From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 8848E1A1E72 for ; Sat, 22 Oct 2016 19:24:00 -0700 (PDT) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga104.jf.intel.com with ESMTP; 22 Oct 2016 19:24:00 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,386,1473145200"; d="scan'208";a="892907747" Received: from jyao1-mobl.ccr.corp.intel.com ([10.254.213.190]) by orsmga003.jf.intel.com with ESMTP; 22 Oct 2016 19:23:58 -0700 From: Jiewen Yao To: edk2-devel@lists.01.org Cc: Feng Tian , Star Zeng , Michael D Kinney , Liming Gao , Chao Zhang , Jeff Fan Date: Sun, 23 Oct 2016 10:23:44 +0800 Message-Id: <1477189431-11124-1-git-send-email-jiewen.yao@intel.com> X-Mailer: git-send-email 2.7.4.windows.1 Subject: [PATCH V4 0/7] Add MicrocodeUpdate support. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Oct 2016 02:24:00 -0000 This is series 3 of the whole capsule solution. Version 4. According to feedback, we split the big patch series to smaller one. Series 3: Microcode Update (UefiCpuPkg) MicrocodeFlashAccessLib MicrocodeUpdate driver. The code is also in https://github.com/jyao1/edk2 V4 is at Capsule_V4 branch. V3, V2, V1 are also pushed to coresponding branch. Below is detail description for each version. ==Below is V4 description== 1) SecurityPkg - Refine AuthenticateFmpImage() API to let caller input PublicKeyData and PublicKeyDataLength, instead of PCD. The benefit is that then this API can be used for a platform which stores PublicKeyData in anywhere other than PCD. 2) SecurityPkg - Use OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData) for better understanding the code. 3) MdeModulePkg - Update CapsuleApp to let it consume ShellParameters protocol to get Argc and Argv. 4) UefiCpuPkg - Update MicrocodeCapsuleApp to let it consume ShellParameters protocol to get Argc and Argv. 5) QuarkPlatformPkg - Merge QuarkCapsule.fdf to Quark.fdf. ==Below is V3 description== 1) We move all EDKII related capsule definition to SignedCapsulePkg. MdeModulePkg only contains FmAuthenticationLib and CapsuleApp, because they are generic and follow UEFI specification on FMP/ESRT and Microsoft platform firmware update document. Any capsule implementation can use them. Here is full library classes: MdeModulePkg: FmpAuthenticationLib.h: new lib - follow UEFI spec. (*) Verify FMP signature of FMP Capsule CapsuleLib.h: new API ¨C ProcessCapsules() It processes all the capsules. Remove duplicated code in platform BDS. UefiCpuPkg: MicrocodeFlashAccessLib.h: Update Microcode region. SignedCapsulePkg: EdkiiSystemCapsuleLib.h ¨C Library for EDKII system FMP. IniParsingLib.h ¨C Library for INI file parsing. PlatformFlashAccessLib.h ¨C Library for write flash. 2) We will submit 5 series. Series 1: Generic Update (MdeModulePkg/SecurityPkg) DxeCapsuleLib FmAuthenticationLib (*) CapsuleApp (*) Series 2: EDKII Capsule (SignedCapsulePkg) IniParsingLib EdkiiSystemCapsuleLib PlatformFlashAccessLib SystemFirmwareUpdate driver RecoveryModuleLoadPei driver Series 3: Microcode Update (UefiCpuPkg) MicrocodeFlashAccessLib MicrocodeUpdate driver. Series 4: Quark update Series 5: Vlv2 update 3) DxeCapsuleLib: Move code that performs authentication and parsing of the capsule format into the implementation of the FMP Protocol. We move the dispatch FV code from CapsuleLib to SystemFirmwareReport.efi. SystemFirmwareReport.efi supports SetImage() to verify and dispatch the SystemFirmwareUpdate.efi, then pass thru SetImage() request to SystemFirmwareUpdate.efi. Now the DxeCapsuleLib is very clean and it does not have any EDKII capsule format knowledge. 4) DxeCapsuleLib: Fix issue where a reset may be too soon. Defer reset to 2nd pass. 5) DxeCapsuleLib: Boot mode check is removed. Capsule should be populated to system table even boot mode is not BIOS_UPDATE. 5) FmAuthenticationLib: Add zero ImageSize check. 6) FmAuthenticationLib: Remove Authentication Library Registration. Each FMP Producer needs to carry its own auth algoritms(s). Now we have FmpAuthenticationLibPkcs7 and FmpAuthenticationLibRsa2048Sha256. No registration is needed. 7) FmAuthenticationLib: Move MonotonicCount handling after Payload We confirmed with USWG to process MonotonicCount after PayLoad. ==Below is V2 description== The V2 series patch incorporated the feedback for V1. There are 3 major updates. 1) BDS is update to display a warning message if TEST key is used to sign recovery image or capsule image. So a production BIOS should always use its own production singing key for the capsule image generation. A production BIOS should never use test key. 2) IniParsingLib is enhanced to do more sanity check for invalid input. The detail data format is added in IniParsingLib.h header file. If there is any vialation, the OpenInitFile() API will return failure. 3) The *Bios* keyword is renamed to *SystemFirmware* in any header file or c file data structure definition. The rest is minor update, such as add help info, clean up debug message, coding style. ==Below is V1 description== This series patch provides sample on how to do signed capsule update and recovery in EDKII. This series patch is also checked into git@github.com:jyao1/edk2.git. The feature includes: 1) Define EDKII signed system BIOS capsule format. 2) Provide EDKII signed system BIOS update sample. 3) Provide EDKII signed recovery sample. 4) Provide Microcode update sample for X86 system. 5) Update Quark to use new capsule/recovery solution. 6) Update Vlv2(MinnowMax) to use new capsule/recovery solution. The signed capsule/recovery solution is in MdeModulePkg. The capsule in IntelFrameworkModulePkg is deprecated. The Microcode update solution is in UefiCpuPkg. Cc: Feng Tian Cc: Star Zeng Cc: Michael D Kinney Cc: Liming Gao Cc: Chao Zhang Cc: Jeff Fan Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao Jiewen Yao (7): UefiCpuPkg/Include: Add Microcode FMP definition. UefiCpuPkg/Include: Add MicrocodeFlashAccessLib header. UefiCpuPkg/UefiCpuPkg.dec: Add Microcode capsule related definition. UefiCpuPkg/MicrocodeUpdate: Add MicrocodeUpdate component. UefiCpuPkg/MicrocodeFlashAccessLib: Add NULL MicrocodeFlashAccessLib. UefiCpuPkg/MicrocodeCapsuleApp: Add MicrocodeCapsuleApp application. UefiCpuPkg/UefiCpuPkg.dsc: Add MicrocodeCapsule related component. UefiCpuPkg/Application/MicrocodeCapsuleApp/AppSupport.c | 443 +++++++++++ UefiCpuPkg/Application/MicrocodeCapsuleApp/MicrocodeCapsuleApp.c | 268 +++++++ UefiCpuPkg/Application/MicrocodeCapsuleApp/MicrocodeCapsuleApp.inf | 63 ++ UefiCpuPkg/Application/MicrocodeCapsuleApp/MicrocodeCapsuleApp.uni | 22 + UefiCpuPkg/Application/MicrocodeCapsuleApp/MicrocodeCapsuleAppExtra.uni | 19 + UefiCpuPkg/Application/MicrocodeCapsuleApp/MicrocodeCapsuleDump.c | 171 +++++ UefiCpuPkg/Include/Guid/MicrocodeFmp.h | 21 + UefiCpuPkg/Include/Library/MicrocodeFlashAccessLib.h | 39 + UefiCpuPkg/Library/MicrocodeFlashAccessLibNull/MicrocodeFlashAccessLibNull.c | 42 ++ UefiCpuPkg/Library/MicrocodeFlashAccessLibNull/MicrocodeFlashAccessLibNull.inf | 40 + UefiCpuPkg/Library/MicrocodeFlashAccessLibNull/MicrocodeFlashAccessLibNull.uni | 21 + UefiCpuPkg/MicrocodeUpdate/MicrocodeFmp.c | 537 ++++++++++++++ UefiCpuPkg/MicrocodeUpdate/MicrocodeUpdate.c | 779 ++++++++++++++++++++ UefiCpuPkg/MicrocodeUpdate/MicrocodeUpdate.h | 403 ++++++++++ UefiCpuPkg/MicrocodeUpdate/MicrocodeUpdate.inf | 68 ++ UefiCpuPkg/MicrocodeUpdate/MicrocodeUpdateDxe.uni | 21 + UefiCpuPkg/MicrocodeUpdate/MicrocodeUpdateDxeExtra.uni | 20 + UefiCpuPkg/UefiCpuPkg.dec | 7 + UefiCpuPkg/UefiCpuPkg.dsc | 3 + 19 files changed, 2987 insertions(+) create mode 100644 UefiCpuPkg/Application/MicrocodeCapsuleApp/AppSupport.c create mode 100644 UefiCpuPkg/Application/MicrocodeCapsuleApp/MicrocodeCapsuleApp.c create mode 100644 UefiCpuPkg/Application/MicrocodeCapsuleApp/MicrocodeCapsuleApp.inf create mode 100644 UefiCpuPkg/Application/MicrocodeCapsuleApp/MicrocodeCapsuleApp.uni create mode 100644 UefiCpuPkg/Application/MicrocodeCapsuleApp/MicrocodeCapsuleAppExtra.uni create mode 100644 UefiCpuPkg/Application/MicrocodeCapsuleApp/MicrocodeCapsuleDump.c create mode 100644 UefiCpuPkg/Include/Guid/MicrocodeFmp.h create mode 100644 UefiCpuPkg/Include/Library/MicrocodeFlashAccessLib.h create mode 100644 UefiCpuPkg/Library/MicrocodeFlashAccessLibNull/MicrocodeFlashAccessLibNull.c create mode 100644 UefiCpuPkg/Library/MicrocodeFlashAccessLibNull/MicrocodeFlashAccessLibNull.inf create mode 100644 UefiCpuPkg/Library/MicrocodeFlashAccessLibNull/MicrocodeFlashAccessLibNull.uni create mode 100644 UefiCpuPkg/MicrocodeUpdate/MicrocodeFmp.c create mode 100644 UefiCpuPkg/MicrocodeUpdate/MicrocodeUpdate.c create mode 100644 UefiCpuPkg/MicrocodeUpdate/MicrocodeUpdate.h create mode 100644 UefiCpuPkg/MicrocodeUpdate/MicrocodeUpdate.inf create mode 100644 UefiCpuPkg/MicrocodeUpdate/MicrocodeUpdateDxe.uni create mode 100644 UefiCpuPkg/MicrocodeUpdate/MicrocodeUpdateDxeExtra.uni -- 2.7.4.windows.1