From nobody Thu Mar 28 11:46:22 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101578+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101578+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1679492392; cv=none; d=zohomail.com; s=zohoarc; b=kB11S80Hzp44exl1TqlSnJfGDbFqzQyot3NZXHoXFZrpW1bhNqpch99z68AJeyN4M86L6iMB9LuE7cyQRvn3lc7LuSKO7yAtRw0EzYgW8cZtMvGSGLcb4gxckf7lAs5M/+lq07xsdQYbUfbrOuXalAevIU2Xksbx5ewgW+Htajk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1679492392; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=HAxc13i/pCijKE3gO2ogzxUmEnJm5jjlF+L/3gg9is4=; b=astETswLjnqvpcvsZXxBWUMimNhuuMvcLRtUHrBM97JXvwTLKN8iDK+ShbXQJH96bhoEqubgG5Ipzs3SnSR6G0lgi5Fwy2+xgfjPzyBZR6QPua1hDhsyfkKg0PQg4er48Mxr/uOVS8jzi/2fnUUt3QsTCqzjibVnd+D+/aUwLlw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101578+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1679492392259316.2475712075362; Wed, 22 Mar 2023 06:39:52 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id XzLvYY1788612x66bW3LfmEZ; Wed, 22 Mar 2023 06:39:51 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web10.36366.1679464740334915198 for ; Tue, 21 Mar 2023 22:59:00 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="340671528" X-IronPort-AV: E=Sophos;i="5.98,280,1673942400"; d="scan'208";a="340671528" X-Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2023 22:59:00 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="714294380" X-IronPort-AV: E=Sophos;i="5.98,280,1673942400"; d="scan'208";a="714294380" X-Received: from slakkim-mobl.amr.corp.intel.com ([10.213.186.211]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2023 22:58:59 -0700 From: "Subash Lakkimsetti" To: devel@edk2.groups.io Cc: Subash Lakkimsetti , Zhiguang Liu , Ray Ni , Gua Guo Subject: [edk2-devel] [PATCH v1 1/6] MdeModulePkg: universal payload HOB for secure boot info Date: Tue, 21 Mar 2023 22:58:41 -0700 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,subash.lakkimsetti@intel.com X-Gm-Message-State: 0rQZnUhH892y4bVFWmmqzAQtx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1679492391; bh=hNjWxjd2JVNOhVVZhjCQlZ3L6qqOgJl2B906CL1Qp5A=; h=Cc:Date:From:Reply-To:Subject:To; b=q3Oov2dccZlPGlptWAvgfPbC6bHsk8BRF9pqSOhu3OUxuKaX1J65QsbOcOX6BAqjBzS cpHTkTHUSFmnVkb5pLZ77zp/N7/Q2DaZDMEj7wiLqRLZzaJDGFG+uxxDBooZUjHJDuvnd xmoQxcoBLmSrKZ6QqnYawXeE6oIIAsHJlR0= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1679492393863100011 Content-Type: text/plain; charset="utf-8" From: Subash Lakkimsetti Add the hob structure header for universal payload for secure boot and measure boot information from bootloaders. Universal payload spec definied at https://universalscalablefirmware.github.io/documentation/2_universal_paylo= ad.html Cc: Zhiguang Liu Cc: Ray Ni Cc: Gua Guo Signed-off-by: Subash Lakkimsetti --- .../UniversalPayload/SecureBootInfoGuid.h | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 MdeModulePkg/Include/UniversalPayload/SecureBootInfoGui= d.h diff --git a/MdeModulePkg/Include/UniversalPayload/SecureBootInfoGuid.h b/M= deModulePkg/Include/UniversalPayload/SecureBootInfoGuid.h new file mode 100644 index 0000000000..5f0f75eb3a --- /dev/null +++ b/MdeModulePkg/Include/UniversalPayload/SecureBootInfoGuid.h @@ -0,0 +1,37 @@ +/** @file + This file defines the hob structure for the Secure boot information. + + Copyright (c) 2023, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef SECUREBOOT_INFO_GUID_H_ +#define SECUREBOOT_INFO_GUID_H_ + +#include + +/** + Secure Boot info Hob GUID +**/ +extern EFI_GUID gUniversalPayloadSecureBootInfoGuid; + +#define PAYLOAD_SECUREBOOT_INFO_HOB_REVISION 0x1 + +#define NO_TPM 0x0 +#define TPM_TYPE_12 0x1 +#define TPM_TYPE_20 0x2 + +#pragma pack(1) +typedef struct { + UNIVERSAL_PAYLOAD_GENERIC_HEADER Header; + UINT8 VerifiedBootEnabled; + UINT8 MeasuredBootEnabled; + UINT8 FirmwareDebuggerInitialized; + UINT8 TpmType; + UINT8 Reserved[3]; + UINT32 TpmPcrActivePcrBanks; +} UNIVERSAL_SECURE_BOOT_INFO; +#pragma pack() + +#endif // SECUREBOOT_INFO_GUID_H_ --=20 2.39.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101578): https://edk2.groups.io/g/devel/message/101578 Mute This Topic: https://groups.io/mt/97777994/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu Mar 28 11:46:22 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101579+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101579+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1679492391; cv=none; d=zohomail.com; s=zohoarc; b=Hpv3ns0vnw/Z+wj7nw4v4KbEPekbh6IcunUg/DnOyq6KV1Nw/dH1gzTtNM+ua4YVuv0YuAfGp3zOw4EyQnVG3g3ByYrTtJ/+5cQR+fWzBQukxxVxZWIputQ5w0+PFC//qq2EuCu20BpuqSt0KUPH2o40LaxF+w+ezfBmEJpmChM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1679492391; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=7ExiskSFKeANekhOMCULaUKABYcKnODigtjQFTIxYFY=; b=ClEEewu031+LSux7QTAUDKHuYV201kZK1TVk2mAozVj8kXyhoujjvy9L6NiI1tqRciGhLD9RJwCK6RPYdKTjEL2+17wzYrLmQX1hfqzfFUE3kPG7ai57aZrjHNxm78CgvSNtXW7qwhiAbhOaRRgDIxlYuvtykQwoGj7/6S2L+kY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101579+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1679492391596723.6219104673038; Wed, 22 Mar 2023 06:39:51 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 4iseYY1788612xWDijqiSMe8; Wed, 22 Mar 2023 06:39:51 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web10.36366.1679464740334915198 for ; Tue, 21 Mar 2023 22:59:02 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="340671534" X-IronPort-AV: E=Sophos;i="5.98,280,1673942400"; d="scan'208";a="340671534" X-Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2023 22:59:02 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="714294388" X-IronPort-AV: E=Sophos;i="5.98,280,1673942400"; d="scan'208";a="714294388" X-Received: from slakkim-mobl.amr.corp.intel.com ([10.213.186.211]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2023 22:59:01 -0700 From: "Subash Lakkimsetti" To: devel@edk2.groups.io Cc: Subash Lakkimsetti , Guo Dong , Ray Ni , Sean Rhodes , James Lu , Gua Guo Subject: [edk2-devel] [PATCH v1 2/6] UefiPayloadPkg: Add secureboot information HOBs Date: Tue, 21 Mar 2023 22:58:42 -0700 Message-Id: <5a76f4af09f346e3c755755b5855abb53b340e46.1679464590.git.subash.lakkimsetti@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,subash.lakkimsetti@intel.com X-Gm-Message-State: mlYgXdfDllCZIpw7Ztw6tCrlx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1679492391; bh=lBNEEFEPKh7i07jxEJR9z1J0F6ELL9HYhUyW3XM73oc=; h=Cc:Date:From:Reply-To:Subject:To; b=b8C/9WyKIiDjoElXoAIne72QaNarZ5I9wCiA7g48V5VYI2Kvai2oCYU4Ps+6FQzuS0B SzvgYqHcHZ5FxYE9XzIDx9HwneLJidSdnPouVLXCop3bg4UjnZSZM8ZuonvPd2ZAgBrdJ y2v9IQzGW+R2qTZYDx2lI5WHb5/TrXmKAJw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1679492392121100004 Content-Type: text/plain; charset="utf-8" From: Subash Lakkimsetti This patch add the HOB fpr secure and measured boot information. This is populated by bootloader phase and uefipayload pkg uses this info to sync the TPM info PCDs. Cc: Guo Dong Cc: Ray Ni Cc: Sean Rhodes Cc: James Lu Cc: Gua Guo Signed-off-by: Subash Lakkimsetti --- UefiPayloadPkg/BlSupportDxe/BlSupportDxe.c | 77 +++++++++++++++++++- UefiPayloadPkg/BlSupportDxe/BlSupportDxe.inf | 13 +++- UefiPayloadPkg/UefiPayloadPkg.dec | 4 +- UefiPayloadPkg/UefiPayloadPkg.dsc | 2 + 4 files changed, 92 insertions(+), 4 deletions(-) diff --git a/UefiPayloadPkg/BlSupportDxe/BlSupportDxe.c b/UefiPayloadPkg/Bl= SupportDxe/BlSupportDxe.c index 2e70c4533c..7415507ec6 100644 --- a/UefiPayloadPkg/BlSupportDxe/BlSupportDxe.c +++ b/UefiPayloadPkg/BlSupportDxe/BlSupportDxe.c @@ -2,11 +2,14 @@ This driver will report some MMIO/IO resources to dxe core, extract smbi= os and acpi tables from bootloader. =20 - Copyright (c) 2014 - 2021, Intel Corporation. All rights reserved.
+ Copyright (c) 2014 - 2023, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ #include "BlSupportDxe.h" +#include +#include +#include =20 /** Reserve MMIO/IO resource in GCD @@ -86,6 +89,73 @@ ReserveResourceInGcd ( return Status; } =20 +/** +Sync the Secure boot hob info and TPM PCD as per the information passed fr= om Bootloader. +**/ +EFI_STATUS +BlSupportSecurityPcdSync ( + VOID + ) +{ + EFI_STATUS Status; + EFI_HOB_GUID_TYPE *GuidHob; + UNIVERSAL_SECURE_BOOT_INFO *SecurebootInfoHob; + UINTN Size; + + GuidHob =3D GetFirstGuidHob (&gUniversalPayloadSecureBootInfoGuid); + if (GuidHob =3D=3D NULL) { + DEBUG ((DEBUG_ERROR, "gUniversalPayloadSecureBootInfoGuid Not Found!\n= ")); + return EFI_UNSUPPORTED; + } + + SecurebootInfoHob =3D (UNIVERSAL_SECURE_BOOT_INFO *)GET_GUID_HOB_DATA (G= uidHob); + + // Sync the Hash mask for TPM 2.0 as per active PCR banks. + // Make sure that the current PCR allocations, the TPM supported PCRs, + // and the PcdTpm2HashMask are all in agreement. + Status =3D PcdSet32S (PcdTpm2HashMask, SecurebootInfoHob->TpmPcrActivePc= rBanks); + ASSERT_EFI_ERROR (Status); + DEBUG ((DEBUG_INFO, "TpmPcrActivePcrBanks 0x%x \n", SecurebootInfoHob->T= pmPcrActivePcrBanks)); + + // Set the Firmware debugger PCD + Status =3D PcdSetBoolS (PcdFirmwareDebuggerInitialized, SecurebootInfoHo= b->FirmwareDebuggerInitialized); + ASSERT_EFI_ERROR (Status); + DEBUG ((DEBUG_INFO, " FirmwareDebugger Initialized 0x%x \n", SecurebootI= nfoHob->FirmwareDebuggerInitialized)); + + // Set the TPM Type instance GUID + if (SecurebootInfoHob->MeasuredBootEnabled) { + if (SecurebootInfoHob->TpmType =3D=3D TPM_TYPE_20) { + DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__)); + Size =3D sizeof (gEfiTpmDeviceInstanceTpm20DtpmGuid); + Status =3D PcdSetPtrS ( + PcdTpmInstanceGuid, + &Size, + &gEfiTpmDeviceInstanceTpm20DtpmGuid + ); + } else if (SecurebootInfoHob->TpmType =3D=3D TPM_TYPE_12) { + DEBUG ((DEBUG_INFO, "%a: TPM1.2 detected\n", __FUNCTION__)); + Size =3D sizeof (gEfiTpmDeviceInstanceTpm12Guid); + Status =3D PcdSetPtrS ( + PcdTpmInstanceGuid, + &Size, + &gEfiTpmDeviceInstanceTpm12Guid + ); + } else { + DEBUG ((DEBUG_INFO, "%a: No TPM detected\n", __FUNCTION__)); + Size =3D sizeof (gEfiTpmDeviceInstanceNoneGuid); + Status =3D PcdSetPtrS ( + PcdTpmInstanceGuid, + &Size, + &gEfiTpmDeviceInstanceNoneGuid + ); + } + + ASSERT_EFI_ERROR (Status); + } + + return Status; +} + /** Main entry for the bootloader support DXE module. =20 @@ -144,5 +214,10 @@ BlDxeEntryPoint ( ASSERT_EFI_ERROR (Status); } =20 + // + // Sync Bootloader info for TPM + // + BlSupportSecurityPcdSync (); + return EFI_SUCCESS; } diff --git a/UefiPayloadPkg/BlSupportDxe/BlSupportDxe.inf b/UefiPayloadPkg/= BlSupportDxe/BlSupportDxe.inf index 96d85d2b1d..162167e6bb 100644 --- a/UefiPayloadPkg/BlSupportDxe/BlSupportDxe.inf +++ b/UefiPayloadPkg/BlSupportDxe/BlSupportDxe.inf @@ -3,7 +3,7 @@ # # Report some MMIO/IO resources to dxe core, extract smbios and acpi tables # -# Copyright (c) 2014 - 2021, Intel Corporation. All rights reserved.
+# Copyright (c) 2014 - 2023, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -30,6 +30,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec UefiPayloadPkg/UefiPayloadPkg.dec =20 [LibraryClasses] @@ -44,6 +45,10 @@ [Guids] gUefiAcpiBoardInfoGuid gEfiGraphicsInfoHobGuid + gUniversalPayloadSecureBootInfoGuid + gEfiTpmDeviceInstanceTpm20DtpmGuid + gEfiTpmDeviceInstanceTpm12Guid + gEfiTpmDeviceInstanceNoneGuid =20 [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution @@ -52,6 +57,10 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoVerticalResolution gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseSize - + ## SOMETIMES_CONSUMES + ## SOMETIMES_PRODUCES + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask + gEfiSecurityPkgTokenSpaceGuid.PcdFirmwareDebuggerInitialized + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid [Depex] TRUE diff --git a/UefiPayloadPkg/UefiPayloadPkg.dec b/UefiPayloadPkg/UefiPayload= Pkg.dec index 7d61d6eeae..20981af295 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.dec +++ b/UefiPayloadPkg/UefiPayloadPkg.dec @@ -3,7 +3,7 @@ # # Provides drivers and definitions to create uefi payload for bootloaders. # -# Copyright (c) 2014 - 2021, Intel Corporation. All rights reserved.
+# Copyright (c) 2014 - 2023, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -42,6 +42,8 @@ gSpiFlashInfoGuid =3D { 0x2d4aac1b, 0x91a5, 0x4cd5, { 0x9b, 0x5c,= 0xb4, 0x0f, 0x5d, 0x28, 0x51, 0xa1 } } gSmmRegisterInfoGuid =3D { 0xaa9bd7a7, 0xcafb, 0x4499, { 0xa4, 0xa9,= 0xb, 0x34, 0x6b, 0x40, 0xa6, 0x22 } } gS3CommunicationGuid =3D { 0x88e31ba1, 0x1856, 0x4b8b, { 0xbb, 0xdf,= 0xf8, 0x16, 0xdd, 0x94, 0xa, 0xef } } + gUniversalPayloadSecureBootInfoGuid =3D { 0xd970f847, 0x07dd, 0x4b2= 4, { 0x9e, 0x1e, 0xae, 0x6c, 0x80, 0x9b, 0x1d, 0x38 } } + =20 [Ppis] gEfiPayLoadHobBasePpiGuid =3D { 0xdbe23aa1, 0xa342, 0x4b97, {0x85, 0xb6,= 0xb2, 0x26, 0xf1, 0x61, 0x73, 0x89} } diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayload= Pkg.dsc index bca5d3f335..2f5c70ec9c 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.dsc +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc @@ -579,6 +579,8 @@ =20 gPcAtChipsetPkgTokenSpaceGuid.PcdRtcIndexRegister|$(RTC_INDEX_REGISTER) gPcAtChipsetPkgTokenSpaceGuid.PcdRtcTargetRegister|$(RTC_TARGET_REGISTER) + gEfiSecurityPkgTokenSpaceGuid.PcdFirmwareDebuggerInitialized|FALSE + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x5a, 0xf2, 0x6b, 0x28= , 0xc3, 0xc2, 0x8c, 0x40, 0xb3, 0xb4, 0x25, 0xe6, 0x75, 0x8b, 0x73, 0x17} =20 ##########################################################################= ###### # --=20 2.39.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101579): https://edk2.groups.io/g/devel/message/101579 Mute This Topic: https://groups.io/mt/97777995/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu Mar 28 11:46:22 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101580+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101580+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1679492394; cv=none; d=zohomail.com; s=zohoarc; b=KJTV/xPBDTvupmG0MFcvozlP+pVUEsMAQyzca4Fz42jprZAXEEeBr1gjvTI1MqQnoXgeSXNLRTJtaQ0HtvX/ykZGGLz2fUv2NDrCvGmyFh5Z0ZIIXsdKXaVGDU5fIdU9FHQB1IMLUUItKTYgXGq601M/rxYo5PfsdNYpB459OwU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1679492394; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=6ziFDT2O29MZYmEpLo+005WB+q7J42QhqzZ2xlDxgXA=; b=nHIA6P7NGJ6bBgxMSlEpaoea6jZF+o84if6ljlnXM5CzLkLJrYS8dihetBXp4YSzWNR5Auu4o5fJi9d/XyKOwl9N9IsVJgHDXf9YIkDI8L3vmgFuXKrWtZ6T0rfenDcZGu3m8x62ZmnwoUQtr+sgb8A+MizN7boTrpiQIJwvDD8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101580+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1679492394098507.7112582216372; Wed, 22 Mar 2023 06:39:54 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id R4AFYY1788612xCPW4fWqPAu; Wed, 22 Mar 2023 06:39:53 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web10.36366.1679464740334915198 for ; Tue, 21 Mar 2023 22:59:07 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="340671542" X-IronPort-AV: E=Sophos;i="5.98,280,1673942400"; d="scan'208";a="340671542" X-Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2023 22:59:06 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="714294394" X-IronPort-AV: E=Sophos;i="5.98,280,1673942400"; d="scan'208";a="714294394" X-Received: from slakkim-mobl.amr.corp.intel.com ([10.213.186.211]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2023 22:59:03 -0700 From: "Subash Lakkimsetti" To: devel@edk2.groups.io Cc: Subash Lakkimsetti , Qi Zhang , Rahul Kumar Subject: [edk2-devel] [PATCH v1 3/6] TGC2ACPI: Uninstall the TPM2 ACPI if present Date: Tue, 21 Mar 2023 22:58:43 -0700 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,subash.lakkimsetti@intel.com X-Gm-Message-State: OGiz61LBYWybsuKEnkQLvzuZx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1679492393; bh=NakNazpx6k9Pz+IXspd6uJvbBUj38y3lN6ASNdPM0zs=; h=Cc:Date:From:Reply-To:Subject:To; b=FBKrOvRgNG8eZAVCXMoD6HQ1wpgsGQJf6uWaCUwzDQicC7eZGxxO2HHD2bWPnpoMIAb GfyhEBT5nSe+v8IRBtvXb8rOs5rW0yTwt4AfYjRXw/9Kp2DGPhH7ZJLoQFp5O7XjMY3sO W1BXKEHm1c07aC24eAalj7nyrnOlgeg9rFE= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1679492396348100004 Content-Type: text/plain; charset="utf-8" From: Subash Lakkimsetti Bootloader supports multiple payload and TPM2 ACPI tables are updated at bootloader phase. When UEFI is used payload these will be duplicates. The tables are to be uninstalled before updating the TCG2ACPI tables to avoid duplicates. Cc: Qi Zhang Cc: Rahul Kumar Signed-off-by: Subash Lakkimsetti --- SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c | 251 ++++++++++++++++++++++++++ SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf | 3 + 2 files changed, 254 insertions(+) diff --git a/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c b/SecurityPkg/Tcg/Tcg2Acpi= /Tcg2Acpi.c index e8822cbeb0..4b35796ba7 100644 --- a/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c +++ b/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c @@ -39,6 +39,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include +#include =20 // // Physical Presence Interface Version supported by Platform @@ -867,6 +869,245 @@ PublishTpm2 ( return Status; } =20 +/** + Uninstall TPM2 SSDT ACPI table + + This performs uninstallation of TPM2 SSDT tables published by + bootloaders. + + @retval EFI_SUCCESS The TPM2 ACPI table is uninstalled successfull= y if found. + @retval Others Operation error. + +**/ +EFI_STATUS +UnInstallTpm2SSDTAcpiTables ( + ) +{ + UINTN TableIndex; + UINTN TableKey; + EFI_ACPI_TABLE_VERSION TableVersion; + VOID *TableHeader; + EFI_STATUS Status; + EFI_ACPI_SDT_PROTOCOL *mAcpiSdtProtocol; + EFI_ACPI_TABLE_PROTOCOL *mAcpiTableProtocol; + CHAR8 TableIdString[8]; + UINT64 TableIdSignature; + + // + // Determine whether there is a TPM2 SSDT already in the ACPI table. + // + Status =3D EFI_SUCCESS; + TableIndex =3D 0; + TableKey =3D 0; + TableHeader =3D NULL; + mAcpiTableProtocol =3D NULL; + mAcpiSdtProtocol =3D NULL; + + // + // Locate the EFI_ACPI_TABLE_PROTOCOL. + // + Status =3D gBS->LocateProtocol ( + &gEfiAcpiTableProtocolGuid, + NULL, + (VOID **)&mAcpiTableProtocol + ); + if (EFI_ERROR (Status)) { + DEBUG (( + DEBUG_INFO, + "UnInstallTpm2SSDTAcpiTables: Cannot locate the EFI ACPI Table Proto= col \n " + )); + return Status; + } + + // + // Locate the EFI_ACPI_SDT_PROTOCOL. + // + Status =3D gBS->LocateProtocol ( + &gEfiAcpiSdtProtocolGuid, + NULL, + (VOID **)&mAcpiSdtProtocol + ); + if (EFI_ERROR (Status)) { + DEBUG (( + DEBUG_INFO, + "UnInstallTpm2SSDTAcpiTables: Cannot locate the EFI ACPI Sdt Protoco= l, " + "\n" + )); + return Status; + } + + while (!EFI_ERROR (Status)) { + Status =3D mAcpiSdtProtocol->GetAcpiTable ( + TableIndex, + (EFI_ACPI_SDT_HEADER **)&TableHeader, + &TableVersion, + &TableKey + ); + + if (!EFI_ERROR (Status)) { + TableIndex++; + + if (((EFI_ACPI_SDT_HEADER *)TableHeader)->Signature =3D=3D SIGNATURE= _32 ('S', 'S', 'D', 'T')) { + CopyMem ((VOID *)TableIdString, (VOID *)((EFI_ACPI_SDT_HEADER *)Ta= bleHeader)->OemTableId, sizeof (TableIdString)); + + TableIdSignature =3D SIGNATURE_64 ( + TableIdString[0], + TableIdString[1], + TableIdString[2], + TableIdString[3], + TableIdString[4], + TableIdString[5], + TableIdString[6], + TableIdString[7] + ); + + if (TableIdSignature =3D=3D SIGNATURE_64 ('T', 'p', 'm', '2', 'T',= 'a', 'b', 'l')) { + DEBUG ((DEBUG_INFO, "Found Tpm2 SSDT Table for Physical Presence= \n")); + break; + } + } + } + } + + if (!EFI_ERROR (Status)) { + // + // A TPM2 SSDT is already in the ACPI table. + // + DEBUG (( + DEBUG_INFO, + "A TPM2 SSDT is already exist in the ACPI Table.\n" + )); + + // + // Uninstall the origin TPM2 SSDT from the ACPI table. + // + Status =3D mAcpiTableProtocol->UninstallAcpiTable ( + mAcpiTableProtocol, + TableKey + ); + ASSERT_EFI_ERROR (Status); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "UnInstall Tpm2SSDTAcpiTables failed \n ")); + + return Status; + } + } + + return EFI_SUCCESS; +} + +/** + Uninstall TPM2 table + + This performs uninstallation of TPM2 tables published by + bootloaders. + + @retval EFI_SUCCESS The TPM2 table is uninstalled successfully if = its found. + @retval Others Operation error. + +**/ +EFI_STATUS +UnInstallTpm2Tables ( + ) +{ + UINTN TableIndex; + UINTN TableKey; + EFI_ACPI_TABLE_VERSION TableVersion; + VOID *TableHeader; + EFI_STATUS Status; + EFI_ACPI_SDT_PROTOCOL *mAcpiSdtProtocol; + EFI_ACPI_TABLE_PROTOCOL *mAcpiTableProtocol; + + // + // Determine whether there is a TPM2 SSDT already in the ACPI table. + // + Status =3D EFI_SUCCESS; + TableIndex =3D 0; + TableKey =3D 0; + TableHeader =3D NULL; + mAcpiTableProtocol =3D NULL; + mAcpiSdtProtocol =3D NULL; + + // + // Locate the EFI_ACPI_TABLE_PROTOCOL. + // + Status =3D gBS->LocateProtocol ( + &gEfiAcpiTableProtocolGuid, + NULL, + (VOID **)&mAcpiTableProtocol + ); + if (EFI_ERROR (Status)) { + DEBUG (( + DEBUG_INFO, + "UnInstallTpm2Tables: Cannot locate the EFI ACPI Table Protocol \n " + )); + return Status; + } + + // + // Locate the EFI_ACPI_SDT_PROTOCOL. + // + Status =3D gBS->LocateProtocol ( + &gEfiAcpiSdtProtocolGuid, + NULL, + (VOID **)&mAcpiSdtProtocol + ); + if (EFI_ERROR (Status)) { + DEBUG (( + DEBUG_INFO, + "UnInstallTpm2Tables: Cannot locate the EFI ACPI Sdt Protocol, " + "\n" + )); + return Status; + } + + while (!EFI_ERROR (Status)) { + Status =3D mAcpiSdtProtocol->GetAcpiTable ( + TableIndex, + (EFI_ACPI_SDT_HEADER **)&TableHeader, + &TableVersion, + &TableKey + ); + + if (!EFI_ERROR (Status)) { + TableIndex++; + + if (((EFI_ACPI_SDT_HEADER *)TableHeader)->Signature =3D=3D EFI_ACPI_= 5_0_TRUSTED_COMPUTING_PLATFORM_2_TABLE_SIGNATURE ) { + DEBUG ((DEBUG_INFO, "Found Tpm2 Table ..\n")); + break; + } + } + } + + if (!EFI_ERROR (Status)) { + // + // A TPM2 SSDT is already in the ACPI table. + // + DEBUG (( + DEBUG_INFO, + "A TPM2 table is already exist in the ACPI Table.\n" + )); + + // + // Uninstall the origin TPM2 SSDT from the ACPI table. + // + Status =3D mAcpiTableProtocol->UninstallAcpiTable ( + mAcpiTableProtocol, + TableKey + ); + ASSERT_EFI_ERROR (Status); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "UnInstall Tpm2Tables failed \n ")); + + return Status; + } + } + + return EFI_SUCCESS; +} + /** The driver's entry point. =20 @@ -894,6 +1135,16 @@ InitializeTcgAcpi ( return EFI_UNSUPPORTED; } =20 + // + // Bootloader might pulish the TPM2 ACPT tables + // Uninstall TPM tables if it exists + // + Status =3D UnInstallTpm2SSDTAcpiTables (); + ASSERT_EFI_ERROR (Status); + + Status =3D UnInstallTpm2Tables (); + ASSERT_EFI_ERROR (Status); + Status =3D PublishAcpiTable (); ASSERT_EFI_ERROR (Status); =20 diff --git a/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf b/SecurityPkg/Tcg/Tcg2Ac= pi/Tcg2Acpi.inf index f1c6ae5b1c..7e639b0522 100644 --- a/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf +++ b/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf @@ -63,10 +63,13 @@ gEfiTpmDeviceInstanceTpm20DtpmGuid ## PRODUCE= S ## GUID # TPM device identifier gTpmNvsMmGuid ## CONSUMES gEdkiiPiSmmCommunicationRegionTableGuid ## CONSUMES + gEfiAcpiTableGuid =20 [Protocols] gEfiAcpiTableProtocolGuid ## CONSUMES gEfiMmCommunicationProtocolGuid ## CONSUMES + gEfiAcpiSdtProtocolGuid ## CONSUMES + =20 [FixedPcd] gEfiSecurityPkgTokenSpaceGuid.PcdSmiCommandIoPort ## CONSUMES --=20 2.39.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101580): https://edk2.groups.io/g/devel/message/101580 Mute This Topic: https://groups.io/mt/97777996/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu Mar 28 11:46:22 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101581+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101581+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1679492391; cv=none; d=zohomail.com; s=zohoarc; b=QgDnhW2DbqbcOLtxTQ2CY9kMDiPAYfMveq8Tgw7IBjyFMQxpyEp+Z3l+HtNOY6W5vqiN8o1pklDzXAxyqbiRpa2/fVWzCZSyniKc3TA+l1SSRt8PX8eYq7hgCJYc5rssLObF5HvO2oay5HscnJms18mwH4sMjdqQuvV8RCJHuKo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1679492391; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Cqq/EPWNq19/sZGcC/Gsvxyzf3V8DU9SeVXa+ph2yO8=; b=DgjKiq4OG8V1q/vdvQF7SSREGF90dJ1DGfdByhoc2+BaQMRF9ANtdSOGlYoUEKyes1H7oD5jlPty7nq3z+WHLRXsgvdPKvCGhyWB/DGN/tm4o2AI04i55oy42GOBRh3VGE9Wzy+51woLP4/VCia6rwFq3HTeX6Vb1tPaywVOLPo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101581+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1679492391304781.0650459186611; Wed, 22 Mar 2023 06:39:51 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id WLWtYY1788612xVM6wfqCC8V; Wed, 22 Mar 2023 06:39:50 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web10.36368.1679464747122970763 for ; Tue, 21 Mar 2023 22:59:07 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="340671544" X-IronPort-AV: E=Sophos;i="5.98,280,1673942400"; d="scan'208";a="340671544" X-Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2023 22:59:06 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="714294398" X-IronPort-AV: E=Sophos;i="5.98,280,1673942400"; d="scan'208";a="714294398" X-Received: from slakkim-mobl.amr.corp.intel.com ([10.213.186.211]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2023 22:59:05 -0700 From: "Subash Lakkimsetti" To: devel@edk2.groups.io Cc: Subash Lakkimsetti , Guo Dong , Ray Ni , Sean Rhodes , James Lu , Gua Guo Subject: [edk2-devel] [PATCH v1 4/6] UefiPayloadPkg: Add secure boot configurations Date: Tue, 21 Mar 2023 22:58:44 -0700 Message-Id: <750beb48503f99cc8f48183ae8fe7ec5fe786edb.1679464590.git.subash.lakkimsetti@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,subash.lakkimsetti@intel.com X-Gm-Message-State: ZdrIoGN4UuiWXaNa09QGcUOFx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1679492390; bh=5zUorkIklVhVvkFeW8fE3J6li5arqAwfnw9HgE+gLT4=; h=Cc:Date:From:Reply-To:Subject:To; b=Z23q+xCnQ50Y7OesIDFD5oLDGVdFrhSZ4TN2iu8aNGS72VKiVgXAXz9wAB8ABqMgerM RfCizyJnQZK1mdy4cEC3VDVubrmcG8TKPK8VPA3XnxkyD/08MNfR39LEG1ADmF20GSaLp K5Po5n5rZi7N7xrwbVXy/lAsT4fcEssE46o= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1679492392099100002 Content-Type: text/plain; charset="utf-8" From: Subash Lakkimsetti Add the required modules for secure boot in UefiPayloadPkg. SECURE_BOOT_ENABLE flag added to control the secure boot feature. Requires SMM_SUPPORT and flash to be SPI for the secure boot to function. Cc: Guo Dong Cc: Ray Ni Cc: Sean Rhodes Cc: James Lu Cc: Gua Guo Signed-off-by: Subash Lakkimsetti --- UefiPayloadPkg/UefiPayloadPkg.dsc | 37 ++++++++++++++++++++++++++++--- UefiPayloadPkg/UefiPayloadPkg.fdf | 4 ++++ 2 files changed, 38 insertions(+), 3 deletions(-) diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayload= Pkg.dsc index 2f5c70ec9c..f31e5aac16 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.dsc +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc @@ -45,6 +45,8 @@ DEFINE BOOTSPLASH_IMAGE =3D FALSE DEFINE NVME_ENABLE =3D TRUE =20 + DEFINE SECURE_BOOT_ENABLE =3D FALSE + # # NULL: NullMemoryTestDxe # GENERIC: GenericMemoryTestDxe @@ -287,7 +289,14 @@ DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebug= LibReportStatusCode.inf LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf +!if $(SECURE_BOOT_ENABLE) + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBo= otVariableLib.inf + PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPo= licy/PlatformPKProtectionLibVarPolicy.inf + SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariablePro= visionLib/SecureBootVariableProvisionLib.inf +!else AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib= Null.inf +!endif !if $(VARIABLE_SUPPORT) =3D=3D "EMU" TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf !elseif $(VARIABLE_SUPPORT) =3D=3D "SPI" @@ -353,6 +362,9 @@ !if $(PERFORMANCE_MEASUREMENT_ENABLE) PerformanceLib|MdeModulePkg/Library/DxePerformanceLib/DxePerformanceLib.= inf !endif +!if $(VARIABLE_SUPPORT) =3D=3D "SPI" + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +!endif =20 [LibraryClasses.common.UEFI_DRIVER,LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -469,6 +481,12 @@ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family = | PCD_CRYPTO_SERVICE_ENABLE_FAMILY !endif +!if $(SECURE_BOOT_ENABLE) + # override the default values from SecurityPkg to ensure images from all= sources are verified in secure boot + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04 + gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x04 + gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0= x04 +!endif =20 [PcdsPatchableInModule.X64] !if $(NETWORK_DRIVER_ENABLE) =3D=3D TRUE @@ -629,9 +647,7 @@ # # Components that produce the architectural protocols # -!if $(SECURITY_STUB_ENABLE) =3D=3D TRUE - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf -!endif + UefiCpuPkg/CpuDxe/CpuDxe.inf MdeModulePkg/Universal/BdsDxe/BdsDxe.inf !if $(BOOTSPLASH_IMAGE) @@ -655,6 +671,17 @@ MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntim= eDxe.inf !if $(DISABLE_RESET_SYSTEM) =3D=3D FALSE MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf +!endif + # + # Components that produce the architectural protocols + # +!if $(SECURITY_STUB_ENABLE) =3D=3D TRUE + MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { + +!if $(SECURE_BOOT_ENABLE) + NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf +!endif + } !endif PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.i= nf !if $(EMU_VARIABLE_ENABLE) =3D=3D TRUE @@ -811,6 +838,10 @@ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf !endif =20 +!if $(SECURE_BOOT_ENABLE) + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx= e.inf +!endif + # # Misc # diff --git a/UefiPayloadPkg/UefiPayloadPkg.fdf b/UefiPayloadPkg/UefiPayload= Pkg.fdf index ee7d718b3f..b52e6c75a5 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.fdf +++ b/UefiPayloadPkg/UefiPayloadPkg.fdf @@ -172,6 +172,10 @@ INF PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRea= lTimeClockRuntimeDxe.inf INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf !endif =20 +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConf= igDxe.inf +!endif + INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf !if $(MEMORY_TEST) =3D=3D "GENERIC" --=20 2.39.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101581): https://edk2.groups.io/g/devel/message/101581 Mute This Topic: https://groups.io/mt/97777997/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu Mar 28 11:46:22 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101582+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101582+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1679492394; cv=none; d=zohomail.com; s=zohoarc; b=VnewV0+LHHjHVS8iPLbG+zZiT4m13CPxnGF9b/bcEO3eseiuo0jS+JuAstsO/OrY3rAYmHxdkPsFHk3EeFnEv1JKUNh1llKYsdA18SnLJEjn248KtgF/a5MgP/En0Jhz2GrezaxwcgqwmZA94FqpA7Jap854TCh3deobW1nmN1c= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1679492394; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=3ylS5v15JX2JTN67O+UUqJOzhhrKAH1cdTrofF83cTY=; b=AepB4YNsKU0e+s1xCpqtD23oZZCQHlIEMZQ+8wPoxps0A5T4SN5xb/92t+b6xkh1FMl/5A+8fgTLs5C0N+1n0iS+J3wpjVub0DK5PAp7IUc+1P9RwbGWDUu0mn5yOmZAAU11Ok/EKQHsjNAGQJ6IiLOKh/OcUkcf77yin1lK87I= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101582+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1679492394423568.2742916749576; Wed, 22 Mar 2023 06:39:54 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 5ux1YY1788612xTcyqjPqIWu; Wed, 22 Mar 2023 06:39:54 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web11.36147.1679464748894976382 for ; Tue, 21 Mar 2023 22:59:08 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="340671548" X-IronPort-AV: E=Sophos;i="5.98,280,1673942400"; d="scan'208";a="340671548" X-Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2023 22:59:08 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="714294405" X-IronPort-AV: E=Sophos;i="5.98,280,1673942400"; d="scan'208";a="714294405" X-Received: from slakkim-mobl.amr.corp.intel.com ([10.213.186.211]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2023 22:59:07 -0700 From: "Subash Lakkimsetti" To: devel@edk2.groups.io Cc: Subash Lakkimsetti , Guo Dong , Ray Ni , Sean Rhodes , James Lu , Gua Guo , Patrick Rudolph Subject: [edk2-devel] [PATCH v1 5/6] Uefipayloadpkg Enable TPM measured boot Date: Tue, 21 Mar 2023 22:58:45 -0700 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,subash.lakkimsetti@intel.com X-Gm-Message-State: 03566Ts4dIqBVMvqajxK5W99x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1679492394; bh=YCiHa6Nwb6DRqUNc2qvcD1J4BGvBGL4El829kUWdDzs=; h=Cc:Date:From:Reply-To:Subject:To; b=FqdWXAshRn1Wujp+cxDS4euvfm7tjD/u03kTnlxjT2luR5u82NjBsTOmWFVQ2T6I/Gh EzCQrWhkayprvJtzU9tt73cgV/SQ6+zDJtEDiHlCVQ0L6ZryzjX+WnF3rilpRQ/Rwra5P aYMGv/BjDWax0g0ydlcVj2oGoPnDeRcKvYA= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1679492396390100006 Content-Type: text/plain; charset="utf-8" From: Subash Lakkimsetti Update the packages to support TPM and measured boot in uefi payload. Measured boot can be controoled using flag MEASURED_BOOT_ENABLE Cc: Guo Dong Cc: Ray Ni Cc: Sean Rhodes Cc: James Lu Cc: Gua Guo Signed-off-by: Patrick Rudolph Signed-off-by: Subash Lakkimsetti --- UefiPayloadPkg/UefiPayloadPkg.dsc | 88 +++++++++++++++++++++++++++++-- UefiPayloadPkg/UefiPayloadPkg.fdf | 25 +++++++++ 2 files changed, 109 insertions(+), 4 deletions(-) diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayload= Pkg.dsc index f31e5aac16..86612338bf 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.dsc +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc @@ -46,6 +46,7 @@ DEFINE NVME_ENABLE =3D TRUE =20 DEFINE SECURE_BOOT_ENABLE =3D FALSE + DEFINE MEASURED_BOOT_ENABLE =3D FALSE =20 # # NULL: NullMemoryTestDxe @@ -297,14 +298,27 @@ !else AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib= Null.inf !endif -!if $(VARIABLE_SUPPORT) =3D=3D "EMU" - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf -!elseif $(VARIABLE_SUPPORT) =3D=3D "SPI" - PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecu= reLibNull.inf + # + # TPM + # +!if $(MEASURED_BOOT_ENABLE) =3D=3D TRUE + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.i= nf + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf + Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/D= xeTcg2PhysicalPresenceLib.inf + Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf +!else + TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf +!endif +!if $(VARIABLE_SUPPORT) =3D=3D "SPI" S3BootScriptLib|MdePkg/Library/BaseS3BootScriptLibNull/BaseS3BootScriptL= ibNull.inf +!endif +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE || $(MEASURED_BOOT_ENABLE) =3D=3D TR= UE || $(VARIABLE_SUPPORT) =3D=3D "SPI" MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibN= ull.inf !endif + PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecu= reLibNull.inf VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyL= ib.inf VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/Var= iablePolicyHelperLib.inf @@ -412,6 +426,10 @@ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf !endif =20 +!if $(MEASURED_BOOT_ENABLE) =3D=3D TRUE + Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/Sm= mTcg2PhysicalPresenceLib.inf +!endif + ##########################################################################= ###### # # Pcd Section - list of all EDK II PCD Entries defined by this Platform. @@ -600,6 +618,13 @@ gEfiSecurityPkgTokenSpaceGuid.PcdFirmwareDebuggerInitialized|FALSE gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x5a, 0xf2, 0x6b, 0x28= , 0xc3, 0xc2, 0x8c, 0x40, 0xb3, 0xb4, 0x25, 0xe6, 0x75, 0x8b, 0x73, 0x17} =20 +!if $(MEASURED_BOOT_ENABLE) =3D=3D TRUE + + # (BIT0 - SHA1. BIT1 - SHA256, BIT2 - SHA384, BIT3 - SHA512, BIT4 - SM3_= 256) + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0x000000016 + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap|0x000000016 +!endif + ##########################################################################= ###### # # Components Section - list of all EDK II Modules needed by this Platform. @@ -680,6 +705,10 @@ !if $(SECURE_BOOT_ENABLE) NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf +!endif +!if $(MEASURED_BOOT_ENABLE) =3D=3D TRUE + NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib= .inf + NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.i= nf !endif } !endif @@ -842,6 +871,57 @@ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx= e.inf !endif =20 +!if $(MEASURED_BOOT_ENABLE) =3D=3D TRUE + SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { + + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib= DTpm.inf + } + + SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf { + + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + } + +!if $(SMM_SUPPORT) =3D=3D TRUE + SecurityPkg/Tcg/TcgSmm/TcgSmm.inf { + + TcgPpVendorLib|SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNu= ll.inf + + } +!endif + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf { + + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf + } +!if $(SMM_SUPPORT) =3D=3D TRUE + SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf { + + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg= 2.inf + } +!endif + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { + + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterDxe.inf + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } + SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf + SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { + + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf + } + SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { + + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf + } +!endif #MEASURED_BOOT_ENABLE + # # Misc # diff --git a/UefiPayloadPkg/UefiPayloadPkg.fdf b/UefiPayloadPkg/UefiPayload= Pkg.fdf index b52e6c75a5..ed9d42b022 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.fdf +++ b/UefiPayloadPkg/UefiPayloadPkg.fdf @@ -176,6 +176,21 @@ INF PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRea= lTimeClockRuntimeDxe.inf INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConf= igDxe.inf !endif =20 +!if $(MEASURED_BOOT_ENABLE) =3D=3D TRUE + INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf +!if $(SMM_SUPPORT) =3D=3D TRUE + INF SecurityPkg/Tcg/TcgSmm/TcgSmm.inf +!endif + INF SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf + INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf + INF RuleOverride =3D DRIVER_ACPITABLE SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.= inf + INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +!if $(SMM_SUPPORT) =3D=3D TRUE + INF SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf +!endif + INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf +!endif + INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf !if $(MEMORY_TEST) =3D=3D "GENERIC" @@ -419,3 +434,13 @@ INF ShellPkg/Application/Shell/Shell.inf UI STRING=3D"Enter Setup" VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBE= R) } + +[Rule.Common.DXE_DRIVER.DRIVER_ACPITABLE] + FILE DRIVER =3D $(NAMED_GUID) { + DXE_DEPEX DXE_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi + RAW ACPI Optional |.acpi + RAW ASL Optional |.aml + UI STRING=3D"$(MODULE_NAME)" Optional + VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBE= R) + } --=20 2.39.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101582): https://edk2.groups.io/g/devel/message/101582 Mute This Topic: https://groups.io/mt/97777998/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu Mar 28 11:46:22 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101583+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101583+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1679492394; cv=none; d=zohomail.com; s=zohoarc; b=XsvZjOj/udfvIHLvAmfiXdoBag1IJZ3JvWy2Vsu7NdUO5ziAzADOtz9dIEszHMIdXha6iGjmSrCx8YHvg65hWT+0xRfo5AkjJ5ppHdl8hUIz0Z6H/1rxjnTpnAOtCQGRzYynf1Nv7nFC/GHxEROnlq4lVsdurNcfnN21SXcb7no= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1679492394; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=fTVmOFj3oZaHBcNGNnOdM7j6oW8208owlIWezAsnL9c=; b=gtiwXr7K5+zk6VAy3tg+hk/RZcU9hl6H/Fg4EBHFYWl6LIkeceP+/2JzNjoNOpeHwChMywkPePQDmMJwPfL+lUkBhuVodwE+tszc+J3nZBnl51klXDG2LpUQrcKffEFaBpYPTeRBFdwN+hu8K5DrOKHO3mfqJW47Jb7UJ0wjzII= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101583+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1679492394849779.0274370166223; Wed, 22 Mar 2023 06:39:54 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id BGk2YY1788612xKW2qeD19f2; Wed, 22 Mar 2023 06:39:54 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web11.36147.1679464748894976382 for ; Tue, 21 Mar 2023 22:59:10 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="340671558" X-IronPort-AV: E=Sophos;i="5.98,280,1673942400"; d="scan'208";a="340671558" X-Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2023 22:59:10 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="714294414" X-IronPort-AV: E=Sophos;i="5.98,280,1673942400"; d="scan'208";a="714294414" X-Received: from slakkim-mobl.amr.corp.intel.com ([10.213.186.211]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2023 22:59:09 -0700 From: "Subash Lakkimsetti" To: devel@edk2.groups.io Cc: Subash Lakkimsetti Subject: [edk2-devel] [PATCH v1 6/6] UefiPayloadPkg: Add secure boot definitions to ci build Date: Tue, 21 Mar 2023 22:58:46 -0700 Message-Id: <201c0a54636e16f4ab59756893c61232e076433f.1679464590.git.subash.lakkimsetti@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,subash.lakkimsetti@intel.com X-Gm-Message-State: eitS1lAzfqmnjKabguU1buvVx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1679492394; bh=okZtchlLCvFX75hBypYjl9CuQjGNMeri3NtgW9d/4OA=; h=Cc:Date:From:Reply-To:Subject:To; b=XroIZlVg6xmxmuv7WePmUT+7PlbN9Gtr7VTojouDsNtvXGk0fJzH3XC+88c+iVGUUDI 06JXtGetfToI90kqkxHVTkZEIAHRqxLjEYsz8674m2B2Ko9dXcYCKqeUXwwW6UuIf/3G7 XNfUNPK3kJSiswAak8kp++oTEpJFq51z4jw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1679492396341100003 Content-Type: text/plain; charset="utf-8" From: Subash Lakkimsetti Define the build flags for secure boot and measure boot for ci builds Signed-off-by: Subash Lakkimsetti --- UefiPayloadPkg/UefiPayloadPkg.ci.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/UefiPayloadPkg/UefiPayloadPkg.ci.yaml b/UefiPayloadPkg/UefiPay= loadPkg.ci.yaml index 909379eaac..f2410a8b11 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.ci.yaml +++ b/UefiPayloadPkg/UefiPayloadPkg.ci.yaml @@ -91,5 +91,9 @@ "BLD_*_EMU_VARIABLE_ENABLE": "FALSE", "BLD_*_DISABLE_RESET_SYSTEM": "TRUE", "BLD_*_SERIAL_DRIVER_ENABLE": "FALSE", + "BLD_*_SMM_SUPPORT": "TRUE", + "BLD_*_SECURE_BOOT_ENABLE": "TRUE", + "BLD_*_MEASURED_BOOT_ENABLE": "TRUE", + "BLD_*_VARIABLE_SUPPORT": "SPI", } } --=20 2.39.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101583): https://edk2.groups.io/g/devel/message/101583 Mute This Topic: https://groups.io/mt/97777999/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-