From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web10.12976.1675894662717788800 for ; Wed, 08 Feb 2023 14:17:42 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=BsBAx3S6; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: chasel.chiu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1675894662; x=1707430662; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=pDeH0eBRL1gwE8sG4dEKaJTxnb7g+KvMJkwutba+530=; b=BsBAx3S6K8ZNikR+1tmJaZvaD+AfxKqq+FF3iGmiy02TAqtFq6VURgSi MjU4mBODnvZZsbNjBkMyt8G+TtGfkepoB+43B4HTZlxjhEMAUzKiQXr1T J6o3QbajpgmDMH51+5JAj0KlrdL3A5bkbEm/FQ+0QrOW9wu8IILQh8EjB PtUDLQ5W0xlxZeGpwLviCPX1tay86DQMahknyApXUKolWlNm8fNXj7F5y IY8tFze4jQmYuSbMZg1VexAREuPZOWBjPV/rsLc0MBsrMJKL4zNm3lLcg /BO5IHLtFBgfuSgWjyGBKcg5oVe0O1Wc9i7AmvkiQf6a1wAS9pFWEZTRZ w==; X-IronPort-AV: E=McAfee;i="6500,9779,10615"; a="309591224" X-IronPort-AV: E=Sophos;i="5.97,281,1669104000"; d="scan'208";a="309591224" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Feb 2023 14:17:41 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10615"; a="645036206" X-IronPort-AV: E=Sophos;i="5.97,281,1669104000"; d="scan'208";a="645036206" Received: from cchiu4-mobl.gar.corp.intel.com ([10.212.221.164]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Feb 2023 14:17:41 -0800 From: "Chiu, Chasel" To: devel@edk2.groups.io Cc: Chasel Chiu , Ashraf Ali S , Isaac Oram , Rangasai V Chaganty , Ray Ni , Michael Kubacki Subject: [edk2-platforms: PATCH v4] IntelSiliconPkg/SpiFvbServiceSmm: Rewrite VariableStore header. Date: Wed, 8 Feb 2023 14:17:23 -0800 Message-Id: <20230208221723.917-1-chasel.chiu@intel.com> X-Mailer: git-send-email 2.35.0.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable When invalid VariableStore FV header detected, current SpiFvbService will erase both FV and VariableStore headers from flash, however, it will only rewrite FV header back and cause invalid VariableStore header. This patch adding the support for rewriting both FV header and VariableStore header when VariableStore corruption happened. The Corrupted variable content should be taken care by FaultTolerantWrite driver later. Platform has to set PcdFlashVariableStoreType to inform SpiFvbService which VariableStoreType should be rewritten. Cc: Ashraf Ali S Cc: Isaac Oram Cc: Rangasai V Chaganty Cc: Ray Ni Cc: Michael Kubacki Signed-off-by: Chasel Chiu --- Silicon/Intel/IntelSiliconPkg/Feature/Flash/SpiFvbService/SpiFvbServiceMm.= c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-= ---- Silicon/Intel/IntelSiliconPkg/Feature/Flash/SpiFvbService/SpiFvbServiceSmm= .inf | 3 +++ Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec = | 8 ++++++++ 3 files changed, 75 insertions(+), 5 deletions(-) diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/Flash/SpiFvbService/SpiF= vbServiceMm.c b/Silicon/Intel/IntelSiliconPkg/Feature/Flash/SpiFvbService/S= piFvbServiceMm.c index 6b4bcdcfe3..052be97872 100644 --- a/Silicon/Intel/IntelSiliconPkg/Feature/Flash/SpiFvbService/SpiFvbServi= ceMm.c +++ b/Silicon/Intel/IntelSiliconPkg/Feature/Flash/SpiFvbService/SpiFvbServi= ceMm.c @@ -12,6 +12,7 @@ #include =0D #include =0D #include =0D +#include =0D =0D /**=0D The function installs EFI_FIRMWARE_VOLUME_BLOCK protocol=0D @@ -113,7 +114,12 @@ FvbInitialize ( UINT32 MaxLbaSize;=0D UINT32 BytesWritten;=0D UINTN BytesErased;=0D + EFI_PHYSICAL_ADDRESS NvStorageBaseAddress;=0D UINT64 NvStorageFvSize;=0D + UINT32 ExpectedBytesWritten;=0D + VARIABLE_STORE_HEADER *VariableStoreHeader;=0D + UINT8 VariableStoreType;=0D + UINT8 *NvStoreBuffer;=0D =0D Status =3D GetVariableFlashNvStorageInfo (&BaseAddress, &NvStorageFvSize= );=0D if (EFI_ERROR (Status)) {=0D @@ -124,12 +130,14 @@ FvbInitialize ( =0D // Stay within the current UINT32 size assumptions in the variable stack= .=0D Status =3D SafeUint64ToUint32 (BaseAddress, &mPlatformFvBaseAddress[0].F= vBase);=0D + NvStorageBaseAddress =3D mPlatformFvBaseAddress[0].FvBase;=0D if (EFI_ERROR (Status)) {=0D ASSERT_EFI_ERROR (Status);=0D DEBUG ((DEBUG_ERROR, "[%a] - 64-bit variable storage base address not = supported.\n", __FUNCTION__));=0D return;=0D }=0D Status =3D SafeUint64ToUint32 (NvStorageFvSize, &mPlatformFvBaseAddress[= 0].FvSize);=0D + NvStorageFvSize =3D mPlatformFvBaseAddress[0].FvSize;=0D if (EFI_ERROR (Status)) {=0D ASSERT_EFI_ERROR (Status);=0D DEBUG ((DEBUG_ERROR, "[%a] - 64-bit variable storage size not supporte= d.\n", __FUNCTION__));=0D @@ -186,8 +194,59 @@ FvbInitialize ( }=0D continue;=0D }=0D - BytesWritten =3D FvHeader->HeaderLength;=0D - Status =3D SpiFlashWrite ((UINTN)BaseAddress, &BytesWritten, (UINT= 8*)FvHeader);=0D +=0D + BytesWritten =3D FvHeader->HeaderLength;=0D + ExpectedBytesWritten =3D BytesWritten;=0D + if (BaseAddress !=3D NvStorageBaseAddress) {=0D + Status =3D SpiFlashWrite ((UINTN)BaseAddress, &BytesWritten, (UI= NT8 *)FvHeader);=0D + } else {=0D + //=0D + // This is Variable Store, rewrite both EFI_FIRMWARE_VOLUME_HEAD= ER and VARIABLE_STORE_HEADER.=0D + // The corrupted Variable content should be taken care by FaultT= olerantWrite driver later.=0D + //=0D + NvStoreBuffer =3D NULL;=0D + NvStoreBuffer =3D AllocateZeroPool (sizeof (VARIABLE_STORE_HEADE= R) + FvHeader->HeaderLength);=0D + if (NvStoreBuffer !=3D NULL) {=0D + //=0D + // Combine FV header and VariableStore header into the buffer.= =0D + //=0D + CopyMem (NvStoreBuffer, FvHeader, FvHeader->HeaderLength);=0D + VariableStoreHeader =3D (VARIABLE_STORE_HEADER *)(NvStoreBuffe= r + FvHeader->HeaderLength);=0D + VariableStoreType =3D PcdGet8 (PcdFlashVariableStoreType);=0D + switch (VariableStoreType) {=0D + case 0:=0D + DEBUG ((DEBUG_ERROR, "Type: gEfiVariableGuid\n"));=0D + CopyGuid (&VariableStoreHeader->Signature, &gEfiVariableGu= id);=0D + break;=0D + case 1:=0D + DEBUG ((DEBUG_ERROR, "Type: gEfiAuthenticatedVariableGuid\= n"));=0D + CopyGuid (&VariableStoreHeader->Signature, &gEfiAuthentica= tedVariableGuid);=0D + break;=0D + default:=0D + break;=0D + }=0D +=0D + //=0D + // Initialize common VariableStore header fields=0D + //=0D + VariableStoreHeader->Size =3D (UINT32) (NvStorageFvSize -= FvHeader->HeaderLength);=0D + VariableStoreHeader->Format =3D VARIABLE_STORE_FORMATTED;=0D + VariableStoreHeader->State =3D VARIABLE_STORE_HEALTHY;=0D + VariableStoreHeader->Reserved =3D 0;=0D + VariableStoreHeader->Reserved1 =3D 0;=0D +=0D + //=0D + // Write buffer to flash=0D + //=0D + BytesWritten =3D FvHeader->HeaderLength + sizeof (VARI= ABLE_STORE_HEADER);=0D + ExpectedBytesWritten =3D BytesWritten;=0D + Status =3D SpiFlashWrite ((UINTN)BaseAddress, &B= ytesWritten, NvStoreBuffer);=0D + FreePool (NvStoreBuffer);=0D + } else {=0D + Status =3D EFI_OUT_OF_RESOURCES;=0D + }=0D + }=0D +=0D if (EFI_ERROR (Status)) {=0D DEBUG ((DEBUG_WARN, "ERROR - SpiFlashWrite Error %r\n", Status)= );=0D if (FvHeader !=3D NULL) {=0D @@ -195,9 +254,9 @@ FvbInitialize ( }=0D continue;=0D }=0D - if (BytesWritten !=3D FvHeader->HeaderLength) {=0D - DEBUG ((DEBUG_WARN, "ERROR - BytesWritten !=3D HeaderLength\n"))= ;=0D - DEBUG ((DEBUG_INFO, " BytesWritten =3D 0x%X\n HeaderLength =3D 0= x%X\n", BytesWritten, FvHeader->HeaderLength));=0D + if (BytesWritten !=3D ExpectedBytesWritten) {=0D + DEBUG ((DEBUG_WARN, "ERROR - BytesWritten !=3D ExpectedBytesWrit= ten\n"));=0D + DEBUG ((DEBUG_INFO, " BytesWritten =3D 0x%X\n ExpectedBytesWritt= en =3D 0x%X\n", BytesWritten, ExpectedBytesWritten));=0D if (FvHeader !=3D NULL) {=0D FreePool (FvHeader);=0D }=0D diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/Flash/SpiFvbService/SpiF= vbServiceSmm.inf b/Silicon/Intel/IntelSiliconPkg/Feature/Flash/SpiFvbServic= e/SpiFvbServiceSmm.inf index 0cfa3f909b..73049eceb2 100644 --- a/Silicon/Intel/IntelSiliconPkg/Feature/Flash/SpiFvbService/SpiFvbServi= ceSmm.inf +++ b/Silicon/Intel/IntelSiliconPkg/Feature/Flash/SpiFvbService/SpiFvbServi= ceSmm.inf @@ -45,6 +45,7 @@ [Pcd]=0D gIntelSiliconPkgTokenSpaceGuid.PcdFlashMicrocodeFvBase ## CONSUM= ES=0D gIntelSiliconPkgTokenSpaceGuid.PcdFlashMicrocodeFvSize ## CONSUM= ES=0D + gIntelSiliconPkgTokenSpaceGuid.PcdFlashVariableStoreType ## SOMETI= MES_CONSUMES=0D =0D [Sources]=0D FvbInfo.c=0D @@ -61,6 +62,8 @@ [Guids]=0D gEfiFirmwareFileSystem2Guid ## CONSUMES=0D gEfiSystemNvDataFvGuid ## CONSUMES=0D + gEfiVariableGuid ## SOMETIMES_CONSUMES=0D + gEfiAuthenticatedVariableGuid ## SOMETIMES_CONSUMES=0D =0D [Depex]=0D TRUE=0D diff --git a/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec b/Silicon/In= tel/IntelSiliconPkg/IntelSiliconPkg.dec index 485cb3e80a..63dae756ad 100644 --- a/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec +++ b/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec @@ -186,3 +186,11 @@ # @Prompt VTd abort DMA mode support.=0D gIntelSiliconPkgTokenSpaceGuid.PcdVTdSupportAbortDmaMode|FALSE|BOOLEAN|0= x0000000C=0D =0D + ## Define Flash Variable Store type.

=0D + # When Flash Variable Store corruption happened, the SpiFvbService will= recreate Variable Store=0D + # with valid header information provided by this PCD value.
=0D + # 0: Variable Store is gEfiVariableGuid type.
=0D + # 1: Variable Store is gEfiAuthenticatedVariableGuid type.
=0D + # Other value: reserved for future use.
=0D + # @Prompt Flash Variable Store type.=0D + gIntelSiliconPkgTokenSpaceGuid.PcdFlashVariableStoreType|0x00|UINT8|0x00= 00000E=0D --=20 2.35.0.windows.1