From: "Benjamin Doron" <benjamin.doron00@gmail.com>
To: devel@edk2.groups.io
Cc: Sai Chaganty <rangasai.v.chaganty@intel.com>,
Isaac Oram <isaac.w.oram@intel.com>,
Chasel Chiu <chasel.chiu@intel.com>,
Nate DeSimone <nathaniel.l.desimone@intel.com>
Subject: [edk2-devel][edk2-platforms][PATCH v1 5/7] KabylakeOpenBoardPkg/AspireVn7Dash572G: Use Setup to control security
Date: Tue, 6 Sep 2022 13:42:56 -0400 [thread overview]
Message-ID: <951f485bd6d63b72e888b4bdcb89327d8088b7ce.1662485273.git.benjamin.doron00@gmail.com> (raw)
In-Reply-To: <cover.1662485273.git.benjamin.doron00@gmail.com>
Add a HII form to Setup for controlling lockdown UPDs. Default to
strict security, allowing it to be lifted for the user's convenience.
This is not board-specific, and could be ported to other boards. To add
more entries to the HII form, modify the VFR, VFR strings, variable
structure and consume the variable in the appropriate place.
Cc: Sai Chaganty <rangasai.v.chaganty@intel.com>
Cc: Isaac Oram <isaac.w.oram@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Signed-off-by: Benjamin Doron <benjamin.doron00@gmail.com>
---
.../PeiBoardPolicyUpdate.c | 56 ++-
.../PeiSiliconPolicyUpdateLibFsp.inf | 7 +-
.../Include/BoardConfigNvData.h | 37 ++
.../Library/BoardInitLib/BoardConfigVfr.vfr | 68 ++++
.../BoardInitLib/BoardConfigVfrStrings.uni | 29 ++
.../Library/BoardInitLib/DxeBoardConfigHii.c | 374 ++++++++++++++++++
.../Library/BoardInitLib/DxeBoardInitLib.c | 21 +-
.../Library/BoardInitLib/DxeBoardInitLib.h | 131 ++++++
.../Library/BoardInitLib/DxeBoardInitLib.inf | 10 +
9 files changed, 712 insertions(+), 21 deletions(-)
create mode 100644 Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Include/BoardConfigNvData.h
create mode 100644 Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/BoardConfigVfr.vfr
create mode 100644 Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/BoardConfigVfrStrings.uni
create mode 100644 Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/DxeBoardConfigHii.c
create mode 100644 Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/DxeBoardInitLib.h
diff --git a/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/FspWrapper/Library/PeiSiliconPolicyUpdateLibFsp/PeiBoardPolicyUpdate.c b/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/FspWrapper/Library/PeiSiliconPolicyUpdateLibFsp/PeiBoardPolicyUpdate.c
index 452c961b17ac..425deb4d16c0 100644
--- a/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/FspWrapper/Library/PeiSiliconPolicyUpdateLibFsp/PeiBoardPolicyUpdate.c
+++ b/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/FspWrapper/Library/PeiSiliconPolicyUpdateLibFsp/PeiBoardPolicyUpdate.c
@@ -6,11 +6,13 @@
**/
+#include "PeiSaPolicyUpdate.h"
#include "PeiPchPolicyUpdate.h"
#include <Library/BaseMemoryLib.h>
-#include <Library/DebugLib.h>
#include <Library/PcdLib.h>
-#include <PchPolicyCommon.h>
+#include <Library/PeiServicesLib.h>
+#include <Ppi/ReadOnlyVariable2.h>
+#include <BoardConfigNvData.h>
/*
* TODO:
@@ -54,8 +56,6 @@ PeiFspBoardPolicyUpdatePreMem (
DEBUG ((DEBUG_INFO, "%a() Start\n", __FUNCTION__));
// BUGBUG: Preserve FSP defaults - PeiSiliconPolicyInitLibFsp ultimately overrides to 0.
- // Drop when https://edk2.groups.io/g/devel/message/79391 is merged
- FspmUpd->FspmConfig.PeciC10Reset = 1;
FspmUpd->FspmConfig.RefClk = 1; // Maybe "auto" is safe, but that isn't the FSP default
// TODO: Why should this be here?
@@ -92,18 +92,43 @@ PeiFspBoardPolicyUpdate (
IN OUT FSPS_UPD *FspsUpd
)
{
- INTN Index;
+ EFI_STATUS Status;
+ EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi;
+ UINTN DataSize;
+ EFI_GUID BoardConfigFormsetGuid = BOARD_CONFIG_FORMSET_GUID;
+ BOARD_CONFIGURATION BoardConfig;
+ INTN Index;
DEBUG ((DEBUG_INFO, "%a() Start\n", __FUNCTION__));
- // FIXME/NB: This is insecure and not production-ready!
- // TODO: Configure SPI lockdown by variable on FrontPage?
- // - Later, also configure stronger protection: PRRs
- FspsUpd->FspsConfig.PchLockDownBiosLock = 0; // Default. Will enable, not remove
- FspsUpd->FspsConfig.PchLockDownSpiEiss = 0;
- // This may be PWRM+0x18[BIT22], causing HSTI "PCH Security Configuration - Reserved Check failure"
- // I think the intel_pmc_core kernel module requires this to populate debugfs?
- FspsUpd->FspsTestConfig.PchPmPmcReadDisable = 0;
+ // Use variable services directly, to avoid casting reference to pointer into struct
+ // from PeiGetVariable()
+ Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **) &VariablePpi);
+ ASSERT_EFI_ERROR (Status);
+
+ DataSize = sizeof (BoardConfig);
+ Status = VariablePpi->GetVariable (
+ VariablePpi,
+ BOARD_CONFIG_NV_NAME,
+ &BoardConfigFormsetGuid,
+ NULL,
+ &DataSize,
+ &BoardConfig
+ );
+ // TODO: Also configure stronger protection: PRRs
+ // - Also, we could lift lockdown here for BOOT_ON_FLASH_UPDATE.
+ // User must do this themselves for flashrom
+ if (!EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_INFO, "BoardConfig: Set FSP UPDs from variable\n"));
+ FspsUpd->FspsConfig.PchLockDownBiosLock = BoardConfig.LockDownBiosLock;
+ FspsUpd->FspsConfig.PchLockDownSpiEiss = BoardConfig.LockDownBiosLock;
+ FspsUpd->FspsTestConfig.PchPmPmcReadDisable = BoardConfig.LockDownPmcReadDisable;
+ } else {
+ DEBUG ((DEBUG_INFO, "BoardConfig: Set FSP UPDs to secure default\n"));
+ FspsUpd->FspsConfig.PchLockDownBiosLock = 1; // FSP default not secure
+ FspsUpd->FspsConfig.PchLockDownSpiEiss = 1;
+ FspsUpd->FspsTestConfig.PchPmPmcReadDisable = 1;
+ }
// BUGBUG: Preserve FSP defaults - Pei*PolicyLib ultimately overrides
// Requires HW support?
@@ -116,7 +141,7 @@ PeiFspBoardPolicyUpdate (
FspsUpd->FspsConfig.SerialIoDevMode[0] = 2;
FspsUpd->FspsConfig.SerialIoDevMode[1] = 2;
- // Acer IDs (TODO: "Newgate" IDs)
+ // Acer IDs (TODO: "Newgate" and "RayleighSLS" IDs)
FspsUpd->FspsConfig.DefaultSvid = 0x1025;
FspsUpd->FspsConfig.DefaultSid = 0x1037;
FspsUpd->FspsConfig.PchSubSystemVendorId = 0x1025;
@@ -265,7 +290,7 @@ PeiFspBoardPolicyUpdate (
FspsUpd->FspsConfig.PcieRpAspm[9] = PchPcieAspmL1;
/* SCS config */
- // Although platform NVS area shows this enabled, the SD card reader is connected over USB, not SCS
+ // Although vendor's platform NVS area shows this is enabled, the SD card reader is connected over USB, not SCS
FspsUpd->FspsConfig.ScsEmmcEnabled = 0;
FspsUpd->FspsConfig.ScsSdCardEnabled = 0;
@@ -275,7 +300,6 @@ PeiFspBoardPolicyUpdate (
FspsUpd->FspsConfig.PchSirqMode = PchContinuousMode;
/* HDA config */
- // FIXME: DspEnable is set, per PeiPchPolicyLib, however it is disabled in the HOB produced by FSP
// Returned to DXE as HOB, used to select blob for NHLT
// - FIXME: 1ch array DMIC may not be supported by the Linux driver
FspsUpd->FspsConfig.PchHdaDspEndpointDmic = PchHdaDmic1chArray;
diff --git a/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/FspWrapper/Library/PeiSiliconPolicyUpdateLibFsp/PeiSiliconPolicyUpdateLibFsp.inf b/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/FspWrapper/Library/PeiSiliconPolicyUpdateLibFsp/PeiSiliconPolicyUpdateLibFsp.inf
index 0e1b42c20cd8..ac7e4f65f912 100644
--- a/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/FspWrapper/Library/PeiSiliconPolicyUpdateLibFsp/PeiSiliconPolicyUpdateLibFsp.inf
+++ b/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/FspWrapper/Library/PeiSiliconPolicyUpdateLibFsp/PeiSiliconPolicyUpdateLibFsp.inf
@@ -75,6 +75,7 @@
SiPolicyLib
MemoryAllocationLib
PeiLib
+ PeiServicesLib
[Pcd]
gSiPkgTokenSpaceGuid.PcdTsegSize ## CONSUMES
@@ -135,10 +136,14 @@
gIntelFsp2WrapperTokenSpaceGuid.PcdFspmUpdDataAddress
gKabylakeOpenBoardPkgTokenSpaceGuid.PcdRootPort4ClkInfo
+[Ppis]
+ gEfiPeiReadOnlyVariable2PpiGuid ## CONSUMES
+
[Guids]
gFspNvsBufferVariableGuid ## CONSUMES
gTianoLogoGuid ## CONSUMES
gEfiMemoryOverwriteControlDataGuid
[Depex]
- gEdkiiVTdInfoPpiGuid
+ gEdkiiVTdInfoPpiGuid AND
+ gEfiPeiReadOnlyVariable2PpiGuid
diff --git a/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Include/BoardConfigNvData.h b/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Include/BoardConfigNvData.h
new file mode 100644
index 000000000000..feaa324eaea4
--- /dev/null
+++ b/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Include/BoardConfigNvData.h
@@ -0,0 +1,37 @@
+/** @file
+ Header file for NV data structure definition.
+
+Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2021, Baruch Binyamin Doron
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef __BOARD_CONFIG_NV_DATA_H__
+#define __BOARD_CONFIG_NV_DATA_H__
+
+#define BOARD_CONFIG_FORMSET_GUID \
+ { \
+ 0x6E38A4A7, 0xB6B7, 0x41E0, { 0xA6, 0xF3, 0x41, 0x35, 0x72, 0xDF, 0x88, 0x2F } \
+ }
+
+#define BOARD_CONFIGURATION_VARSTORE_ID 0x0001
+#define BOARD_CONFIGURATION_FORM_ID 0x0001
+
+#define BOARD_LOCK_DOWN_BIOS_LOCK 0x2000
+#define BOARD_LOCK_DOWN_PMC_READ_DISABLE 0x2001
+
+#define QUESTION_SAVE_EXIT 0x2ffe
+#define QUESTION_DISCARD_EXIT 0x2fff
+
+//
+// NV data structure
+//
+typedef struct {
+ UINT8 LockDownBiosLock;
+ UINT8 LockDownPmcReadDisable;
+} BOARD_CONFIGURATION;
+
+#define BOARD_CONFIG_NV_NAME L"BoardSetup"
+
+#endif
diff --git a/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/BoardConfigVfr.vfr b/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/BoardConfigVfr.vfr
new file mode 100644
index 000000000000..c5af8d955de8
--- /dev/null
+++ b/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/BoardConfigVfr.vfr
@@ -0,0 +1,68 @@
+/** @file
+ VFR file used by Aspire VN7-572G board configuration component.
+
+Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2021, Baruch Binyamin Doron
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Guid/HiiPlatformSetupFormset.h>
+#include <BoardConfigNvData.h>
+
+formset
+ guid = BOARD_CONFIG_FORMSET_GUID,
+ title = STRING_TOKEN(STR_BOARD_TITLE),
+ help = STRING_TOKEN(STR_BOARD_HELP),
+ classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,
+
+ efivarstore BOARD_CONFIGURATION,
+ varid = BOARD_CONFIGURATION_VARSTORE_ID,
+ attribute = 0x03, // VARIABLE_ATTRIBUTE_NV_BS
+ name = BoardSetup,
+ guid = BOARD_CONFIG_FORMSET_GUID;
+
+ form formid = BOARD_CONFIGURATION_FORM_ID,
+ title = STRING_TOKEN(STR_BOARD_TITLE);
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ checkbox varid = BoardSetup.LockDownBiosLock,
+ questionid = BOARD_LOCK_DOWN_BIOS_LOCK,
+ prompt = STRING_TOKEN(STR_BOARD_LOCK_DOWN_BIOS_LOCK),
+ help = STRING_TOKEN(STR_BOARD_LOCK_DOWN_BIOS_LOCK_HELP),
+ flags = RESET_REQUIRED,
+ default = 1,
+ endcheckbox;
+
+ checkbox varid = BoardSetup.LockDownPmcReadDisable,
+ questionid = BOARD_LOCK_DOWN_PMC_READ_DISABLE,
+ prompt = STRING_TOKEN(STR_BOARD_LOCK_DOWN_PMC_READ_DISABLE),
+ help = STRING_TOKEN(STR_BOARD_LOCK_DOWN_PMC_READ_DISABLE_HELP),
+ flags = RESET_REQUIRED,
+ default = 1,
+ endcheckbox;
+
+#if 0
+ resetbutton
+ defaultstore = BoardConfig,
+ prompt = STRING_TOKEN(STR_RESET_DEFAULTS_PROMPT_RESET),
+ help = STRING_TOKEN(STR_RESET_DEFAULTS_PROMPT_RESET_HELP),
+ endresetbutton;
+#endif
+
+ text
+ help = STRING_TOKEN(STR_SAVE_EXIT),
+ text = STRING_TOKEN(STR_SAVE_EXIT),
+ flags = INTERACTIVE,
+ key = QUESTION_SAVE_EXIT;
+
+ text
+ help = STRING_TOKEN(STR_DISCARD_EXIT),
+ text = STRING_TOKEN(STR_DISCARD_EXIT),
+ flags = INTERACTIVE,
+ key = QUESTION_DISCARD_EXIT;
+
+ endform;
+
+endformset;
diff --git a/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/BoardConfigVfrStrings.uni b/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/BoardConfigVfrStrings.uni
new file mode 100644
index 000000000000..f3c7b66d0217
--- /dev/null
+++ b/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/BoardConfigVfrStrings.uni
@@ -0,0 +1,29 @@
+/** @file
+ String definitions for Aspire VN7-572G board configuration form.
+
+Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2021, Baruch Binyamin Doron
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#langdef en-US "English"
+
+#string STR_BOARD_TITLE #language en-US "Board Configuration"
+#string STR_BOARD_HELP #language en-US "Press <Enter> to select board Setup options."
+
+#string STR_BOARD_LOCK_DOWN_BIOS_LOCK #language en-US "BIOS Lock"
+#string STR_BOARD_LOCK_DOWN_BIOS_LOCK_HELP #language en-US "Enable SPI flash lockdown\n"
+ "Disable this option to flash the BIOS image.\n"
+ "For security purposes, this option should be enabled."
+#string STR_BOARD_LOCK_DOWN_PMC_READ_DISABLE #language en-US "PMC XRAM read disable"
+#string STR_BOARD_LOCK_DOWN_PMC_READ_DISABLE_HELP #language en-US "Disable PMC XRAM read\n"
+ "Disable this option to permit OS drivers to retrieve data from the PMC.\n"
+ "This may have security impact."
+
+#string STR_RESET_DEFAULTS_PROMPT_RESET #language en-US "Reset to defaults"
+#string STR_RESET_DEFAULTS_PROMPT_RESET_HELP #language en-US "This will reset the configuration entries to their default values"
+#string STR_SAVE_EXIT #language en-US "Commit Changes and Exit"
+#string STR_DISCARD_EXIT #language en-US "Discard Changes and Exit"
+
+#string STR_NULL #language en-US ""
diff --git a/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/DxeBoardConfigHii.c b/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/DxeBoardConfigHii.c
new file mode 100644
index 000000000000..437d31698f7d
--- /dev/null
+++ b/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/DxeBoardConfigHii.c
@@ -0,0 +1,374 @@
+/** @file
+ Installs Aspire VN7-572G board config and handles the HII callbacks.
+ NOTE: Variable structure is expected to change, so in-place updates are fragile.
+ - An updated structure may be larger than a present variable. Will this over-read,
+ or will HII validation mitigate this?
+
+ Copyright (c) 2021, Baruch Binyamin Doron
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "DxeBoardInitLib.h"
+#include <Library/BaseMemoryLib.h>
+#include <Library/DevicePathLib.h>
+#include <Library/HiiLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/UefiHiiServicesLib.h>
+#include <BoardConfigNvData.h>
+
+BOARD_CONFIG_CALLBACK_DATA gBoardConfigPrivate = {
+ BOARD_CONFIG_CALLBACK_DATA_SIGNATURE,
+ NULL,
+ NULL,
+ {
+ BoardConfigExtractConfig,
+ BoardConfigRouteConfig,
+ BoardConfigCallback
+ }
+};
+
+EFI_GUID mBoardConfigFormsetGuid = BOARD_CONFIG_FORMSET_GUID;
+
+HII_VENDOR_DEVICE_PATH mBoardConfigHiiVendorDevicePath = {
+ {
+ {
+ HARDWARE_DEVICE_PATH,
+ HW_VENDOR_DP,
+ {
+ (UINT8) (sizeof (VENDOR_DEVICE_PATH)),
+ (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)
+ }
+ },
+ BOARD_CONFIG_FORMSET_GUID
+ },
+ {
+ END_DEVICE_PATH_TYPE,
+ END_ENTIRE_DEVICE_PATH_SUBTYPE,
+ {
+ (UINT8) (END_DEVICE_PATH_LENGTH),
+ (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)
+ }
+ }
+};
+
+/**
+ This function allows a caller to extract the current configuration for one
+ or more named elements from the target driver.
+
+
+ @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
+ @param Request A null-terminated Unicode string in <ConfigRequest> format.
+ @param Progress On return, points to a character in the Request string.
+ Points to the string's null terminator if request was successful.
+ Points to the most recent '&' before the first failing name/value
+ pair (or the beginning of the string if the failure is in the
+ first name/value pair) if the request was not successful.
+ @param Results A null-terminated Unicode string in <ConfigAltResp> format which
+ has all values filled in for the names in the Request string.
+ String to be allocated by the called function.
+
+ @retval EFI_SUCCESS The Results is filled with the requested values.
+ @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results.
+ @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name.
+ @retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver.
+
+**/
+EFI_STATUS
+EFIAPI
+BoardConfigExtractConfig (
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
+ IN CONST EFI_STRING Request,
+ OUT EFI_STRING *Progress,
+ OUT EFI_STRING *Results
+ )
+{
+ EFI_STATUS Status;
+ UINTN DataSize;
+ BOARD_CONFIGURATION BoardConfig;
+
+ if (Progress == NULL || Results == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ *Progress = Request;
+ if ((Request != NULL) &&
+ !HiiIsConfigHdrMatch (Request, &mBoardConfigFormsetGuid, BOARD_CONFIG_NV_NAME)) {
+ return EFI_NOT_FOUND;
+ }
+
+ // Get variable
+ DataSize = sizeof (BoardConfig);
+ Status = gRT->GetVariable (
+ BOARD_CONFIG_NV_NAME,
+ &mBoardConfigFormsetGuid,
+ NULL,
+ &DataSize,
+ &BoardConfig
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ // Use HII helper to convert variable data to config
+ Status = gHiiConfigRouting->BlockToConfig (
+ gHiiConfigRouting,
+ Request,
+ (VOID *) &BoardConfig,
+ DataSize,
+ Results,
+ Progress
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a(): Failed to retrieve board config - %r!\n", Status));
+ }
+
+ return Status;
+}
+
+/**
+ This function processes the results of changes in configuration.
+
+
+ @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
+ @param Configuration A null-terminated Unicode string in <ConfigResp> format.
+ @param Progress A pointer to a string filled in with the offset of the most
+ recent '&' before the first failing name/value pair (or the
+ beginning of the string if the failure is in the first
+ name/value pair) or the terminating NULL if all was successful.
+
+ @retval EFI_SUCCESS The Results is processed successfully.
+ @retval EFI_INVALID_PARAMETER Configuration is NULL.
+ @retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver.
+
+**/
+EFI_STATUS
+EFIAPI
+BoardConfigRouteConfig (
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
+ IN CONST EFI_STRING Configuration,
+ OUT EFI_STRING *Progress
+ )
+{
+ EFI_STATUS Status;
+ UINTN DataSize;
+ BOARD_CONFIGURATION BoardConfig;
+
+ if (Configuration == NULL || Progress == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ *Progress = Configuration;
+ if (!HiiIsConfigHdrMatch (Configuration, &mBoardConfigFormsetGuid, BOARD_CONFIG_NV_NAME)) {
+ return EFI_NOT_FOUND;
+ }
+
+ // Get variable
+ DataSize = sizeof (BoardConfig);
+ Status = gRT->GetVariable (
+ BOARD_CONFIG_NV_NAME,
+ &mBoardConfigFormsetGuid,
+ NULL,
+ &DataSize,
+ &BoardConfig
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ // Use HII helper to convert updated config to variable data
+ Status = gHiiConfigRouting->ConfigToBlock (
+ gHiiConfigRouting,
+ Configuration,
+ (VOID *) &BoardConfig,
+ &DataSize,
+ Progress
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a(): Failed to convert board config - %r!\n", Status));
+ }
+
+ // Set variable
+ Status = gRT->SetVariable (
+ BOARD_CONFIG_NV_NAME,
+ &mBoardConfigFormsetGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ DataSize,
+ &BoardConfig
+ );
+
+ return Status;
+}
+
+/**
+ This callback function is registered with the formset. When user selects a configuration,
+ this call back function will be triggered.
+
+
+ @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
+ @param Action Specifies the type of action taken by the browser.
+ @param QuestionId A unique value which is sent to the original exporting driver
+ so that it can identify the type of data to expect.
+ @param Type The type of value for the question.
+ @param Value A pointer to the data being sent to the original exporting driver.
+ @param ActionRequest On return, points to the action requested by the callback function.
+
+ @retval EFI_SUCCESS The callback successfully handled the action.
+ @retval EFI_INVALID_PARAMETER The setup browser call this function with invalid parameters.
+
+**/
+EFI_STATUS
+EFIAPI
+BoardConfigCallback (
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
+ IN EFI_BROWSER_ACTION Action,
+ IN EFI_QUESTION_ID QuestionId,
+ IN UINT8 Type,
+ IN EFI_IFR_TYPE_VALUE *Value,
+ OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
+ )
+{
+ if ((Value == NULL) || (ActionRequest == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (Action != EFI_BROWSER_ACTION_CHANGED) {
+ return EFI_UNSUPPORTED;
+ }
+
+ if (QuestionId == QUESTION_SAVE_EXIT) {
+ *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_SUBMIT_EXIT;
+ } else if (QuestionId == QUESTION_DISCARD_EXIT) {
+ *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_DISCARD_EXIT;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ This function installs the HII form.
+
+**/
+VOID
+EFIAPI
+InstallBoardConfigHiiForm (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ BOARD_CONFIGURATION BoardConfig;
+ EFI_STRING ConfigRequestHdr;
+ UINTN DataSize;
+ BOOLEAN ActionFlag;
+
+ DEBUG ((DEBUG_INFO, "%a() Starts\n", __FUNCTION__));
+
+ //
+ // Install Device Path and Config Access protocols to driver handle
+ //
+ gBoardConfigPrivate.DriverHandle = NULL;
+ Status = gBS->InstallMultipleProtocolInterfaces (
+ &gBoardConfigPrivate.DriverHandle,
+ &gEfiDevicePathProtocolGuid,
+ &mBoardConfigHiiVendorDevicePath,
+ &gEfiHiiConfigAccessProtocolGuid,
+ &gBoardConfigPrivate.ConfigAccess,
+ NULL
+ );
+ ASSERT_EFI_ERROR (Status);
+
+ //
+ // Publish our HII data
+ //
+ gBoardConfigPrivate.HiiHandle = HiiAddPackages (
+ &mBoardConfigFormsetGuid,
+ gBoardConfigPrivate.DriverHandle,
+ BoardConfigVfrBin,
+ DxeBoardInitLibStrings,
+ NULL
+ );
+ ASSERT (gBoardConfigPrivate.HiiHandle != NULL);
+
+ //
+ // Initialise VarStore data.
+ //
+ ZeroMem (&BoardConfig, sizeof (BoardConfig));
+ ConfigRequestHdr = HiiConstructConfigHdr (
+ &mBoardConfigFormsetGuid,
+ BOARD_CONFIG_NV_NAME,
+ gBoardConfigPrivate.DriverHandle
+ );
+ ASSERT (ConfigRequestHdr != NULL);
+
+ // Attempt to retrieve variable
+ DataSize = sizeof (BoardConfig);
+ Status = gRT->GetVariable (
+ BOARD_CONFIG_NV_NAME,
+ &mBoardConfigFormsetGuid,
+ NULL,
+ &DataSize,
+ &BoardConfig
+ );
+ // HII helper functions will use ExtractConfig() and RouteConfig(),
+ // where we will set the variable as required
+ if (!EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_INFO, "Config variable exists, validate contents\n"));
+ ActionFlag = HiiValidateSettings (ConfigRequestHdr);
+ if (!ActionFlag) {
+ DEBUG ((DEBUG_INFO, "Variable is invalid, reset to defaults\n"));
+ ActionFlag = HiiSetToDefaults (ConfigRequestHdr, EFI_HII_DEFAULT_CLASS_STANDARD);
+ ASSERT (ActionFlag);
+ }
+ } else {
+ DEBUG ((DEBUG_INFO, "Config variable does not exist, create and set to defaults\n"));
+ Status = gRT->SetVariable (
+ BOARD_CONFIG_NV_NAME,
+ &mBoardConfigFormsetGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ DataSize,
+ &BoardConfig
+ );
+ ASSERT_EFI_ERROR (Status);
+ ActionFlag = HiiSetToDefaults (ConfigRequestHdr, EFI_HII_DEFAULT_CLASS_STANDARD);
+ ASSERT (ActionFlag);
+ }
+
+ FreePool (ConfigRequestHdr);
+
+ DEBUG ((DEBUG_INFO, "%a() Ends\n", __FUNCTION__));
+}
+
+/**
+ This function uninstalls the HII form.
+
+**/
+VOID
+EFIAPI
+UninstallBoardConfigHiiForm (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+
+ DEBUG ((DEBUG_INFO, "%a() Starts\n", __FUNCTION__));
+
+ //
+ // Uninstall Device Path and Config Access protocols
+ //
+ Status = gBS->UninstallMultipleProtocolInterfaces (
+ gBoardConfigPrivate.DriverHandle,
+ &gEfiDevicePathProtocolGuid,
+ &mBoardConfigHiiVendorDevicePath,
+ &gEfiHiiConfigAccessProtocolGuid,
+ &gBoardConfigPrivate.ConfigAccess,
+ NULL
+ );
+ ASSERT_EFI_ERROR (Status);
+
+ //
+ // Remove our HII data
+ //
+ HiiRemovePackages (gBoardConfigPrivate.HiiHandle);
+
+ DEBUG ((DEBUG_INFO, "%a() Ends\n", __FUNCTION__));
+}
diff --git a/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/DxeBoardInitLib.c b/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/DxeBoardInitLib.c
index 07278d956ddc..cc99240b5aaa 100644
--- a/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/DxeBoardInitLib.c
+++ b/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/DxeBoardInitLib.c
@@ -7,13 +7,10 @@
**/
-#include <PiDxe.h>
+#include "DxeBoardInitLib.h"
#include <Library/BoardEcLib.h>
#include <Library/BoardInitLib.h>
-#include <Library/DebugLib.h>
#include <Library/EcLib.h>
-#include <Library/UefiBootServicesTableLib.h>
-#include <Library/UefiRuntimeServicesTableLib.h>
#include <Protocol/ResetNotification.h>
EFI_RESET_NOTIFICATION_PROTOCOL *mResetNotify = NULL;
@@ -131,6 +128,12 @@ EcResetSystemHook (
}
}
+VOID
+EFIAPI
+InstallBoardConfigHiiForm (
+ VOID
+ );
+
/**
A hook for board-specific initialization after PCI enumeration.
@@ -159,6 +162,8 @@ BoardInitAfterPciEnumeration (
DEBUG ((DEBUG_INFO, "EC: Added callback to notify EC of resets\n"));
}
+ InstallBoardConfigHiiForm ();
+
DEBUG ((DEBUG_INFO, "%a() Ends\n", __FUNCTION__));
return EFI_SUCCESS;
}
@@ -178,6 +183,12 @@ BoardInitReadyToBoot (
return EFI_SUCCESS;
}
+VOID
+EFIAPI
+UninstallBoardConfigHiiForm (
+ VOID
+ );
+
/**
A hook for board-specific functionality for the ExitBootServices event.
@@ -201,6 +212,8 @@ BoardInitEndOfFirmware (
DEBUG ((DEBUG_INFO, "EC: Removed callback to notify EC of resets\n"));
}
+ UninstallBoardConfigHiiForm ();
+
DEBUG ((DEBUG_INFO, "%a() Ends\n", __FUNCTION__));
return EFI_SUCCESS;
}
diff --git a/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/DxeBoardInitLib.h b/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/DxeBoardInitLib.h
new file mode 100644
index 000000000000..17383b71f7d9
--- /dev/null
+++ b/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/DxeBoardInitLib.h
@@ -0,0 +1,131 @@
+/** @file
+ Aspire VN7-572G Board Initialization DXE library
+
+ Copyright (c) 2021, Baruch Binyamin Doron
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _DXE_BOARD_INIT_LIB_H_
+#define _DXE_BOARD_INIT_LIB_H_
+
+#include <PiDxe.h>
+#include <Library/DebugLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Protocol/HiiConfigAccess.h>
+
+//
+// These are the VFR compiler generated data representing our VFR data.
+//
+extern UINT8 BoardConfigVfrBin[];
+
+#define BOARD_CONFIG_CALLBACK_DATA_SIGNATURE SIGNATURE_32 ('B', 'C', 'C', 'B')
+
+typedef struct {
+ UINTN Signature;
+
+ //
+ // HII relative handles
+ //
+ EFI_HII_HANDLE HiiHandle;
+ EFI_HANDLE DriverHandle;
+
+ //
+ // Produced protocols
+ //
+ EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
+} BOARD_CONFIG_CALLBACK_DATA;
+
+///
+/// HII specific Vendor Device Path definition.
+///
+typedef struct {
+ VENDOR_DEVICE_PATH VendorDevicePath;
+ EFI_DEVICE_PATH_PROTOCOL End;
+} HII_VENDOR_DEVICE_PATH;
+
+/**
+ This function allows a caller to extract the current configuration for one
+ or more named elements from the target driver.
+
+
+ @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
+ @param Request A null-terminated Unicode string in <ConfigRequest> format.
+ @param Progress On return, points to a character in the Request string.
+ Points to the string's null terminator if request was successful.
+ Points to the most recent '&' before the first failing name/value
+ pair (or the beginning of the string if the failure is in the
+ first name/value pair) if the request was not successful.
+ @param Results A null-terminated Unicode string in <ConfigAltResp> format which
+ has all values filled in for the names in the Request string.
+ String to be allocated by the called function.
+
+ @retval EFI_SUCCESS The Results is filled with the requested values.
+ @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results.
+ @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name.
+ @retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver.
+
+**/
+EFI_STATUS
+EFIAPI
+BoardConfigExtractConfig (
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
+ IN CONST EFI_STRING Request,
+ OUT EFI_STRING *Progress,
+ OUT EFI_STRING *Results
+ );
+
+/**
+ This function processes the results of changes in configuration.
+
+
+ @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
+ @param Configuration A null-terminated Unicode string in <ConfigResp> format.
+ @param Progress A pointer to a string filled in with the offset of the most
+ recent '&' before the first failing name/value pair (or the
+ beginning of the string if the failure is in the first
+ name/value pair) or the terminating NULL if all was successful.
+
+ @retval EFI_SUCCESS The Results is processed successfully.
+ @retval EFI_INVALID_PARAMETER Configuration is NULL.
+ @retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver.
+
+**/
+EFI_STATUS
+EFIAPI
+BoardConfigRouteConfig (
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
+ IN CONST EFI_STRING Configuration,
+ OUT EFI_STRING *Progress
+ );
+
+/**
+ This callback function is registered with the formset. When user selects a configuration,
+ this call back function will be triggered.
+
+
+ @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
+ @param Action Specifies the type of action taken by the browser.
+ @param QuestionId A unique value which is sent to the original exporting driver
+ so that it can identify the type of data to expect.
+ @param Type The type of value for the question.
+ @param Value A pointer to the data being sent to the original exporting driver.
+ @param ActionRequest On return, points to the action requested by the callback function.
+
+ @retval EFI_SUCCESS The callback successfully handled the action.
+ @retval EFI_INVALID_PARAMETER The setup browser call this function with invalid parameters.
+
+**/
+EFI_STATUS
+EFIAPI
+BoardConfigCallback (
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
+ IN EFI_BROWSER_ACTION Action,
+ IN EFI_QUESTION_ID QuestionId,
+ IN UINT8 Type,
+ IN EFI_IFR_TYPE_VALUE *Value,
+ OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
+ );
+
+#endif // _DXE_BOARD_INIT_LIB_H_
diff --git a/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/DxeBoardInitLib.inf b/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/DxeBoardInitLib.inf
index 24747fa7b224..cd74f957ce10 100644
--- a/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/DxeBoardInitLib.inf
+++ b/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/Library/BoardInitLib/DxeBoardInitLib.inf
@@ -17,17 +17,27 @@
[LibraryClasses]
UefiBootServicesTableLib
UefiRuntimeServicesTableLib
+ BaseMemoryLib
DebugLib
EcLib
BoardEcLib
+ HiiLib
+ MemoryAllocationLib
+ UefiHiiServicesLib
[Packages]
MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
MinPlatformPkg/MinPlatformPkg.dec
KabylakeOpenBoardPkg/OpenBoardPkg.dec
[Sources]
DxeBoardInitLib.c
+ DxeBoardConfigHii.c
+ BoardConfigVfr.vfr
+ BoardConfigVfrStrings.uni
[Protocols]
gEfiResetNotificationProtocolGuid ## CONSUMES
+ gEfiDevicePathProtocolGuid ## PRODUCES
+ gEfiHiiConfigAccessProtocolGuid ## PRODUCES
--
2.37.2
next prev parent reply other threads:[~2022-09-06 17:43 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-06 17:42 [edk2-devel][edk2-platforms][PATCH v1 0/7] Benjamin Doron
2022-09-06 17:42 ` [edk2-devel][edk2-platforms][PATCH v1 1/7] KabylakeOpenBoardPkg/AspireVn7Dash572G: Cleanup library includes Benjamin Doron
2022-09-09 21:41 ` Isaac Oram
2022-09-06 17:42 ` [edk2-devel][edk2-platforms][PATCH v1 2/7] KabylakeOpenBoardPkg/AspireVn7Dash572G: Enhance the build-logic Benjamin Doron
2022-09-06 17:42 ` [edk2-devel][edk2-platforms][PATCH v1 3/7] KabylakeOpenBoardPkg/AspireVn7Dash572G/Acpi: Improvements for EC ACPI Benjamin Doron
2022-09-06 17:42 ` [edk2-devel][edk2-platforms][PATCH v1 4/7] KabylakeOpenBoardPkg/AspireVn7Dash572G/DxeBoardInitLib: Resets notify EC Benjamin Doron
2022-09-06 17:42 ` Benjamin Doron [this message]
2022-09-06 17:42 ` [edk2-devel][edk2-platforms][PATCH v1 6/7] KabylakeOpenBoardPkg/AspireVn7Dash572G: Improve board detection Benjamin Doron
2022-09-06 17:42 ` [edk2-devel][edk2-platforms][PATCH v1 7/7] KabylakeOpenBoardPkg/AspireVn7Dash572G: Align DEBUG() use Benjamin Doron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=951f485bd6d63b72e888b4bdcb89327d8088b7ce.1662485273.git.benjamin.doron00@gmail.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox