From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ard.biesheuvel@linaro.org>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=2a00:1450:4864:20::542; helo=mail-ed1-x542.google.com;
 envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org 
Received: from mail-ed1-x542.google.com (mail-ed1-x542.google.com
 [IPv6:2a00:1450:4864:20::542])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id D3A7A211AE8D3
 for <edk2-devel@lists.01.org>; Fri,  4 Jan 2019 06:43:42 -0800 (PST)
Received: by mail-ed1-x542.google.com with SMTP id f23so32000607edb.3
 for <edk2-devel@lists.01.org>; Fri, 04 Jan 2019 06:43:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=from:to:cc:subject:date:message-id;
 bh=rYSNf66LQZbOWNj2heIxB2LcEH/VonExswX2VwXWK3Q=;
 b=FQPP9C08nhKjCE1lPiNUAxV2CWrIDhECGjeWi3PbJYtLX4QGAwWfdeAFW4q5dvmOWl
 8XIOzUG28/qGa5kvIZTNGX+Bbc8xzhRHkglQ26GmFVZNtYtHiQMSqkRjLoeWQG9Jfd55
 IPPt8VJbR+6N0II6cjgfy3EWblwu3Pa1m8oP8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id;
 bh=rYSNf66LQZbOWNj2heIxB2LcEH/VonExswX2VwXWK3Q=;
 b=M9Fs7xre6YEKCb63L2S/+qhtqkTWj4d2qralrz0J7Cso9ChlwSjkIXEc3gu/ZpBJ4R
 x+my0+c+4IcWRpSX5vGBq5jw7RZWNXt+oXFVn7bVE0zOuz00V/emBk2Z/NOn06RIJDF8
 N35tIs8Z+mS122iE+Hg3qyFus0AwPIjtIVVg4SyuqZY6RABCnjiDa5BI9M1Lm+3GwE9/
 KsJfPCR0Ix5K6aha6n+iCPvIEJXJPRIHPsx7IgSOW5BoZgo9jkYJb3L/oWERMsJPe1b1
 dFVv0s7M+Q78MB0KLeix7yufxFZl7WIQ7VaIuwV3Oy+c3rGXsLwcunGAk7kPXFNI6Lfh
 H0Gg==
X-Gm-Message-State: AA+aEWbphGvESW3S/WHiqO9eLhhdzTthtzovlckn+uTDImksHrWYMXgu
 v3ZNb+YBbFYNgmnXXFjHlRz9eZtVqIl18w==
X-Google-Smtp-Source: AFSGD/WJT5OhCwSLbKcbKawFIwQZ7TrSJ+xZVlzB1LSjAu8lH0jWWGJVhMUAJHoNDkTOWD/4eITshQ==
X-Received: by 2002:a50:9665:: with SMTP id y92mr45004407eda.282.1546613020742; 
 Fri, 04 Jan 2019 06:43:40 -0800 (PST)
Received: from dogfood.home ([2a01:cb1d:112:6f00:183a:9013:d5a3:37a8])
 by smtp.gmail.com with ESMTPSA id q16sm21608226eds.60.2019.01.04.06.43.39
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 04 Jan 2019 06:43:39 -0800 (PST)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: edk2-devel@lists.01.org
Date: Fri,  4 Jan 2019 15:43:29 +0100
Message-Id: <20190104144336.8941-1-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.17.1
Subject: [PATCH edk2-platforms 0/7] Silicon/SynQuacer: implement SMM based secure boot
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jan 2019 14:43:43 -0000

Wire up the various pieces so that the authenticated variable store
runs entirely in standalone MM context residing in a secure partition.

This primarily involves refactoring the platform's NOR flash driver so
we can build a version that can work in the standalone MM context.
Beyond that, it is just a matter of enabling all the boilerplate in
the .DSC and .FDF files.

Note that the resulting standalone MM firmware volume needs to be
wrapped in a FIP, which is not part of the build sequence.

Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Masahisa Kojima <masahisa.kojima@linaro.org>

Ard Biesheuvel (7):
  Silicon/SynQuacer/Fip006Dxe: drop block I/O and disk I/O routines
  Silicon/SynQuacer/Fip006Dxe: factor out DXE specific pieces
  Silicon/SynQuacer/Fip006Dxe: implement standalone MM variant
  Silicon/SynQuacer/Fip006Dxe: use proper accessor for unaligned access
  Platform/DeveloperBox: create shared .DSC include file
  Platform/DeveloperBox: add .DSC/.FDF description of MM components
  Platform/DeveloperBox: add MM based UEFI secure boot support

 .../Socionext/DeveloperBox/DeveloperBox.dsc   |  304 +---
 .../DeveloperBox/DeveloperBox.dsc.inc         |  315 ++++
 .../Socionext/DeveloperBox/DeveloperBox.fdf   |   13 +
 .../Socionext/DeveloperBox/DeveloperBoxMm.dsc |  103 ++
 .../Socionext/DeveloperBox/DeveloperBoxMm.fdf |  161 ++
 .../SynQuacer/Drivers/Fip006Dxe/Fip006Dxe.inf |    9 +-
 .../Drivers/Fip006Dxe/Fip006StandaloneMm.inf  |   71 +
 .../SynQuacer/Drivers/Fip006Dxe/NorFlash.c    | 1006 +++++++++++++
 .../Fip006Dxe/{NorFlashDxe.h => NorFlash.h}   |   93 +-
 .../Drivers/Fip006Dxe/NorFlashBlockIoDxe.c    |  138 --
 .../SynQuacer/Drivers/Fip006Dxe/NorFlashDxe.c | 1341 ++---------------
 .../{NorFlashFvbDxe.c => NorFlashFvb.c}       |  197 +--
 .../SynQuacer/Drivers/Fip006Dxe/NorFlashSmm.c |  182 +++
 13 files changed, 2076 insertions(+), 1857 deletions(-)
 create mode 100644 Platform/Socionext/DeveloperBox/DeveloperBox.dsc.inc
 create mode 100644 Platform/Socionext/DeveloperBox/DeveloperBoxMm.dsc
 create mode 100644 Platform/Socionext/DeveloperBox/DeveloperBoxMm.fdf
 create mode 100644 Silicon/Socionext/SynQuacer/Drivers/Fip006Dxe/Fip006StandaloneMm.inf
 create mode 100644 Silicon/Socionext/SynQuacer/Drivers/Fip006Dxe/NorFlash.c
 rename Silicon/Socionext/SynQuacer/Drivers/Fip006Dxe/{NorFlashDxe.h => NorFlash.h} (85%)
 delete mode 100644 Silicon/Socionext/SynQuacer/Drivers/Fip006Dxe/NorFlashBlockIoDxe.c
 rename Silicon/Socionext/SynQuacer/Drivers/Fip006Dxe/{NorFlashFvbDxe.c => NorFlashFvb.c} (76%)
 create mode 100644 Silicon/Socionext/SynQuacer/Drivers/Fip006Dxe/NorFlashSmm.c

-- 
2.17.1