIGNMENT; AlignedSize &= ~BIOS_MODULE_ALIGNMENT; }@@ -2166,8 +2178,11 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {- // Let it 64 byte align+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) {+ // Let it 64 byte align OptionalModuleAddress = (UINT8 *)((UINTN)OptionalModuleAddress & ~BIOS_MODULE_ALIGNMENT); } @@ -2201,7 +2216,11 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) {+ CheckOverlap (gFitTableContext.OptionalModule[Index].Address, AlignedSize); } }diff --git a/Silicon/Intel/Tools/FitGen/FitGen.h b/Silicon/Intel/Tools/FitGen/FitGen.h
index 80a1423ceb..511ab652ab 100644
--- a/Silicon/Intel/Tools/FitGen/FitGen.h
+++ b/Silicon/Intel/Tools/FitGen/FitGen.h
@@ -31,9 +31,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
// Utility version information // #define UTILITY_MAJOR_VERSION 0-#define UTILITY_MINOR_VERSION 66+#define UTILITY_MINOR_VERSION 67 #define UTILITY_DATE __DATE__ +#define FIT_SPEC_VERSION_MAJOR 1+#define FIT_SPEC_VERSION_MINOR 4+ // // The minimum number of arguments accepted from the command line. //--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#95664): https://edk2.groups.io/g/devel/message/95664
Mute This Topic: https://groups.io/mt/94620946/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Hi Bob,
I had run the check and ran it again and this is what I get
C:\Work\Tianocore\edk2-platforms> c:\python38\python ..\edk2\BaseTools\Scripts\PatchCheck.py .\0001-edk2Platforms-Silicon-Add-VAB-FIT-record-types-suppo.patch
Checking patch file: .\0001-edk2Platforms-Silicon-Add-VAB-FIT-record-types-suppo.patch
edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
The commit message format passed all checks.
The code passed all checks.
I am not sure what you are seeing. Can you please paste your output? Am I missing something?
Regards,
Pavamana
From: Feng, Bob C <bob.c.feng@intel.com>
Sent: Thursday, October 27, 2022 10:33 PM
To: devel@edk2.groups.io; Gao, Liming <gaoliming@byosoft.com.cn>; Holland, Michael <michael.holland@intel.com>; Hv, Pavamana <pavamana.hv@intel.com>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com>; Lohr, Paul A <paul.a.lohr@intel.com>
Subject: RE: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Hi Pavamana,
I found there are few patch format issues. Please use edk2\BaseTools\Scripts\PatchCheck.py to check the patch and fix them. After that, I’ll merge it.
Thanks,
Bob
From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of gaoliming via groups.io
Sent: Friday, October 28, 2022 9:11 AM
To: Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>; Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com<mailto:rangasai.v.chaganty@intel.com>>; Lohr, Paul A <paul.a.lohr@intel.com<mailto:paul.a.lohr@intel.com>>; Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>
Subject: 回复: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Michael:
Thanks for your sharing.
Pavamana:
FIT spec 1.4 has been published. So, this change can be merged now.
Thanks
Liming
发件人: Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>
发送时间: 2022年10月28日 1:41
收件人: Gao, Liming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>; Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com<mailto:rangasai.v.chaganty@intel.com>>; Lohr, Paul A <paul.a.lohr@intel.com<mailto:paul.a.lohr@intel.com>>; Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>
主题: RE: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Hi Liming,
Please see published FIT spec 1.4: https://edc.intel.com/content/www/us/en/design/products-and-solutions/software-and-services/firmware-and-bios/firmware-interface-table/
Thanks,
Michael
From: gaoliming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>
Sent: Wednesday, October 26, 2022 07:59 PM
To: Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>; Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com<mailto:rangasai.v.chaganty@intel.com>>; Lohr, Paul A <paul.a.lohr@intel.com<mailto:paul.a.lohr@intel.com>>; Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>
Subject: 回复: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Pavamana:
The change should be merged after new FIT spec is published, because FitGen tool follows the public FIT spec.
Thanks
Liming
发件人: Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>
发送时间: 2022年10月26日 23:13
收件人: Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>; Gao, Liming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com<mailto:rangasai.v.chaganty@intel.com>>; Lohr, Paul A <paul.a.lohr@intel.com<mailto:paul.a.lohr@intel.com>>; Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>
主题: RE: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Thanks for the review, Liming.
@Feng, Bob C<mailto:bob.c.feng@intel.com>,
What is the next step to merge the change?
Let me know if anything is needed from me.
Thanks for your help again.
Regards,
Pavamana
From: Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>
Sent: Tuesday, October 25, 2022 8:36 PM
To: Gao, Liming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com<mailto:rangasai.v.chaganty@intel.com>>; Lohr, Paul A <paul.a.lohr@intel.com<mailto:paul.a.lohr@intel.com>>
Cc: Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>
Subject: RE: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Hi Liming,
The spec is in process of being published.
@Chaganty, Rangasai V<mailto:rangasai.v.chaganty@intel.com> @Lohr, Paul A<mailto:paul.a.lohr@intel.com>
Any update on FIT spec being published?
Thanks,
Michael
From: gaoliming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>
Sent: Tuesday, October 25, 2022 09:18 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>
Cc: Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>; Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>
Subject: 回复: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Pavamana:
The code change looks good. Now, is FIT spec 1.4 public to be downloaded?
Thanks
Liming
发件人: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> 代表 Hv, Pavamana
发送时间: 2022年10月26日 5:50
收件人: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Gao, Liming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>
抄送: Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>; Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>
主题: Re: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
重要性: 高
Hi Liming,
Any update on this? Please treat this with urgency as we have a release coming up and needs this change.
-Pavamana
From: Hv, Pavamana
Sent: Monday, October 24, 2022 10:05 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Gao, Liming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>
Subject: RE: [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
@Gao, Liming<mailto:gaoliming@byosoft.com.cn>,
Can you please review the patch and let me know if this can be merged?
Thanks in advance for your help.
Regards,
Pavamana
-----Original Message-----
From: Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>
Sent: Wednesday, October 19, 2022 8:57 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Cc: Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>
Subject: [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4086
This commit adds support for new FIT record type for Vendor Authorized Boot (VAB) security technology(FIT spec revision 1.4).
VAB defines 3 new following types
Vendor Authorized Boot Provisioning Table (Type 0x1A) Vendor Authorized Boot Image Manifest (Type 0x1B) Vendor Authorized Boot Key Manifest (Type 0x1C) The code has been updated to align these binaries on 64 byte boundary and not to overlap with other regions, similar to Key manifest, Boot Policy manifest and other optional types.
Also added macros to define FIT spec Major and Minor version numbers and print the same instead of hardcoded string.
Signed-off-by: Pavamana Holavanahalli <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>
---
Silicon/Intel/Tools/FitGen/FitGen.c | 61 +++++++++++++++++++---------- Silicon/Intel/Tools/FitGen/FitGen.h | 5 ++-
2 files changed, 44 insertions(+), 22 deletions(-)
diff --git a/Silicon/Intel/Tools/FitGen/FitGen.c b/Silicon/Intel/Tools/FitGen/FitGen.c
index 21dfcf1ebb..87123f9922 100644
--- a/Silicon/Intel/Tools/FitGen/FitGen.c
+++ b/Silicon/Intel/Tools/FitGen/FitGen.c
@@ -234,20 +234,24 @@ typedef struct {
#define FLASH_TO_MEMORY(Address, FvBuffer, FvSize) \ (VOID *)(UINTN)((UINTN)(FvBuffer) + (UINTN)(FvSize) - (TOP_FLASH_ADDRESS - (UINTN)(Address))) -#define FIT_TABLE_TYPE_HEADER 0-#define FIT_TABLE_TYPE_MICROCODE 1-#define FIT_TABLE_TYPE_STARTUP_ACM 2-#define FIT_TABLE_TYPE_DIAGNST_ACM 3-#define FIT_TABLE_TYPE_BIOS_MODULE 7-#define FIT_TABLE_TYPE_TPM_POLICY 8-#define FIT_TABLE_TYPE_BIOS_POLICY 9-#define FIT_TABLE_TYPE_TXT_POLICY 10-#define FIT_TABLE_TYPE_KEY_MANIFEST 11-#define FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST 12-#define FIT_TABLE_TYPE_BIOS_DATA_AREA 13-#define FIT_TABLE_TYPE_CSE_SECURE_BOOT 16-#define FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST 12-#define FIT_TABLE_SUBTYPE_ACM_MANIFEST 13+#define FIT_TABLE_TYPE_HEADER 0+#define FIT_TABLE_TYPE_MICROCODE 1+#define FIT_TABLE_TYPE_STARTUP_ACM 2+#define FIT_TABLE_TYPE_DIAGNST_ACM 3+#define FIT_TABLE_TYPE_BIOS_MODULE 7+#define FIT_TABLE_TYPE_TPM_POLICY 8+#define FIT_TABLE_TYPE_BIOS_POLICY 9+#define FIT_TABLE_TYPE_TXT_POLICY 10+#define FIT_TABLE_TYPE_KEY_MANIFEST 11+#define FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST 12+#define FIT_TABLE_TYPE_BIOS_DATA_AREA 13+#define FIT_TABLE_TYPE_CSE_SECURE_BOOT 16+#define FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST 12+#define FIT_TABLE_SUBTYPE_ACM_MANIFEST 13+#define FIT_TABLE_TYPE_VAB_PROVISION_TABLE 26+#define FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST 27+#define FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST 28+ // // With OptionalModule Address isn't known until free space has been@@ -322,8 +326,10 @@ Returns:
--*/ { printf (- "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec revision 1.2."" Version %i.%i\n\n",+ "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec revision %i.%i."" Version %i.%i\n\n", UTILITY_NAME,+ FIT_SPEC_VERSION_MAJOR,+ FIT_SPEC_VERSION_MINOR, UTILITY_MAJOR_VERSION, UTILITY_MINOR_VERSION );@@ -1956,7 +1962,10 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) { // NOTE: It might be virtual address now. Just put a place holder. FitEntryNumber ++; }@@ -2154,8 +2163,11 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {- // Let it 64 byte align+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) {+ // Let it 64 byte align AlignedSize += BIOS_MODULE_ALIGNMENT; AlignedSize &= ~BIOS_MODULE_ALIGNMENT; }@@ -2166,8 +2178,11 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {- // Let it 64 byte align+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) {+ // Let it 64 byte align OptionalModuleAddress = (UINT8 *)((UINTN)OptionalModuleAddress & ~BIOS_MODULE_ALIGNMENT); } @@ -2201,7 +2216,11 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) {+ CheckOverlap (gFitTableContext.OptionalModule[Index].Address, AlignedSize); } }diff --git a/Silicon/Intel/Tools/FitGen/FitGen.h b/Silicon/Intel/Tools/FitGen/FitGen.h
index 80a1423ceb..511ab652ab 100644
--- a/Silicon/Intel/Tools/FitGen/FitGen.h
+++ b/Silicon/Intel/Tools/FitGen/FitGen.h
@@ -31,9 +31,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
// Utility version information // #define UTILITY_MAJOR_VERSION 0-#define UTILITY_MINOR_VERSION 66+#define UTILITY_MINOR_VERSION 67 #define UTILITY_DATE __DATE__ +#define FIT_SPEC_VERSION_MAJOR 1+#define FIT_SPEC_VERSION_MINOR 4+ // // The minimum number of arguments accepted from the command line. //--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#95682): https://edk2.groups.io/g/devel/message/95682
Mute This Topic: https://groups.io/mt/94620946/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Hi Pavamana,
This is the output on my side.
py -3 BaseTools\Scripts\PatchCheck.py edk2-devel]-[PATCH-v2]-edk2Platforms-Silicon-Add-VAB-FIT-record-types-support-in-FitGen.c.patch
Checking patch file: edk2-devel]-[PATCH-v2]-edk2Platforms-Silicon-Add-VAB-FIT-record-types-support-in-FitGen.c.patch
The 'Author' email address is not valid:
* Add quotes (") around name with a comma: Hv, Pavamana
[PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
The commit message format is not valid:
* First line of commit message (subject line) is too long (77 >= 76).
https://github.com/tianocore/tianocore.github.io/wiki/Commit-Message-Format
The code passed all checks.
Thanks,
Bob
From: Hv, Pavamana <pavamana.hv@intel.com>
Sent: Friday, October 28, 2022 10:08 PM
To: Feng, Bob C <bob.c.feng@intel.com>; devel@edk2.groups.io; Gao, Liming <gaoliming@byosoft.com.cn>; Holland, Michael <michael.holland@intel.com>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com>; Lohr, Paul A <paul.a.lohr@intel.com>
Subject: RE: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Hi Bob,
I had run the check and ran it again and this is what I get
C:\Work\Tianocore\edk2-platforms> c:\python38\python ..\edk2\BaseTools\Scripts\PatchCheck.py .\0001-edk2Platforms-Silicon-Add-VAB-FIT-record-types-suppo.patch
Checking patch file: .\0001-edk2Platforms-Silicon-Add-VAB-FIT-record-types-suppo.patch
edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
The commit message format passed all checks.
The code passed all checks.
I am not sure what you are seeing. Can you please paste your output? Am I missing something?
Regards,
Pavamana
From: Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>
Sent: Thursday, October 27, 2022 10:33 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Gao, Liming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>; Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>; Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com<mailto:rangasai.v.chaganty@intel.com>>; Lohr, Paul A <paul.a.lohr@intel.com<mailto:paul.a.lohr@intel.com>>
Subject: RE: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Hi Pavamana,
I found there are few patch format issues. Please use edk2\BaseTools\Scripts\PatchCheck.py to check the patch and fix them. After that, I’ll merge it.
Thanks,
Bob
From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of gaoliming via groups.io
Sent: Friday, October 28, 2022 9:11 AM
To: Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>; Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com<mailto:rangasai.v.chaganty@intel.com>>; Lohr, Paul A <paul.a.lohr@intel.com<mailto:paul.a.lohr@intel.com>>; Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>
Subject: 回复: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Michael:
Thanks for your sharing.
Pavamana:
FIT spec 1.4 has been published. So, this change can be merged now.
Thanks
Liming
发件人: Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>
发送时间: 2022年10月28日 1:41
收件人: Gao, Liming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>; Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com<mailto:rangasai.v.chaganty@intel.com>>; Lohr, Paul A <paul.a.lohr@intel.com<mailto:paul.a.lohr@intel.com>>; Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>
主题: RE: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Hi Liming,
Please see published FIT spec 1.4: https://edc.intel.com/content/www/us/en/design/products-and-solutions/software-and-services/firmware-and-bios/firmware-interface-table/
Thanks,
Michael
From: gaoliming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>
Sent: Wednesday, October 26, 2022 07:59 PM
To: Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>; Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com<mailto:rangasai.v.chaganty@intel.com>>; Lohr, Paul A <paul.a.lohr@intel.com<mailto:paul.a.lohr@intel.com>>; Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>
Subject: 回复: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Pavamana:
The change should be merged after new FIT spec is published, because FitGen tool follows the public FIT spec.
Thanks
Liming
发件人: Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>
发送时间: 2022年10月26日 23:13
收件人: Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>; Gao, Liming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com<mailto:rangasai.v.chaganty@intel.com>>; Lohr, Paul A <paul.a.lohr@intel.com<mailto:paul.a.lohr@intel.com>>; Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>
主题: RE: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Thanks for the review, Liming.
@Feng, Bob C<mailto:bob.c.feng@intel.com>,
What is the next step to merge the change?
Let me know if anything is needed from me.
Thanks for your help again.
Regards,
Pavamana
From: Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>
Sent: Tuesday, October 25, 2022 8:36 PM
To: Gao, Liming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com<mailto:rangasai.v.chaganty@intel.com>>; Lohr, Paul A <paul.a.lohr@intel.com<mailto:paul.a.lohr@intel.com>>
Cc: Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>
Subject: RE: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Hi Liming,
The spec is in process of being published.
@Chaganty, Rangasai V<mailto:rangasai.v.chaganty@intel.com> @Lohr, Paul A<mailto:paul.a.lohr@intel.com>
Any update on FIT spec being published?
Thanks,
Michael
From: gaoliming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>
Sent: Tuesday, October 25, 2022 09:18 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>
Cc: Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>; Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>
Subject: 回复: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Pavamana:
The code change looks good. Now, is FIT spec 1.4 public to be downloaded?
Thanks
Liming
发件人: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> 代表 Hv, Pavamana
发送时间: 2022年10月26日 5:50
收件人: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Gao, Liming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>
抄送: Feng, Bob C <bob.c.feng@intel.com<mailto:bob.c.feng@intel.com>>; Holland, Michael <michael.holland@intel.com<mailto:michael.holland@intel.com>>
主题: Re: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
重要性: 高
Hi Liming,
Any update on this? Please treat this with urgency as we have a release coming up and needs this change.
-Pavamana
From: Hv, Pavamana
Sent: Monday, October 24, 2022 10:05 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Gao, Liming <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>
Subject: RE: [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
@Gao, Liming<mailto:gaoliming@byosoft.com.cn>,
Can you please review the patch and let me know if this can be merged?
Thanks in advance for your help.
Regards,
Pavamana
-----Original Message-----
From: Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>
Sent: Wednesday, October 19, 2022 8:57 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Cc: Hv, Pavamana <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>
Subject: [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4086
This commit adds support for new FIT record type for Vendor Authorized Boot (VAB) security technology(FIT spec revision 1.4).
VAB defines 3 new following types
Vendor Authorized Boot Provisioning Table (Type 0x1A) Vendor Authorized Boot Image Manifest (Type 0x1B) Vendor Authorized Boot Key Manifest (Type 0x1C) The code has been updated to align these binaries on 64 byte boundary and not to overlap with other regions, similar to Key manifest, Boot Policy manifest and other optional types.
Also added macros to define FIT spec Major and Minor version numbers and print the same instead of hardcoded string.
Signed-off-by: Pavamana Holavanahalli <pavamana.hv@intel.com<mailto:pavamana.hv@intel.com>>
---
Silicon/Intel/Tools/FitGen/FitGen.c | 61 +++++++++++++++++++---------- Silicon/Intel/Tools/FitGen/FitGen.h | 5 ++-
2 files changed, 44 insertions(+), 22 deletions(-)
diff --git a/Silicon/Intel/Tools/FitGen/FitGen.c b/Silicon/Intel/Tools/FitGen/FitGen.c
index 21dfcf1ebb..87123f9922 100644
--- a/Silicon/Intel/Tools/FitGen/FitGen.c
+++ b/Silicon/Intel/Tools/FitGen/FitGen.c
@@ -234,20 +234,24 @@ typedef struct {
#define FLASH_TO_MEMORY(Address, FvBuffer, FvSize) \ (VOID *)(UINTN)((UINTN)(FvBuffer) + (UINTN)(FvSize) - (TOP_FLASH_ADDRESS - (UINTN)(Address))) -#define FIT_TABLE_TYPE_HEADER 0-#define FIT_TABLE_TYPE_MICROCODE 1-#define FIT_TABLE_TYPE_STARTUP_ACM 2-#define FIT_TABLE_TYPE_DIAGNST_ACM 3-#define FIT_TABLE_TYPE_BIOS_MODULE 7-#define FIT_TABLE_TYPE_TPM_POLICY 8-#define FIT_TABLE_TYPE_BIOS_POLICY 9-#define FIT_TABLE_TYPE_TXT_POLICY 10-#define FIT_TABLE_TYPE_KEY_MANIFEST 11-#define FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST 12-#define FIT_TABLE_TYPE_BIOS_DATA_AREA 13-#define FIT_TABLE_TYPE_CSE_SECURE_BOOT 16-#define FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST 12-#define FIT_TABLE_SUBTYPE_ACM_MANIFEST 13+#define FIT_TABLE_TYPE_HEADER 0+#define FIT_TABLE_TYPE_MICROCODE 1+#define FIT_TABLE_TYPE_STARTUP_ACM 2+#define FIT_TABLE_TYPE_DIAGNST_ACM 3+#define FIT_TABLE_TYPE_BIOS_MODULE 7+#define FIT_TABLE_TYPE_TPM_POLICY 8+#define FIT_TABLE_TYPE_BIOS_POLICY 9+#define FIT_TABLE_TYPE_TXT_POLICY 10+#define FIT_TABLE_TYPE_KEY_MANIFEST 11+#define FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST 12+#define FIT_TABLE_TYPE_BIOS_DATA_AREA 13+#define FIT_TABLE_TYPE_CSE_SECURE_BOOT 16+#define FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST 12+#define FIT_TABLE_SUBTYPE_ACM_MANIFEST 13+#define FIT_TABLE_TYPE_VAB_PROVISION_TABLE 26+#define FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST 27+#define FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST 28+ // // With OptionalModule Address isn't known until free space has been@@ -322,8 +326,10 @@ Returns:
--*/ { printf (- "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec revision 1.2."" Version %i.%i\n\n",+ "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec revision %i.%i."" Version %i.%i\n\n", UTILITY_NAME,+ FIT_SPEC_VERSION_MAJOR,+ FIT_SPEC_VERSION_MINOR, UTILITY_MAJOR_VERSION, UTILITY_MINOR_VERSION );@@ -1956,7 +1962,10 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) { // NOTE: It might be virtual address now. Just put a place holder. FitEntryNumber ++; }@@ -2154,8 +2163,11 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {- // Let it 64 byte align+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) {+ // Let it 64 byte align AlignedSize += BIOS_MODULE_ALIGNMENT; AlignedSize &= ~BIOS_MODULE_ALIGNMENT; }@@ -2166,8 +2178,11 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {- // Let it 64 byte align+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) {+ // Let it 64 byte align OptionalModuleAddress = (UINT8 *)((UINTN)OptionalModuleAddress & ~BIOS_MODULE_ALIGNMENT); } @@ -2201,7 +2216,11 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) {+ CheckOverlap (gFitTableContext.OptionalModule[Index].Address, AlignedSize); } }diff --git a/Silicon/Intel/Tools/FitGen/FitGen.h b/Silicon/Intel/Tools/FitGen/FitGen.h
index 80a1423ceb..511ab652ab 100644
--- a/Silicon/Intel/Tools/FitGen/FitGen.h
+++ b/Silicon/Intel/Tools/FitGen/FitGen.h
@@ -31,9 +31,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
// Utility version information // #define UTILITY_MAJOR_VERSION 0-#define UTILITY_MINOR_VERSION 66+#define UTILITY_MINOR_VERSION 67 #define UTILITY_DATE __DATE__ +#define FIT_SPEC_VERSION_MAJOR 1+#define FIT_SPEC_VERSION_MINOR 4+ // // The minimum number of arguments accepted from the command line. //--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#95771): https://edk2.groups.io/g/devel/message/95771
Mute This Topic: https://groups.io/mt/94620946/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.