diff options
| author | lushifex <shifeix.a.lu@intel.com> | 2017-02-22 14:34:31 +0800 |
|---|---|---|
| committer | Guo Mang <mang.guo@intel.com> | 2017-05-09 13:03:10 +0800 |
| commit | 3eac100ece691d7725632e7b17ccfd9f9ca83cd9 (patch) | |
| tree | 0ea0755d291f082cbfbb400433df44c6c7d4068d /Platform/BroxtonPlatformPkg/Common/PlatformSettings | |
| parent | f5e2c28c29be23070b88e71bb1f0acb6a7a4a252 (diff) | |
| download | edk2-platforms-3eac100ece691d7725632e7b17ccfd9f9ca83cd9.tar.xz | |
Enable Secure Boot.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: lushifex <shifeix.a.lu@intel.com>
Diffstat (limited to 'Platform/BroxtonPlatformPkg/Common/PlatformSettings')
7 files changed, 46 insertions, 142 deletions
diff --git a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformDxe/Platform.c b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformDxe/Platform.c index 02dcc27502..187eb2179e 100644 --- a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformDxe/Platform.c +++ b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformDxe/Platform.c @@ -1,7 +1,7 @@ /** @file
Platform Initialization Driver.
- Copyright (c) 1999 - 2016, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 1999 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -641,7 +641,7 @@ InitPlatformResolution ( PcdSet32S (PcdVideoVerticalResolution, PanelResolution[mSystemConfiguration.IgdFlatPanel].VerticalResolution);
}
-VOID
+VOID
OverrideSdCardPresence (
VOID
)
@@ -670,7 +670,7 @@ OverrideSdCardPresence ( } else {
P2sbMmioBar &= B_P2SB_BAR_BA;
}
-
+
Gpio177PadConfigDW0RegAdd = P2SB_MMIO_ADDR (P2sbMmioBar, SOUTHWEST, 0x5D0);
Gpio177RxState = MmioRead32(Gpio177PadConfigDW0RegAdd) & BIT1;
DEBUG ((DEBUG_INFO, "Gpio177PadConfigDW0RegAdd: 0x%X\n", Gpio177PadConfigDW0RegAdd));
@@ -868,11 +868,6 @@ InitializePlatform ( FdoEnabledGuidHob = GetFirstGuidHob (&gFdoModeEnabledHobGuid);
if (FdoEnabledGuidHob != NULL) {
- //
- // Secure boot must be disabled in Flash Descriptor Override (FDO) boot
- //
- EnableCustomMode ();
- DeleteKeys ();
}
#if (ENBDT_PF_ENABLE == 1) //BXTP
@@ -916,9 +911,9 @@ InitializePlatform ( &EfiExitBootServicesEvent
);
-
- OverrideSdCardPresence();
-
+
+ OverrideSdCardPresence();
+
return EFI_SUCCESS;
}
diff --git a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformDxe/PlatformDxe.inf b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformDxe/PlatformDxe.inf index c2714a6ae9..cf8ca08ccf 100644 --- a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformDxe/PlatformDxe.inf +++ b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformDxe/PlatformDxe.inf @@ -1,7 +1,7 @@ ## @file
# Component description file for platform DXE driver
#
-# Copyright (c) 1999 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 1999 - 2017, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -50,7 +50,6 @@ UefiBootServicesTableLib
UefiDriverEntryPoint
UefiRuntimeServicesTableLib
- PlatformSecureDefaultsLib
DxeServicesTableLib
DebugLib
HiiLib
diff --git a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/PlatformSetupDxe.c b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/PlatformSetupDxe.c index 02b03ff22d..5cbe136051 100644 --- a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/PlatformSetupDxe.c +++ b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/PlatformSetupDxe.c @@ -13,7 +13,7 @@ 4. It save all the mapping info in NV variables which will be consumed
by platform override protocol driver to publish the platform override protocol.
- Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -508,43 +508,6 @@ SystemConfigCallback ( if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) {
}
- } else if (KeyValue == 0x1237 /*KEY_CLEAR_KEK_AND_PK*/ ) {
- //
- //Delete PK, KEK, DB, DBx
- //
- EnableCustomMode ();
- DeleteKeys ();
- StrCpyS (StringBuffer1, 200, L"Clear Keys Completed");
- StrCpyS (StringBuffer2, 200, L"Please Restart System");
-
- //
- // Popup a menu to notice user
- //
- do {
- CreatePopUp (EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, StringBuffer1, StringBuffer2, NULL);
- } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN));
-
- gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);
- } else if (KeyValue == 0x1238 /*KEY_LOAD_DEFAULTS_KEYS*/ ) {
- //
- // Enroll PK, KEK, DB and DBx
- //
- EnrollKeys ();
- StrCpyS (StringBuffer1, 200, L"Restore Keys Completed");
- StrCpyS (StringBuffer2, 200, L"Please Restart System");
-
- //
- // Popup a notification menu
- //
- do {
- CreatePopUp(EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, StringBuffer1, StringBuffer2, NULL);
- } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN));
-
- //
- // Reset the system
- //
- gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);
-
} else if (KeyValue == 0x1239) {
//
// Popup a notification menu
diff --git a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/PlatformSetupDxe.inf b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/PlatformSetupDxe.inf index 09a16c8c1e..0cbcb71301 100644 --- a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/PlatformSetupDxe.inf +++ b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/PlatformSetupDxe.inf @@ -16,7 +16,7 @@ # 4. It save all the mapping info in NV variables for the following boot,
# which will be consumed by GetDriver API of the produced the platform override protocol.
#
-# Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -92,7 +92,6 @@ BiosIdLib
CpuIA32Lib
IoLib
- PlatformSecureDefaultsLib
BaseIpcLib
HeciMsgLib
SteppingLib
diff --git a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/Security.vfi b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/Security.vfi index f79e81bd36..9d0855eaf9 100644 --- a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/Security.vfi +++ b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/Security.vfi @@ -107,39 +107,6 @@ form formid = SECURITY_CONFIGURATION_FORM_ID, endif;
endif;
- subtitle text = STRING_TOKEN(STR_NULL_STRING);
-
-
- subtitle text = STRING_TOKEN(STR_NULL_STRING);
-
- oneof varid = Setup.SecureBootCustomMode,
- prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
- help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
- option text = STRING_TOKEN(STR_SB_STANDARD_MODE), value=0x00, flags = DEFAULT | MANUFACTURING;
- option text = STRING_TOKEN(STR_SB_CUSTOM_MODE), value=0x01, flags = 0;
- endoneof;
- oneof varid = Setup.UseProductKey,
- prompt = STRING_TOKEN(STR_SECURE_BOOT_PRO_KEY_PROMPT),
- help = STRING_TOKEN(STR_SECURE_BOOT_PRO_KEY_HELP),
- option text = STRING_TOKEN(STR_DEV_KEY), value=0x00, flags = DEFAULT | RESET_REQUIRED;
- option text = STRING_TOKEN(STR_PRO_KEY), value=0x01, flags = RESET_REQUIRED;
- endoneof;
- text
- help = STRING_TOKEN(STR_CLEAR_ALL_KEYS_HELP),
- text = STRING_TOKEN(STR_CLEAR_ALL_KEYS),
- text = STRING_TOKEN(STR_NULL_STRING),
- flags = INTERACTIVE,
- key = 0x1237; //KEY_CLEAR_KEK_AND_PK;
-
- text
- help = STRING_TOKEN(STR_LOAD_DEFAULTS_KEYS_HELP),
- text = STRING_TOKEN(STR_LOAD_DEFAULTS_KEYS),
- text = STRING_TOKEN(STR_NULL_STRING),
- flags = INTERACTIVE,
- key = 0x1238; //KEY_LOAD_DEFAULTS_KEYS;
-
- subtitle text = STRING_TOKEN(STR_NULL_STRING);
-
//
//TPM related
//
@@ -154,7 +121,7 @@ form formid = SECURITY_CONFIGURATION_FORM_ID, option text = STRING_TOKEN(STR_TPM_DTPM_2_0), value = 0x03, flags = RESET_REQUIRED;
endoneof;
- suppressif NOT ideqval Setup.TPM == 1;
+ suppressif NOT ideqval Setup.TPM == 1;
oneof varid = Setup.TPMSupportedBanks,
prompt = STRING_TOKEN(STR_TPM2_PCR_ALLOCATE_PROMPT),
help = STRING_TOKEN(STR_TPM2_PCR_ALLOCATE_HELP),
@@ -164,6 +131,6 @@ form formid = SECURITY_CONFIGURATION_FORM_ID, option text = STRING_TOKEN(STR_TPM2_PCR_ALLOCATE_BOTH), value = TPM2_SUPPORTED_BANK_BOTH, flags = RESET_REQUIRED;
endoneof;
endif;
-
+
endform;
diff --git a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/SetupInfoRecords.c b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/SetupInfoRecords.c index 8f7a5345fa..d504995bea 100644 --- a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/SetupInfoRecords.c +++ b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/SetupInfoRecords.c @@ -1,7 +1,7 @@ /** @file
To retrieve various platform info data for Setup menu.
- Copyright (c) 1999 - 2016, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 1999 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -47,8 +47,6 @@ #include "ScAccess.h"
#include "SetupMode.h"
-#define EFI_CUSTOM_MODE_NAME L"CustomMode"
-extern EFI_GUID gEfiCustomModeEnableGuid;
#define LEFT_JUSTIFY 0x01
#define PREFIX_SIGN 0x02
@@ -65,7 +63,6 @@ EFI_GUID mProcessorProducerGuid; EFI_HII_HANDLE mHiiHandle;
SYSTEM_CONFIGURATION mSystemConfiguration;
EFI_PLATFORM_INFO_HOB *mPlatformInfo;
-UINT8 mUseProductKey = 0;
#define memset SetMem
@@ -1720,14 +1717,30 @@ SetupInfo ( VOID
CheckSystemConfigLoad (
- SYSTEM_CONFIGURATION *SystemConfigPtr
+ SYSTEM_CONFIGURATION *SystemConfigPtr
)
{
EFI_STATUS Status;
SEC_OPERATION_PROTOCOL *SeCOp;
SEC_INFOMATION SeCInfo;
+ UINT8 SecureBoot;
+ UINTN DataSize;
+
+ DataSize = sizeof (SecureBoot);
+ Status = gRT->GetVariable (
+ EFI_SECURE_BOOT_MODE_NAME,
+ &gEfiGlobalVariableGuid,
+ NULL,
+ &DataSize,
+ &SecureBoot
+ );
+
+ if (EFI_ERROR (Status)) {
+ SystemConfigPtr->SecureBoot = 0;
+ } else {
+ SystemConfigPtr->SecureBoot = SecureBoot;
+ }
- mUseProductKey = SystemConfigPtr->UseProductKey;
Status = gBS->LocateProtocol (
&gEfiSeCOperationProtocolGuid,
NULL,
@@ -1787,7 +1800,7 @@ CheckTPMActivePcrBanks ( VOID
CheckSystemConfigSave (
- SYSTEM_CONFIGURATION *SystemConfigPtr
+ SYSTEM_CONFIGURATION *SystemConfigPtr
)
{
EFI_STATUS Status;
@@ -1795,51 +1808,7 @@ CheckSystemConfigSave ( SEC_INFOMATION SeCInfo;
UINT8 SecureBootCfg;
UINTN DataSize;
- UINT8 CustomMode;
-
- if (mUseProductKey != SystemConfigPtr->UseProductKey) {
- EnableCustomMode ();
- DeleteKeys ();
- EnrollKeys ();
- }
- DataSize = sizeof (CustomMode);
- Status = gRT->GetVariable (
- EFI_CUSTOM_MODE_NAME,
- &gEfiCustomModeEnableGuid,
- NULL,
- &DataSize,
- &CustomMode
- );
-
- if (EFI_ERROR (Status)) {
- DeleteKeys ();
- EnrollKeys ();
- DataSize = sizeof (CustomMode);
- Status = gRT->GetVariable (
- EFI_CUSTOM_MODE_NAME,
- &gEfiCustomModeEnableGuid,
- NULL,
- &DataSize,
- &CustomMode
- );
- }
-
- if (CustomMode != SystemConfigPtr->SecureBootCustomMode) {
- if (CustomMode == 1) {
- DeleteKeys ();
- EnrollKeys ();
- CustomMode = 0;
- } else {
- CustomMode = 1;
- Status = gRT->SetVariable (
- EFI_CUSTOM_MODE_NAME,
- &gEfiCustomModeEnableGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
- sizeof (UINT8),
- &CustomMode
- );
- }
- }
+ BOOLEAN SecureBootNotFound;
Status = gBS->LocateProtocol (
&gEfiSeCOperationProtocolGuid,
@@ -1861,6 +1830,8 @@ CheckSystemConfigSave ( //
// Secure Boot configuration changes
//
+ DataSize = sizeof (SecureBootCfg);
+ SecureBootNotFound = FALSE;
Status = gRT->GetVariable (
EFI_SECURE_BOOT_ENABLE_NAME,
&gEfiSecureBootEnableDisableGuid,
@@ -1870,12 +1841,22 @@ CheckSystemConfigSave ( );
if (EFI_ERROR (Status)) {
- SecureBootCfg = 0;
+ SecureBootNotFound = TRUE;
+ }
+
+ if (SecureBootNotFound) {
+ Status = gRT->GetVariable (
+ EFI_SECURE_BOOT_ENABLE_NAME,
+ &gEfiSecureBootEnableDisableGuid,
+ NULL,
+ &DataSize,
+ &SecureBootCfg
+ );
+ ASSERT_EFI_ERROR (Status);
}
if ((SecureBootCfg) != SystemConfigPtr->SecureBoot) {
SecureBootCfg = !SecureBootCfg;
-
Status = gRT->SetVariable (
EFI_SECURE_BOOT_ENABLE_NAME,
&gEfiSecureBootEnableDisableGuid,
diff --git a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/VfrStrings.uni b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/VfrStrings.uni Binary files differindex 47b84ee6a0..9ff9a80ba6 100644 --- a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/VfrStrings.uni +++ b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformSetupDxe/VfrStrings.uni |