* [edk2-platforms][PATCH V1 1/3] Platform/Sgi: refactor StandaloneMM platform description file
2021-05-24 17:22 [edk2-platforms][PATCH V1 0/3] Platform/Sgi: enable support for UEFI secure boot sayanta.pattanayak
@ 2021-05-24 17:22 ` Sayanta Pattanayak
2021-05-25 13:57 ` Sami Mujawar
2021-05-24 17:22 ` [edk2-platforms][PATCH V1 2/3] Platform/Sgi: add StandaloneMM usable NorFlashPlatformLib Sayanta Pattanayak
` (3 subsequent siblings)
4 siblings, 1 reply; 11+ messages in thread
From: Sayanta Pattanayak @ 2021-05-24 17:22 UTC (permalink / raw)
To: devel; +Cc: Ard Biesheuvel, Sami Mujawar
The RD-N2 platform has a different memory map from that of the other
platforms supported under the SgiPkg. To enable the use of StandaloneMM
as a secure partition on RD-N2 platform, refactor the existing
StandaloneMM platform description file. The differing portions are split
into two different files and the rest of the platform description file
is converted into a include file.
Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
---
Platform/ARM/SgiPkg/{PlatformStandaloneMm.dsc => SgiPlatformMm.dsc.inc} | 30 +----
Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc | 117 ++------------------
Platform/ARM/SgiPkg/PlatformStandaloneMm2.dsc | 40 +++++++
3 files changed, 53 insertions(+), 134 deletions(-)
diff --git a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc b/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
similarity index 83%
copy from Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc
copy to Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
index e281d5490912..3389ff676a91 100644
--- a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc
+++ b/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
@@ -1,37 +1,16 @@
+## @file
+# StandaloneMM platform description include file for all supported platforms.
#
-# Copyright (c) 2018, ARM Limited. All rights reserved.
+# Copyright (c) 2021, ARM Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
-#
-
-################################################################################
-#
-# Defines Section - statements that will be processed to create a Makefile.
-#
-################################################################################
-[Defines]
- PLATFORM_NAME = SgiMmStandalone
- PLATFORM_GUID = 34B78C8F-CFD5-49D5-8360-E91143F6106D
- PLATFORM_VERSION = 1.0
- DSC_SPECIFICATION = 0x00010011
- OUTPUT_DIRECTORY = Build/$(PLATFORM_NAME)
- SUPPORTED_ARCHITECTURES = AARCH64
- BUILD_TARGETS = DEBUG|RELEASE|NOOPT
- SKUID_IDENTIFIER = DEFAULT
- FLASH_DEFINITION = Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf
- DEFINE DEBUG_MESSAGE = TRUE
-
- # LzmaF86
- DEFINE COMPRESSION_TOOL_GUID = D42AE6BD-1352-4bfb-909A-CA72A6EAE889
+##
################################################################################
#
# Library Class section - list of all Library Classes needed by this Platform.
#
################################################################################
-
-!include MdePkg/MdeLibs.dsc.inc
-
[LibraryClasses]
#
# Basic
@@ -92,7 +71,6 @@
gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x0f
## PL011 - Serial Terminal
- gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase|0x7FF70000
gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate|115200
gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x2
diff --git a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc b/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc
index e281d5490912..cdf8aaa88f03 100644
--- a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc
+++ b/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc
@@ -1,8 +1,11 @@
+## @file
+# StandaloneMM platform description file for SGI-575, RD-N1-Edge, RD-E1-Edge
+# and RD-V1 platforms.
#
-# Copyright (c) 2018, ARM Limited. All rights reserved.
+# Copyright (c) 2021, ARM Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
-#
+##
################################################################################
#
@@ -11,9 +14,9 @@
################################################################################
[Defines]
PLATFORM_NAME = SgiMmStandalone
- PLATFORM_GUID = 34B78C8F-CFD5-49D5-8360-E91143F6106D
+ PLATFORM_GUID = 503b97f6-1be9-4661-97fd-9a55bbd2680d
PLATFORM_VERSION = 1.0
- DSC_SPECIFICATION = 0x00010011
+ DSC_SPECIFICATION = 0x0001001B
OUTPUT_DIRECTORY = Build/$(PLATFORM_NAME)
SUPPORTED_ARCHITECTURES = AARCH64
BUILD_TARGETS = DEBUG|RELEASE|NOOPT
@@ -24,62 +27,9 @@
# LzmaF86
DEFINE COMPRESSION_TOOL_GUID = D42AE6BD-1352-4bfb-909A-CA72A6EAE889
-################################################################################
-#
-# Library Class section - list of all Library Classes needed by this Platform.
-#
-################################################################################
-
+# include common definitions.
!include MdePkg/MdeLibs.dsc.inc
-
-[LibraryClasses]
- #
- # Basic
- #
- BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
- BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
- DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
- DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
- ExtractGuidedSectionLib|EmbeddedPkg/Library/PrePiExtractGuidedSectionLib/PrePiExtractGuidedSectionLib.inf
- FvLib|StandaloneMmPkg/Library/FvLib/FvLib.inf
- HobLib|StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf
- IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf
- MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.inf
- MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmCoreMemoryAllocationLib/StandaloneMmCoreMemoryAllocationLib.inf
- PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
- PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
- PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
- ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf
-
- #
- # Entry point
- #
- StandaloneMmDriverEntryPoint|MdePkg/Library/StandaloneMmDriverEntryPoint/StandaloneMmDriverEntryPoint.inf
-
- ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf
- StandaloneMmMmuLib|ArmPkg/Library/StandaloneMmMmuLib/ArmMmuStandaloneMmLib.inf
- ArmSvcLib|ArmPkg/Library/ArmSvcLib/ArmSvcLib.inf
- CacheMaintenanceLib|ArmPkg/Library/ArmCacheMaintenanceLib/ArmCacheMaintenanceLib.inf
- PeCoffExtraActionLib|StandaloneMmPkg/Library/StandaloneMmPeCoffExtraActionLib/StandaloneMmPeCoffExtraActionLib.inf
-
- # ARM PL011 UART Driver
- PL011UartClockLib|ArmPlatformPkg/Library/PL011UartClockLib/PL011UartClockLib.inf
- PL011UartLib|ArmPlatformPkg/Library/PL011UartLib/PL011UartLib.inf
- SerialPortLib|ArmPlatformPkg/Library/PL011SerialPortLib/PL011SerialPortLib.inf
-
- StandaloneMmCoreEntryPoint|StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMmCoreEntryPoint.inf
-
- #
- # It is not possible to prevent the ARM compiler for generic intrinsic functions.
- # This library provides the instrinsic functions generate by a given compiler.
- # And NULL mean link this library into all ARM images.
- #
- NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-
-[LibraryClasses.common.MM_STANDALONE]
- HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf
- MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
- MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf
+!include Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
################################################################################
#
@@ -87,54 +37,5 @@
#
################################################################################
[PcdsFixedAtBuild]
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x800000CF
- gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0xff
- gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x0f
-
## PL011 - Serial Terminal
gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase|0x7FF70000
- gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate|115200
-
- gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x2
-
-###################################################################################################
-#
-# Components Section - list of the modules and components that will be processed by compilation
-# tools and the EDK II tools to generate PE32/PE32+/Coff image files.
-#
-# Note: The EDK II DSC file is not used to specify how compiled binary images get placed
-# into firmware volume images. This section is just a list of modules to compile from
-# source into UEFI-compliant binaries.
-# It is the FDF file that contains information on combining binary files into firmware
-# volume images, whose concept is beyond UEFI and is described in PI specification.
-# Binary modules do not need to be listed in this section, as they should be
-# specified in the FDF file. For example: Shell binary (Shell_Full.efi), FAT binary (Fat.efi),
-# Logo (Logo.bmp), and etc.
-# There may also be modules listed in this section that are not required in the FDF file,
-# When a module listed here is excluded from FDF file, then UEFI-compliant binary will be
-# generated for it, but the binary will not be put into any firmware volume.
-#
-###################################################################################################
-[Components.common]
- #
- # MM Core
- #
- StandaloneMmPkg/Core/StandaloneMmCore.inf
-
-[Components.AARCH64]
- StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
-
-###################################################################################################
-#
-# BuildOptions Section - Define the module specific tool chain flags that should be used as
-# the default flags for a module. These flags are appended to any
-# standard flags that are defined by the build process. They can be
-# applied for any modules or only those modules with the specific
-# module style (EDK or EDKII) specified in [Components] section.
-#
-###################################################################################################
-[BuildOptions.AARCH64]
- GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000 -march=armv8-a+nofp
-
-[BuildOptions]
- *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
diff --git a/Platform/ARM/SgiPkg/PlatformStandaloneMm2.dsc b/Platform/ARM/SgiPkg/PlatformStandaloneMm2.dsc
new file mode 100644
index 000000000000..bb359a15cc0d
--- /dev/null
+++ b/Platform/ARM/SgiPkg/PlatformStandaloneMm2.dsc
@@ -0,0 +1,40 @@
+## @file
+# StandaloneMM platform description file for RD-N2 platforms.
+#
+# Copyright (c) 2021, ARM Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+################################################################################
+#
+# Defines Section - statements that will be processed to create a Makefile.
+#
+################################################################################
+[Defines]
+ PLATFORM_NAME = SgiMmStandalone
+ PLATFORM_GUID = 67309f8a-d278-4df5-86ee-a1826cf481ed
+ PLATFORM_VERSION = 1.0
+ DSC_SPECIFICATION = 0x0001001B
+ OUTPUT_DIRECTORY = Build/$(PLATFORM_NAME)
+ SUPPORTED_ARCHITECTURES = AARCH64
+ BUILD_TARGETS = DEBUG|RELEASE|NOOPT
+ SKUID_IDENTIFIER = DEFAULT
+ FLASH_DEFINITION = Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf
+ DEFINE DEBUG_MESSAGE = TRUE
+
+ # LzmaF86
+ DEFINE COMPRESSION_TOOL_GUID = D42AE6BD-1352-4bfb-909A-CA72A6EAE889
+
+# include common definitions.
+!include MdePkg/MdeLibs.dsc.inc
+!include Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
+
+################################################################################
+#
+# Pcd Section - list of all EDK II PCD Entries defined by this Platform
+#
+################################################################################
+[PcdsFixedAtBuild]
+ ## PL011 - Serial Terminal
+ gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase|0x0EF80000
--
2.17.1
^ permalink raw reply related [flat|nested] 11+ messages in thread* Re: [edk2-platforms][PATCH V1 1/3] Platform/Sgi: refactor StandaloneMM platform description file
2021-05-24 17:22 ` [edk2-platforms][PATCH V1 1/3] Platform/Sgi: refactor StandaloneMM platform description file Sayanta Pattanayak
@ 2021-05-25 13:57 ` Sami Mujawar
0 siblings, 0 replies; 11+ messages in thread
From: Sami Mujawar @ 2021-05-25 13:57 UTC (permalink / raw)
To: Sayanta Pattanayak, devel; +Cc: Ard Biesheuvel, nd
Hi Sayanta,
This patch looks good to me.
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Regards,
Sami Mujawar
On 24/05/2021 06:22 PM, Sayanta Pattanayak wrote:
> The RD-N2 platform has a different memory map from that of the other
> platforms supported under the SgiPkg. To enable the use of StandaloneMM
> as a secure partition on RD-N2 platform, refactor the existing
> StandaloneMM platform description file. The differing portions are split
> into two different files and the rest of the platform description file
> is converted into a include file.
>
> Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
> ---
> Platform/ARM/SgiPkg/{PlatformStandaloneMm.dsc => SgiPlatformMm.dsc.inc} | 30 +----
> Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc | 117 ++------------------
> Platform/ARM/SgiPkg/PlatformStandaloneMm2.dsc | 40 +++++++
> 3 files changed, 53 insertions(+), 134 deletions(-)
>
> diff --git a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc b/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
> similarity index 83%
> copy from Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc
> copy to Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
> index e281d5490912..3389ff676a91 100644
> --- a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc
> +++ b/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
> @@ -1,37 +1,16 @@
> +## @file
> +# StandaloneMM platform description include file for all supported platforms.
> #
> -# Copyright (c) 2018, ARM Limited. All rights reserved.
> +# Copyright (c) 2021, ARM Limited. All rights reserved.
> #
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> -#
> -
> -################################################################################
> -#
> -# Defines Section - statements that will be processed to create a Makefile.
> -#
> -################################################################################
> -[Defines]
> - PLATFORM_NAME = SgiMmStandalone
> - PLATFORM_GUID = 34B78C8F-CFD5-49D5-8360-E91143F6106D
> - PLATFORM_VERSION = 1.0
> - DSC_SPECIFICATION = 0x00010011
> - OUTPUT_DIRECTORY = Build/$(PLATFORM_NAME)
> - SUPPORTED_ARCHITECTURES = AARCH64
> - BUILD_TARGETS = DEBUG|RELEASE|NOOPT
> - SKUID_IDENTIFIER = DEFAULT
> - FLASH_DEFINITION = Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf
> - DEFINE DEBUG_MESSAGE = TRUE
> -
> - # LzmaF86
> - DEFINE COMPRESSION_TOOL_GUID = D42AE6BD-1352-4bfb-909A-CA72A6EAE889
> +##
>
> ################################################################################
> #
> # Library Class section - list of all Library Classes needed by this Platform.
> #
> ################################################################################
> -
> -!include MdePkg/MdeLibs.dsc.inc
> -
> [LibraryClasses]
> #
> # Basic
> @@ -92,7 +71,6 @@
> gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x0f
>
> ## PL011 - Serial Terminal
> - gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase|0x7FF70000
> gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate|115200
>
> gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x2
> diff --git a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc b/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc
> index e281d5490912..cdf8aaa88f03 100644
> --- a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc
> +++ b/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc
> @@ -1,8 +1,11 @@
> +## @file
> +# StandaloneMM platform description file for SGI-575, RD-N1-Edge, RD-E1-Edge
> +# and RD-V1 platforms.
> #
> -# Copyright (c) 2018, ARM Limited. All rights reserved.
> +# Copyright (c) 2021, ARM Limited. All rights reserved.
> #
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> -#
> +##
>
> ################################################################################
> #
> @@ -11,9 +14,9 @@
> ################################################################################
> [Defines]
> PLATFORM_NAME = SgiMmStandalone
> - PLATFORM_GUID = 34B78C8F-CFD5-49D5-8360-E91143F6106D
> + PLATFORM_GUID = 503b97f6-1be9-4661-97fd-9a55bbd2680d
> PLATFORM_VERSION = 1.0
> - DSC_SPECIFICATION = 0x00010011
> + DSC_SPECIFICATION = 0x0001001B
> OUTPUT_DIRECTORY = Build/$(PLATFORM_NAME)
> SUPPORTED_ARCHITECTURES = AARCH64
> BUILD_TARGETS = DEBUG|RELEASE|NOOPT
> @@ -24,62 +27,9 @@
> # LzmaF86
> DEFINE COMPRESSION_TOOL_GUID = D42AE6BD-1352-4bfb-909A-CA72A6EAE889
>
> -################################################################################
> -#
> -# Library Class section - list of all Library Classes needed by this Platform.
> -#
> -################################################################################
> -
> +# include common definitions.
> !include MdePkg/MdeLibs.dsc.inc
> -
> -[LibraryClasses]
> - #
> - # Basic
> - #
> - BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
> - BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
> - DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
> - DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
> - ExtractGuidedSectionLib|EmbeddedPkg/Library/PrePiExtractGuidedSectionLib/PrePiExtractGuidedSectionLib.inf
> - FvLib|StandaloneMmPkg/Library/FvLib/FvLib.inf
> - HobLib|StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf
> - IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf
> - MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.inf
> - MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmCoreMemoryAllocationLib/StandaloneMmCoreMemoryAllocationLib.inf
> - PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
> - PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
> - PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
> - ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf
> -
> - #
> - # Entry point
> - #
> - StandaloneMmDriverEntryPoint|MdePkg/Library/StandaloneMmDriverEntryPoint/StandaloneMmDriverEntryPoint.inf
> -
> - ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf
> - StandaloneMmMmuLib|ArmPkg/Library/StandaloneMmMmuLib/ArmMmuStandaloneMmLib.inf
> - ArmSvcLib|ArmPkg/Library/ArmSvcLib/ArmSvcLib.inf
> - CacheMaintenanceLib|ArmPkg/Library/ArmCacheMaintenanceLib/ArmCacheMaintenanceLib.inf
> - PeCoffExtraActionLib|StandaloneMmPkg/Library/StandaloneMmPeCoffExtraActionLib/StandaloneMmPeCoffExtraActionLib.inf
> -
> - # ARM PL011 UART Driver
> - PL011UartClockLib|ArmPlatformPkg/Library/PL011UartClockLib/PL011UartClockLib.inf
> - PL011UartLib|ArmPlatformPkg/Library/PL011UartLib/PL011UartLib.inf
> - SerialPortLib|ArmPlatformPkg/Library/PL011SerialPortLib/PL011SerialPortLib.inf
> -
> - StandaloneMmCoreEntryPoint|StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMmCoreEntryPoint.inf
> -
> - #
> - # It is not possible to prevent the ARM compiler for generic intrinsic functions.
> - # This library provides the instrinsic functions generate by a given compiler.
> - # And NULL mean link this library into all ARM images.
> - #
> - NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
> -
> -[LibraryClasses.common.MM_STANDALONE]
> - HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf
> - MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
> - MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf
> +!include Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
>
> ################################################################################
> #
> @@ -87,54 +37,5 @@
> #
> ################################################################################
> [PcdsFixedAtBuild]
> - gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x800000CF
> - gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0xff
> - gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x0f
> -
> ## PL011 - Serial Terminal
> gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase|0x7FF70000
> - gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate|115200
> -
> - gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x2
> -
> -###################################################################################################
> -#
> -# Components Section - list of the modules and components that will be processed by compilation
> -# tools and the EDK II tools to generate PE32/PE32+/Coff image files.
> -#
> -# Note: The EDK II DSC file is not used to specify how compiled binary images get placed
> -# into firmware volume images. This section is just a list of modules to compile from
> -# source into UEFI-compliant binaries.
> -# It is the FDF file that contains information on combining binary files into firmware
> -# volume images, whose concept is beyond UEFI and is described in PI specification.
> -# Binary modules do not need to be listed in this section, as they should be
> -# specified in the FDF file. For example: Shell binary (Shell_Full.efi), FAT binary (Fat.efi),
> -# Logo (Logo.bmp), and etc.
> -# There may also be modules listed in this section that are not required in the FDF file,
> -# When a module listed here is excluded from FDF file, then UEFI-compliant binary will be
> -# generated for it, but the binary will not be put into any firmware volume.
> -#
> -###################################################################################################
> -[Components.common]
> - #
> - # MM Core
> - #
> - StandaloneMmPkg/Core/StandaloneMmCore.inf
> -
> -[Components.AARCH64]
> - StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
> -
> -###################################################################################################
> -#
> -# BuildOptions Section - Define the module specific tool chain flags that should be used as
> -# the default flags for a module. These flags are appended to any
> -# standard flags that are defined by the build process. They can be
> -# applied for any modules or only those modules with the specific
> -# module style (EDK or EDKII) specified in [Components] section.
> -#
> -###################################################################################################
> -[BuildOptions.AARCH64]
> - GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000 -march=armv8-a+nofp
> -
> -[BuildOptions]
> - *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
> diff --git a/Platform/ARM/SgiPkg/PlatformStandaloneMm2.dsc b/Platform/ARM/SgiPkg/PlatformStandaloneMm2.dsc
> new file mode 100644
> index 000000000000..bb359a15cc0d
> --- /dev/null
> +++ b/Platform/ARM/SgiPkg/PlatformStandaloneMm2.dsc
> @@ -0,0 +1,40 @@
> +## @file
> +# StandaloneMM platform description file for RD-N2 platforms.
> +#
> +# Copyright (c) 2021, ARM Limited. All rights reserved.
> +#
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +##
> +
> +################################################################################
> +#
> +# Defines Section - statements that will be processed to create a Makefile.
> +#
> +################################################################################
> +[Defines]
> + PLATFORM_NAME = SgiMmStandalone
> + PLATFORM_GUID = 67309f8a-d278-4df5-86ee-a1826cf481ed
> + PLATFORM_VERSION = 1.0
> + DSC_SPECIFICATION = 0x0001001B
> + OUTPUT_DIRECTORY = Build/$(PLATFORM_NAME)
> + SUPPORTED_ARCHITECTURES = AARCH64
> + BUILD_TARGETS = DEBUG|RELEASE|NOOPT
> + SKUID_IDENTIFIER = DEFAULT
> + FLASH_DEFINITION = Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf
> + DEFINE DEBUG_MESSAGE = TRUE
> +
> + # LzmaF86
> + DEFINE COMPRESSION_TOOL_GUID = D42AE6BD-1352-4bfb-909A-CA72A6EAE889
> +
> +# include common definitions.
> +!include MdePkg/MdeLibs.dsc.inc
> +!include Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
> +
> +################################################################################
> +#
> +# Pcd Section - list of all EDK II PCD Entries defined by this Platform
> +#
> +################################################################################
> +[PcdsFixedAtBuild]
> + ## PL011 - Serial Terminal
> + gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase|0x0EF80000
^ permalink raw reply [flat|nested] 11+ messages in thread
* [edk2-platforms][PATCH V1 2/3] Platform/Sgi: add StandaloneMM usable NorFlashPlatformLib
2021-05-24 17:22 [edk2-platforms][PATCH V1 0/3] Platform/Sgi: enable support for UEFI secure boot sayanta.pattanayak
2021-05-24 17:22 ` [edk2-platforms][PATCH V1 1/3] Platform/Sgi: refactor StandaloneMM platform description file Sayanta Pattanayak
@ 2021-05-24 17:22 ` Sayanta Pattanayak
2021-05-25 13:57 ` Sami Mujawar
2021-05-24 17:23 ` [edk2-platforms][PATCH V1 3/3] Platform/Sgi: enable support for UEFI secure boot Sayanta Pattanayak
` (2 subsequent siblings)
4 siblings, 1 reply; 11+ messages in thread
From: Sayanta Pattanayak @ 2021-05-24 17:22 UTC (permalink / raw)
To: devel; +Cc: Ard Biesheuvel, Sami Mujawar
Add the NorFlashPlatformLib library instance that can be linked with
MM_STANDALONE modules that implement a secure variable storage. The
third instance of the NOR flash is used as the non-volatile storage.
Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
---
Platform/ARM/SgiPkg/SgiPlatform.dec | 1 +
Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf | 33 ++++++++
Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.c | 82 ++++++++++++++++++++
3 files changed, 116 insertions(+)
diff --git a/Platform/ARM/SgiPkg/SgiPlatform.dec b/Platform/ARM/SgiPkg/SgiPlatform.dec
index 3effd49592ea..af08ed153eae 100644
--- a/Platform/ARM/SgiPkg/SgiPlatform.dec
+++ b/Platform/ARM/SgiPkg/SgiPlatform.dec
@@ -54,6 +54,7 @@
gArmSgiTokenSpaceGuid.PcdSmcCs0Base|0|UINT64|0x0000000C
gArmSgiTokenSpaceGuid.PcdSmcCs1Base|0|UINT64|0x0000000D
+ gArmSgiTokenSpaceGuid.PcdSmcCs2Base|0|UINT64|0x00001000
gArmSgiTokenSpaceGuid.PcdSysPeriphBase|0x00000000|UINT64|0x0000000E
gArmSgiTokenSpaceGuid.PcdSysPeriphSysRegBase|0x0|UINT64|0x0000000F
diff --git a/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf b/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf
new file mode 100644
index 000000000000..96bbf1e42313
--- /dev/null
+++ b/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf
@@ -0,0 +1,33 @@
+## @file
+# StandaloneMM instance of NOR Flash library.
+#
+# Copyright (c) 2021, ARM Limited. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x0001001A
+ BASE_NAME = NorFlashMmLib
+ FILE_GUID = 2ce22190-b933-4d1e-99ba-8bf1f0768255
+ MODULE_TYPE = MM_STANDALONE
+ VERSION_STRING = 1.0
+ PI_SPECIFICATION_VERSION = 0x00010032
+ LIBRARY_CLASS = NorFlashPlatformLib
+
+[Sources.common]
+ StandaloneMmNorFlashLib.c
+
+[Packages]
+ ArmPlatformPkg/ArmPlatformPkg.dec
+ MdePkg/MdePkg.dec
+ Platform/ARM/SgiPkg/SgiPlatform.dec
+
+[LibraryClasses]
+ BaseLib
+ DebugLib
+ IoLib
+
+[FixedPcd]
+ gArmSgiTokenSpaceGuid.PcdSysPeriphSysRegBase
+ gArmSgiTokenSpaceGuid.PcdSmcCs2Base
diff --git a/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.c b/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.c
new file mode 100644
index 000000000000..3e5a5612c17e
--- /dev/null
+++ b/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.c
@@ -0,0 +1,82 @@
+/** @file
+* NOR flash platform library to be used in StandaloneMM context
+*
+* This file provides platform callbacks for the NOR flash module that executes
+* in the StandaloneMM context. The third NOR flash instance of 64MB size on the
+* reference design platform is assigned to be used in the StandaloneMM context.
+*
+* Copyright (c) 2021, ARM Ltd. All rights reserved.
+*
+* SPDX-License-Identifier: BSD-2-Clause-Patent
+*
+**/
+
+#include <Library/DebugLib.h>
+#include <Library/IoLib.h>
+#include <Library/NorFlashPlatformLib.h>
+#include <PiMm.h>
+#include <SgiPlatform.h>
+
+//
+// 64MB NOR flash connected to CS2 is assigned to be used in StandaloneMM
+// context.
+//
+STATIC NOR_FLASH_DESCRIPTION mNorFlashDevices[] = {
+ {
+ // NOR-Flash2 assigned for secure storage.
+ FixedPcdGet64 (PcdSmcCs2Base),
+ FixedPcdGet64 (PcdSmcCs2Base),
+ SIZE_256KB * 256,
+ SIZE_256KB,
+ },
+};
+
+/** Allow access to NOR flash
+
+ On the reference design platforms, the access to NOR flash has to be
+ explicitly permitted by writing to the FLASH_RWEN bit of the SYSPH_SYS_REG
+ register.
+
+ @retval EFI_SUCCESS Initialize required to access NOR flash is complete.
+
+**/
+EFI_STATUS
+NorFlashPlatformInitialization (
+ VOID
+ )
+{
+ UINT64 SysRegFlash;
+
+ SysRegFlash = FixedPcdGet64 (PcdSysPeriphSysRegBase) + SGI_SYSPH_SYS_REG_FLASH;
+ MmioOr32 (SysRegFlash, SGI_SYSPH_SYS_REG_FLASH_RWEN);
+ return EFI_SUCCESS;
+}
+
+/** Returns the list of available NOR flash devices
+
+ For the StandaloneMM execution context, return the list of available NOR
+ flash devices that are available for use.
+
+ @param[in] NorFlashDevices Pointer to array of NOR flash devices.
+ @param[in] Count Number of elements in the NOR flash devices
+ array.
+
+ @retval EFI_SUCCESS Valid set of NOR flash devices is returned.
+ @retval EFI_INVALID_PARAMETER Pointers to NOR flash devices and/or count is
+ invalid.
+
+**/
+EFI_STATUS
+NorFlashPlatformGetDevices (
+ OUT NOR_FLASH_DESCRIPTION **NorFlashDevices,
+ OUT UINT32 *Count
+ )
+{
+ if ((NorFlashDevices == NULL) || (Count == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ *NorFlashDevices = mNorFlashDevices;
+ *Count = ARRAY_SIZE (mNorFlashDevices);
+ return EFI_SUCCESS;
+}
--
2.17.1
^ permalink raw reply related [flat|nested] 11+ messages in thread* Re: [edk2-platforms][PATCH V1 2/3] Platform/Sgi: add StandaloneMM usable NorFlashPlatformLib
2021-05-24 17:22 ` [edk2-platforms][PATCH V1 2/3] Platform/Sgi: add StandaloneMM usable NorFlashPlatformLib Sayanta Pattanayak
@ 2021-05-25 13:57 ` Sami Mujawar
0 siblings, 0 replies; 11+ messages in thread
From: Sami Mujawar @ 2021-05-25 13:57 UTC (permalink / raw)
To: Sayanta Pattanayak, devel; +Cc: Ard Biesheuvel, nd
Hi Sayanta,
I have a minor suggestion maked inline as [SAMI].
Otherwise this patch looks good to me.
With that addressed.
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Regards,
Sami Mujawar
On 24/05/2021 06:22 PM, Sayanta Pattanayak wrote:
> Add the NorFlashPlatformLib library instance that can be linked with
> MM_STANDALONE modules that implement a secure variable storage. The
> third instance of the NOR flash is used as the non-volatile storage.
>
> Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
> ---
> Platform/ARM/SgiPkg/SgiPlatform.dec | 1 +
> Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf | 33 ++++++++
> Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.c | 82 ++++++++++++++++++++
> 3 files changed, 116 insertions(+)
>
> diff --git a/Platform/ARM/SgiPkg/SgiPlatform.dec b/Platform/ARM/SgiPkg/SgiPlatform.dec
> index 3effd49592ea..af08ed153eae 100644
> --- a/Platform/ARM/SgiPkg/SgiPlatform.dec
> +++ b/Platform/ARM/SgiPkg/SgiPlatform.dec
> @@ -54,6 +54,7 @@
>
> gArmSgiTokenSpaceGuid.PcdSmcCs0Base|0|UINT64|0x0000000C
> gArmSgiTokenSpaceGuid.PcdSmcCs1Base|0|UINT64|0x0000000D
> + gArmSgiTokenSpaceGuid.PcdSmcCs2Base|0|UINT64|0x00001000
> gArmSgiTokenSpaceGuid.PcdSysPeriphBase|0x00000000|UINT64|0x0000000E
> gArmSgiTokenSpaceGuid.PcdSysPeriphSysRegBase|0x0|UINT64|0x0000000F
>
> diff --git a/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf b/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf
> new file mode 100644
> index 000000000000..96bbf1e42313
> --- /dev/null
> +++ b/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf
> @@ -0,0 +1,33 @@
> +## @file
> +# StandaloneMM instance of NOR Flash library.
> +#
> +# Copyright (c) 2021, ARM Limited. All rights reserved.
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x0001001A
> + BASE_NAME = NorFlashMmLib
> + FILE_GUID = 2ce22190-b933-4d1e-99ba-8bf1f0768255
> + MODULE_TYPE = MM_STANDALONE
> + VERSION_STRING = 1.0
> + PI_SPECIFICATION_VERSION = 0x00010032
> + LIBRARY_CLASS = NorFlashPlatformLib
> +
> +[Sources.common]
> + StandaloneMmNorFlashLib.c
> +
> +[Packages]
> + ArmPlatformPkg/ArmPlatformPkg.dec
> + MdePkg/MdePkg.dec
> + Platform/ARM/SgiPkg/SgiPlatform.dec
> +
> +[LibraryClasses]
> + BaseLib
> + DebugLib
> + IoLib
> +
> +[FixedPcd]
> + gArmSgiTokenSpaceGuid.PcdSysPeriphSysRegBase
> + gArmSgiTokenSpaceGuid.PcdSmcCs2Base
> diff --git a/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.c b/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.c
> new file mode 100644
> index 000000000000..3e5a5612c17e
> --- /dev/null
> +++ b/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.c
> @@ -0,0 +1,82 @@
> +/** @file
> +* NOR flash platform library to be used in StandaloneMM context
> +*
> +* This file provides platform callbacks for the NOR flash module that executes
> +* in the StandaloneMM context. The third NOR flash instance of 64MB size on the
> +* reference design platform is assigned to be used in the StandaloneMM context.
> +*
> +* Copyright (c) 2021, ARM Ltd. All rights reserved.
> +*
> +* SPDX-License-Identifier: BSD-2-Clause-Patent
> +*
> +**/
> +
> +#include <Library/DebugLib.h>
> +#include <Library/IoLib.h>
> +#include <Library/NorFlashPlatformLib.h>
> +#include <PiMm.h>
> +#include <SgiPlatform.h>
> +
> +//
> +// 64MB NOR flash connected to CS2 is assigned to be used in StandaloneMM
> +// context.
> +//
> +STATIC NOR_FLASH_DESCRIPTION mNorFlashDevices[] = {
[SAMI] Minor - Can we add the CONST qualifier?
> + {
> + // NOR-Flash2 assigned for secure storage.
> + FixedPcdGet64 (PcdSmcCs2Base),
> + FixedPcdGet64 (PcdSmcCs2Base),
> + SIZE_256KB * 256,
> + SIZE_256KB,
> + },
> +};
> +
> +/** Allow access to NOR flash
> +
> + On the reference design platforms, the access to NOR flash has to be
> + explicitly permitted by writing to the FLASH_RWEN bit of the SYSPH_SYS_REG
> + register.
> +
> + @retval EFI_SUCCESS Initialize required to access NOR flash is complete.
> +
> +**/
> +EFI_STATUS
> +NorFlashPlatformInitialization (
> + VOID
> + )
> +{
> + UINT64 SysRegFlash;
> +
> + SysRegFlash = FixedPcdGet64 (PcdSysPeriphSysRegBase) + SGI_SYSPH_SYS_REG_FLASH;
> + MmioOr32 (SysRegFlash, SGI_SYSPH_SYS_REG_FLASH_RWEN);
> + return EFI_SUCCESS;
> +}
> +
> +/** Returns the list of available NOR flash devices
> +
> + For the StandaloneMM execution context, return the list of available NOR
> + flash devices that are available for use.
> +
> + @param[in] NorFlashDevices Pointer to array of NOR flash devices.
> + @param[in] Count Number of elements in the NOR flash devices
> + array.
> +
> + @retval EFI_SUCCESS Valid set of NOR flash devices is returned.
> + @retval EFI_INVALID_PARAMETER Pointers to NOR flash devices and/or count is
> + invalid.
> +
> +**/
> +EFI_STATUS
> +NorFlashPlatformGetDevices (
> + OUT NOR_FLASH_DESCRIPTION **NorFlashDevices,
> + OUT UINT32 *Count
> + )
> +{
> + if ((NorFlashDevices == NULL) || (Count == NULL)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + *NorFlashDevices = mNorFlashDevices;
> + *Count = ARRAY_SIZE (mNorFlashDevices);
> + return EFI_SUCCESS;
> +}
^ permalink raw reply [flat|nested] 11+ messages in thread
* [edk2-platforms][PATCH V1 3/3] Platform/Sgi: enable support for UEFI secure boot
2021-05-24 17:22 [edk2-platforms][PATCH V1 0/3] Platform/Sgi: enable support for UEFI secure boot sayanta.pattanayak
2021-05-24 17:22 ` [edk2-platforms][PATCH V1 1/3] Platform/Sgi: refactor StandaloneMM platform description file Sayanta Pattanayak
2021-05-24 17:22 ` [edk2-platforms][PATCH V1 2/3] Platform/Sgi: add StandaloneMM usable NorFlashPlatformLib Sayanta Pattanayak
@ 2021-05-24 17:23 ` Sayanta Pattanayak
2021-05-25 14:00 ` Sami Mujawar
2021-06-01 18:09 ` [edk2-devel] [edk2-platforms][PATCH V1 0/3] " Thomas Abraham
2021-06-02 18:18 ` Sami Mujawar
4 siblings, 1 reply; 11+ messages in thread
From: Sayanta Pattanayak @ 2021-05-24 17:23 UTC (permalink / raw)
To: devel; +Cc: Ard Biesheuvel, Sami Mujawar
Enable the use of UEFI secure boot for Arm's Neoverse reference design
platforms. The UEFI authenticated variable store uses NOR flash 2 which
is accessible from Standalone MM context residing in a secure partition.
Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
---
Platform/ARM/SgiPkg/SgiPlatform.dsc.inc | 31 +++++++++++++++++++
Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc | 32 ++++++++++++++++++++
Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc | 15 +++++++++
Platform/ARM/SgiPkg/PlatformStandaloneMm2.dsc | 15 +++++++++
Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf | 5 +++
Platform/ARM/SgiPkg/SgiPlatform.fdf | 9 +++++-
6 files changed, 106 insertions(+), 1 deletion(-)
diff --git a/Platform/ARM/SgiPkg/SgiPlatform.dsc.inc b/Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
index 091de0c99c74..e4aee7a09acf 100644
--- a/Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
+++ b/Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
@@ -6,6 +6,14 @@
!include Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc
+[Defines]
+ # To allow the use of secure storage, set this to TRUE.
+ DEFINE SECURE_STORAGE_ENABLE = FALSE
+
+ # To allow the use of UEFI secure boot, set this to TRUE.
+ # Secure boot requires secure storage to be enabled as well.
+ DEFINE SECURE_BOOT_ENABLE = FALSE
+
[BuildOptions]
*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
@@ -22,6 +30,9 @@
NorFlashPlatformLib|Platform/ARM/SgiPkg/Library/NorFlashLib/NorFlashLib.inf
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibNull.inf
+!endif
# Virtio Support
VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf
@@ -84,6 +95,7 @@
[PcdsFeatureFlag.common]
gArmSgiTokenSpaceGuid.PcdVirtioBlkSupported|TRUE
gArmSgiTokenSpaceGuid.PcdVirtioNetSupported|TRUE
+ gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE
[PcdsFixedAtBuild.common]
gArmTokenSpaceGuid.PcdVFPEnabled|1
@@ -230,7 +242,15 @@
MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
+ <LibraryClasses>
+ NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+ }
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+!else
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
+!endif
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
@@ -238,6 +258,9 @@
MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
MdeModulePkg/Universal/SerialDxe/SerialDxe.inf
+!if $(SECURE_STORAGE_ENABLE) == TRUE
+ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
+!else
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
<LibraryClasses>
NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
@@ -245,6 +268,7 @@
BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
}
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
+!endif
#
# ACPI Support
@@ -314,4 +338,11 @@
#
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
+!if $(SECURE_STORAGE_ENABLE) == TRUE
+ ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf {
+ <LibraryClasses>
+ NULL|StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.inf
+ }
+!else
ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf
+!endif
diff --git a/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc b/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
index 3389ff676a91..6839ec35da8a 100644
--- a/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
+++ b/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
@@ -59,6 +59,19 @@
HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf
MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf
+!if $(SECURE_STORAGE_ENABLE) == TRUE
+ AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+ NorFlashPlatformLib|Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
+ PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
+ SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
+ TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
+ VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
+ SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
+!endif
################################################################################
#
@@ -75,6 +88,12 @@
gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x2
+!if $(SECURE_STORAGE_ENABLE) == TRUE
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
+ gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE
+!endif
+
###################################################################################################
#
# Components Section - list of the modules and components that will be processed by compilation
@@ -101,6 +120,19 @@
[Components.AARCH64]
StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
+!if $(SECURE_STORAGE_ENABLE) == TRUE
+ ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf
+ MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
+ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf {
+ <LibraryClasses>
+ DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
+ NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
+ NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf
+ BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
+ VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
+ }
+!endif
###################################################################################################
#
diff --git a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc b/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc
index cdf8aaa88f03..2cb4895cfcff 100644
--- a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc
+++ b/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc
@@ -39,3 +39,18 @@
[PcdsFixedAtBuild]
## PL011 - Serial Terminal
gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase|0x7FF70000
+
+!if $(SECURE_STORAGE_ENABLE) == TRUE
+ ##Secure NOR Flash 2
+ gArmSgiTokenSpaceGuid.PcdSmcCs2Base|0x10000000
+ gArmSgiTokenSpaceGuid.PcdSysPeriphBase|0x1C000000
+ gArmSgiTokenSpaceGuid.PcdSysPeriphSysRegBase|0x1C010000
+
+ ##Secure Variable Storage in NOR Flash 2
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|0x10000000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize|0x00100000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0x10100000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize|0x00100000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0x10200000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize|0x00100000
+!endif
diff --git a/Platform/ARM/SgiPkg/PlatformStandaloneMm2.dsc b/Platform/ARM/SgiPkg/PlatformStandaloneMm2.dsc
index bb359a15cc0d..46c2ae3529d1 100644
--- a/Platform/ARM/SgiPkg/PlatformStandaloneMm2.dsc
+++ b/Platform/ARM/SgiPkg/PlatformStandaloneMm2.dsc
@@ -38,3 +38,18 @@
[PcdsFixedAtBuild]
## PL011 - Serial Terminal
gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase|0x0EF80000
+
+!if $(SECURE_STORAGE_ENABLE) == TRUE
+ ##Secure NOR Flash 2
+ gArmSgiTokenSpaceGuid.PcdSmcCs2Base|0x1054000000
+ gArmSgiTokenSpaceGuid.PcdSysPeriphBase|0x0C000000
+ gArmSgiTokenSpaceGuid.PcdSysPeriphSysRegBase|0x0C010000
+
+ ##Secure Variable Storage in NOR Flash 2
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0x1054000000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize|0x00100000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0x1054100000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize|0x00100000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0x1054200000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize|0x00100000
+!endif
diff --git a/Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf b/Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf
index 5a0772cd8522..474c9c0ce764 100644
--- a/Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf
+++ b/Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf
@@ -49,6 +49,11 @@ READ_LOCK_CAP = TRUE
READ_LOCK_STATUS = TRUE
INF StandaloneMmPkg/Core/StandaloneMmCore.inf
+!if $(SECURE_STORAGE_ENABLE) == TRUE
+ INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf
+ INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
+ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
+!endif
INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
################################################################################
diff --git a/Platform/ARM/SgiPkg/SgiPlatform.fdf b/Platform/ARM/SgiPkg/SgiPlatform.fdf
index e11d943d6efc..d94e4633e36c 100644
--- a/Platform/ARM/SgiPkg/SgiPlatform.fdf
+++ b/Platform/ARM/SgiPkg/SgiPlatform.fdf
@@ -90,10 +90,17 @@ READ_LOCK_STATUS = TRUE
INF EmbeddedPkg/ResetRuntimeDxe/ResetRuntimeDxe.inf
INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
- INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+!endif
+!if $(SECURE_STORAGE_ENABLE) == TRUE
+ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
+!else
+ INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+!endif
#
# ACPI Support
--
2.17.1
^ permalink raw reply related [flat|nested] 11+ messages in thread* Re: [edk2-platforms][PATCH V1 3/3] Platform/Sgi: enable support for UEFI secure boot
2021-05-24 17:23 ` [edk2-platforms][PATCH V1 3/3] Platform/Sgi: enable support for UEFI secure boot Sayanta Pattanayak
@ 2021-05-25 14:00 ` Sami Mujawar
2021-05-26 18:15 ` Sayanta Pattanayak
0 siblings, 1 reply; 11+ messages in thread
From: Sami Mujawar @ 2021-05-25 14:00 UTC (permalink / raw)
To: Sayanta Pattanayak, devel; +Cc: Ard Biesheuvel, nd
Hi Sayanta,
Thank you for this patch.
Please find my response inline marked [SAMI].
Regards,
Sami Mujawar
On 24/05/2021 06:23 PM, Sayanta Pattanayak wrote:
> Enable the use of UEFI secure boot for Arm's Neoverse reference design
> platforms. The UEFI authenticated variable store uses NOR flash 2 which
> is accessible from Standalone MM context residing in a secure partition.
>
> Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
> ---
> Platform/ARM/SgiPkg/SgiPlatform.dsc.inc | 31 +++++++++++++++++++
> Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc | 32 ++++++++++++++++++++
> Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc | 15 +++++++++
> Platform/ARM/SgiPkg/PlatformStandaloneMm2.dsc | 15 +++++++++
> Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf | 5 +++
> Platform/ARM/SgiPkg/SgiPlatform.fdf | 9 +++++-
> 6 files changed, 106 insertions(+), 1 deletion(-)
>
> diff --git a/Platform/ARM/SgiPkg/SgiPlatform.dsc.inc b/Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
> index 091de0c99c74..e4aee7a09acf 100644
> --- a/Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
> +++ b/Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
> @@ -6,6 +6,14 @@
>
> !include Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc
>
> +[Defines]
> + # To allow the use of secure storage, set this to TRUE.
> + DEFINE SECURE_STORAGE_ENABLE = FALSE
> +
> + # To allow the use of UEFI secure boot, set this to TRUE.
> + # Secure boot requires secure storage to be enabled as well.
> + DEFINE SECURE_BOOT_ENABLE = FALSE
> +
> [BuildOptions]
> *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
>
> @@ -22,6 +30,9 @@
> NorFlashPlatformLib|Platform/ARM/SgiPkg/Library/NorFlashLib/NorFlashLib.inf
> HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
> TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf
> +!if $(SECURE_BOOT_ENABLE) == TRUE
> + MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibNull.inf
> +!endif
>
> # Virtio Support
> VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf
> @@ -84,6 +95,7 @@
> [PcdsFeatureFlag.common]
> gArmSgiTokenSpaceGuid.PcdVirtioBlkSupported|TRUE
> gArmSgiTokenSpaceGuid.PcdVirtioNetSupported|TRUE
> + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE
>
> [PcdsFixedAtBuild.common]
> gArmTokenSpaceGuid.PcdVFPEnabled|1
> @@ -230,7 +242,15 @@
> MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
> MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
> MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
> +!if $(SECURE_BOOT_ENABLE) == TRUE
> + MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
> + <LibraryClasses>
> + NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
> + }
> + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> +!else
> MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
> +!endif
> OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
>
> MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
> @@ -238,6 +258,9 @@
> MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
> MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
> MdeModulePkg/Universal/SerialDxe/SerialDxe.inf
> +!if $(SECURE_STORAGE_ENABLE) == TRUE
> + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
> +!else
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
> <LibraryClasses>
> NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
> @@ -245,6 +268,7 @@
> BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
> }
> MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
> +!endif
>
> #
> # ACPI Support
> @@ -314,4 +338,11 @@
> #
> MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
>
> +!if $(SECURE_STORAGE_ENABLE) == TRUE
> + ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf {
> + <LibraryClasses>
> + NULL|StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.inf
> + }
> +!else
> ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf
> +!endif
> diff --git a/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc b/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
> index 3389ff676a91..6839ec35da8a 100644
> --- a/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
> +++ b/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
> @@ -59,6 +59,19 @@
> HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf
> MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
> MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf
> +!if $(SECURE_STORAGE_ENABLE) == TRUE
> + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> + NorFlashPlatformLib|Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf
> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> + RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
[SAMI] There is a recent patch series that adds ARMv8.5 FEAT_RNG support
to BaseRngLib
see
https://github.com/tianocore/edk2/commit/9301e5644cef5a5234f71b178373dd508cabb9ee.
Can this be used instead of BaseRngLibTimerLib? BaseRngLibTimerLib is
for non-production use so it would be good to avoid.
Indeed, this would require that Sgi platforms are ARMv8.5 or above. If
not, then can we conditionally use BaseRngLibTimerLib for platforms that
do not support FEAT_RNG.
[/SAMI]
> + PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
> + SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
> + TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
> + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
> + SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
> +!endif
>
> ################################################################################
> #
> @@ -75,6 +88,12 @@
>
> gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x2
>
> +!if $(SECURE_STORAGE_ENABLE) == TRUE
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE
> +!endif
> +
> ###################################################################################################
> #
> # Components Section - list of the modules and components that will be processed by compilation
> @@ -101,6 +120,19 @@
>
> [Components.AARCH64]
> StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
> +!if $(SECURE_STORAGE_ENABLE) == TRUE
> + ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf
> + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
> + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf {
> + <LibraryClasses>
> + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
> + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
> + NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf
> + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
> + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
> + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
> + }
> +!endif
>
> ###################################################################################################
> #
> diff --git a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc b/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc
> index cdf8aaa88f03..2cb4895cfcff 100644
> --- a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc
> +++ b/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc
> @@ -39,3 +39,18 @@
> [PcdsFixedAtBuild]
> ## PL011 - Serial Terminal
> gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase|0x7FF70000
> +
> +!if $(SECURE_STORAGE_ENABLE) == TRUE
> + ##Secure NOR Flash 2
> + gArmSgiTokenSpaceGuid.PcdSmcCs2Base|0x10000000
> + gArmSgiTokenSpaceGuid.PcdSysPeriphBase|0x1C000000
> + gArmSgiTokenSpaceGuid.PcdSysPeriphSysRegBase|0x1C010000
> +
> + ##Secure Variable Storage in NOR Flash 2
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|0x10000000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize|0x00100000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0x10100000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize|0x00100000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0x10200000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize|0x00100000
> +!endif
> diff --git a/Platform/ARM/SgiPkg/PlatformStandaloneMm2.dsc b/Platform/ARM/SgiPkg/PlatformStandaloneMm2.dsc
> index bb359a15cc0d..46c2ae3529d1 100644
> --- a/Platform/ARM/SgiPkg/PlatformStandaloneMm2.dsc
> +++ b/Platform/ARM/SgiPkg/PlatformStandaloneMm2.dsc
> @@ -38,3 +38,18 @@
> [PcdsFixedAtBuild]
> ## PL011 - Serial Terminal
> gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase|0x0EF80000
> +
> +!if $(SECURE_STORAGE_ENABLE) == TRUE
> + ##Secure NOR Flash 2
> + gArmSgiTokenSpaceGuid.PcdSmcCs2Base|0x1054000000
> + gArmSgiTokenSpaceGuid.PcdSysPeriphBase|0x0C000000
> + gArmSgiTokenSpaceGuid.PcdSysPeriphSysRegBase|0x0C010000
> +
> + ##Secure Variable Storage in NOR Flash 2
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0x1054000000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize|0x00100000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0x1054100000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize|0x00100000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0x1054200000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize|0x00100000
> +!endif
> diff --git a/Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf b/Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf
> index 5a0772cd8522..474c9c0ce764 100644
> --- a/Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf
> +++ b/Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf
> @@ -49,6 +49,11 @@ READ_LOCK_CAP = TRUE
> READ_LOCK_STATUS = TRUE
>
> INF StandaloneMmPkg/Core/StandaloneMmCore.inf
> +!if $(SECURE_STORAGE_ENABLE) == TRUE
> + INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf
> + INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
> + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
> +!endif
> INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
>
> ################################################################################
> diff --git a/Platform/ARM/SgiPkg/SgiPlatform.fdf b/Platform/ARM/SgiPkg/SgiPlatform.fdf
> index e11d943d6efc..d94e4633e36c 100644
> --- a/Platform/ARM/SgiPkg/SgiPlatform.fdf
> +++ b/Platform/ARM/SgiPkg/SgiPlatform.fdf
> @@ -90,10 +90,17 @@ READ_LOCK_STATUS = TRUE
> INF EmbeddedPkg/ResetRuntimeDxe/ResetRuntimeDxe.inf
> INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
> INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
> - INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
> INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
> INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
> +!if $(SECURE_BOOT_ENABLE) == TRUE
> + INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> +!endif
> +!if $(SECURE_STORAGE_ENABLE) == TRUE
> + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
> +!else
> + INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
> INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> +!endif
>
> #
> # ACPI Support
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: [edk2-platforms][PATCH V1 3/3] Platform/Sgi: enable support for UEFI secure boot
2021-05-25 14:00 ` Sami Mujawar
@ 2021-05-26 18:15 ` Sayanta Pattanayak
2021-05-26 18:20 ` Sami Mujawar
0 siblings, 1 reply; 11+ messages in thread
From: Sayanta Pattanayak @ 2021-05-26 18:15 UTC (permalink / raw)
To: Sami Mujawar, devel@edk2.groups.io; +Cc: Ard Biesheuvel, nd
Hi Sami,
Thanks for the review and suggestion. Please find my reply inline.
>
> Hi Sayanta,
>
> Thank you for this patch.
>
> Please find my response inline marked [SAMI].
>
> Regards,
>
> Sami Mujawar
>
> On 24/05/2021 06:23 PM, Sayanta Pattanayak wrote:
> > Enable the use of UEFI secure boot for Arm's Neoverse reference design
> > platforms. The UEFI authenticated variable store uses NOR flash 2
> > which is accessible from Standalone MM context residing in a secure
> partition.
> >
> > Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
> > ---
> > Platform/ARM/SgiPkg/SgiPlatform.dsc.inc | 31
> +++++++++++++++++++
> > Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc | 32
> ++++++++++++++++++++
> > Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc | 15 +++++++++
> > Platform/ARM/SgiPkg/PlatformStandaloneMm2.dsc | 15 +++++++++
> > Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf | 5 +++
> > Platform/ARM/SgiPkg/SgiPlatform.fdf | 9 +++++-
> > 6 files changed, 106 insertions(+), 1 deletion(-)
> >
<...>
> > ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf
> > +!endif
> > diff --git a/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
> > b/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
> > index 3389ff676a91..6839ec35da8a 100644
> > --- a/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
> > +++ b/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
> > @@ -59,6 +59,19 @@
> >
> HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmH
> obLib.inf
> >
> MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/Stan
> daloneMmServicesTableLib.inf
> >
> >
> MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAll
> ocati
> > onLib/StandaloneMmMemoryAllocationLib.inf
> > +!if $(SECURE_STORAGE_ENABLE) == TRUE
> > +
> > +AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.i
> > +nf
> > + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> > +
> >
> +NorFlashPlatformLib|Platform/ARM/SgiPkg/Library/NorFlashLib/Standalon
> > +eMmNorFlashLib.inf
> > + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > + RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
> [SAMI] There is a recent patch series that adds ARMv8.5 FEAT_RNG support
> to BaseRngLib
> see
> https://github.com/tianocore/edk2/commit/9301e5644cef5a5234f71b178373
> dd508cabb9ee.
> Can this be used instead of BaseRngLibTimerLib? BaseRngLibTimerLib is for
> non-production use so it would be good to avoid.
> Indeed, this would require that Sgi platforms are ARMv8.5 or above. If not,
> then can we conditionally use BaseRngLibTimerLib for platforms that do not
> support FEAT_RNG.
> [/SAMI]
Current SGI platforms with secureboot are of pre ARMv8.5. For ARMv8.5 and above SGI platform, will follow the conditional approach.
Regards,
Sayanta
<...>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [edk2-platforms][PATCH V1 3/3] Platform/Sgi: enable support for UEFI secure boot
2021-05-26 18:15 ` Sayanta Pattanayak
@ 2021-05-26 18:20 ` Sami Mujawar
0 siblings, 0 replies; 11+ messages in thread
From: Sami Mujawar @ 2021-05-26 18:20 UTC (permalink / raw)
To: Sayanta Pattanayak, devel@edk2.groups.io; +Cc: Ard Biesheuvel, nd
[-- Attachment #1: Type: text/plain, Size: 3446 bytes --]
Hi Sayanta,
Thanks for confirming.
With that.
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Regards,
Sami Mujawar
From: Sayanta Pattanayak <Sayanta.Pattanayak@arm.com>
Date: Wednesday, 26 May 2021 at 19:15
To: Sami Mujawar <Sami.Mujawar@arm.com>, devel@edk2.groups.io <devel@edk2.groups.io>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>, nd <nd@arm.com>
Subject: RE: [edk2-platforms][PATCH V1 3/3] Platform/Sgi: enable support for UEFI secure boot
Hi Sami,
Thanks for the review and suggestion. Please find my reply inline.
>
> Hi Sayanta,
>
> Thank you for this patch.
>
> Please find my response inline marked [SAMI].
>
> Regards,
>
> Sami Mujawar
>
> On 24/05/2021 06:23 PM, Sayanta Pattanayak wrote:
> > Enable the use of UEFI secure boot for Arm's Neoverse reference design
> > platforms. The UEFI authenticated variable store uses NOR flash 2
> > which is accessible from Standalone MM context residing in a secure
> partition.
> >
> > Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
> > ---
> > Platform/ARM/SgiPkg/SgiPlatform.dsc.inc | 31
> +++++++++++++++++++
> > Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc | 32
> ++++++++++++++++++++
> > Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc | 15 +++++++++
> > Platform/ARM/SgiPkg/PlatformStandaloneMm2.dsc | 15 +++++++++
> > Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf | 5 +++
> > Platform/ARM/SgiPkg/SgiPlatform.fdf | 9 +++++-
> > 6 files changed, 106 insertions(+), 1 deletion(-)
> >
<...>
> > ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf
> > +!endif
> > diff --git a/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
> > b/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
> > index 3389ff676a91..6839ec35da8a 100644
> > --- a/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
> > +++ b/Platform/ARM/SgiPkg/SgiPlatformMm.dsc.inc
> > @@ -59,6 +59,19 @@
> >
> HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmH
> obLib.inf
> >
> MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/Stan
> daloneMmServicesTableLib.inf
> >
> >
> MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAll
> ocati
> > onLib/StandaloneMmMemoryAllocationLib.inf
> > +!if $(SECURE_STORAGE_ENABLE) == TRUE
> > +
> > +AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.i
> > +nf
> > + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> > +
> >
> +NorFlashPlatformLib|Platform/ARM/SgiPkg/Library/NorFlashLib/Standalon
> > +eMmNorFlashLib.inf
> > + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > + RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
> [SAMI] There is a recent patch series that adds ARMv8.5 FEAT_RNG support
> to BaseRngLib
> see
> https://github.com/tianocore/edk2/commit/9301e5644cef5a5234f71b178373
> dd508cabb9ee.
> Can this be used instead of BaseRngLibTimerLib? BaseRngLibTimerLib is for
> non-production use so it would be good to avoid.
> Indeed, this would require that Sgi platforms are ARMv8.5 or above. If not,
> then can we conditionally use BaseRngLibTimerLib for platforms that do not
> support FEAT_RNG.
> [/SAMI]
Current SGI platforms with secureboot are of pre ARMv8.5. For ARMv8.5 and above SGI platform, will follow the conditional approach.
Regards,
Sayanta
<...>
[-- Attachment #2: Type: text/html, Size: 6847 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [edk2-devel] [edk2-platforms][PATCH V1 0/3] Platform/Sgi: enable support for UEFI secure boot
2021-05-24 17:22 [edk2-platforms][PATCH V1 0/3] Platform/Sgi: enable support for UEFI secure boot sayanta.pattanayak
` (2 preceding siblings ...)
2021-05-24 17:23 ` [edk2-platforms][PATCH V1 3/3] Platform/Sgi: enable support for UEFI secure boot Sayanta Pattanayak
@ 2021-06-01 18:09 ` Thomas Abraham
2021-06-02 18:18 ` Sami Mujawar
4 siblings, 0 replies; 11+ messages in thread
From: Thomas Abraham @ 2021-06-01 18:09 UTC (permalink / raw)
To: devel@edk2.groups.io, Sayanta Pattanayak; +Cc: Ard Biesheuvel, Sami Mujawar
On 5/24/21 10:52 PM, Sayanta Pattanayak via groups.io wrote:
> This patch series adds secure boot support for Arm's reference design
> platforms. The first patch refactors the existing StandaloneMM platform
> description file and splits into three different files. This is required
> to accomodate for changes register base addresses in RD-N2 platform and
> the other supported platforms. The second path add support for NOR flash
> platform library to be used with StandaloneMM execution context. The
> third patch then enables the support for UEFI secure for all the
> supported reference design platforms.
>
> This patch series should be applied on top of the patch series
> https://edk2.groups.io/g/devel/message/75368
>
> Link to github branch with the patches in this series -
> https://github.com/SayantaP-arm/edk2-
> platforms/tree/rd_platform_secure_boot
>
> Sayanta Pattanayak (3):
> Platform/Sgi: refactor StandaloneMM platform description file
> Platform/Sgi: add StandaloneMM usable NorFlashPlatformLib
> Platform/Sgi: enable support for UEFI secure boot
For this patch series:
Reviewed-by: Thomas Abraham <thomas.abraham@arm.com>
[...]
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: [edk2-platforms][PATCH V1 0/3] Platform/Sgi: enable support for UEFI secure boot
2021-05-24 17:22 [edk2-platforms][PATCH V1 0/3] Platform/Sgi: enable support for UEFI secure boot sayanta.pattanayak
` (3 preceding siblings ...)
2021-06-01 18:09 ` [edk2-devel] [edk2-platforms][PATCH V1 0/3] " Thomas Abraham
@ 2021-06-02 18:18 ` Sami Mujawar
4 siblings, 0 replies; 11+ messages in thread
From: Sami Mujawar @ 2021-06-02 18:18 UTC (permalink / raw)
To: Sayanta Pattanayak, devel; +Cc: Ard Biesheuvel, nd
Pushed as d4fe6d9defc2..1d23831b5f07
Thanks.
Regards,
Sami Mujawar
On 24/05/2021 06:22 PM, Sayanta Pattanayak wrote:
> This patch series adds secure boot support for Arm's reference design
> platforms. The first patch refactors the existing StandaloneMM platform
> description file and splits into three different files. This is required
> to accomodate for changes register base addresses in RD-N2 platform and
> the other supported platforms. The second path add support for NOR flash
> platform library to be used with StandaloneMM execution context. The
> third patch then enables the support for UEFI secure for all the
> supported reference design platforms.
>
> This patch series should be applied on top of the patch series
> https://edk2.groups.io/g/devel/message/75368
>
> Link to github branch with the patches in this series -
> https://github.com/SayantaP-arm/edk2-platforms/tree/rd_platform_secure_boot
>
> Sayanta Pattanayak (3):
> Platform/Sgi: refactor StandaloneMM platform description file
> Platform/Sgi: add StandaloneMM usable NorFlashPlatformLib
> Platform/Sgi: enable support for UEFI secure boot
>
> Platform/ARM/SgiPkg/SgiPlatform.dec | 1 +
> Platform/ARM/SgiPkg/SgiPlatform.dsc.inc | 31 +++++
> ...StandaloneMm.dsc => SgiPlatformMm.dsc.inc} | 62 +++++----
> Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc | 130 ++++--------------
> Platform/ARM/SgiPkg/PlatformStandaloneMm2.dsc | 55 ++++++++
> Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf | 5 +
> Platform/ARM/SgiPkg/SgiPlatform.fdf | 9 +-
> .../NorFlashLib/StandaloneMmNorFlashLib.inf | 33 +++++
> .../NorFlashLib/StandaloneMmNorFlashLib.c | 82 +++++++++++
> 9 files changed, 274 insertions(+), 134 deletions(-)
> copy Platform/ARM/SgiPkg/{PlatformStandaloneMm.dsc => SgiPlatformMm.dsc.inc} (73%)
> create mode 100644 Platform/ARM/SgiPkg/PlatformStandaloneMm2.dsc
> create mode 100644 Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf
> create mode 100644 Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.c
>
^ permalink raw reply [flat|nested] 11+ messages in thread