From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web11.16180.1590684079040796061 for ; Thu, 28 May 2020 09:41:19 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.151, mailfrom: jorge.hernandez.beltran@intel.com) IronPort-SDR: qz0bRs7r3R+MB4qWCCJbZekr5P9Sb/rKekLSoR1sGQNP2ZAbXs/22P5RFHE+M47+JZJnbtyYqo kb0OSYHYzs7g== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 May 2020 09:41:17 -0700 IronPort-SDR: 7C5DtgCC0LjVdJGEHR4t76aZFPqpLqmUrsdEv8YKDTUy5uDBEqDwFm7upkhvQ/j98lIDFjXmTH uWCyYxKM3c4Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,445,1583222400"; d="scan'208";a="469194041" Received: from gmsappbios10.amr.corp.intel.com ([10.219.36.240]) by fmsmga006.fm.intel.com with ESMTP; 28 May 2020 09:41:17 -0700 From: Jorge Hernandez Beltran To: devel@edk2.groups.io Cc: liming.gao@intel.com, paul.a.lohr@intel.com, jorge.hernandez.beltran@intel.com Subject: [Patch 1/1] [Edk2Platforms] FitGen: Update FitGen tool to be compliance with the FIT specification revision 1.2 Date: Thu, 28 May 2020 11:41:02 -0500 Message-Id: <20200528164102.31576-1-jorge.hernandez.beltran@intel.com> X-Mailer: git-send-email 2.16.2.windows.1 BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2687 FIT specification revision 1.2 was recently released to the open community. Revision 1.2 updates CSE Secure Boot Rules in section 4.12, and adds 2 new entry sub-types used to distinguish the CSE entries. Signed-off-by: Jorge Hernandez Beltran --- Silicon/Intel/Tools/FitGen/FitGen.c | 152 +++++++++++++++++++++++++++--------- Silicon/Intel/Tools/FitGen/FitGen.h | 2 +- 2 files changed, 114 insertions(+), 40 deletions(-) diff --git a/Silicon/Intel/Tools/FitGen/FitGen.c b/Silicon/Intel/Tools/FitGen/FitGen.c index 75d8932d90ac..c4006e69c822 100644 --- a/Silicon/Intel/Tools/FitGen/FitGen.c +++ b/Silicon/Intel/Tools/FitGen/FitGen.c @@ -226,6 +226,8 @@ typedef struct { #define FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST 12 #define FIT_TABLE_TYPE_BIOS_DATA_AREA 13 #define FIT_TABLE_TYPE_CSE_SECURE_BOOT 16 +#define FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST 12 +#define FIT_TABLE_SUBTYPE_ACM_MANIFEST 13 // // With OptionalModule Address isn't known until free space has been @@ -236,6 +238,7 @@ typedef struct { // typedef struct { UINT32 Type; + UINT32 SubType; // Used by OptionalModule only UINT32 Address; UINT8 *Buffer; // Used by OptionalModule only UINT32 Size; @@ -295,7 +298,7 @@ Returns: --*/ { printf ( - "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec revision 1.1."" Version %i.%i\n\n", + "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec revision 1.2."" Version %i.%i\n\n", UTILITY_NAME, UTILITY_MAJOR_VERSION, UTILITY_MINOR_VERSION @@ -334,7 +337,7 @@ Returns: "\t[-U |]\n" "\t[-B ] [-B ...] [-V ]\n" "\t[-M ] [-M ...]|[-U ||] [-V ]\n" - "\t[-O RecordType ||| [-V ]] [-O ... [-V ...]]\n" + "\t[-O RecordType |||| [-V ]] [-O ... [-V ...]]\n" "\t[-P RecordType [-V ]] [-P ... [-V ...]]\n" , UTILITY_NAME); printf (" Where:\n"); @@ -366,6 +369,7 @@ Returns: printf ("\tRecordDataSize - FIT entry record data size.\n"); printf ("\tRecordDataGuid - FIT entry record data GUID.\n"); printf ("\tRecordBinFile - FIT entry record data binary file.\n"); + printf ("\tCseRecordSubType - FIT entry record subtype. Use to further distinguish CSE entries (see FIT spec revision 1.2 chapter 4.12).\n"); printf ("\tFitEntryDefaultVersion - The default version for all FIT table entries. 0x%04x is used if this is not specified.\n", DEFAULT_FIT_ENTRY_VERSION); printf ("\tFitHeaderVersion - The version for FIT header. (Override default version)\n"); printf ("\tStartupAcmVersion - The version for StartupAcm. (Override default version)\n"); @@ -857,6 +861,7 @@ Returns: UINT8 *FileBuffer; UINT32 FileSize; UINT32 Type; + UINT32 SubType; UINT8 *MicrocodeFileBuffer; UINT8 *MicrocodeFileBufferRaw; UINT32 MicrocodeFileSize; @@ -1608,26 +1613,22 @@ Returns: } Type = xtoi (argv[Index + 1]); // - // 1st, try GUID + // 1st, try CSE entry sub-type // - if (IsGuidData (argv[Index + 2], &Guid)) { - FileBuffer = FindFileFromFvByGuid (FdBuffer, FdSize, &Guid, &FileSize); - if (FileBuffer == NULL) { - Error (NULL, 0, 0, "-O Parameter incorrect, GUID not found!", "%s", argv[Index + 2]); - // not found - return 0; - } - if (FileSize >= 0x80000000) { - Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL); - return 0; + SubType = 0; + if (Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) { + if (Index + 3 >= argc) { + break; } - FileBuffer = (UINT8 *)MEMORY_TO_FLASH (FileBuffer, FdBuffer, FdSize); - Index += 3; - } else { + SubType = xtoi (argv[Index + 2]); // - // 2nd, try file + // try file // - Status = ReadInputFile (argv[Index + 2], &FileBuffer, &FileSize, NULL); + if (SubType != FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST && SubType != FIT_TABLE_SUBTYPE_ACM_MANIFEST) { + Error (NULL, 0, 0, "-O Parameter incorrect, SubType unsupported!", NULL); + return 0; + } + Status = ReadInputFile (argv[Index + 3], &FileBuffer, &FileSize, NULL); if (Status == STATUS_SUCCESS) { if (FileSize >= 0x80000000) { Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL); @@ -1640,48 +1641,90 @@ Returns: // Assume the file size should < 2G. // FileSize |= 0x80000000; + Index += 4; + } else { + if (Status == STATUS_WARNING) { + Error (NULL, 0, 0, "-O Parameter incorrect, Unable to open file", argv[Index + 3]); + } + return 0; + } + } else { + // + // 2nd, try GUID + // + if (IsGuidData (argv[Index + 2], &Guid)) { + FileBuffer = FindFileFromFvByGuid (FdBuffer, FdSize, &Guid, &FileSize); + if (FileBuffer == NULL) { + Error (NULL, 0, 0, "-O Parameter incorrect, GUID not found!", "%s", argv[Index + 2]); + // not found + return 0; + } + if (FileSize >= 0x80000000) { + Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL); + return 0; + } + FileBuffer = (UINT8 *)MEMORY_TO_FLASH (FileBuffer, FdBuffer, FdSize); Index += 3; } else { // - // 3rd, try + // 3rd, try file // - if (Index + 3 >= argc) { - break; - } - if ((strcmp (argv[Index + 2], "RESERVE") == 0) || - (strcmp (argv[Index + 2], "reserve") == 0)) { - FileSize = xtoi (argv[Index + 3]); + Status = ReadInputFile (argv[Index + 2], &FileBuffer, &FileSize, NULL); + if (Status == STATUS_SUCCESS) { if (FileSize >= 0x80000000) { Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL); + free (FileBuffer); return 0; } - FileBuffer = malloc (FileSize); - if (FileBuffer == NULL) { - Error (NULL, 0, 0, "No sufficient memory to allocate!", NULL); - return 0; - } - SetMem (FileBuffer, FileSize, 0xFF); // // Set the most significant bit // It means the data in memory, not in flash yet. // Assume the file size should < 2G. // FileSize |= 0x80000000; - Index += 4; + Index += 3; } else { // - // 4th, try + // 4th, try // if (Index + 3 >= argc) { break; } - FileBuffer = (UINT8 *) (UINTN) xtoi (argv[Index + 2]); - FileSize = xtoi (argv[Index + 3]); - if (FileSize >= 0x80000000) { - Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL); - return 0; + if ((strcmp (argv[Index + 2], "RESERVE") == 0) || + (strcmp (argv[Index + 2], "reserve") == 0)) { + FileSize = xtoi (argv[Index + 3]); + if (FileSize >= 0x80000000) { + Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL); + return 0; + } + FileBuffer = malloc (FileSize); + if (FileBuffer == NULL) { + Error (NULL, 0, 0, "No sufficient memory to allocate!", NULL); + return 0; + } + SetMem (FileBuffer, FileSize, 0xFF); + // + // Set the most significant bit + // It means the data in memory, not in flash yet. + // Assume the file size should < 2G. + // + FileSize |= 0x80000000; + Index += 4; + } else { + // + // 5th, try + // + if (Index + 3 >= argc) { + break; + } + FileBuffer = (UINT8 *) (UINTN) xtoi (argv[Index + 2]); + FileSize = xtoi (argv[Index + 3]); + if (FileSize >= 0x80000000) { + Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL); + return 0; + } + Index += 4; } - Index += 4; } } } @@ -1691,6 +1734,9 @@ Returns: return 0; } gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].Type = Type; + if (gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) { + gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].SubType = SubType; + } gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].Address = (UINT32) (UINTN) FileBuffer; gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].Buffer = FileBuffer; gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].Size = FileSize; @@ -2055,6 +2101,23 @@ Returns: return ; } +CHAR8 *mFitCseSubTypeStr[] = { + "CSE_RSVD ", + "CSE_K_HASH1", + "CSE_M_HASH ", + "CSE_BPOLICY", + "CSE_OTHR_BP", + "CSE_OEMSMIP", + "CSE_MRCDATA", + "CSE_IBBL_H ", + "CSE_IBB_H ", + "CSE_OEM_ID ", + "CSEOEMSKUID", + "CSE_BD_IND ", + "CSE_FPM ", + "CSE_ACMM " +}; + CHAR8 *mFitTypeStr[] = { " ", "MICROCODE ", @@ -2103,6 +2166,14 @@ Returns: return mFitSignatureInHeader; } if (FitEntry->Type < sizeof (mFitTypeStr)/sizeof(mFitTypeStr[0])) { + if (FitEntry->Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) { + // + // "Reserved" field is used to distinguish CSE Secure Boot entries (see FIT spec revision 1.2) + // + if (FitEntry->Rsvd < sizeof (mFitCseSubTypeStr)/sizeof(mFitCseSubTypeStr[0])) { + return mFitCseSubTypeStr[FitEntry->Rsvd]; + } + } return mFitTypeStr[FitEntry->Type]; } else { return " "; @@ -2675,6 +2746,9 @@ Returns: *(UINT32 *)&FitEntry[FitIndex].Size[0] = gFitTableContext.OptionalModule[Index].Size; FitEntry[FitIndex].Version = (UINT16)gFitTableContext.OptionalModule[Index].Version; FitEntry[FitIndex].Type = (UINT8)gFitTableContext.OptionalModule[Index].Type; + if (FitEntry[FitIndex].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) { + FitEntry[FitIndex].Rsvd = (UINT8)gFitTableContext.OptionalModule[Index].SubType; + } FitEntry[FitIndex].C_V = 0; FitEntry[FitIndex].Checksum = 0; FitIndex++; diff --git a/Silicon/Intel/Tools/FitGen/FitGen.h b/Silicon/Intel/Tools/FitGen/FitGen.h index cb9274b4175e..abad2d8799c8 100644 --- a/Silicon/Intel/Tools/FitGen/FitGen.h +++ b/Silicon/Intel/Tools/FitGen/FitGen.h @@ -31,7 +31,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // Utility version information // #define UTILITY_MAJOR_VERSION 0 -#define UTILITY_MINOR_VERSION 61 +#define UTILITY_MINOR_VERSION 62 #define UTILITY_DATE __DATE__ // -- 2.16.2.windows.1