From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 720F8803A9 for ; Fri, 10 Mar 2017 00:39:09 -0800 (PST) Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Mar 2017 00:39:09 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.36,139,1486454400"; d="scan'208";a="73855149" Received: from zwei4-mobl.ccr.corp.intel.com ([10.239.197.177]) by orsmga005.jf.intel.com with ESMTP; 10 Mar 2017 00:39:08 -0800 From: zwei4 To: edk2-devel@lists.01.org Date: Fri, 10 Mar 2017 16:39:05 +0800 Message-Id: <20170310083905.14984-1-david.wei@intel.com> X-Mailer: git-send-email 2.11.0.windows.1 Subject: [Patch][edk2-platforms/devel-MinnowBoard3] Add OBB verification code. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Mar 2017 08:39:09 -0000 Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: zwei4 --- .../PlatformPreMemPei/FvCallback.c | 47 ++++++++++++++++++++++ .../PlatformPreMemPei/PlatformPreMemPei.inf | 3 +- .../PlatformDsc/Components.IA32.dsc | 7 +++- .../BroxtonPlatformPkg/PlatformDsc/Defines.dsc | 3 +- 4 files changed, 57 insertions(+), 3 deletions(-) diff --git a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/FvCallback.c b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/FvCallback.c index 91ac6f5e1..6a2c9fd91 100644 --- a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/FvCallback.c +++ b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/FvCallback.c @@ -25,6 +25,7 @@ #include #include #include +#include #include "FvCallback.h" #define MAX_DIGEST_SIZE 64 @@ -416,8 +417,54 @@ GetFvNotifyCallback ( { EFI_STATUS Status = EFI_SUCCESS; EFI_BOOT_MODE BootMode; + BPDT_PAYLOAD_DATA *BpdtPayloadPtr; + EFI_HOB_GUID_TYPE *GuidHobPtr; + BPDT_HEADER *Bp1HdrPtr; + BPDT_HEADER *Bp2HdrPtr; PeiServicesGetBootMode (&BootMode); + + // + // If the Hob exists, then GetBpdtPayloadAddress() has already been called + // one or more times already, So we do not need to re-enter this flow. + // + GuidHobPtr = GetFirstGuidHob (&gEfiBpdtLibBp2DataGuid); + if (GuidHobPtr != NULL) { + DEBUG ((EFI_D_INFO, "GetFvNotifyCallback already called. Skipping.\n")); + return Status; + } + + // + // Locate headers of both Boot partion 1 and 2 + // + GetBootPartitionPointer (BootPart1, (VOID **)&Bp1HdrPtr); + GetBootPartitionPointer (BootPart2, (VOID **)&Bp2HdrPtr); + DEBUG ((DEBUG_INFO, "Signature BP1 = 0x%x BP2 = 0x%x\n",Bp1HdrPtr->Signature,Bp2HdrPtr->Signature)); + if (Bp1HdrPtr->Signature != BPDT_SIGN_GREEN || Bp2HdrPtr->Signature != BPDT_SIGN_GREEN) { + DEBUG ((DEBUG_INFO, "FW Recovery needed. \n")); + } + + // + // Get the OBB payload, shadow it, and check the hash before processing it. + // + GetBpdtPayloadData (BootPart2, BpdtObb, &BpdtPayloadPtr); + +#if (BOOT_GUARD_ENABLE == 1) + // + // For Normal boot, just verify OBB, since CSE does hash verify of both IBBL and IBB. + // IBBL check is done before bringing cores out of reset, + // IBB check is done during RBP and indicated by IBB_VERIFICATION_DONE in IBBL + // + + if (BootMode != BOOT_ON_S3_RESUME) { + Status = LocateAndVerifyHashBpm (HashObb); + if (EFI_ERROR (Status)) { + DEBUG((EFI_D_ERROR, "Verify OBB failed, Status = %r\n", Status)); + CpuDeadLoop(); + } + } +#endif + DEBUG ((EFI_D_INFO, "GetFvNotifyCallback: Processing OBB Payload.\n")); ParseObbPayload ((UINT8*) PcdGet32 (PcdFlashObbPayloadMappedBase), PcdGet32 (PcdFlashObbPayloadSize), BootMode); diff --git a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/PlatformPreMemPei.inf b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/PlatformPreMemPei.inf index 22e9de212..2c3ba738e 100644 --- a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/PlatformPreMemPei.inf +++ b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/PlatformPreMemPei.inf @@ -34,7 +34,7 @@ # 2. MemoryCallback.c - Includes a memory call back function notified when # MRC is done. # -# Copyright (c) 2012 - 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved.
# # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License @@ -100,6 +100,7 @@ PeiPolicyInitLib PeiVariableCacheLib FspWrapperApiLib + BpdtLib [Guids] gEfiSetupVariableGuid diff --git a/Platform/BroxtonPlatformPkg/PlatformDsc/Components.IA32.dsc b/Platform/BroxtonPlatformPkg/PlatformDsc/Components.IA32.dsc index 819f025a6..fe1ea798c 100644 --- a/Platform/BroxtonPlatformPkg/PlatformDsc/Components.IA32.dsc +++ b/Platform/BroxtonPlatformPkg/PlatformDsc/Components.IA32.dsc @@ -1,7 +1,7 @@ ## @file # Platform Components for IA32 Description. # -# Copyright (c) 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
# # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License @@ -81,6 +81,11 @@ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf CpuPolicyLib|$(PLATFORM_SI_PACKAGE)/Cpu/Library/PeiCpuPolicyLibPreMem/PeiCpuPolicyLibPreMem.inf + !if $(BOOT_GUARD_ENABLE) == TRUE + *_*_IA32_CC_FLAGS = -DBOOT_GUARD_ENABLE=1 + !else + *_*_IA32_CC_FLAGS = -DBOOT_GUARD_ENABLE=0 + !endif !if $(TOOL_CHAIN_TAG) == GCC47 gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0 diff --git a/Platform/BroxtonPlatformPkg/PlatformDsc/Defines.dsc b/Platform/BroxtonPlatformPkg/PlatformDsc/Defines.dsc index ad38d4424..47bb9200b 100644 --- a/Platform/BroxtonPlatformPkg/PlatformDsc/Defines.dsc +++ b/Platform/BroxtonPlatformPkg/PlatformDsc/Defines.dsc @@ -1,7 +1,7 @@ ## @file # Platform Macro Define Description. # -# Copyright (c) 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
# # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License @@ -97,6 +97,7 @@ DEFINE NVM_VARIABLE_ENABLE = TRUE DEFINE USB_DNX_ENABLE = FALSE DEFINE SECURE_BOOT_ENABLE = TRUE + DEFINE BOOT_GUARD_ENABLE = FALSE # # Do not use 0x prefix, pass prefix 0x or postfix h through macro for C or ASM # -- 2.11.0.windows.1