From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web09.10264.1636024331511300470 for ; Thu, 04 Nov 2021 04:12:11 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: lin.z.chen@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10157"; a="231531356" X-IronPort-AV: E=Sophos;i="5.87,208,1631602800"; d="scan'208";a="231531356" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Nov 2021 04:12:10 -0700 X-IronPort-AV: E=Sophos;i="5.87,208,1631602800"; d="scan'208";a="501504940" Received: from shnpi001.sh.intel.com (HELO 37272a2678b0.sh.intel.com) ([10.239.146.220]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Nov 2021 04:12:09 -0700 From: lin.z.chen@intel.com To: devel@edk2.groups.io Cc: Chen Lin Z , Bob Feng , Liming Gao Subject: [PATCH] BaseTools: Add authenticated variable store support Date: Thu, 4 Nov 2021 11:28:53 +0000 Message-Id: <20211104112853.24929-1-lin.z.chen@intel.com> X-Mailer: git-send-email 2.17.1 In order to support secure boot with authenticated type variable store and non secure boot with normal type variable store, add one flag to switch them. User can append '-D VPD_AUTHENTICATED_VARIABLE_STORE' to build command to enable authenticated type varaible store. Also, user can add 'VPD_AUTHENTICATED_VARIABLE_STORE = TRUE/FALSE' to the defines section of Dsc file to switch authenticated/normal type variable store. VPD_AUTHENTICATED_VARIABLE_STORE is a new reserved key word for this function. Signed-off-by: Chen Lin Z Cc: Bob Feng Cc: Liming Gao --- BaseTools/Source/Python/AutoGen/GenVar.py | 57 ++++++++++++++++++- BaseTools/Source/Python/Common/DataType.py | 1 + .../Source/Python/Workspace/DscBuildData.py | 4 ++ 3 files changed, 59 insertions(+), 3 deletions(-) diff --git a/BaseTools/Source/Python/AutoGen/GenVar.py b/BaseTools/Source/Python/AutoGen/GenVar.py index 591ef3df55..3f3dc69e90 100644 --- a/BaseTools/Source/Python/AutoGen/GenVar.py +++ b/BaseTools/Source/Python/AutoGen/GenVar.py @@ -15,6 +15,7 @@ from Common.VariableAttributes import VariableAttributes from Common.Misc import * import collections import Common.DataType as DataType +import Common.GlobalData as GlobalData var_info = collections.namedtuple("uefi_var", "pcdindex,pcdname,defaultstoragename,skuname,var_name, var_guid, var_offset,var_attribute,pcd_default_value, default_value, data_type,PcdDscLine,StructurePcd") NvStorageHeaderSize = 28 @@ -173,11 +174,16 @@ class VariableMgr(object): offset += VariableHeaderSize + len(default_info.var_name.split(",")) var_data_offset[default_info.pcdindex] = offset offset += data_size - len(default_info.var_name.split(",")) - - var_header_buffer = VariableMgr.PACK_VARIABLE_HEADER(var_attr_value, len(default_info.var_name.split(",")), len (default_data), vendorguid) + if GlobalData.gCommandLineDefines.get(TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE,"FALSE").upper() == "TRUE": + var_header_buffer = VariableMgr.PACK_AUTHENTICATED_VARIABLE_HEADER(var_attr_value, len(default_info.var_name.split(",")), len (default_data), vendorguid) + else: + var_header_buffer = VariableMgr.PACK_VARIABLE_HEADER(var_attr_value, len(default_info.var_name.split(",")), len (default_data), vendorguid) NvStoreDataBuffer += (var_header_buffer + DataBuffer) - variable_storage_header_buffer = VariableMgr.PACK_VARIABLE_STORE_HEADER(len(NvStoreDataBuffer) + 28) + if GlobalData.gCommandLineDefines.get(TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE,"FALSE").upper() == "TRUE": + variable_storage_header_buffer = VariableMgr.PACK_AUTHENTICATED_VARIABLE_STORE_HEADER(len(NvStoreDataBuffer) + 28) + else: + variable_storage_header_buffer = VariableMgr.PACK_VARIABLE_STORE_HEADER(len(NvStoreDataBuffer) + 28) nv_default_part = VariableMgr.AlignData(VariableMgr.PACK_DEFAULT_DATA(0, 0, VariableMgr.unpack_data(variable_storage_header_buffer+NvStoreDataBuffer)), 8) @@ -252,6 +258,20 @@ class VariableMgr(object): return GuidBuffer + SizeBuffer + FormatBuffer + StateBuffer + reservedBuffer + def PACK_AUTHENTICATED_VARIABLE_STORE_HEADER(size): + #Signature: gEfiAuthenticatedVariableGuid + Guid = "{ 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }}" + Guid = GuidStructureStringToGuidString(Guid) + GuidBuffer = PackGUID(Guid.split('-')) + + SizeBuffer = pack('=L', size) + FormatBuffer = pack('=B', 0x5A) + StateBuffer = pack('=B', 0xFE) + reservedBuffer = pack('=H', 0) + reservedBuffer += pack('=L', 0) + + return GuidBuffer + SizeBuffer + FormatBuffer + StateBuffer + reservedBuffer + @staticmethod def PACK_NV_STORE_DEFAULT_HEADER(size, maxsize): Signature = pack('=B', ord('N')) @@ -279,6 +299,37 @@ class VariableMgr(object): return Buffer + @staticmethod + def PACK_AUTHENTICATED_VARIABLE_HEADER(attribute, namesize, datasize, vendorguid): + + Buffer = pack('=H', 0x55AA) # pack StartID + Buffer += pack('=B', 0x3F) # pack State + Buffer += pack('=B', 0) # pack reserved + + Buffer += pack('=L', attribute) + + Buffer += pack('=Q', 0) # pack MonotonicCount + Buffer += pack('=HBBBBBBLhBB', # pack TimeStamp + 0, # UINT16 Year + 0, # UINT8 Month + 0, # UINT8 Day + 0, # UINT8 Hour + 0, # UINT8 Minute + 0, # UINT8 Second + 0, # UINT8 Pad1 + 0, # UINT32 Nanosecond + 0, # INT16 TimeZone + 0, # UINT8 Daylight + 0) # UINT8 Pad2 + Buffer += pack('=L', 0) # pack PubKeyIndex + + Buffer += pack('=L', namesize) + Buffer += pack('=L', datasize) + + Buffer += PackGUID(vendorguid) + + return Buffer + @staticmethod def PACK_VARIABLES_DATA(var_value,data_type, tail = None): Buffer = bytearray() diff --git a/BaseTools/Source/Python/Common/DataType.py b/BaseTools/Source/Python/Common/DataType.py index 4e9c9e34af..dc49623333 100644 --- a/BaseTools/Source/Python/Common/DataType.py +++ b/BaseTools/Source/Python/Common/DataType.py @@ -406,6 +406,7 @@ TAB_DSC_DEFINES_SKUID_IDENTIFIER = 'SKUID_IDENTIFIER' TAB_DSC_DEFINES_PCD_INFO_GENERATION = 'PCD_INFO_GENERATION' TAB_DSC_DEFINES_PCD_DYNAMIC_AS_DYNAMICEX = 'PCD_DYNAMIC_AS_DYNAMICEX' TAB_DSC_DEFINES_PCD_VAR_CHECK_GENERATION = 'PCD_VAR_CHECK_GENERATION' +TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE = 'VPD_AUTHENTICATED_VARIABLE_STORE' TAB_DSC_DEFINES_FLASH_DEFINITION = 'FLASH_DEFINITION' TAB_DSC_DEFINES_BUILD_NUMBER = 'BUILD_NUMBER' TAB_DSC_DEFINES_MAKEFILE_NAME = 'MAKEFILE_NAME' diff --git a/BaseTools/Source/Python/Workspace/DscBuildData.py b/BaseTools/Source/Python/Workspace/DscBuildData.py index d1ee0ccaea..35ec5b37ff 100644 --- a/BaseTools/Source/Python/Workspace/DscBuildData.py +++ b/BaseTools/Source/Python/Workspace/DscBuildData.py @@ -387,6 +387,10 @@ class DscBuildData(PlatformBuildClassObject): for i in range(0, len(LanguageCodes), 3): LanguageList.append(LanguageCodes[i:i + 3]) self._ISOLanguages = LanguageList + elif Name == TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE: + if TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE not in gCommandLineDefines: + gCommandLineDefines[TAB_DSC_DEFINES_VPD_AUTHENTICATED_VARIABLE_STORE] = Record[2].strip() + elif Name == TAB_DSC_DEFINES_VPD_TOOL_GUID: # # try to convert GUID to a real UUID value to see whether the GUID is format -- 2.17.1