From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <lersek@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id AFAE621A1348D
 for <edk2-devel@lists.01.org>; Fri,  5 May 2017 14:03:03 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 2BA104DD5F;
 Fri,  5 May 2017 21:03:03 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 2BA104DD5F
Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com;
 dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com;
 spf=pass smtp.mailfrom=lersek@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 2BA104DD5F
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-120.phx2.redhat.com
 [10.3.116.120])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 5FEAB777E8;
 Fri,  5 May 2017 21:03:02 +0000 (UTC)
From: Laszlo Ersek <lersek@redhat.com>
To: edk2-devel-01 <edk2-devel@lists.01.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Date: Fri,  5 May 2017 23:02:52 +0200
Message-Id: <20170505210258.28141-2-lersek@redhat.com>
In-Reply-To: <20170505210258.28141-1-lersek@redhat.com>
References: <20170505210258.28141-1-lersek@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.38]); Fri, 05 May 2017 21:03:03 +0000 (UTC)
Subject: [PATCH 1/7] OvmfPkg/EmuVariableFvbRuntimeDxe: always format an auth varstore header
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Fri, 05 May 2017 21:03:03 -0000

In this patch, we extend commit d92eaabefbe0 ("OvmfPkg: simplify
VARIABLE_STORE_HEADER generation", 2016-02-05) to
EmuVariableFvbRuntimeDxe.

This is the difference between FvAndVarTemplate and
FvAndAuthenticatedVarTemplate:

> --- non-auth    2017-05-05 22:32:06.001512283 +0200
> +++ auth        2017-05-05 22:32:18.841364882 +0200
> @@ -1,7 +1,7 @@
>    //
> -  // Templates for standard (non-authenticated) variable FV header
> +  // Templates for authenticated variable FV header
>    //
> -  STATIC FVB_FV_HDR_AND_VARS_TEMPLATE FvAndVarTemplate = {
> +  STATIC FVB_FV_HDR_AND_VARS_TEMPLATE FvAndAuthenticatedVarTemplate = {
>      { // EFI_FIRMWARE_VOLUME_HEADER FvHdr;
>        // UINT8                     ZeroVector[16];
>        { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
> @@ -34,7 +34,7 @@
>        EFI_FVH_REVISION,
>
>        // EFI_FV_BLOCK_MAP_ENTRY    BlockMap[1];
> -      {
> +      {
>          {
>            2, // UINT32 NumBlocks;
>            EMU_FVB_BLOCK_SIZE  // UINT32 Length;
> @@ -44,8 +44,8 @@
>      // EFI_FV_BLOCK_MAP_ENTRY     EndBlockMap;
>      { 0, 0 }, // End of block map
>      { // VARIABLE_STORE_HEADER      VarHdr;
> -      // EFI_GUID  Signature;
> -      EFI_VARIABLE_GUID,
> +        // EFI_GUID  Signature;     // need authenticated variables for secure boot
> +        EFI_AUTHENTICATED_VARIABLE_GUID,
>
>        // UINT32  Size;
>        (

After this change, using "-bios", the variable driver logs:

- with the SB feature enabled:
> Variable driver will work with auth variable format!
> Variable driver will work with auth variable support!

- with the SB feature disabled:
> Variable driver will work with auth variable format!
> Variable driver will continue to work without auth variable support!

Cc: Jordan Justen <jordan.l.justen@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
 OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf |  3 -
 OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c   | 79 ++------------------
 2 files changed, 5 insertions(+), 77 deletions(-)

diff --git a/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf b/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf
index 4d4827decb52..69b3c9972a76 100644
--- a/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf
+++ b/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf
@@ -68,9 +68,6 @@ [Pcd]
   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase
   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved
 
-[FeaturePcd]
-  gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootEnable
-
 [Depex]
   TRUE
 
diff --git a/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c b/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c
index dec6d4af50df..7a6d3153ec8c 100644
--- a/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c
+++ b/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c
@@ -626,75 +626,6 @@ InitializeFvAndVariableStoreHeaders (
   )
 {
   //
-  // Templates for standard (non-authenticated) variable FV header
-  //
-  STATIC FVB_FV_HDR_AND_VARS_TEMPLATE FvAndVarTemplate = {
-    { // EFI_FIRMWARE_VOLUME_HEADER FvHdr;
-      // UINT8                     ZeroVector[16];
-      { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
-
-      // EFI_GUID                  FileSystemGuid;
-      EFI_SYSTEM_NV_DATA_FV_GUID,
-
-      // UINT64                    FvLength;
-      EMU_FVB_SIZE,
-
-      // UINT32                    Signature;
-      EFI_FVH_SIGNATURE,
-
-      // EFI_FVB_ATTRIBUTES_2      Attributes;
-      0x4feff,
-
-      // UINT16                    HeaderLength;
-      EMU_FV_HEADER_LENGTH,
-
-      // UINT16                    Checksum;
-      0,
-
-      // UINT16                    ExtHeaderOffset;
-      0,
-
-      // UINT8                     Reserved[1];
-      {0},
-
-      // UINT8                     Revision;
-      EFI_FVH_REVISION,
-
-      // EFI_FV_BLOCK_MAP_ENTRY    BlockMap[1];
-      { 
-        {
-          2, // UINT32 NumBlocks;
-          EMU_FVB_BLOCK_SIZE  // UINT32 Length;
-        }
-      }
-    },
-    // EFI_FV_BLOCK_MAP_ENTRY     EndBlockMap;
-    { 0, 0 }, // End of block map
-    { // VARIABLE_STORE_HEADER      VarHdr;
-      // EFI_GUID  Signature;
-      EFI_VARIABLE_GUID,
-
-      // UINT32  Size;
-      (
-        FixedPcdGet32 (PcdVariableStoreSize) -
-        OFFSET_OF (FVB_FV_HDR_AND_VARS_TEMPLATE, VarHdr)
-      ),
-
-      // UINT8   Format;
-      VARIABLE_STORE_FORMATTED,
-
-      // UINT8   State;
-      VARIABLE_STORE_HEALTHY,
-
-      // UINT16  Reserved;
-      0,
-
-      // UINT32  Reserved1;
-      0
-    }
-  };
-
-  //
   // Templates for authenticated variable FV header
   //
   STATIC FVB_FV_HDR_AND_VARS_TEMPLATE FvAndAuthenticatedVarTemplate = {
@@ -768,11 +699,11 @@ InitializeFvAndVariableStoreHeaders (
   //
   // Copy the template structure into the location
   //
-  if (FeaturePcdGet (PcdSecureBootEnable) == FALSE) {
-    CopyMem (Ptr, (VOID*)&FvAndVarTemplate, sizeof (FvAndVarTemplate));
-  } else {
-    CopyMem (Ptr, (VOID*)&FvAndAuthenticatedVarTemplate, sizeof (FvAndAuthenticatedVarTemplate));
-  }
+  CopyMem (
+    Ptr,
+    &FvAndAuthenticatedVarTemplate,
+    sizeof FvAndAuthenticatedVarTemplate
+    );
 
   //
   // Update the checksum for the FV header
-- 
2.9.3