From: lin.z.chen@intel.com
To: devel@edk2.groups.io
Cc: Chen Lin Z <lin.z.chen@intel.com>,
Bob Feng <bob.c.feng@intel.com>,
Liming Gao <gaoliming@byosoft.com.cn>
Subject: [PATCH] BaseTools: Add authenticated variable store support
Date: Thu, 4 Nov 2021 11:28:53 +0000 [thread overview]
Message-ID: <20211104112853.24929-1-lin.z.chen@intel.com> (raw)
In order to support secure boot with authenticated type variable store
and non secure boot with normal type variable store, add one flag to
switch them.
User can append '-D VPD_AUTHENTICATED_VARIABLE_STORE' to build command
to enable authenticated type varaible store.
Also, user can add 'VPD_AUTHENTICATED_VARIABLE_STORE = TRUE/FALSE' to the
defines section of Dsc file to switch authenticated/normal type variable
store.
VPD_AUTHENTICATED_VARIABLE_STORE is a new reserved key word for this function.
Signed-off-by: Chen Lin Z <lin.z.chen@intel.com>
Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
---
BaseTools/Source/Python/AutoGen/GenVar.py | 57 ++++++++++++++++++-
BaseTools/Source/Python/Common/DataType.py | 1 +
.../Source/Python/Workspace/DscBuildData.py | 4 ++
3 files changed, 59 insertions(+), 3 deletions(-)
diff --git a/BaseTools/Source/Python/AutoGen/GenVar.py b/BaseTools/Source/Python/AutoGen/GenVar.py
index 591ef3df55..3f3dc69e90 100644
--- a/BaseTools/Source/Python/AutoGen/GenVar.py
+++ b/BaseTools/Source/Python/AutoGen/GenVar.py
@@ -15,6 +15,7 @@ from Common.VariableAttributes import VariableAttributes
from Common.Misc import *
import collections
import Common.DataType as DataType
+import Common.GlobalData as GlobalData
var_info = collections.namedtuple("uefi_var", "pcdindex,pcdname,defaultstoragename,skuname,var_name, var_guid, var_offset,var_attribute,pcd_default_value, default_value, data_type,PcdDscLine,StructurePcd")
NvStorageHeaderSize = 28
@@ -173,11 +174,16 @@ class VariableMgr(object):
offset += VariableHeaderSize + len(default_info.var_name.split(","))
var_data_offset[default_info.pcdindex] = offset
offset += data_size - len(default_info.var_name.split(","))
-
- var_header_buffer = VariableMgr.PACK_VARIABLE_HEADER(var_attr_value, len(default_info.var_name.split(",")), len (default_data), vendorguid)
+ if GlobalData.gCommandLineDefines.get(TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE,"FALSE").upper() == "TRUE":
+ var_header_buffer = VariableMgr.PACK_AUTHENTICATED_VARIABLE_HEADER(var_attr_value, len(default_info.var_name.split(",")), len (default_data), vendorguid)
+ else:
+ var_header_buffer = VariableMgr.PACK_VARIABLE_HEADER(var_attr_value, len(default_info.var_name.split(",")), len (default_data), vendorguid)
NvStoreDataBuffer += (var_header_buffer + DataBuffer)
- variable_storage_header_buffer = VariableMgr.PACK_VARIABLE_STORE_HEADER(len(NvStoreDataBuffer) + 28)
+ if GlobalData.gCommandLineDefines.get(TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE,"FALSE").upper() == "TRUE":
+ variable_storage_header_buffer = VariableMgr.PACK_AUTHENTICATED_VARIABLE_STORE_HEADER(len(NvStoreDataBuffer) + 28)
+ else:
+ variable_storage_header_buffer = VariableMgr.PACK_VARIABLE_STORE_HEADER(len(NvStoreDataBuffer) + 28)
nv_default_part = VariableMgr.AlignData(VariableMgr.PACK_DEFAULT_DATA(0, 0, VariableMgr.unpack_data(variable_storage_header_buffer+NvStoreDataBuffer)), 8)
@@ -252,6 +258,20 @@ class VariableMgr(object):
return GuidBuffer + SizeBuffer + FormatBuffer + StateBuffer + reservedBuffer
+ def PACK_AUTHENTICATED_VARIABLE_STORE_HEADER(size):
+ #Signature: gEfiAuthenticatedVariableGuid
+ Guid = "{ 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }}"
+ Guid = GuidStructureStringToGuidString(Guid)
+ GuidBuffer = PackGUID(Guid.split('-'))
+
+ SizeBuffer = pack('=L', size)
+ FormatBuffer = pack('=B', 0x5A)
+ StateBuffer = pack('=B', 0xFE)
+ reservedBuffer = pack('=H', 0)
+ reservedBuffer += pack('=L', 0)
+
+ return GuidBuffer + SizeBuffer + FormatBuffer + StateBuffer + reservedBuffer
+
@staticmethod
def PACK_NV_STORE_DEFAULT_HEADER(size, maxsize):
Signature = pack('=B', ord('N'))
@@ -279,6 +299,37 @@ class VariableMgr(object):
return Buffer
+ @staticmethod
+ def PACK_AUTHENTICATED_VARIABLE_HEADER(attribute, namesize, datasize, vendorguid):
+
+ Buffer = pack('=H', 0x55AA) # pack StartID
+ Buffer += pack('=B', 0x3F) # pack State
+ Buffer += pack('=B', 0) # pack reserved
+
+ Buffer += pack('=L', attribute)
+
+ Buffer += pack('=Q', 0) # pack MonotonicCount
+ Buffer += pack('=HBBBBBBLhBB', # pack TimeStamp
+ 0, # UINT16 Year
+ 0, # UINT8 Month
+ 0, # UINT8 Day
+ 0, # UINT8 Hour
+ 0, # UINT8 Minute
+ 0, # UINT8 Second
+ 0, # UINT8 Pad1
+ 0, # UINT32 Nanosecond
+ 0, # INT16 TimeZone
+ 0, # UINT8 Daylight
+ 0) # UINT8 Pad2
+ Buffer += pack('=L', 0) # pack PubKeyIndex
+
+ Buffer += pack('=L', namesize)
+ Buffer += pack('=L', datasize)
+
+ Buffer += PackGUID(vendorguid)
+
+ return Buffer
+
@staticmethod
def PACK_VARIABLES_DATA(var_value,data_type, tail = None):
Buffer = bytearray()
diff --git a/BaseTools/Source/Python/Common/DataType.py b/BaseTools/Source/Python/Common/DataType.py
index 4e9c9e34af..dc49623333 100644
--- a/BaseTools/Source/Python/Common/DataType.py
+++ b/BaseTools/Source/Python/Common/DataType.py
@@ -406,6 +406,7 @@ TAB_DSC_DEFINES_SKUID_IDENTIFIER = 'SKUID_IDENTIFIER'
TAB_DSC_DEFINES_PCD_INFO_GENERATION = 'PCD_INFO_GENERATION'
TAB_DSC_DEFINES_PCD_DYNAMIC_AS_DYNAMICEX = 'PCD_DYNAMIC_AS_DYNAMICEX'
TAB_DSC_DEFINES_PCD_VAR_CHECK_GENERATION = 'PCD_VAR_CHECK_GENERATION'
+TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE = 'VPD_AUTHENTICATED_VARIABLE_STORE'
TAB_DSC_DEFINES_FLASH_DEFINITION = 'FLASH_DEFINITION'
TAB_DSC_DEFINES_BUILD_NUMBER = 'BUILD_NUMBER'
TAB_DSC_DEFINES_MAKEFILE_NAME = 'MAKEFILE_NAME'
diff --git a/BaseTools/Source/Python/Workspace/DscBuildData.py b/BaseTools/Source/Python/Workspace/DscBuildData.py
index d1ee0ccaea..35ec5b37ff 100644
--- a/BaseTools/Source/Python/Workspace/DscBuildData.py
+++ b/BaseTools/Source/Python/Workspace/DscBuildData.py
@@ -387,6 +387,10 @@ class DscBuildData(PlatformBuildClassObject):
for i in range(0, len(LanguageCodes), 3):
LanguageList.append(LanguageCodes[i:i + 3])
self._ISOLanguages = LanguageList
+ elif Name == TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE:
+ if TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE not in gCommandLineDefines:
+ gCommandLineDefines[TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE] = Record[2].strip()
+
elif Name == TAB_DSC_DEFINES_VPD_TOOL_GUID:
#
# try to convert GUID to a real UUID value to see whether the GUID is format
--
2.17.1
next reply other threads:[~2021-11-04 11:12 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-04 11:28 lin.z.chen [this message]
2021-11-08 1:20 ` [PATCH] BaseTools: Add authenticated variable store support Bob Feng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211104112853.24929-1-lin.z.chen@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox