* [Patch 1/1] [Edk2Platforms] FitGen: Update tool to meet FIT specification revision 1.2
[not found] <20200603210102.34076-1-jorge.hernandez.beltran@intel.com>
@ 2020-06-03 21:01 ` Jorge Hernandez Beltran
2020-06-04 0:41 ` Liming Gao
0 siblings, 1 reply; 3+ messages in thread
From: Jorge Hernandez Beltran @ 2020-06-03 21:01 UTC (permalink / raw)
To: devel; +Cc: liming.gao, paul.a.lohr, jorge.hernandez.beltran
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2687
FIT specification revision 1.2 was released to the open community.
Revision 1.2 updates CSE Secure Boot Rules (section 4.12) and adds
2 new entry sub-types used to distinguish the CSE entries.
Signed-off-by: Jorge Hernandez Beltran <jorge.hernandez.beltran@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
---
Silicon/Intel/Tools/FitGen/FitGen.c | 152 +++++++++++++++++++++++++++---------
Silicon/Intel/Tools/FitGen/FitGen.h | 2 +-
2 files changed, 114 insertions(+), 40 deletions(-)
diff --git a/Silicon/Intel/Tools/FitGen/FitGen.c b/Silicon/Intel/Tools/FitGen/FitGen.c
index 75d8932d90ac..c4006e69c822 100644
--- a/Silicon/Intel/Tools/FitGen/FitGen.c
+++ b/Silicon/Intel/Tools/FitGen/FitGen.c
@@ -226,6 +226,8 @@ typedef struct {
#define FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST 12
#define FIT_TABLE_TYPE_BIOS_DATA_AREA 13
#define FIT_TABLE_TYPE_CSE_SECURE_BOOT 16
+#define FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST 12
+#define FIT_TABLE_SUBTYPE_ACM_MANIFEST 13
//
// With OptionalModule Address isn't known until free space has been
@@ -236,6 +238,7 @@ typedef struct {
//
typedef struct {
UINT32 Type;
+ UINT32 SubType; // Used by OptionalModule only
UINT32 Address;
UINT8 *Buffer; // Used by OptionalModule only
UINT32 Size;
@@ -295,7 +298,7 @@ Returns:
--*/
{
printf (
- "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec revision 1.1."" Version %i.%i\n\n",
+ "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec revision 1.2."" Version %i.%i\n\n",
UTILITY_NAME,
UTILITY_MAJOR_VERSION,
UTILITY_MINOR_VERSION
@@ -334,7 +337,7 @@ Returns:
"\t[-U <DiagnstAcmAddress>|<DiagnstAcmGuid>]\n"
"\t[-B <BiosModuleAddress BiosModuleSize>] [-B ...] [-V <BiosModuleVersion>]\n"
"\t[-M <MicrocodeAddress MicrocodeSize>] [-M ...]|[-U <MicrocodeFv MicrocodeBase>|<MicrocodeRegionOffset MicrocodeRegionSize>|<MicrocodeGuid>] [-V <MicrocodeVersion>]\n"
- "\t[-O RecordType <RecordDataAddress RecordDataSize>|<RESERVE RecordDataSize>|<RecordDataGuid>|<RecordBinFile> [-V <RecordVersion>]] [-O ... [-V ...]]\n"
+ "\t[-O RecordType <RecordDataAddress RecordDataSize>|<RESERVE RecordDataSize>|<RecordDataGuid>|<RecordBinFile>|<CseRecordSubType RecordBinFile> [-V <RecordVersion>]] [-O ... [-V ...]]\n"
"\t[-P RecordType <IndexPort DataPort Width Bit Index> [-V <RecordVersion>]] [-P ... [-V ...]]\n"
, UTILITY_NAME);
printf (" Where:\n");
@@ -366,6 +369,7 @@ Returns:
printf ("\tRecordDataSize - FIT entry record data size.\n");
printf ("\tRecordDataGuid - FIT entry record data GUID.\n");
printf ("\tRecordBinFile - FIT entry record data binary file.\n");
+ printf ("\tCseRecordSubType - FIT entry record subtype. Use to further distinguish CSE entries (see FIT spec revision 1.2 chapter 4.12).\n");
printf ("\tFitEntryDefaultVersion - The default version for all FIT table entries. 0x%04x is used if this is not specified.\n", DEFAULT_FIT_ENTRY_VERSION);
printf ("\tFitHeaderVersion - The version for FIT header. (Override default version)\n");
printf ("\tStartupAcmVersion - The version for StartupAcm. (Override default version)\n");
@@ -857,6 +861,7 @@ Returns:
UINT8 *FileBuffer;
UINT32 FileSize;
UINT32 Type;
+ UINT32 SubType;
UINT8 *MicrocodeFileBuffer;
UINT8 *MicrocodeFileBufferRaw;
UINT32 MicrocodeFileSize;
@@ -1608,26 +1613,22 @@ Returns:
}
Type = xtoi (argv[Index + 1]);
//
- // 1st, try GUID
+ // 1st, try CSE entry sub-type
//
- if (IsGuidData (argv[Index + 2], &Guid)) {
- FileBuffer = FindFileFromFvByGuid (FdBuffer, FdSize, &Guid, &FileSize);
- if (FileBuffer == NULL) {
- Error (NULL, 0, 0, "-O Parameter incorrect, GUID not found!", "%s", argv[Index + 2]);
- // not found
- return 0;
- }
- if (FileSize >= 0x80000000) {
- Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL);
- return 0;
+ SubType = 0;
+ if (Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) {
+ if (Index + 3 >= argc) {
+ break;
}
- FileBuffer = (UINT8 *)MEMORY_TO_FLASH (FileBuffer, FdBuffer, FdSize);
- Index += 3;
- } else {
+ SubType = xtoi (argv[Index + 2]);
//
- // 2nd, try file
+ // try file
//
- Status = ReadInputFile (argv[Index + 2], &FileBuffer, &FileSize, NULL);
+ if (SubType != FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST && SubType != FIT_TABLE_SUBTYPE_ACM_MANIFEST) {
+ Error (NULL, 0, 0, "-O Parameter incorrect, SubType unsupported!", NULL);
+ return 0;
+ }
+ Status = ReadInputFile (argv[Index + 3], &FileBuffer, &FileSize, NULL);
if (Status == STATUS_SUCCESS) {
if (FileSize >= 0x80000000) {
Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL);
@@ -1640,48 +1641,90 @@ Returns:
// Assume the file size should < 2G.
//
FileSize |= 0x80000000;
+ Index += 4;
+ } else {
+ if (Status == STATUS_WARNING) {
+ Error (NULL, 0, 0, "-O Parameter incorrect, Unable to open file", argv[Index + 3]);
+ }
+ return 0;
+ }
+ } else {
+ //
+ // 2nd, try GUID
+ //
+ if (IsGuidData (argv[Index + 2], &Guid)) {
+ FileBuffer = FindFileFromFvByGuid (FdBuffer, FdSize, &Guid, &FileSize);
+ if (FileBuffer == NULL) {
+ Error (NULL, 0, 0, "-O Parameter incorrect, GUID not found!", "%s", argv[Index + 2]);
+ // not found
+ return 0;
+ }
+ if (FileSize >= 0x80000000) {
+ Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL);
+ return 0;
+ }
+ FileBuffer = (UINT8 *)MEMORY_TO_FLASH (FileBuffer, FdBuffer, FdSize);
Index += 3;
} else {
//
- // 3rd, try <RESERVE, Length>
+ // 3rd, try file
//
- if (Index + 3 >= argc) {
- break;
- }
- if ((strcmp (argv[Index + 2], "RESERVE") == 0) ||
- (strcmp (argv[Index + 2], "reserve") == 0)) {
- FileSize = xtoi (argv[Index + 3]);
+ Status = ReadInputFile (argv[Index + 2], &FileBuffer, &FileSize, NULL);
+ if (Status == STATUS_SUCCESS) {
if (FileSize >= 0x80000000) {
Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL);
+ free (FileBuffer);
return 0;
}
- FileBuffer = malloc (FileSize);
- if (FileBuffer == NULL) {
- Error (NULL, 0, 0, "No sufficient memory to allocate!", NULL);
- return 0;
- }
- SetMem (FileBuffer, FileSize, 0xFF);
//
// Set the most significant bit
// It means the data in memory, not in flash yet.
// Assume the file size should < 2G.
//
FileSize |= 0x80000000;
- Index += 4;
+ Index += 3;
} else {
//
- // 4th, try <Address, Length>
+ // 4th, try <RESERVE, Length>
//
if (Index + 3 >= argc) {
break;
}
- FileBuffer = (UINT8 *) (UINTN) xtoi (argv[Index + 2]);
- FileSize = xtoi (argv[Index + 3]);
- if (FileSize >= 0x80000000) {
- Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL);
- return 0;
+ if ((strcmp (argv[Index + 2], "RESERVE") == 0) ||
+ (strcmp (argv[Index + 2], "reserve") == 0)) {
+ FileSize = xtoi (argv[Index + 3]);
+ if (FileSize >= 0x80000000) {
+ Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL);
+ return 0;
+ }
+ FileBuffer = malloc (FileSize);
+ if (FileBuffer == NULL) {
+ Error (NULL, 0, 0, "No sufficient memory to allocate!", NULL);
+ return 0;
+ }
+ SetMem (FileBuffer, FileSize, 0xFF);
+ //
+ // Set the most significant bit
+ // It means the data in memory, not in flash yet.
+ // Assume the file size should < 2G.
+ //
+ FileSize |= 0x80000000;
+ Index += 4;
+ } else {
+ //
+ // 5th, try <Address, Length>
+ //
+ if (Index + 3 >= argc) {
+ break;
+ }
+ FileBuffer = (UINT8 *) (UINTN) xtoi (argv[Index + 2]);
+ FileSize = xtoi (argv[Index + 3]);
+ if (FileSize >= 0x80000000) {
+ Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL);
+ return 0;
+ }
+ Index += 4;
}
- Index += 4;
}
}
}
@@ -1691,6 +1734,9 @@ Returns:
return 0;
}
gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].Type = Type;
+ if (gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) {
+ gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].SubType = SubType;
+ }
gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].Address = (UINT32) (UINTN) FileBuffer;
gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].Buffer = FileBuffer;
gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].Size = FileSize;
@@ -2055,6 +2101,23 @@ Returns:
return ;
}
+CHAR8 *mFitCseSubTypeStr[] = {
+ "CSE_RSVD ",
+ "CSE_K_HASH1",
+ "CSE_M_HASH ",
+ "CSE_BPOLICY",
+ "CSE_OTHR_BP",
+ "CSE_OEMSMIP",
+ "CSE_MRCDATA",
+ "CSE_IBBL_H ",
+ "CSE_IBB_H ",
+ "CSE_OEM_ID ",
+ "CSEOEMSKUID",
+ "CSE_BD_IND ",
+ "CSE_FPM ",
+ "CSE_ACMM "
+};
+
CHAR8 *mFitTypeStr[] = {
" ",
"MICROCODE ",
@@ -2103,6 +2166,14 @@ Returns:
return mFitSignatureInHeader;
}
if (FitEntry->Type < sizeof (mFitTypeStr)/sizeof(mFitTypeStr[0])) {
+ if (FitEntry->Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) {
+ //
+ // "Reserved" field is used to distinguish CSE Secure Boot entries (see FIT spec revision 1.2)
+ //
+ if (FitEntry->Rsvd < sizeof (mFitCseSubTypeStr)/sizeof(mFitCseSubTypeStr[0])) {
+ return mFitCseSubTypeStr[FitEntry->Rsvd];
+ }
+ }
return mFitTypeStr[FitEntry->Type];
} else {
return " ";
@@ -2675,6 +2746,9 @@ Returns:
*(UINT32 *)&FitEntry[FitIndex].Size[0] = gFitTableContext.OptionalModule[Index].Size;
FitEntry[FitIndex].Version = (UINT16)gFitTableContext.OptionalModule[Index].Version;
FitEntry[FitIndex].Type = (UINT8)gFitTableContext.OptionalModule[Index].Type;
+ if (FitEntry[FitIndex].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) {
+ FitEntry[FitIndex].Rsvd = (UINT8)gFitTableContext.OptionalModule[Index].SubType;
+ }
FitEntry[FitIndex].C_V = 0;
FitEntry[FitIndex].Checksum = 0;
FitIndex++;
diff --git a/Silicon/Intel/Tools/FitGen/FitGen.h b/Silicon/Intel/Tools/FitGen/FitGen.h
index cb9274b4175e..abad2d8799c8 100644
--- a/Silicon/Intel/Tools/FitGen/FitGen.h
+++ b/Silicon/Intel/Tools/FitGen/FitGen.h
@@ -31,7 +31,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
// Utility version information
//
#define UTILITY_MAJOR_VERSION 0
-#define UTILITY_MINOR_VERSION 61
+#define UTILITY_MINOR_VERSION 62
#define UTILITY_DATE __DATE__
//
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Patch 1/1] [Edk2Platforms] FitGen: Update tool to meet FIT specification revision 1.2
2020-06-03 21:01 ` [Patch 1/1] [Edk2Platforms] FitGen: Update tool to meet FIT specification revision 1.2 Jorge Hernandez Beltran
@ 2020-06-04 0:41 ` Liming Gao
2020-06-04 20:58 ` Hernandez Beltran, Jorge
0 siblings, 1 reply; 3+ messages in thread
From: Liming Gao @ 2020-06-04 0:41 UTC (permalink / raw)
To: Hernandez Beltran, Jorge, devel@edk2.groups.io; +Cc: Lohr, Paul A
Push @4a937016142ea084a2aad19e9bd8f1b50fab38d4
-----Original Message-----
From: Hernandez Beltran, Jorge <jorge.hernandez.beltran@intel.com>
Sent: 2020年6月4日 5:01
To: devel@edk2.groups.io
Cc: Gao, Liming <liming.gao@intel.com>; Lohr, Paul A <paul.a.lohr@intel.com>; Hernandez Beltran, Jorge <jorge.hernandez.beltran@intel.com>
Subject: [Patch 1/1] [Edk2Platforms] FitGen: Update tool to meet FIT specification revision 1.2
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2687
FIT specification revision 1.2 was released to the open community.
Revision 1.2 updates CSE Secure Boot Rules (section 4.12) and adds
2 new entry sub-types used to distinguish the CSE entries.
Signed-off-by: Jorge Hernandez Beltran <jorge.hernandez.beltran@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
---
Silicon/Intel/Tools/FitGen/FitGen.c | 152 +++++++++++++++++++++++++++---------
Silicon/Intel/Tools/FitGen/FitGen.h | 2 +-
2 files changed, 114 insertions(+), 40 deletions(-)
diff --git a/Silicon/Intel/Tools/FitGen/FitGen.c b/Silicon/Intel/Tools/FitGen/FitGen.c
index 75d8932d90ac..c4006e69c822 100644
--- a/Silicon/Intel/Tools/FitGen/FitGen.c
+++ b/Silicon/Intel/Tools/FitGen/FitGen.c
@@ -226,6 +226,8 @@ typedef struct {
#define FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST 12
#define FIT_TABLE_TYPE_BIOS_DATA_AREA 13
#define FIT_TABLE_TYPE_CSE_SECURE_BOOT 16
+#define FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST 12
+#define FIT_TABLE_SUBTYPE_ACM_MANIFEST 13
//
// With OptionalModule Address isn't known until free space has been @@ -236,6 +238,7 @@ typedef struct { // typedef struct {
UINT32 Type;
+ UINT32 SubType; // Used by OptionalModule only
UINT32 Address;
UINT8 *Buffer; // Used by OptionalModule only
UINT32 Size;
@@ -295,7 +298,7 @@ Returns:
--*/
{
printf (
- "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec revision 1.1."" Version %i.%i\n\n",
+ "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec
+ revision 1.2."" Version %i.%i\n\n",
UTILITY_NAME,
UTILITY_MAJOR_VERSION,
UTILITY_MINOR_VERSION
@@ -334,7 +337,7 @@ Returns:
"\t[-U <DiagnstAcmAddress>|<DiagnstAcmGuid>]\n"
"\t[-B <BiosModuleAddress BiosModuleSize>] [-B ...] [-V <BiosModuleVersion>]\n"
"\t[-M <MicrocodeAddress MicrocodeSize>] [-M ...]|[-U <MicrocodeFv MicrocodeBase>|<MicrocodeRegionOffset MicrocodeRegionSize>|<MicrocodeGuid>] [-V <MicrocodeVersion>]\n"
- "\t[-O RecordType <RecordDataAddress RecordDataSize>|<RESERVE RecordDataSize>|<RecordDataGuid>|<RecordBinFile> [-V <RecordVersion>]] [-O ... [-V ...]]\n"
+ "\t[-O RecordType <RecordDataAddress RecordDataSize>|<RESERVE RecordDataSize>|<RecordDataGuid>|<RecordBinFile>|<CseRecordSubType RecordBinFile> [-V <RecordVersion>]] [-O ... [-V ...]]\n"
"\t[-P RecordType <IndexPort DataPort Width Bit Index> [-V <RecordVersion>]] [-P ... [-V ...]]\n"
, UTILITY_NAME);
printf (" Where:\n");
@@ -366,6 +369,7 @@ Returns:
printf ("\tRecordDataSize - FIT entry record data size.\n");
printf ("\tRecordDataGuid - FIT entry record data GUID.\n");
printf ("\tRecordBinFile - FIT entry record data binary file.\n");
+ printf ("\tCseRecordSubType - FIT entry record subtype. Use to further distinguish CSE entries (see FIT spec revision 1.2 chapter 4.12).\n");
printf ("\tFitEntryDefaultVersion - The default version for all FIT table entries. 0x%04x is used if this is not specified.\n", DEFAULT_FIT_ENTRY_VERSION);
printf ("\tFitHeaderVersion - The version for FIT header. (Override default version)\n");
printf ("\tStartupAcmVersion - The version for StartupAcm. (Override default version)\n");
@@ -857,6 +861,7 @@ Returns:
UINT8 *FileBuffer;
UINT32 FileSize;
UINT32 Type;
+ UINT32 SubType;
UINT8 *MicrocodeFileBuffer;
UINT8 *MicrocodeFileBufferRaw;
UINT32 MicrocodeFileSize;
@@ -1608,26 +1613,22 @@ Returns:
}
Type = xtoi (argv[Index + 1]);
//
- // 1st, try GUID
+ // 1st, try CSE entry sub-type
//
- if (IsGuidData (argv[Index + 2], &Guid)) {
- FileBuffer = FindFileFromFvByGuid (FdBuffer, FdSize, &Guid, &FileSize);
- if (FileBuffer == NULL) {
- Error (NULL, 0, 0, "-O Parameter incorrect, GUID not found!", "%s", argv[Index + 2]);
- // not found
- return 0;
- }
- if (FileSize >= 0x80000000) {
- Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL);
- return 0;
+ SubType = 0;
+ if (Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) {
+ if (Index + 3 >= argc) {
+ break;
}
- FileBuffer = (UINT8 *)MEMORY_TO_FLASH (FileBuffer, FdBuffer, FdSize);
- Index += 3;
- } else {
+ SubType = xtoi (argv[Index + 2]);
//
- // 2nd, try file
+ // try file
//
- Status = ReadInputFile (argv[Index + 2], &FileBuffer, &FileSize, NULL);
+ if (SubType != FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST && SubType != FIT_TABLE_SUBTYPE_ACM_MANIFEST) {
+ Error (NULL, 0, 0, "-O Parameter incorrect, SubType unsupported!", NULL);
+ return 0;
+ }
+ Status = ReadInputFile (argv[Index + 3], &FileBuffer, &FileSize,
+ NULL);
if (Status == STATUS_SUCCESS) {
if (FileSize >= 0x80000000) {
Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL); @@ -1640,48 +1641,90 @@ Returns:
// Assume the file size should < 2G.
//
FileSize |= 0x80000000;
+ Index += 4;
+ } else {
+ if (Status == STATUS_WARNING) {
+ Error (NULL, 0, 0, "-O Parameter incorrect, Unable to open file", argv[Index + 3]);
+ }
+ return 0;
+ }
+ } else {
+ //
+ // 2nd, try GUID
+ //
+ if (IsGuidData (argv[Index + 2], &Guid)) {
+ FileBuffer = FindFileFromFvByGuid (FdBuffer, FdSize, &Guid, &FileSize);
+ if (FileBuffer == NULL) {
+ Error (NULL, 0, 0, "-O Parameter incorrect, GUID not found!", "%s", argv[Index + 2]);
+ // not found
+ return 0;
+ }
+ if (FileSize >= 0x80000000) {
+ Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL);
+ return 0;
+ }
+ FileBuffer = (UINT8 *)MEMORY_TO_FLASH (FileBuffer, FdBuffer,
+ FdSize);
Index += 3;
} else {
//
- // 3rd, try <RESERVE, Length>
+ // 3rd, try file
//
- if (Index + 3 >= argc) {
- break;
- }
- if ((strcmp (argv[Index + 2], "RESERVE") == 0) ||
- (strcmp (argv[Index + 2], "reserve") == 0)) {
- FileSize = xtoi (argv[Index + 3]);
+ Status = ReadInputFile (argv[Index + 2], &FileBuffer, &FileSize, NULL);
+ if (Status == STATUS_SUCCESS) {
if (FileSize >= 0x80000000) {
Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL);
+ free (FileBuffer);
return 0;
}
- FileBuffer = malloc (FileSize);
- if (FileBuffer == NULL) {
- Error (NULL, 0, 0, "No sufficient memory to allocate!", NULL);
- return 0;
- }
- SetMem (FileBuffer, FileSize, 0xFF);
//
// Set the most significant bit
// It means the data in memory, not in flash yet.
// Assume the file size should < 2G.
//
FileSize |= 0x80000000;
- Index += 4;
+ Index += 3;
} else {
//
- // 4th, try <Address, Length>
+ // 4th, try <RESERVE, Length>
//
if (Index + 3 >= argc) {
break;
}
- FileBuffer = (UINT8 *) (UINTN) xtoi (argv[Index + 2]);
- FileSize = xtoi (argv[Index + 3]);
- if (FileSize >= 0x80000000) {
- Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL);
- return 0;
+ if ((strcmp (argv[Index + 2], "RESERVE") == 0) ||
+ (strcmp (argv[Index + 2], "reserve") == 0)) {
+ FileSize = xtoi (argv[Index + 3]);
+ if (FileSize >= 0x80000000) {
+ Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL);
+ return 0;
+ }
+ FileBuffer = malloc (FileSize);
+ if (FileBuffer == NULL) {
+ Error (NULL, 0, 0, "No sufficient memory to allocate!", NULL);
+ return 0;
+ }
+ SetMem (FileBuffer, FileSize, 0xFF);
+ //
+ // Set the most significant bit
+ // It means the data in memory, not in flash yet.
+ // Assume the file size should < 2G.
+ //
+ FileSize |= 0x80000000;
+ Index += 4;
+ } else {
+ //
+ // 5th, try <Address, Length>
+ //
+ if (Index + 3 >= argc) {
+ break;
+ }
+ FileBuffer = (UINT8 *) (UINTN) xtoi (argv[Index + 2]);
+ FileSize = xtoi (argv[Index + 3]);
+ if (FileSize >= 0x80000000) {
+ Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL);
+ return 0;
+ }
+ Index += 4;
}
- Index += 4;
}
}
}
@@ -1691,6 +1734,9 @@ Returns:
return 0;
}
gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].Type = Type;
+ if (gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) {
+ gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].SubType = SubType;
+ }
gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].Address = (UINT32) (UINTN) FileBuffer;
gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].Buffer = FileBuffer;
gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].Size = FileSize; @@ -2055,6 +2101,23 @@ Returns:
return ;
}
+CHAR8 *mFitCseSubTypeStr[] = {
+ "CSE_RSVD ",
+ "CSE_K_HASH1",
+ "CSE_M_HASH ",
+ "CSE_BPOLICY",
+ "CSE_OTHR_BP",
+ "CSE_OEMSMIP",
+ "CSE_MRCDATA",
+ "CSE_IBBL_H ",
+ "CSE_IBB_H ",
+ "CSE_OEM_ID ",
+ "CSEOEMSKUID",
+ "CSE_BD_IND ",
+ "CSE_FPM ",
+ "CSE_ACMM "
+};
+
CHAR8 *mFitTypeStr[] = {
" ",
"MICROCODE ",
@@ -2103,6 +2166,14 @@ Returns:
return mFitSignatureInHeader;
}
if (FitEntry->Type < sizeof (mFitTypeStr)/sizeof(mFitTypeStr[0])) {
+ if (FitEntry->Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) {
+ //
+ // "Reserved" field is used to distinguish CSE Secure Boot entries (see FIT spec revision 1.2)
+ //
+ if (FitEntry->Rsvd < sizeof (mFitCseSubTypeStr)/sizeof(mFitCseSubTypeStr[0])) {
+ return mFitCseSubTypeStr[FitEntry->Rsvd];
+ }
+ }
return mFitTypeStr[FitEntry->Type];
} else {
return " ";
@@ -2675,6 +2746,9 @@ Returns:
*(UINT32 *)&FitEntry[FitIndex].Size[0] = gFitTableContext.OptionalModule[Index].Size;
FitEntry[FitIndex].Version = (UINT16)gFitTableContext.OptionalModule[Index].Version;
FitEntry[FitIndex].Type = (UINT8)gFitTableContext.OptionalModule[Index].Type;
+ if (FitEntry[FitIndex].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) {
+ FitEntry[FitIndex].Rsvd = (UINT8)gFitTableContext.OptionalModule[Index].SubType;
+ }
FitEntry[FitIndex].C_V = 0;
FitEntry[FitIndex].Checksum = 0;
FitIndex++;
diff --git a/Silicon/Intel/Tools/FitGen/FitGen.h b/Silicon/Intel/Tools/FitGen/FitGen.h
index cb9274b4175e..abad2d8799c8 100644
--- a/Silicon/Intel/Tools/FitGen/FitGen.h
+++ b/Silicon/Intel/Tools/FitGen/FitGen.h
@@ -31,7 +31,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // Utility version information // #define UTILITY_MAJOR_VERSION 0 -#define UTILITY_MINOR_VERSION 61
+#define UTILITY_MINOR_VERSION 62
#define UTILITY_DATE __DATE__
//
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Patch 1/1] [Edk2Platforms] FitGen: Update tool to meet FIT specification revision 1.2
2020-06-04 0:41 ` Liming Gao
@ 2020-06-04 20:58 ` Hernandez Beltran, Jorge
0 siblings, 0 replies; 3+ messages in thread
From: Hernandez Beltran, Jorge @ 2020-06-04 20:58 UTC (permalink / raw)
To: Gao, Liming, devel@edk2.groups.io; +Cc: Lohr, Paul A
Thanks Liming for the integration. Change is now visible in the edk2platforms repo:
(https://github.com/tianocore/edk2-platforms/commit/4a937016142ea084a2aad19e9bd8f1b50fab38d4)
-----Original Message-----
From: Gao, Liming <liming.gao@intel.com>
Sent: Wednesday, June 3, 2020 7:41 PM
To: Hernandez Beltran, Jorge <jorge.hernandez.beltran@intel.com>; devel@edk2.groups.io
Cc: Lohr, Paul A <paul.a.lohr@intel.com>
Subject: RE: [Patch 1/1] [Edk2Platforms] FitGen: Update tool to meet FIT specification revision 1.2
Push @4a937016142ea084a2aad19e9bd8f1b50fab38d4
-----Original Message-----
From: Hernandez Beltran, Jorge <jorge.hernandez.beltran@intel.com>
Sent: 2020年6月4日 5:01
To: devel@edk2.groups.io
Cc: Gao, Liming <liming.gao@intel.com>; Lohr, Paul A <paul.a.lohr@intel.com>; Hernandez Beltran, Jorge <jorge.hernandez.beltran@intel.com>
Subject: [Patch 1/1] [Edk2Platforms] FitGen: Update tool to meet FIT specification revision 1.2
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2687
FIT specification revision 1.2 was released to the open community.
Revision 1.2 updates CSE Secure Boot Rules (section 4.12) and adds
2 new entry sub-types used to distinguish the CSE entries.
Signed-off-by: Jorge Hernandez Beltran <jorge.hernandez.beltran@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
---
Silicon/Intel/Tools/FitGen/FitGen.c | 152 +++++++++++++++++++++++++++---------
Silicon/Intel/Tools/FitGen/FitGen.h | 2 +-
2 files changed, 114 insertions(+), 40 deletions(-)
diff --git a/Silicon/Intel/Tools/FitGen/FitGen.c b/Silicon/Intel/Tools/FitGen/FitGen.c
index 75d8932d90ac..c4006e69c822 100644
--- a/Silicon/Intel/Tools/FitGen/FitGen.c
+++ b/Silicon/Intel/Tools/FitGen/FitGen.c
@@ -226,6 +226,8 @@ typedef struct {
#define FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST 12
#define FIT_TABLE_TYPE_BIOS_DATA_AREA 13
#define FIT_TABLE_TYPE_CSE_SECURE_BOOT 16
+#define FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST 12
+#define FIT_TABLE_SUBTYPE_ACM_MANIFEST 13
//
// With OptionalModule Address isn't known until free space has been @@ -236,6 +238,7 @@ typedef struct { // typedef struct {
UINT32 Type;
+ UINT32 SubType; // Used by OptionalModule only
UINT32 Address;
UINT8 *Buffer; // Used by OptionalModule only
UINT32 Size;
@@ -295,7 +298,7 @@ Returns:
--*/
{
printf (
- "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec revision 1.1."" Version %i.%i\n\n",
+ "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec
+ revision 1.2."" Version %i.%i\n\n",
UTILITY_NAME,
UTILITY_MAJOR_VERSION,
UTILITY_MINOR_VERSION
@@ -334,7 +337,7 @@ Returns:
"\t[-U <DiagnstAcmAddress>|<DiagnstAcmGuid>]\n"
"\t[-B <BiosModuleAddress BiosModuleSize>] [-B ...] [-V <BiosModuleVersion>]\n"
"\t[-M <MicrocodeAddress MicrocodeSize>] [-M ...]|[-U <MicrocodeFv MicrocodeBase>|<MicrocodeRegionOffset MicrocodeRegionSize>|<MicrocodeGuid>] [-V <MicrocodeVersion>]\n"
- "\t[-O RecordType <RecordDataAddress RecordDataSize>|<RESERVE RecordDataSize>|<RecordDataGuid>|<RecordBinFile> [-V <RecordVersion>]] [-O ... [-V ...]]\n"
+ "\t[-O RecordType <RecordDataAddress RecordDataSize>|<RESERVE RecordDataSize>|<RecordDataGuid>|<RecordBinFile>|<CseRecordSubType RecordBinFile> [-V <RecordVersion>]] [-O ... [-V ...]]\n"
"\t[-P RecordType <IndexPort DataPort Width Bit Index> [-V <RecordVersion>]] [-P ... [-V ...]]\n"
, UTILITY_NAME);
printf (" Where:\n");
@@ -366,6 +369,7 @@ Returns:
printf ("\tRecordDataSize - FIT entry record data size.\n");
printf ("\tRecordDataGuid - FIT entry record data GUID.\n");
printf ("\tRecordBinFile - FIT entry record data binary file.\n");
+ printf ("\tCseRecordSubType - FIT entry record subtype. Use to further distinguish CSE entries (see FIT spec revision 1.2 chapter 4.12).\n");
printf ("\tFitEntryDefaultVersion - The default version for all FIT table entries. 0x%04x is used if this is not specified.\n", DEFAULT_FIT_ENTRY_VERSION);
printf ("\tFitHeaderVersion - The version for FIT header. (Override default version)\n");
printf ("\tStartupAcmVersion - The version for StartupAcm. (Override default version)\n");
@@ -857,6 +861,7 @@ Returns:
UINT8 *FileBuffer;
UINT32 FileSize;
UINT32 Type;
+ UINT32 SubType;
UINT8 *MicrocodeFileBuffer;
UINT8 *MicrocodeFileBufferRaw;
UINT32 MicrocodeFileSize;
@@ -1608,26 +1613,22 @@ Returns:
}
Type = xtoi (argv[Index + 1]);
//
- // 1st, try GUID
+ // 1st, try CSE entry sub-type
//
- if (IsGuidData (argv[Index + 2], &Guid)) {
- FileBuffer = FindFileFromFvByGuid (FdBuffer, FdSize, &Guid, &FileSize);
- if (FileBuffer == NULL) {
- Error (NULL, 0, 0, "-O Parameter incorrect, GUID not found!", "%s", argv[Index + 2]);
- // not found
- return 0;
- }
- if (FileSize >= 0x80000000) {
- Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL);
- return 0;
+ SubType = 0;
+ if (Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) {
+ if (Index + 3 >= argc) {
+ break;
}
- FileBuffer = (UINT8 *)MEMORY_TO_FLASH (FileBuffer, FdBuffer, FdSize);
- Index += 3;
- } else {
+ SubType = xtoi (argv[Index + 2]);
//
- // 2nd, try file
+ // try file
//
- Status = ReadInputFile (argv[Index + 2], &FileBuffer, &FileSize, NULL);
+ if (SubType != FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST && SubType != FIT_TABLE_SUBTYPE_ACM_MANIFEST) {
+ Error (NULL, 0, 0, "-O Parameter incorrect, SubType unsupported!", NULL);
+ return 0;
+ }
+ Status = ReadInputFile (argv[Index + 3], &FileBuffer, &FileSize,
+ NULL);
if (Status == STATUS_SUCCESS) {
if (FileSize >= 0x80000000) {
Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL); @@ -1640,48 +1641,90 @@ Returns:
// Assume the file size should < 2G.
//
FileSize |= 0x80000000;
+ Index += 4;
+ } else {
+ if (Status == STATUS_WARNING) {
+ Error (NULL, 0, 0, "-O Parameter incorrect, Unable to open file", argv[Index + 3]);
+ }
+ return 0;
+ }
+ } else {
+ //
+ // 2nd, try GUID
+ //
+ if (IsGuidData (argv[Index + 2], &Guid)) {
+ FileBuffer = FindFileFromFvByGuid (FdBuffer, FdSize, &Guid, &FileSize);
+ if (FileBuffer == NULL) {
+ Error (NULL, 0, 0, "-O Parameter incorrect, GUID not found!", "%s", argv[Index + 2]);
+ // not found
+ return 0;
+ }
+ if (FileSize >= 0x80000000) {
+ Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL);
+ return 0;
+ }
+ FileBuffer = (UINT8 *)MEMORY_TO_FLASH (FileBuffer, FdBuffer,
+ FdSize);
Index += 3;
} else {
//
- // 3rd, try <RESERVE, Length>
+ // 3rd, try file
//
- if (Index + 3 >= argc) {
- break;
- }
- if ((strcmp (argv[Index + 2], "RESERVE") == 0) ||
- (strcmp (argv[Index + 2], "reserve") == 0)) {
- FileSize = xtoi (argv[Index + 3]);
+ Status = ReadInputFile (argv[Index + 2], &FileBuffer, &FileSize, NULL);
+ if (Status == STATUS_SUCCESS) {
if (FileSize >= 0x80000000) {
Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL);
+ free (FileBuffer);
return 0;
}
- FileBuffer = malloc (FileSize);
- if (FileBuffer == NULL) {
- Error (NULL, 0, 0, "No sufficient memory to allocate!", NULL);
- return 0;
- }
- SetMem (FileBuffer, FileSize, 0xFF);
//
// Set the most significant bit
// It means the data in memory, not in flash yet.
// Assume the file size should < 2G.
//
FileSize |= 0x80000000;
- Index += 4;
+ Index += 3;
} else {
//
- // 4th, try <Address, Length>
+ // 4th, try <RESERVE, Length>
//
if (Index + 3 >= argc) {
break;
}
- FileBuffer = (UINT8 *) (UINTN) xtoi (argv[Index + 2]);
- FileSize = xtoi (argv[Index + 3]);
- if (FileSize >= 0x80000000) {
- Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL);
- return 0;
+ if ((strcmp (argv[Index + 2], "RESERVE") == 0) ||
+ (strcmp (argv[Index + 2], "reserve") == 0)) {
+ FileSize = xtoi (argv[Index + 3]);
+ if (FileSize >= 0x80000000) {
+ Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL);
+ return 0;
+ }
+ FileBuffer = malloc (FileSize);
+ if (FileBuffer == NULL) {
+ Error (NULL, 0, 0, "No sufficient memory to allocate!", NULL);
+ return 0;
+ }
+ SetMem (FileBuffer, FileSize, 0xFF);
+ //
+ // Set the most significant bit
+ // It means the data in memory, not in flash yet.
+ // Assume the file size should < 2G.
+ //
+ FileSize |= 0x80000000;
+ Index += 4;
+ } else {
+ //
+ // 5th, try <Address, Length>
+ //
+ if (Index + 3 >= argc) {
+ break;
+ }
+ FileBuffer = (UINT8 *) (UINTN) xtoi (argv[Index + 2]);
+ FileSize = xtoi (argv[Index + 3]);
+ if (FileSize >= 0x80000000) {
+ Error (NULL, 0, 0, "-O Parameter incorrect, FileSize too large!", NULL);
+ return 0;
+ }
+ Index += 4;
}
- Index += 4;
}
}
}
@@ -1691,6 +1734,9 @@ Returns:
return 0;
}
gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].Type = Type;
+ if (gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) {
+ gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].SubType = SubType;
+ }
gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].Address = (UINT32) (UINTN) FileBuffer;
gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].Buffer = FileBuffer;
gFitTableContext.OptionalModule[gFitTableContext.OptionalModuleNumber].Size = FileSize; @@ -2055,6 +2101,23 @@ Returns:
return ;
}
+CHAR8 *mFitCseSubTypeStr[] = {
+ "CSE_RSVD ",
+ "CSE_K_HASH1",
+ "CSE_M_HASH ",
+ "CSE_BPOLICY",
+ "CSE_OTHR_BP",
+ "CSE_OEMSMIP",
+ "CSE_MRCDATA",
+ "CSE_IBBL_H ",
+ "CSE_IBB_H ",
+ "CSE_OEM_ID ",
+ "CSEOEMSKUID",
+ "CSE_BD_IND ",
+ "CSE_FPM ",
+ "CSE_ACMM "
+};
+
CHAR8 *mFitTypeStr[] = {
" ",
"MICROCODE ",
@@ -2103,6 +2166,14 @@ Returns:
return mFitSignatureInHeader;
}
if (FitEntry->Type < sizeof (mFitTypeStr)/sizeof(mFitTypeStr[0])) {
+ if (FitEntry->Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) {
+ //
+ // "Reserved" field is used to distinguish CSE Secure Boot entries (see FIT spec revision 1.2)
+ //
+ if (FitEntry->Rsvd < sizeof (mFitCseSubTypeStr)/sizeof(mFitCseSubTypeStr[0])) {
+ return mFitCseSubTypeStr[FitEntry->Rsvd];
+ }
+ }
return mFitTypeStr[FitEntry->Type];
} else {
return " ";
@@ -2675,6 +2746,9 @@ Returns:
*(UINT32 *)&FitEntry[FitIndex].Size[0] = gFitTableContext.OptionalModule[Index].Size;
FitEntry[FitIndex].Version = (UINT16)gFitTableContext.OptionalModule[Index].Version;
FitEntry[FitIndex].Type = (UINT8)gFitTableContext.OptionalModule[Index].Type;
+ if (FitEntry[FitIndex].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) {
+ FitEntry[FitIndex].Rsvd = (UINT8)gFitTableContext.OptionalModule[Index].SubType;
+ }
FitEntry[FitIndex].C_V = 0;
FitEntry[FitIndex].Checksum = 0;
FitIndex++;
diff --git a/Silicon/Intel/Tools/FitGen/FitGen.h b/Silicon/Intel/Tools/FitGen/FitGen.h
index cb9274b4175e..abad2d8799c8 100644
--- a/Silicon/Intel/Tools/FitGen/FitGen.h
+++ b/Silicon/Intel/Tools/FitGen/FitGen.h
@@ -31,7 +31,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // Utility version information // #define UTILITY_MAJOR_VERSION 0 -#define UTILITY_MINOR_VERSION 61
+#define UTILITY_MINOR_VERSION 62
#define UTILITY_DATE __DATE__
//
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-06-04 20:58 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20200603210102.34076-1-jorge.hernandez.beltran@intel.com>
2020-06-03 21:01 ` [Patch 1/1] [Edk2Platforms] FitGen: Update tool to meet FIT specification revision 1.2 Jorge Hernandez Beltran
2020-06-04 0:41 ` Liming Gao
2020-06-04 20:58 ` Hernandez Beltran, Jorge
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox