public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: zwei4 <david.wei@intel.com>
To: edk2-devel@lists.01.org
Subject: [Patch][edk2-platforms/devel-MinnowBoard3] Add OBB verification code.
Date: Fri, 10 Mar 2017 16:39:05 +0800	[thread overview]
Message-ID: <20170310083905.14984-1-david.wei@intel.com> (raw)

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: zwei4 <david.wei@intel.com>
---
 .../PlatformPreMemPei/FvCallback.c                 | 47 ++++++++++++++++++++++
 .../PlatformPreMemPei/PlatformPreMemPei.inf        |  3 +-
 .../PlatformDsc/Components.IA32.dsc                |  7 +++-
 .../BroxtonPlatformPkg/PlatformDsc/Defines.dsc     |  3 +-
 4 files changed, 57 insertions(+), 3 deletions(-)

diff --git a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/FvCallback.c b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/FvCallback.c
index 91ac6f5e1..6a2c9fd91 100644
--- a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/FvCallback.c
+++ b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/FvCallback.c
@@ -25,6 +25,7 @@
 #include <Library/HeciMsgLib.h>
 #include <Guid/FspHeaderFile.h>
 #include <Library/FspWrapperApiLib.h>
+#include <Library/BpdtLib.h>
 #include "FvCallback.h"
 
 #define MAX_DIGEST_SIZE    64
@@ -416,8 +417,54 @@ GetFvNotifyCallback (
 {
   EFI_STATUS                    Status = EFI_SUCCESS;
   EFI_BOOT_MODE                 BootMode;
+  BPDT_PAYLOAD_DATA             *BpdtPayloadPtr;
+  EFI_HOB_GUID_TYPE             *GuidHobPtr;
+  BPDT_HEADER                   *Bp1HdrPtr;
+  BPDT_HEADER                   *Bp2HdrPtr;
 
   PeiServicesGetBootMode (&BootMode);
+
+  //
+  // If the Hob exists, then GetBpdtPayloadAddress() has already been called
+  // one or more times already, So we do not need to re-enter this flow.
+  //
+  GuidHobPtr = GetFirstGuidHob (&gEfiBpdtLibBp2DataGuid);
+  if (GuidHobPtr != NULL) {
+    DEBUG ((EFI_D_INFO, "GetFvNotifyCallback already called. Skipping.\n"));
+    return Status;
+  }
+  
+  //
+  // Locate headers of both Boot partion 1 and 2
+  //
+  GetBootPartitionPointer (BootPart1, (VOID **)&Bp1HdrPtr);
+  GetBootPartitionPointer (BootPart2, (VOID **)&Bp2HdrPtr);
+  DEBUG ((DEBUG_INFO, "Signature BP1 = 0x%x BP2 = 0x%x\n",Bp1HdrPtr->Signature,Bp2HdrPtr->Signature));
+  if (Bp1HdrPtr->Signature != BPDT_SIGN_GREEN || Bp2HdrPtr->Signature != BPDT_SIGN_GREEN) {
+    DEBUG ((DEBUG_INFO, "FW Recovery needed. \n"));
+  }
+
+  //
+  //  Get the OBB payload, shadow it, and check the hash before processing it.
+  //
+  GetBpdtPayloadData (BootPart2, BpdtObb, &BpdtPayloadPtr);
+
+#if (BOOT_GUARD_ENABLE == 1)
+  //
+  // For Normal boot, just verify OBB, since CSE does hash verify of both IBBL and IBB.
+  // IBBL check is done before bringing cores out of reset,
+  // IBB check is done during RBP and indicated by IBB_VERIFICATION_DONE in IBBL
+  //
+
+  if (BootMode != BOOT_ON_S3_RESUME) {
+    Status = LocateAndVerifyHashBpm (HashObb);
+    if (EFI_ERROR (Status)) {
+      DEBUG((EFI_D_ERROR, "Verify OBB failed, Status = %r\n", Status));
+      CpuDeadLoop();
+    }
+  }
+#endif
+
   DEBUG ((EFI_D_INFO, "GetFvNotifyCallback: Processing OBB Payload.\n"));
 
   ParseObbPayload ((UINT8*) PcdGet32 (PcdFlashObbPayloadMappedBase), PcdGet32 (PcdFlashObbPayloadSize), BootMode);
diff --git a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/PlatformPreMemPei.inf b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/PlatformPreMemPei.inf
index 22e9de212..2c3ba738e 100644
--- a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/PlatformPreMemPei.inf
+++ b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/PlatformPreMemPei.inf
@@ -34,7 +34,7 @@
 #   2. MemoryCallback.c - Includes a memory call back function notified when
 #      MRC is done.
 #
-#  Copyright (c) 2012 - 2016, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved.<BR>
 #
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
@@ -100,6 +100,7 @@
   PeiPolicyInitLib
   PeiVariableCacheLib
   FspWrapperApiLib
+  BpdtLib
 
 [Guids]
   gEfiSetupVariableGuid
diff --git a/Platform/BroxtonPlatformPkg/PlatformDsc/Components.IA32.dsc b/Platform/BroxtonPlatformPkg/PlatformDsc/Components.IA32.dsc
index 819f025a6..fe1ea798c 100644
--- a/Platform/BroxtonPlatformPkg/PlatformDsc/Components.IA32.dsc
+++ b/Platform/BroxtonPlatformPkg/PlatformDsc/Components.IA32.dsc
@@ -1,7 +1,7 @@
 ## @file
 #  Platform Components for IA32 Description.
 #
-#  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
 #
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
@@ -81,6 +81,11 @@
       BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
       CpuPolicyLib|$(PLATFORM_SI_PACKAGE)/Cpu/Library/PeiCpuPolicyLibPreMem/PeiCpuPolicyLibPreMem.inf
     <BuildOptions>
+      !if $(BOOT_GUARD_ENABLE) == TRUE
+        *_*_IA32_CC_FLAGS = -DBOOT_GUARD_ENABLE=1
+      !else
+        *_*_IA32_CC_FLAGS = -DBOOT_GUARD_ENABLE=0
+      !endif
   !if $(TOOL_CHAIN_TAG) == GCC47
     <PcdsFixedAtBuild>
       gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0
diff --git a/Platform/BroxtonPlatformPkg/PlatformDsc/Defines.dsc b/Platform/BroxtonPlatformPkg/PlatformDsc/Defines.dsc
index ad38d4424..47bb9200b 100644
--- a/Platform/BroxtonPlatformPkg/PlatformDsc/Defines.dsc
+++ b/Platform/BroxtonPlatformPkg/PlatformDsc/Defines.dsc
@@ -1,7 +1,7 @@
 ## @file
 #  Platform Macro Define Description.
 #
-#  Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
 #
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
@@ -97,6 +97,7 @@
   DEFINE NVM_VARIABLE_ENABLE = TRUE
   DEFINE USB_DNX_ENABLE = FALSE
   DEFINE SECURE_BOOT_ENABLE = TRUE
+  DEFINE BOOT_GUARD_ENABLE = FALSE
   #
   # Do not use 0x prefix, pass prefix 0x or postfix h through macro for C or ASM
   #
-- 
2.11.0.windows.1



                 reply	other threads:[~2017-03-10  8:39 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170310083905.14984-1-david.wei@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox