From nobody Tue May 7 18:21:49 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95776+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95776+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1667228305; cv=none; d=zohomail.com; s=zohoarc; b=Udfybhs6gI5twvCv51/nUMobAyExxOiot5oWApsOF0Q2PxxSDlQ8oABDJg7/E08tiWabSCGEXBoLLnfecmRj/RidPYcw3VqpNLWfQ3ERzzRqz9m8WFsHjLf4HgmMI415LvYmIepk476hBO/bYGy37Q7Iw9nZFx185+ZhdxSdZ48= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667228305; h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To; bh=kCW2u6B5TyNwAT6/dMrPGIAHRwZXv+wg8bQOKkfLa0o=; b=JyByj9bo2h8jXgQ0xU2itJGTIHN1X1JiYL1MNTK26BkzGrMV5tjplbddjbJbt2ZnHuO119ekYjaUAzb7HICh5KXTcoTqAV+tOguGa1/wYBlFE4wZrreH4ETn7SnokcpK+XLRtsWpP9zhSMHWhrK9zX/niioig+VOdYJbgGBUjVQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95776+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1667228305517577.8706432498815; Mon, 31 Oct 2022 07:58:25 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id Fz6xYY1788612xCEnUW2ZbWW; Mon, 31 Oct 2022 07:58:24 -0700 X-Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.10152.1667228303269180042 for ; Mon, 31 Oct 2022 07:58:23 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10517"; a="308914741" X-IronPort-AV: E=Sophos;i="5.95,228,1661842800"; d="scan'208";a="308914741" X-Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Oct 2022 07:58:22 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10517"; a="962803837" X-IronPort-AV: E=Sophos;i="5.95,228,1661842800"; d="scan'208";a="962803837" X-Received: from phv-mobl.amr.corp.intel.com ([10.212.67.3]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Oct 2022 07:58:22 -0700 From: "Hv, Pavamana" To: devel@edk2.groups.io Cc: Pavamana Holavanahalli Subject: [edk2-devel] [PATCH v3] edk2-Platforms:Add VAB FIT record types support in FitGen.c Date: Mon, 31 Oct 2022 07:57:43 -0700 Message-Id: <1a8e3ffff75d946f749ac966bbe873f4c6ea1c76.1667227908.git.pavamana.hv@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pavamana.hv@intel.com X-Gm-Message-State: 48oH05uKdtQ902AmRHjfyJxZx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1667228304; bh=oaQFWZuDimNPrrMOTToB1Uqw37MfU9o+W5Sbvm924Mc=; h=Cc:Date:From:Reply-To:Subject:To; b=iEP9Jv9b/b2M6cxhO0R8Ht336CNDYkmo+3ejaB9WtWCrBNQxQnrrnmIdNQSqjmNSmIS c0XOzCNDMHIVlKX2C84+EChIt25pOkWvnHEBfU+vKYl+5pfbKro7nPdQEzV3QjA24F7nC wmjIrNlO9AFJfuqr2dPuQK5/lbhOuwM1KlY= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1667228307112100003 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4086 This commit adds support for new FIT record type for Vendor Authorized Boot (VAB) security technology(FIT spec revision 1.4). VAB defines 3 new following types Vendor Authorized Boot Provisioning Table (Type 0x1A) Vendor Authorized Boot Image Manifest (Type 0x1B) Vendor Authorized Boot Key Manifest (Type 0x1C) The code has been updated to align these binaries on 64 byte boundary and not to overlap with other regions, similar to Key manifest, Boot Policy manifest and other optional types. Also added macros to define FIT spec Major and Minor version numbers and print the same instead of hardcoded string. Signed-off-by: Pavamana Holavanahalli --- Silicon/Intel/Tools/FitGen/FitGen.c | 61 +++++++++++++++++++---------- Silicon/Intel/Tools/FitGen/FitGen.h | 5 ++- 2 files changed, 44 insertions(+), 22 deletions(-) diff --git a/Silicon/Intel/Tools/FitGen/FitGen.c b/Silicon/Intel/Tools/FitG= en/FitGen.c index 21dfcf1ebb..87123f9922 100644 --- a/Silicon/Intel/Tools/FitGen/FitGen.c +++ b/Silicon/Intel/Tools/FitGen/FitGen.c @@ -234,20 +234,24 @@ typedef struct { #define FLASH_TO_MEMORY(Address, FvBuffer, FvSize) \ (VOID *)(UINTN)((UINTN)(FvBuffer) + (UINTN)(FvSize) - (TO= P_FLASH_ADDRESS - (UINTN)(Address))) =20 -#define FIT_TABLE_TYPE_HEADER 0 -#define FIT_TABLE_TYPE_MICROCODE 1 -#define FIT_TABLE_TYPE_STARTUP_ACM 2 -#define FIT_TABLE_TYPE_DIAGNST_ACM 3 -#define FIT_TABLE_TYPE_BIOS_MODULE 7 -#define FIT_TABLE_TYPE_TPM_POLICY 8 -#define FIT_TABLE_TYPE_BIOS_POLICY 9 -#define FIT_TABLE_TYPE_TXT_POLICY 10 -#define FIT_TABLE_TYPE_KEY_MANIFEST 11 -#define FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST 12 -#define FIT_TABLE_TYPE_BIOS_DATA_AREA 13 -#define FIT_TABLE_TYPE_CSE_SECURE_BOOT 16 -#define FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST 12 -#define FIT_TABLE_SUBTYPE_ACM_MANIFEST 13 +#define FIT_TABLE_TYPE_HEADER 0 +#define FIT_TABLE_TYPE_MICROCODE 1 +#define FIT_TABLE_TYPE_STARTUP_ACM 2 +#define FIT_TABLE_TYPE_DIAGNST_ACM 3 +#define FIT_TABLE_TYPE_BIOS_MODULE 7 +#define FIT_TABLE_TYPE_TPM_POLICY 8 +#define FIT_TABLE_TYPE_BIOS_POLICY 9 +#define FIT_TABLE_TYPE_TXT_POLICY 10 +#define FIT_TABLE_TYPE_KEY_MANIFEST 11 +#define FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST 12 +#define FIT_TABLE_TYPE_BIOS_DATA_AREA 13 +#define FIT_TABLE_TYPE_CSE_SECURE_BOOT 16 +#define FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST 12 +#define FIT_TABLE_SUBTYPE_ACM_MANIFEST 13 +#define FIT_TABLE_TYPE_VAB_PROVISION_TABLE 26 +#define FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST 27 +#define FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST 28 + =20 // // With OptionalModule Address isn't known until free space has been @@ -322,8 +326,10 @@ Returns: --*/ { printf ( - "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec revisio= n 1.2."" Version %i.%i\n\n", + "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec revisio= n %i.%i."" Version %i.%i\n\n", UTILITY_NAME, + FIT_SPEC_VERSION_MAJOR, + FIT_SPEC_VERSION_MINOR, UTILITY_MAJOR_VERSION, UTILITY_MINOR_VERSION ); @@ -1956,7 +1962,10 @@ Returns: (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TYPE= _KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TYPE= _BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TYPE= _BIOS_DATA_AREA) || - (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TYPE= _CSE_SECURE_BOOT)) { + (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TYPE= _CSE_SECURE_BOOT) || + (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TYPE= _VAB_PROVISION_TABLE) || + (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TYPE= _VAB_BOOT_IMAGE_MANIFEST) || + (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TYPE= _VAB_BOOT_KEY_MANIFEST)) { // NOTE: It might be virtual address now. Just put a place holder. FitEntryNumber ++; } @@ -2154,8 +2163,11 @@ Returns: (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TY= PE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TY= PE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TY= PE_BIOS_DATA_AREA) || - (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TY= PE_CSE_SECURE_BOOT)) { - // Let it 64 byte align + (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TY= PE_CSE_SECURE_BOOT) || + (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TY= PE_VAB_PROVISION_TABLE) || + (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TY= PE_VAB_BOOT_IMAGE_MANIFEST) || + (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TY= PE_VAB_BOOT_KEY_MANIFEST)) { + // Let it 64 byte align AlignedSize +=3D BIOS_MODULE_ALIGNMENT; AlignedSize &=3D ~BIOS_MODULE_ALIGNMENT; } @@ -2166,8 +2178,11 @@ Returns: (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TY= PE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TY= PE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TY= PE_BIOS_DATA_AREA) || - (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TY= PE_CSE_SECURE_BOOT)) { - // Let it 64 byte align + (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TY= PE_CSE_SECURE_BOOT) || + (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TY= PE_VAB_PROVISION_TABLE) || + (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TY= PE_VAB_BOOT_IMAGE_MANIFEST) || + (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TY= PE_VAB_BOOT_KEY_MANIFEST)) { + // Let it 64 byte align OptionalModuleAddress =3D (UINT8 *)((UINTN)OptionalModuleAddress &= ~BIOS_MODULE_ALIGNMENT); } =20 @@ -2201,7 +2216,11 @@ Returns: (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TYPE= _KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TYPE= _BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TYPE= _BIOS_DATA_AREA) || - (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TYPE= _CSE_SECURE_BOOT)) { + (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TYPE= _CSE_SECURE_BOOT) || + (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TYPE= _VAB_PROVISION_TABLE) || + (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TYPE= _VAB_BOOT_IMAGE_MANIFEST) || + (gFitTableContext.OptionalModule[Index].Type =3D=3D FIT_TABLE_TYPE= _VAB_BOOT_KEY_MANIFEST)) { + CheckOverlap (gFitTableContext.OptionalModule[Index].Address, Aligne= dSize); } } diff --git a/Silicon/Intel/Tools/FitGen/FitGen.h b/Silicon/Intel/Tools/FitG= en/FitGen.h index 80a1423ceb..511ab652ab 100644 --- a/Silicon/Intel/Tools/FitGen/FitGen.h +++ b/Silicon/Intel/Tools/FitGen/FitGen.h @@ -31,9 +31,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // Utility version information // #define UTILITY_MAJOR_VERSION 0 -#define UTILITY_MINOR_VERSION 66 +#define UTILITY_MINOR_VERSION 67 #define UTILITY_DATE __DATE__ =20 +#define FIT_SPEC_VERSION_MAJOR 1 +#define FIT_SPEC_VERSION_MINOR 4 + // // The minimum number of arguments accepted from the command line. // --=20 2.38.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95776): https://edk2.groups.io/g/devel/message/95776 Mute This Topic: https://groups.io/mt/94687036/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-