From: "Bob Feng" <bob.c.feng@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"Hv, Pavamana" <pavamana.hv@intel.com>
Subject: Re: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
Date: Sat, 22 Oct 2022 10:20:34 +0000 [thread overview]
Message-ID: <PH7PR11MB58638799263F51BD0241075BC92C9@PH7PR11MB5863.namprd11.prod.outlook.com> (raw)
In-Reply-To: <3bbfe7d39637575ca8942493c7d70df111400f1c.1666228699.git.pavamana.hv@intel.com>
Reviewed-by: Bob Feng <bob.c.feng@intel.com>
-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Hv, Pavamana
Sent: Thursday, October 20, 2022 11:57 AM
To: devel@edk2.groups.io
Cc: Hv, Pavamana <pavamana.hv@intel.com>
Subject: [edk2-devel] [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4086
This commit adds support for new FIT record type for Vendor Authorized Boot (VAB) security technology(FIT spec revision 1.4).
VAB defines 3 new following types
Vendor Authorized Boot Provisioning Table (Type 0x1A) Vendor Authorized Boot Image Manifest (Type 0x1B) Vendor Authorized Boot Key Manifest (Type 0x1C) The code has been updated to align these binaries on 64 byte boundary and not to overlap with other regions, similar to Key manifest, Boot Policy manifest and other optional types.
Also added macros to define FIT spec Major and Minor version numbers and print the same instead of hardcoded string.
Signed-off-by: Pavamana Holavanahalli <pavamana.hv@intel.com>
---
Silicon/Intel/Tools/FitGen/FitGen.c | 61 +++++++++++++++++++---------- Silicon/Intel/Tools/FitGen/FitGen.h | 5 ++-
2 files changed, 44 insertions(+), 22 deletions(-)
diff --git a/Silicon/Intel/Tools/FitGen/FitGen.c b/Silicon/Intel/Tools/FitGen/FitGen.c
index 21dfcf1ebb..87123f9922 100644
--- a/Silicon/Intel/Tools/FitGen/FitGen.c
+++ b/Silicon/Intel/Tools/FitGen/FitGen.c
@@ -234,20 +234,24 @@ typedef struct {
#define FLASH_TO_MEMORY(Address, FvBuffer, FvSize) \ (VOID *)(UINTN)((UINTN)(FvBuffer) + (UINTN)(FvSize) - (TOP_FLASH_ADDRESS - (UINTN)(Address))) -#define FIT_TABLE_TYPE_HEADER 0-#define FIT_TABLE_TYPE_MICROCODE 1-#define FIT_TABLE_TYPE_STARTUP_ACM 2-#define FIT_TABLE_TYPE_DIAGNST_ACM 3-#define FIT_TABLE_TYPE_BIOS_MODULE 7-#define FIT_TABLE_TYPE_TPM_POLICY 8-#define FIT_TABLE_TYPE_BIOS_POLICY 9-#define FIT_TABLE_TYPE_TXT_POLICY 10-#define FIT_TABLE_TYPE_KEY_MANIFEST 11-#define FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST 12-#define FIT_TABLE_TYPE_BIOS_DATA_AREA 13-#define FIT_TABLE_TYPE_CSE_SECURE_BOOT 16-#define FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST 12-#define FIT_TABLE_SUBTYPE_ACM_MANIFEST 13+#define FIT_TABLE_TYPE_HEADER 0+#define FIT_TABLE_TYPE_MICROCODE 1+#define FIT_TABLE_TYPE_STARTUP_ACM 2+#define FIT_TABLE_TYPE_DIAGNST_ACM 3+#define FIT_TABLE_TYPE_BIOS_MODULE 7+#define FIT_TABLE_TYPE_TPM_POLICY 8+#define FIT_TABLE_TYPE_BIOS_POLICY 9+#define FIT_TABLE_TYPE_TXT_POLICY 10+#define FIT_TABLE_TYPE_KEY_MANIFEST 11+#define FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST 12+#define FIT_TABLE_TYPE_BIOS_DATA_AREA 13+#define FIT_TABLE_TYPE_CSE_SECURE_BOOT 16+#define FIT_TABLE_SUBTYPE_FIT_PATCH_MANIFEST 12+#define FIT_TABLE_SUBTYPE_ACM_MANIFEST 13+#define FIT_TABLE_TYPE_VAB_PROVISION_TABLE 26+#define FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST 27+#define FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST 28+ // // With OptionalModule Address isn't known until free space has been@@ -322,8 +326,10 @@ Returns:
--*/ { printf (- "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec revision 1.2."" Version %i.%i\n\n",+ "%s - Tiano IA32/X64 FIT table generation Utility for FIT spec revision %i.%i."" Version %i.%i\n\n", UTILITY_NAME,+ FIT_SPEC_VERSION_MAJOR,+ FIT_SPEC_VERSION_MINOR, UTILITY_MAJOR_VERSION, UTILITY_MINOR_VERSION );@@ -1956,7 +1962,10 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) { // NOTE: It might be virtual address now. Just put a place holder. FitEntryNumber ++; }@@ -2154,8 +2163,11 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {- // Let it 64 byte align+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) {+ // Let it 64 byte align AlignedSize += BIOS_MODULE_ALIGNMENT; AlignedSize &= ~BIOS_MODULE_ALIGNMENT; }@@ -2166,8 +2178,11 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {- // Let it 64 byte align+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) {+ // Let it 64 byte align OptionalModuleAddress = (UINT8 *)((UINTN)OptionalModuleAddress & ~BIOS_MODULE_ALIGNMENT); } @@ -2201,7 +2216,11 @@ Returns:
(gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_KEY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BOOT_POLICY_MANIFEST) || (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_BIOS_DATA_AREA) ||- (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT)) {+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_CSE_SECURE_BOOT) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_PROVISION_TABLE) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_IMAGE_MANIFEST) ||+ (gFitTableContext.OptionalModule[Index].Type == FIT_TABLE_TYPE_VAB_BOOT_KEY_MANIFEST)) {+ CheckOverlap (gFitTableContext.OptionalModule[Index].Address, AlignedSize); } }diff --git a/Silicon/Intel/Tools/FitGen/FitGen.h b/Silicon/Intel/Tools/FitGen/FitGen.h
index 80a1423ceb..511ab652ab 100644
--- a/Silicon/Intel/Tools/FitGen/FitGen.h
+++ b/Silicon/Intel/Tools/FitGen/FitGen.h
@@ -31,9 +31,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
// Utility version information // #define UTILITY_MAJOR_VERSION 0-#define UTILITY_MINOR_VERSION 66+#define UTILITY_MINOR_VERSION 67 #define UTILITY_DATE __DATE__ +#define FIT_SPEC_VERSION_MAJOR 1+#define FIT_SPEC_VERSION_MINOR 4+ // // The minimum number of arguments accepted from the command line. //--
2.26.2.windows.1
-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#95416): https://edk2.groups.io/g/devel/message/95416
Mute This Topic: https://groups.io/mt/94447248/1768742
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [bob.c.feng@intel.com] -=-=-=-=-=-=
next prev parent reply other threads:[~2022-10-22 10:20 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-20 3:57 [PATCH v2] edk2Platforms-Silicon:Add VAB FIT record types support in FitGen.c Hv, Pavamana
2022-10-22 10:20 ` Bob Feng [this message]
2022-10-24 17:04 ` Hv, Pavamana
2022-10-25 21:50 ` Hv, Pavamana
2022-10-26 2:18 ` 回复: [edk2-devel] " gaoliming
2022-10-26 3:35 ` Holland, Michael
2022-10-26 15:13 ` Hv, Pavamana
2022-10-27 0:59 ` 回复: " gaoliming
2022-10-27 17:41 ` Holland, Michael
2022-10-28 1:10 ` 回复: " gaoliming
2022-10-28 5:33 ` Bob Feng
2022-10-28 14:08 ` Hv, Pavamana
2022-10-31 7:56 ` Bob Feng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=PH7PR11MB58638799263F51BD0241075BC92C9@PH7PR11MB5863.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox