From nobody Fri Dec 19 19:12:46 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101579+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101579+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1679492391; cv=none; d=zohomail.com; s=zohoarc; b=Hpv3ns0vnw/Z+wj7nw4v4KbEPekbh6IcunUg/DnOyq6KV1Nw/dH1gzTtNM+ua4YVuv0YuAfGp3zOw4EyQnVG3g3ByYrTtJ/+5cQR+fWzBQukxxVxZWIputQ5w0+PFC//qq2EuCu20BpuqSt0KUPH2o40LaxF+w+ezfBmEJpmChM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1679492391; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=7ExiskSFKeANekhOMCULaUKABYcKnODigtjQFTIxYFY=; b=ClEEewu031+LSux7QTAUDKHuYV201kZK1TVk2mAozVj8kXyhoujjvy9L6NiI1tqRciGhLD9RJwCK6RPYdKTjEL2+17wzYrLmQX1hfqzfFUE3kPG7ai57aZrjHNxm78CgvSNtXW7qwhiAbhOaRRgDIxlYuvtykQwoGj7/6S2L+kY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101579+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1679492391596723.6219104673038; Wed, 22 Mar 2023 06:39:51 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 4iseYY1788612xWDijqiSMe8; Wed, 22 Mar 2023 06:39:51 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web10.36366.1679464740334915198 for ; Tue, 21 Mar 2023 22:59:02 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="340671534" X-IronPort-AV: E=Sophos;i="5.98,280,1673942400"; d="scan'208";a="340671534" X-Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2023 22:59:02 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="714294388" X-IronPort-AV: E=Sophos;i="5.98,280,1673942400"; d="scan'208";a="714294388" X-Received: from slakkim-mobl.amr.corp.intel.com ([10.213.186.211]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2023 22:59:01 -0700 From: "Subash Lakkimsetti" To: devel@edk2.groups.io Cc: Subash Lakkimsetti , Guo Dong , Ray Ni , Sean Rhodes , James Lu , Gua Guo Subject: [edk2-devel] [PATCH v1 2/6] UefiPayloadPkg: Add secureboot information HOBs Date: Tue, 21 Mar 2023 22:58:42 -0700 Message-Id: <5a76f4af09f346e3c755755b5855abb53b340e46.1679464590.git.subash.lakkimsetti@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,subash.lakkimsetti@intel.com X-Gm-Message-State: mlYgXdfDllCZIpw7Ztw6tCrlx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1679492391; bh=lBNEEFEPKh7i07jxEJR9z1J0F6ELL9HYhUyW3XM73oc=; h=Cc:Date:From:Reply-To:Subject:To; b=b8C/9WyKIiDjoElXoAIne72QaNarZ5I9wCiA7g48V5VYI2Kvai2oCYU4Ps+6FQzuS0B SzvgYqHcHZ5FxYE9XzIDx9HwneLJidSdnPouVLXCop3bg4UjnZSZM8ZuonvPd2ZAgBrdJ y2v9IQzGW+R2qTZYDx2lI5WHb5/TrXmKAJw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1679492392121100004 Content-Type: text/plain; charset="utf-8" From: Subash Lakkimsetti This patch add the HOB fpr secure and measured boot information. This is populated by bootloader phase and uefipayload pkg uses this info to sync the TPM info PCDs. Cc: Guo Dong Cc: Ray Ni Cc: Sean Rhodes Cc: James Lu Cc: Gua Guo Signed-off-by: Subash Lakkimsetti --- UefiPayloadPkg/BlSupportDxe/BlSupportDxe.c | 77 +++++++++++++++++++- UefiPayloadPkg/BlSupportDxe/BlSupportDxe.inf | 13 +++- UefiPayloadPkg/UefiPayloadPkg.dec | 4 +- UefiPayloadPkg/UefiPayloadPkg.dsc | 2 + 4 files changed, 92 insertions(+), 4 deletions(-) diff --git a/UefiPayloadPkg/BlSupportDxe/BlSupportDxe.c b/UefiPayloadPkg/Bl= SupportDxe/BlSupportDxe.c index 2e70c4533c..7415507ec6 100644 --- a/UefiPayloadPkg/BlSupportDxe/BlSupportDxe.c +++ b/UefiPayloadPkg/BlSupportDxe/BlSupportDxe.c @@ -2,11 +2,14 @@ This driver will report some MMIO/IO resources to dxe core, extract smbi= os and acpi tables from bootloader. =20 - Copyright (c) 2014 - 2021, Intel Corporation. All rights reserved.
+ Copyright (c) 2014 - 2023, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ #include "BlSupportDxe.h" +#include +#include +#include =20 /** Reserve MMIO/IO resource in GCD @@ -86,6 +89,73 @@ ReserveResourceInGcd ( return Status; } =20 +/** +Sync the Secure boot hob info and TPM PCD as per the information passed fr= om Bootloader. +**/ +EFI_STATUS +BlSupportSecurityPcdSync ( + VOID + ) +{ + EFI_STATUS Status; + EFI_HOB_GUID_TYPE *GuidHob; + UNIVERSAL_SECURE_BOOT_INFO *SecurebootInfoHob; + UINTN Size; + + GuidHob =3D GetFirstGuidHob (&gUniversalPayloadSecureBootInfoGuid); + if (GuidHob =3D=3D NULL) { + DEBUG ((DEBUG_ERROR, "gUniversalPayloadSecureBootInfoGuid Not Found!\n= ")); + return EFI_UNSUPPORTED; + } + + SecurebootInfoHob =3D (UNIVERSAL_SECURE_BOOT_INFO *)GET_GUID_HOB_DATA (G= uidHob); + + // Sync the Hash mask for TPM 2.0 as per active PCR banks. + // Make sure that the current PCR allocations, the TPM supported PCRs, + // and the PcdTpm2HashMask are all in agreement. + Status =3D PcdSet32S (PcdTpm2HashMask, SecurebootInfoHob->TpmPcrActivePc= rBanks); + ASSERT_EFI_ERROR (Status); + DEBUG ((DEBUG_INFO, "TpmPcrActivePcrBanks 0x%x \n", SecurebootInfoHob->T= pmPcrActivePcrBanks)); + + // Set the Firmware debugger PCD + Status =3D PcdSetBoolS (PcdFirmwareDebuggerInitialized, SecurebootInfoHo= b->FirmwareDebuggerInitialized); + ASSERT_EFI_ERROR (Status); + DEBUG ((DEBUG_INFO, " FirmwareDebugger Initialized 0x%x \n", SecurebootI= nfoHob->FirmwareDebuggerInitialized)); + + // Set the TPM Type instance GUID + if (SecurebootInfoHob->MeasuredBootEnabled) { + if (SecurebootInfoHob->TpmType =3D=3D TPM_TYPE_20) { + DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__)); + Size =3D sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid); + Status =3D PcdSetPtrS ( + PcdTpmInstanceGuid, + &Size, + &gEfiTpmDeviceInstanceTpm20DtpmGuid + ); + } else if (SecurebootInfoHob->TpmType =3D=3D TPM_TYPE_12) { + DEBUG ((DEBUG_INFO, "%a: TPM1.2 detected\n", __FUNCTION__)); + Size =3D sizeof (gEfiTpmDeviceInstanceTpm12Guid); + Status =3D PcdSetPtrS ( + PcdTpmInstanceGuid, + &Size, + &gEfiTpmDeviceInstanceTpm12Guid + ); + } else { + DEBUG ((DEBUG_INFO, "%a: No TPM detected\n", __FUNCTION__)); + Size =3D sizeof (gEfiTpmDeviceInstanceNoneGuid); + Status =3D PcdSetPtrS ( + PcdTpmInstanceGuid, + &Size, + &gEfiTpmDeviceInstanceNoneGuid + ); + } + + ASSERT_EFI_ERROR (Status); + } + + return Status; +} + /** Main entry for the bootloader support DXE module. =20 @@ -144,5 +214,10 @@ BlDxeEntryPoint ( ASSERT_EFI_ERROR (Status); } =20 + // + // Sync Bootloader info for TPM + // + BlSupportSecurityPcdSync (); + return EFI_SUCCESS; } diff --git a/UefiPayloadPkg/BlSupportDxe/BlSupportDxe.inf b/UefiPayloadPkg/= BlSupportDxe/BlSupportDxe.inf index 96d85d2b1d..162167e6bb 100644 --- a/UefiPayloadPkg/BlSupportDxe/BlSupportDxe.inf +++ b/UefiPayloadPkg/BlSupportDxe/BlSupportDxe.inf @@ -3,7 +3,7 @@ # # Report some MMIO/IO resources to dxe core, extract smbios and acpi tables # -# Copyright (c) 2014 - 2021, Intel Corporation. All rights reserved.
+# Copyright (c) 2014 - 2023, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -30,6 +30,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec UefiPayloadPkg/UefiPayloadPkg.dec =20 [LibraryClasses] @@ -44,6 +45,10 @@ [Guids] gUefiAcpiBoardInfoGuid gEfiGraphicsInfoHobGuid + gUniversalPayloadSecureBootInfoGuid + gEfiTpmDeviceInstanceTpm20DtpmGuid + gEfiTpmDeviceInstanceTpm12Guid + gEfiTpmDeviceInstanceNoneGuid =20 [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution @@ -52,6 +57,10 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoVerticalResolution gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseSize - + ## SOMETIMES_CONSUMES + ## SOMETIMES_PRODUCES + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask + gEfiSecurityPkgTokenSpaceGuid.PcdFirmwareDebuggerInitialized + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid [Depex] TRUE diff --git a/UefiPayloadPkg/UefiPayloadPkg.dec b/UefiPayloadPkg/UefiPayload= Pkg.dec index 7d61d6eeae..20981af295 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.dec +++ b/UefiPayloadPkg/UefiPayloadPkg.dec @@ -3,7 +3,7 @@ # # Provides drivers and definitions to create uefi payload for bootloaders. # -# Copyright (c) 2014 - 2021, Intel Corporation. All rights reserved.
+# Copyright (c) 2014 - 2023, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -42,6 +42,8 @@ gSpiFlashInfoGuid =3D { 0x2d4aac1b, 0x91a5, 0x4cd5, { 0x9b, 0x5c,= 0xb4, 0x0f, 0x5d, 0x28, 0x51, 0xa1 } } gSmmRegisterInfoGuid =3D { 0xaa9bd7a7, 0xcafb, 0x4499, { 0xa4, 0xa9,= 0xb, 0x34, 0x6b, 0x40, 0xa6, 0x22 } } gS3CommunicationGuid =3D { 0x88e31ba1, 0x1856, 0x4b8b, { 0xbb, 0xdf,= 0xf8, 0x16, 0xdd, 0x94, 0xa, 0xef } } + gUniversalPayloadSecureBootInfoGuid =3D { 0xd970f847, 0x07dd, 0x4b2= 4, { 0x9e, 0x1e, 0xae, 0x6c, 0x80, 0x9b, 0x1d, 0x38 } } + =20 [Ppis] gEfiPayLoadHobBasePpiGuid =3D { 0xdbe23aa1, 0xa342, 0x4b97, {0x85, 0xb6,= 0xb2, 0x26, 0xf1, 0x61, 0x73, 0x89} } diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayload= Pkg.dsc index bca5d3f335..2f5c70ec9c 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.dsc +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc @@ -579,6 +579,8 @@ =20 gPcAtChipsetPkgTokenSpaceGuid.PcdRtcIndexRegister|$(RTC_INDEX_REGISTER) gPcAtChipsetPkgTokenSpaceGuid.PcdRtcTargetRegister|$(RTC_TARGET_REGISTER) + gEfiSecurityPkgTokenSpaceGuid.PcdFirmwareDebuggerInitialized|FALSE + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x5a, 0xf2, 0x6b, 0x28= , 0xc3, 0xc2, 0x8c, 0x40, 0xb3, 0xb4, 0x25, 0xe6, 0x75, 0x8b, 0x73, 0x17} =20 ##########################################################################= ###### # --=20 2.39.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101579): https://edk2.groups.io/g/devel/message/101579 Mute This Topic: https://groups.io/mt/97777995/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-