From: Star Zeng <star.zeng@intel.com>
To: edk2-devel@lists.01.org
Cc: Star Zeng <star.zeng@intel.com>, Liming Gao <liming.gao@intel.com>
Subject: [PATCH 5/5] IntelFrameworkModulePkg FwVolDxe: Get FV auth status propagated from PEI
Date: Wed, 4 Oct 2017 22:21:21 +0800 [thread overview]
Message-ID: <20171004142121.7404-6-star.zeng@intel.com> (raw)
In-Reply-To: <20171004142121.7404-1-star.zeng@intel.com>
FV3 HOB was introduced by new (>= 1.5) PI spec, it is intended to
be used to propagate PEI-phase FV authentication status to DXE.
This patch is to update FwVolDxe to get the authentication status
propagated from PEI-phase to DXE by FV3 HOB when producing FV
protocol.
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
.../Universal/FirmwareVolume/FwVolDxe/FwVol.c | 73 ++++++++++++++++------
.../FirmwareVolume/FwVolDxe/FwVolDriver.h | 3 +-
.../Universal/FirmwareVolume/FwVolDxe/FwVolDxe.inf | 4 +-
3 files changed, 57 insertions(+), 23 deletions(-)
diff --git a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c
index 65a292db6b91..91fcd4721244 100644
--- a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c
+++ b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c
@@ -4,7 +4,7 @@
Layers on top of Firmware Block protocol to produce a file abstraction
of FV based files.
- Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions
@@ -195,7 +195,7 @@ FreeFvDeviceResource (
/**
Firmware volume inherits authentication status from the FV image file and section(in another firmware volume)
- where it came from.
+ where it came from or propagated from PEI-phase.
@param FvDevice A pointer to the FvDevice.
@@ -205,26 +205,30 @@ FwVolInheritAuthenticationStatus (
IN FV_DEVICE *FvDevice
)
{
- EFI_STATUS Status;
- EFI_FIRMWARE_VOLUME_HEADER *CachedFvHeader;
- EFI_FIRMWARE_VOLUME_EXT_HEADER *CachedFvExtHeader;
- EFI_FIRMWARE_VOLUME2_PROTOCOL *ParentFvProtocol;
- UINTN Key;
- EFI_GUID FileNameGuid;
- EFI_FV_FILETYPE FileType;
- EFI_FV_FILE_ATTRIBUTES FileAttributes;
- UINTN FileSize;
- EFI_SECTION_TYPE SectionType;
- UINT32 AuthenticationStatus;
- EFI_FIRMWARE_VOLUME_HEADER *FvHeader;
- EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;
- UINTN BufferSize;
-
- CachedFvHeader = (EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) FvDevice->CachedFv;
+ EFI_STATUS Status;
+ EFI_FIRMWARE_VOLUME_HEADER *CachedFvHeader;
+ EFI_FIRMWARE_VOLUME_EXT_HEADER *CachedFvExtHeader;
+ EFI_FIRMWARE_VOLUME2_PROTOCOL *ParentFvProtocol;
+ UINTN Key;
+ EFI_GUID FileNameGuid;
+ EFI_FV_FILETYPE FileType;
+ EFI_FV_FILE_ATTRIBUTES FileAttributes;
+ UINTN FileSize;
+ EFI_SECTION_TYPE SectionType;
+ UINT32 AuthenticationStatus;
+ EFI_FIRMWARE_VOLUME_HEADER *FvHeader;
+ EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;
+ UINTN BufferSize;
+ EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *Fvb;
+ EFI_FVB_ATTRIBUTES_2 FvbAttributes;
+ EFI_PHYSICAL_ADDRESS BaseAddress;
+ EFI_PEI_HOB_POINTERS Fv3Hob;
if (FvDevice->Fv.ParentHandle != NULL) {
+ CachedFvHeader = (EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) FvDevice->CachedFv;
+
//
- // By Parent Handle, find out the FV image file and section(in another firmware volume) where the firmware volume came from
+ // By Parent Handle, find out the FV image file and section(in another firmware volume) where the firmware volume came from
//
Status = gBS->HandleProtocol (FvDevice->Fv.ParentHandle, &gEfiFirmwareVolume2ProtocolGuid, (VOID **) &ParentFvProtocol);
if (!EFI_ERROR (Status) && (ParentFvProtocol != NULL)) {
@@ -258,7 +262,7 @@ FwVolInheritAuthenticationStatus (
if (!EFI_ERROR (Status)) {
if ((FvHeader->FvLength == CachedFvHeader->FvLength) &&
(FvHeader->ExtHeaderOffset == CachedFvHeader->ExtHeaderOffset)) {
- if (FvHeader->ExtHeaderOffset !=0) {
+ if (FvHeader->ExtHeaderOffset != 0) {
//
// Both FVs contain extension header, then compare their FV Name GUID
//
@@ -292,6 +296,35 @@ FwVolInheritAuthenticationStatus (
}
} while (TRUE);
}
+ } else {
+ Fvb = FvDevice->Fvb;
+
+ Status = Fvb->GetAttributes (Fvb, &FvbAttributes);
+ if (EFI_ERROR (Status)) {
+ return;
+ }
+
+ if ((FvbAttributes & EFI_FVB2_MEMORY_MAPPED) != 0) {
+ //
+ // Get volume base address
+ //
+ Status = Fvb->GetPhysicalAddress (Fvb, &BaseAddress);
+ if (EFI_ERROR (Status)) {
+ return;
+ }
+
+ //
+ // Get the authentication status propagated from PEI-phase to DXE.
+ //
+ Fv3Hob.Raw = GetHobList ();
+ while ((Fv3Hob.Raw = GetNextHob (EFI_HOB_TYPE_FV3, Fv3Hob.Raw)) != NULL) {
+ if (Fv3Hob.FirmwareVolume3->BaseAddress == BaseAddress) {
+ FvDevice->AuthenticationStatus = Fv3Hob.FirmwareVolume3->AuthenticationStatus;
+ return;
+ }
+ Fv3Hob.Raw = GET_NEXT_HOB (Fv3Hob);
+ }
+ }
}
}
diff --git a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDriver.h b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDriver.h
index b1646dd39edf..b14a488ead88 100644
--- a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDriver.h
+++ b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDriver.h
@@ -1,7 +1,7 @@
/** @file
Common defines and definitions for a FwVolDxe driver.
- Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions
@@ -33,6 +33,7 @@
#include <Library/BaseMemoryLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/UefiBootServicesTableLib.h>
+#include <Library/HobLib.h>
#define FV_DEVICE_SIGNATURE SIGNATURE_32 ('_', 'F', 'V', '_')
diff --git a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDxe.inf b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDxe.inf
index 057266bb2b68..6844afb063e7 100644
--- a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDxe.inf
+++ b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDxe.inf
@@ -4,7 +4,7 @@
# This driver produces Firmware Volume2 protocol with full services
# (read/write, get/set) based on Firmware Volume Block protocol.
#
-# Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials are
# licensed and made available under the terms and conditions of the BSD License
@@ -55,7 +55,7 @@ [LibraryClasses]
UefiLib
UefiDriverEntryPoint
DebugLib
-
+ HobLib
[Guids]
gEfiFirmwareVolumeTopFileGuid ## CONSUMES ## File # VTF file
--
2.13.3.windows.1
next prev parent reply other threads:[~2017-10-04 14:18 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-04 14:21 [PATCH 0/5] Propagate PEI-phase FV authentication status to DXE Star Zeng
2017-10-04 14:21 ` [PATCH 1/5] MdePkg PiHob.h: Add FV3 HOB definitions Star Zeng
2017-10-04 14:21 ` [PATCH 2/5] MdePkg HobLib: Add BuildFv3Hob API Star Zeng
2017-10-04 15:38 ` Laszlo Ersek
2017-10-05 6:46 ` Zeng, Star
2017-10-04 14:21 ` [PATCH 3/5] IntelFrameworkPkg PeiHobLibFramework: Implement BuildFv3Hob Star Zeng
2017-10-04 14:21 ` [PATCH 4/5] MdeModulePkg Core: Propagate PEI-phase FV authentication status to DXE Star Zeng
2017-10-04 14:21 ` Star Zeng [this message]
2017-10-09 7:44 ` [PATCH 0/5] " Gao, Liming
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171004142121.7404-6-star.zeng@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox