From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2607:f8b0:4864:20::541; helo=mail-pg1-x541.google.com; envelope-from=ming.huang@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-pg1-x541.google.com (mail-pg1-x541.google.com [IPv6:2607:f8b0:4864:20::541]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 0DE0B2117FD5E for ; Sun, 28 Oct 2018 20:33:25 -0700 (PDT) Received: by mail-pg1-x541.google.com with SMTP id k1-v6so1773339pgq.1 for ; Sun, 28 Oct 2018 20:33:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=AA98JXO+OUawNe1u11YZYyXS/sTerPOVa9LJCsx6hEc=; b=TmbmU62C1RnNDMnC0cVnVgHYGh9VgtDfkTzYu37wrz2xGNtt3FpmF6yrl7bA/gaFxA cdUqG0pBll1qerI2kkn5DeIJhxps8kUo77ei48e8BqMgSq/q/NObotuxkX5PHnwwHbGm HGPsHuWHmZODvfh4UTEggYY7+QoQb+JmcRTII= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=AA98JXO+OUawNe1u11YZYyXS/sTerPOVa9LJCsx6hEc=; b=GmDfVSCul4DOBbqUn8n9ag/KoZgmvRs7eHeHG3AOfVduXH11oj20tHcc++8XEFwkAc Wva9n0lMWrUleGXxeTbOz3Y4rR4JvI0waBkAQvpEFXkUGdPVNRIYUHVAikWPb0dEX8jg 5tX4ZWnQ7qCfabFRG2PHJQNy/ikuKPTNeyLzOO0IY+gBHw4WlUz88TFUJR7v4MT9lwYb WjqeB5RGFxG/zWOfbb9bjb8y9qtfLIyC5nfvd6BJQgFqRzQa1/iRmR8MBVUvUX9oiRib L3cpXOFUDDcb+7+VBMYfGcewZJ8VFq68lDSWSEsyPFORTJ53sZSJBxSLy7sjjRD3qjg8 +YFQ== X-Gm-Message-State: AGRZ1gKJVqSXgfhFGbudrFsM62aF8Y8dtZ9CbFdUs9BERW4zWE5HtUsA D0P42LOBiq2mO4omXkPX7W8hfg== X-Google-Smtp-Source: AJdET5enY7iqc6Rsi9lo2PhVQNB3MbA1rMJH4hIh4Vqp81TKOfRVaoQ9vTtqaBdLfNS9WhwQTTBzCQ== X-Received: by 2002:a62:cd47:: with SMTP id o68-v6mr13428875pfg.12.1540784004617; Sun, 28 Oct 2018 20:33:24 -0700 (PDT) Received: from localhost.localdomain ([120.31.149.194]) by smtp.gmail.com with ESMTPSA id j5-v6sm22318872pgm.79.2018.10.28.20.33.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 28 Oct 2018 20:33:23 -0700 (PDT) From: Ming Huang To: leif.lindholm@linaro.org, linaro-uefi@lists.linaro.org, edk2-devel@lists.01.org, graeme.gregory@linaro.org Cc: ard.biesheuvel@linaro.org, michael.d.kinney@intel.com, lersek@redhat.com, wanghuiqiang@huawei.com, huangming23@huawei.com, zhangjinsong2@huawei.com, huangdaode@hisilicon.com, john.garry@huawei.com, xinliang.liu@linaro.org, zhangfeng56@huawei.com, Ming Huang Date: Mon, 29 Oct 2018 11:32:45 +0800 Message-Id: <20181029033249.45363-9-ming.huang@linaro.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20181029033249.45363-1-ming.huang@linaro.org> References: <20181029033249.45363-1-ming.huang@linaro.org> MIME-Version: 1.0 Subject: [PATCH edk2-platforms v1 08/12] Hisilicon/D06: Fix SBBR-SCT AuthVar issue X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Oct 2018 03:33:25 -0000 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Enable secure boot to fix AuthVar issue: RT.SetVariable - Set Invalid Time Base Auth Variable – FAILURE; RT.SetVariable - Create one Time Base Auth Variable, the expect return status should be EFI_SUCCESS – FAILURE. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ming Huang --- Silicon/Hisilicon/Hisilicon.dsc.inc | 16 ++++++++++++++++ Platform/Hisilicon/D06/D06.dsc | 2 +- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/Silicon/Hisilicon/Hisilicon.dsc.inc b/Silicon/Hisilicon/Hisilicon.dsc.inc index 3ac8e20232..6515c0d703 100644 --- a/Silicon/Hisilicon/Hisilicon.dsc.inc +++ b/Silicon/Hisilicon/Hisilicon.dsc.inc @@ -89,8 +89,15 @@ SemihostLib|ArmPkg/Library/SemihostLib/SemihostLib.inf +!if $(SECURE_BOOT_ENABLE) == TRUE + TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree + PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf +!else TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf +!endif # BDS Libraries FdtLib|EmbeddedPkg/Library/FdtLib/FdtLib.inf @@ -217,6 +224,9 @@ !if $(TARGET) != RELEASE DebugLib|MdePkg/Library/DxeRuntimeDebugLibSerialPort/DxeRuntimeDebugLibSerialPort.inf !endif +!if $(SECURE_BOOT_ENABLE) == TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +!endif [LibraryClasses.AARCH64] ArmGenericTimerCounterLib|ArmPkg/Library/ArmGenericTimerPhyCounterLib/ArmGenericTimerPhyCounterLib.inf @@ -326,6 +336,12 @@ gEmbeddedTokenSpaceGuid.PcdTimerPeriod|10000 gArmTokenSpaceGuid.PcdVFPEnabled|1 gEfiMdePkgTokenSpaceGuid.PcdUartDefaultReceiveFifoDepth|32 +!if $(SECURE_BOOT_ENABLE) == TRUE + # override the default values from SecurityPkg to ensure images from all sources are verified in secure boot + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04 + gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x04 + gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x04 +!endif [PcdsDynamicHii.common.DEFAULT] gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|L"Timeout"|gEfiGlobalVariableGuid|0x0|10 # Variable: L"Timeout" diff --git a/Platform/Hisilicon/D06/D06.dsc b/Platform/Hisilicon/D06/D06.dsc index b6ef9fedf0..8ee20342b1 100644 --- a/Platform/Hisilicon/D06/D06.dsc +++ b/Platform/Hisilicon/D06/D06.dsc @@ -30,7 +30,7 @@ FLASH_DEFINITION = Platform/Hisilicon/$(PLATFORM_NAME)/$(PLATFORM_NAME).fdf DEFINE NETWORK_IP6_ENABLE = FALSE DEFINE HTTP_BOOT_ENABLE = FALSE - DEFINE SECURE_BOOT_ENABLE = FALSE + DEFINE SECURE_BOOT_ENABLE = TRUE !include Silicon/Hisilicon/Hisilicon.dsc.inc -- 2.18.0