From: zwei4 <david.wei@intel.com>
To: edk2-devel@lists.01.org
Subject: [Patch][edk2-platforms/devel-MinnowBoard3] Add OBB verification code.
Date: Fri, 10 Mar 2017 16:39:05 +0800 [thread overview]
Message-ID: <20170310083905.14984-1-david.wei@intel.com> (raw)
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: zwei4 <david.wei@intel.com>
---
.../PlatformPreMemPei/FvCallback.c | 47 ++++++++++++++++++++++
.../PlatformPreMemPei/PlatformPreMemPei.inf | 3 +-
.../PlatformDsc/Components.IA32.dsc | 7 +++-
.../BroxtonPlatformPkg/PlatformDsc/Defines.dsc | 3 +-
4 files changed, 57 insertions(+), 3 deletions(-)
diff --git a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/FvCallback.c b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/FvCallback.c
index 91ac6f5e1..6a2c9fd91 100644
--- a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/FvCallback.c
+++ b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/FvCallback.c
@@ -25,6 +25,7 @@
#include <Library/HeciMsgLib.h>
#include <Guid/FspHeaderFile.h>
#include <Library/FspWrapperApiLib.h>
+#include <Library/BpdtLib.h>
#include "FvCallback.h"
#define MAX_DIGEST_SIZE 64
@@ -416,8 +417,54 @@ GetFvNotifyCallback (
{
EFI_STATUS Status = EFI_SUCCESS;
EFI_BOOT_MODE BootMode;
+ BPDT_PAYLOAD_DATA *BpdtPayloadPtr;
+ EFI_HOB_GUID_TYPE *GuidHobPtr;
+ BPDT_HEADER *Bp1HdrPtr;
+ BPDT_HEADER *Bp2HdrPtr;
PeiServicesGetBootMode (&BootMode);
+
+ //
+ // If the Hob exists, then GetBpdtPayloadAddress() has already been called
+ // one or more times already, So we do not need to re-enter this flow.
+ //
+ GuidHobPtr = GetFirstGuidHob (&gEfiBpdtLibBp2DataGuid);
+ if (GuidHobPtr != NULL) {
+ DEBUG ((EFI_D_INFO, "GetFvNotifyCallback already called. Skipping.\n"));
+ return Status;
+ }
+
+ //
+ // Locate headers of both Boot partion 1 and 2
+ //
+ GetBootPartitionPointer (BootPart1, (VOID **)&Bp1HdrPtr);
+ GetBootPartitionPointer (BootPart2, (VOID **)&Bp2HdrPtr);
+ DEBUG ((DEBUG_INFO, "Signature BP1 = 0x%x BP2 = 0x%x\n",Bp1HdrPtr->Signature,Bp2HdrPtr->Signature));
+ if (Bp1HdrPtr->Signature != BPDT_SIGN_GREEN || Bp2HdrPtr->Signature != BPDT_SIGN_GREEN) {
+ DEBUG ((DEBUG_INFO, "FW Recovery needed. \n"));
+ }
+
+ //
+ // Get the OBB payload, shadow it, and check the hash before processing it.
+ //
+ GetBpdtPayloadData (BootPart2, BpdtObb, &BpdtPayloadPtr);
+
+#if (BOOT_GUARD_ENABLE == 1)
+ //
+ // For Normal boot, just verify OBB, since CSE does hash verify of both IBBL and IBB.
+ // IBBL check is done before bringing cores out of reset,
+ // IBB check is done during RBP and indicated by IBB_VERIFICATION_DONE in IBBL
+ //
+
+ if (BootMode != BOOT_ON_S3_RESUME) {
+ Status = LocateAndVerifyHashBpm (HashObb);
+ if (EFI_ERROR (Status)) {
+ DEBUG((EFI_D_ERROR, "Verify OBB failed, Status = %r\n", Status));
+ CpuDeadLoop();
+ }
+ }
+#endif
+
DEBUG ((EFI_D_INFO, "GetFvNotifyCallback: Processing OBB Payload.\n"));
ParseObbPayload ((UINT8*) PcdGet32 (PcdFlashObbPayloadMappedBase), PcdGet32 (PcdFlashObbPayloadSize), BootMode);
diff --git a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/PlatformPreMemPei.inf b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/PlatformPreMemPei.inf
index 22e9de212..2c3ba738e 100644
--- a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/PlatformPreMemPei.inf
+++ b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/PlatformPreMemPei.inf
@@ -34,7 +34,7 @@
# 2. MemoryCallback.c - Includes a memory call back function notified when
# MRC is done.
#
-# Copyright (c) 2012 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -100,6 +100,7 @@
PeiPolicyInitLib
PeiVariableCacheLib
FspWrapperApiLib
+ BpdtLib
[Guids]
gEfiSetupVariableGuid
diff --git a/Platform/BroxtonPlatformPkg/PlatformDsc/Components.IA32.dsc b/Platform/BroxtonPlatformPkg/PlatformDsc/Components.IA32.dsc
index 819f025a6..fe1ea798c 100644
--- a/Platform/BroxtonPlatformPkg/PlatformDsc/Components.IA32.dsc
+++ b/Platform/BroxtonPlatformPkg/PlatformDsc/Components.IA32.dsc
@@ -1,7 +1,7 @@
## @file
# Platform Components for IA32 Description.
#
-# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -81,6 +81,11 @@
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
CpuPolicyLib|$(PLATFORM_SI_PACKAGE)/Cpu/Library/PeiCpuPolicyLibPreMem/PeiCpuPolicyLibPreMem.inf
<BuildOptions>
+ !if $(BOOT_GUARD_ENABLE) == TRUE
+ *_*_IA32_CC_FLAGS = -DBOOT_GUARD_ENABLE=1
+ !else
+ *_*_IA32_CC_FLAGS = -DBOOT_GUARD_ENABLE=0
+ !endif
!if $(TOOL_CHAIN_TAG) == GCC47
<PcdsFixedAtBuild>
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0
diff --git a/Platform/BroxtonPlatformPkg/PlatformDsc/Defines.dsc b/Platform/BroxtonPlatformPkg/PlatformDsc/Defines.dsc
index ad38d4424..47bb9200b 100644
--- a/Platform/BroxtonPlatformPkg/PlatformDsc/Defines.dsc
+++ b/Platform/BroxtonPlatformPkg/PlatformDsc/Defines.dsc
@@ -1,7 +1,7 @@
## @file
# Platform Macro Define Description.
#
-# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -97,6 +97,7 @@
DEFINE NVM_VARIABLE_ENABLE = TRUE
DEFINE USB_DNX_ENABLE = FALSE
DEFINE SECURE_BOOT_ENABLE = TRUE
+ DEFINE BOOT_GUARD_ENABLE = FALSE
#
# Do not use 0x prefix, pass prefix 0x or postfix h through macro for C or ASM
#
--
2.11.0.windows.1
reply other threads:[~2017-03-10 8:39 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170310083905.14984-1-david.wei@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox