From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id CAF9481EB1 for ; Mon, 7 Nov 2016 04:42:41 -0800 (PST) Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga105.fm.intel.com with ESMTP; 07 Nov 2016 04:42:31 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,606,1473145200"; d="scan'208";a="28579364" Received: from jyao1-mobl.ccr.corp.intel.com ([10.254.208.25]) by orsmga004.jf.intel.com with ESMTP; 07 Nov 2016 04:42:28 -0800 From: Jiewen Yao To: edk2-devel@lists.01.org Cc: David Wei , Feng Tian , Star Zeng , Michael D Kinney , Liming Gao , Chao Zhang Date: Mon, 7 Nov 2016 20:42:09 +0800 Message-Id: <1478522533-12532-6-git-send-email-jiewen.yao@intel.com> X-Mailer: git-send-email 2.7.4.windows.1 In-Reply-To: <1478522533-12532-1-git-send-email-jiewen.yao@intel.com> References: <1478522533-12532-1-git-send-email-jiewen.yao@intel.com> Subject: [PATCH V9 5/9] Vlv2TbltDevicePkg/PlatformBootManager: Add capsule/recovery handling. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Nov 2016 12:42:42 -0000 1) Add capsule and recovery boot path handling in platform BDS. 2) Add check if the platform is using default test key for capsule. Produce PcdTestKeyUsed to indicate if there is any test key used in current BIOS, such as recovery key, or capsule update key. Then the generic UI may consume this PCD to show warning information. Cc: David Wei Cc: Feng Tian Cc: Star Zeng Cc: Michael D Kinney Cc: Liming Gao Cc: Chao Zhang Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao Reviewed-by: David Wei --- Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c | 82 ++++++++++++++++++-- Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf | 6 ++ 2 files changed, 83 insertions(+), 5 deletions(-) diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c index 7dd289e..7f91777 100644 --- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c +++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c @@ -1872,9 +1872,9 @@ PlatformBdsPolicyBehavior ( PlatformBdsConnectConsole (gPlatformConsole); PlatformBdsDiagnostics (EXTENSIVE, FALSE, BaseMemoryTest); - DEBUG((EFI_D_INFO, "ProcessCapsules Before EndOfDxe......\n")); + DEBUG((DEBUG_INFO, "ProcessCapsules Before EndOfDxe......\n")); ProcessCapsules (); - DEBUG((EFI_D_INFO, "ProcessCapsules Done\n")); + DEBUG((DEBUG_INFO, "ProcessCapsules Done\n")); // // Close boot script and install ready to lock @@ -1901,9 +1901,9 @@ PlatformBdsPolicyBehavior ( EsrtManagement->SyncEsrtFmp(); } - DEBUG((EFI_D_INFO, "ProcessCapsules After ConnectAll......\n")); + DEBUG((DEBUG_INFO, "ProcessCapsules After ConnectAll......\n")); ProcessCapsules(); - DEBUG((EFI_D_INFO, "ProcessCapsules Done\n")); + DEBUG((DEBUG_INFO, "ProcessCapsules Done\n")); break; case BOOT_IN_RECOVERY_MODE: @@ -2411,6 +2411,12 @@ ShowProgressHotKey ( EFI_GRAPHICS_OUTPUT_BLT_PIXEL Background; EFI_GRAPHICS_OUTPUT_BLT_PIXEL Color; UINT32 GpioValue; + CHAR16 *TmpStr1; + CHAR16 *TmpStr2; + CHAR16 *TmpStr3; + UINTN TmpStrSize; + VOID *Buffer; + UINTN Size; if (TimeoutDefault == 0) { return EFI_TIMEOUT; @@ -2434,10 +2440,76 @@ ShowProgressHotKey ( SetMem (&Background, sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL), 0x0); SetMem (&Color, sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL), 0xff); + TmpStr2 = NULL; + TmpStr3 = NULL; + + // + // Check if the platform is using test key. + // + Status = GetSectionFromAnyFv( + PcdGetPtr(PcdEdkiiRsa2048Sha256TestPublicKeyFileGuid), + EFI_SECTION_RAW, + 0, + &Buffer, + &Size + ); + if (!EFI_ERROR(Status)) { + if ((Size == PcdGetSize(PcdRsa2048Sha256PublicKeyBuffer)) && + (CompareMem(Buffer, PcdGetPtr(PcdRsa2048Sha256PublicKeyBuffer), Size) == 0)) { + TmpStr2 = L"WARNING: Recovery Test Key is used.\r\n"; + if (DebugAssertEnabled()) { + DEBUG ((DEBUG_INFO, "\n\nWARNING: Recovery Test Key is used.\n")); + } else { + SerialPortWrite((UINT8 *)"\n\nWARNING: Recovery Test Key is used.", sizeof("\n\nWARNING: Recovery Test Key is used.")); + } + PcdSetBoolS(PcdTestKeyUsed, TRUE); + } + FreePool(Buffer); + } + Status = GetSectionFromAnyFv( + PcdGetPtr(PcdEdkiiPkcs7TestPublicKeyFileGuid), + EFI_SECTION_RAW, + 0, + &Buffer, + &Size + ); + if (!EFI_ERROR(Status)) { + if ((Size == PcdGetSize(PcdPkcs7CertBuffer)) && + (CompareMem(Buffer, PcdGetPtr(PcdPkcs7CertBuffer), Size) == 0)) { + TmpStr3 = L"WARNING: Capsule Test Key is used.\r\n"; + if (DebugAssertEnabled()) { + DEBUG ((DEBUG_INFO, "\n\nWARNING: Capsule Test Key is used.\r\n")); + } else { + SerialPortWrite((UINT8 *)"\n\nWARNING: Capsule Test Key is used.", sizeof("\n\nWARNING: Capsule Test Key is used.")); + } + PcdSetBoolS(PcdTestKeyUsed, TRUE); + } + FreePool(Buffer); + } + // // Clear the progress status bar first // - TmpStr = L"Start boot option, Press or to enter setup page."; + TmpStr1 = L"Start boot option, Press or to enter setup page.\r\n"; + TmpStrSize = StrSize(TmpStr1); + if (TmpStr2 != NULL) { + TmpStrSize += StrSize(TmpStr2); + } + if (TmpStr3 != NULL) { + TmpStrSize += StrSize(TmpStr3); + } + TmpStr = AllocatePool (TmpStrSize); + if (TmpStr == NULL) { + TmpStr = TmpStr1; + } else { + StrCpyS(TmpStr, TmpStrSize/sizeof(CHAR16), TmpStr1); + if (TmpStr2 != NULL) { + StrCatS(TmpStr, TmpStrSize/sizeof(CHAR16), TmpStr2); + } + if (TmpStr3 != NULL) { + StrCatS(TmpStr, TmpStrSize/sizeof(CHAR16), TmpStr3); + } + } PlatformBdsShowProgress (Foreground, Background, TmpStr, Color, 0, 0); TimeoutRemain = TimeoutDefault; diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf index ce7c426..3e45a31 100644 --- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf +++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf @@ -49,6 +49,7 @@ ShellPkg/ShellPkg.dec CryptoPkg/CryptoPkg.dec SecurityPkg/SecurityPkg.dec + SignedCapsulePkg/SignedCapsulePkg.dec [LibraryClasses] DxeServicesTableLib @@ -102,6 +103,11 @@ gEfiEndOfDxeEventGroupGuid [Pcd] + gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiRsa2048Sha256TestPublicKeyFileGuid + gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiPkcs7TestPublicKeyFileGuid + gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer + gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer + gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed gPlatformModuleTokenSpaceGuid.PcdFlashFvRecovery2Base gPlatformModuleTokenSpaceGuid.PcdFlashFvMainBase gPlatformModuleTokenSpaceGuid.PcdFlashFvRecoveryBase -- 2.7.4.windows.1