From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:4864:20::442; helo=mail-wr1-x442.google.com; envelope-from=leif.lindholm@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-wr1-x442.google.com (mail-wr1-x442.google.com [IPv6:2a00:1450:4864:20::442]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E2FEC211B6C22 for ; Thu, 17 Jan 2019 03:14:25 -0800 (PST) Received: by mail-wr1-x442.google.com with SMTP id c14so10595792wrr.0 for ; Thu, 17 Jan 2019 03:14:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=yZY5t14V1bqg+RasdqZeRvlvxcnroxMlIo8WJ4yjj+c=; b=PO+VtRsAFT1qRhHiUKie+Qq8crvbkR5FPtbTpcZG9rnc687PudDBkevL/ngMMsRlaI ZqylUOztlcTzhEzOcRcXCu1rQ65AbvkmVgwuTrGZspWltVBCrZLfMbf72qqlnrQ9cnRI dVMWOk3m4tTaAet7T2OeRy2ZvFEJJCNPU8G6Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=yZY5t14V1bqg+RasdqZeRvlvxcnroxMlIo8WJ4yjj+c=; b=h8oQIeXUgLdv5wXKLuyOk7gZWIffk+ZQq6QvsNCcZv5dTLL8CxEKE5UeZPncP+GuCi muKkweu4mXqJBCj//Lv1/Y025bhFDNOA3iB0H0Mo0HxzG3weCXHAY72RazULw1zxIe7f s2CqIi3e8h033RKs5o6++p3bRriFfgiTLqL8TmRD3Xa4ibxton1VNfgLcov07htX9OIt UUOQPSUxbHPlftm6S9kggJn9yOFwtiKpXJrXpl3Mq2KtkckV9OMV9FBgguA3MX9SO3Zs 30GIOgmzHNBDSQz4zwKer+K4ez6FVQdelCOQopYxF5MOOmZg4DF5maL+j4PG1/Va6zm1 5bxA== X-Gm-Message-State: AJcUukek0fF17Ne3qVZJZBOAGAnZMIXlqJo7rDeYkirGop+ODBGStzUn LWH0qBnsEqxWPa0B6/4Y/XCE8Qzays8= X-Google-Smtp-Source: ALg8bN6CbRBb1fsAuVYoppo3Oyh/0ueYuqfi/Xx80Y34fnYNScILuMXoNd0/T6/5blBVqXhS8g8qDw== X-Received: by 2002:adf:a78a:: with SMTP id j10mr11640247wrc.191.1547723664338; Thu, 17 Jan 2019 03:14:24 -0800 (PST) Received: from bivouac.eciton.net (bivouac.eciton.net. [2a00:1098:0:86:1000:23:0:2]) by smtp.gmail.com with ESMTPSA id j124sm26980293wmb.48.2019.01.17.03.14.23 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 17 Jan 2019 03:14:23 -0800 (PST) Date: Thu, 17 Jan 2019 11:14:22 +0000 From: Leif Lindholm To: Ard Biesheuvel Cc: edk2-devel@lists.01.org, Masahisa Kojima Message-ID: <20190117111422.yuwqcz6ogoah462k@bivouac.eciton.net> References: <20190104144336.8941-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 In-Reply-To: <20190104144336.8941-1-ard.biesheuvel@linaro.org> User-Agent: NeoMutt/20170113 (1.7.2) Subject: Re: [PATCH edk2-platforms 0/7] Silicon/SynQuacer: implement SMM based secure boot X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jan 2019 11:14:26 -0000 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Jan 04, 2019 at 03:43:29PM +0100, Ard Biesheuvel wrote: > Wire up the various pieces so that the authenticated variable store > runs entirely in standalone MM context residing in a secure partition. > > This primarily involves refactoring the platform's NOR flash driver so > we can build a version that can work in the standalone MM context. > Beyond that, it is just a matter of enabling all the boilerplate in > the .DSC and .FDF files. > > Note that the resulting standalone MM firmware volume needs to be > wrapped in a FIP, which is not part of the build sequence. > > Cc: Leif Lindholm > Cc: Masahisa Kojima > > Ard Biesheuvel (7): > Silicon/SynQuacer/Fip006Dxe: drop block I/O and disk I/O routines > Silicon/SynQuacer/Fip006Dxe: factor out DXE specific pieces > Silicon/SynQuacer/Fip006Dxe: implement standalone MM variant > Silicon/SynQuacer/Fip006Dxe: use proper accessor for unaligned access > Platform/DeveloperBox: create shared .DSC include file > Platform/DeveloperBox: add .DSC/.FDF description of MM components > Platform/DeveloperBox: add MM based UEFI secure boot support For the patches I haven't commented on individually: Reviewed-by: Leif Lindholm > .../Socionext/DeveloperBox/DeveloperBox.dsc | 304 +--- > .../DeveloperBox/DeveloperBox.dsc.inc | 315 ++++ > .../Socionext/DeveloperBox/DeveloperBox.fdf | 13 + > .../Socionext/DeveloperBox/DeveloperBoxMm.dsc | 103 ++ > .../Socionext/DeveloperBox/DeveloperBoxMm.fdf | 161 ++ > .../SynQuacer/Drivers/Fip006Dxe/Fip006Dxe.inf | 9 +- > .../Drivers/Fip006Dxe/Fip006StandaloneMm.inf | 71 + > .../SynQuacer/Drivers/Fip006Dxe/NorFlash.c | 1006 +++++++++++++ > .../Fip006Dxe/{NorFlashDxe.h => NorFlash.h} | 93 +- > .../Drivers/Fip006Dxe/NorFlashBlockIoDxe.c | 138 -- > .../SynQuacer/Drivers/Fip006Dxe/NorFlashDxe.c | 1341 ++--------------- > .../{NorFlashFvbDxe.c => NorFlashFvb.c} | 197 +-- > .../SynQuacer/Drivers/Fip006Dxe/NorFlashSmm.c | 182 +++ > 13 files changed, 2076 insertions(+), 1857 deletions(-) > create mode 100644 Platform/Socionext/DeveloperBox/DeveloperBox.dsc.inc > create mode 100644 Platform/Socionext/DeveloperBox/DeveloperBoxMm.dsc > create mode 100644 Platform/Socionext/DeveloperBox/DeveloperBoxMm.fdf > create mode 100644 Silicon/Socionext/SynQuacer/Drivers/Fip006Dxe/Fip006StandaloneMm.inf > create mode 100644 Silicon/Socionext/SynQuacer/Drivers/Fip006Dxe/NorFlash.c > rename Silicon/Socionext/SynQuacer/Drivers/Fip006Dxe/{NorFlashDxe.h => NorFlash.h} (85%) > delete mode 100644 Silicon/Socionext/SynQuacer/Drivers/Fip006Dxe/NorFlashBlockIoDxe.c > rename Silicon/Socionext/SynQuacer/Drivers/Fip006Dxe/{NorFlashFvbDxe.c => NorFlashFvb.c} (76%) > create mode 100644 Silicon/Socionext/SynQuacer/Drivers/Fip006Dxe/NorFlashSmm.c > > -- > 2.17.1 >