diff options
| author | zwei4 <david.wei@intel.com> | 2017-03-10 16:34:38 +0800 |
|---|---|---|
| committer | zwei4 <david.wei@intel.com> | 2017-03-16 16:38:07 +0800 |
| commit | 2ef094fc93c670d153e8170146e0e66c7c23778b (patch) | |
| tree | 35a820b707782c11b7d22e3199967199f76e83c2 /Platform | |
| parent | 71169571606bb31743d950c7d15f4b1554712002 (diff) | |
| download | edk2-platforms-2ef094fc93c670d153e8170146e0e66c7c23778b.tar.xz | |
Add OBB verification code.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: zwei4 <david.wei@intel.com>
Diffstat (limited to 'Platform')
4 files changed, 57 insertions, 3 deletions
diff --git a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/FvCallback.c b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/FvCallback.c index 91ac6f5e1e..6a2c9fd911 100644 --- a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/FvCallback.c +++ b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/FvCallback.c @@ -25,6 +25,7 @@ #include <Library/HeciMsgLib.h>
#include <Guid/FspHeaderFile.h>
#include <Library/FspWrapperApiLib.h>
+#include <Library/BpdtLib.h>
#include "FvCallback.h"
#define MAX_DIGEST_SIZE 64
@@ -416,8 +417,54 @@ GetFvNotifyCallback ( {
EFI_STATUS Status = EFI_SUCCESS;
EFI_BOOT_MODE BootMode;
+ BPDT_PAYLOAD_DATA *BpdtPayloadPtr;
+ EFI_HOB_GUID_TYPE *GuidHobPtr;
+ BPDT_HEADER *Bp1HdrPtr;
+ BPDT_HEADER *Bp2HdrPtr;
PeiServicesGetBootMode (&BootMode);
+
+ //
+ // If the Hob exists, then GetBpdtPayloadAddress() has already been called
+ // one or more times already, So we do not need to re-enter this flow.
+ //
+ GuidHobPtr = GetFirstGuidHob (&gEfiBpdtLibBp2DataGuid);
+ if (GuidHobPtr != NULL) {
+ DEBUG ((EFI_D_INFO, "GetFvNotifyCallback already called. Skipping.\n"));
+ return Status;
+ }
+
+ //
+ // Locate headers of both Boot partion 1 and 2
+ //
+ GetBootPartitionPointer (BootPart1, (VOID **)&Bp1HdrPtr);
+ GetBootPartitionPointer (BootPart2, (VOID **)&Bp2HdrPtr);
+ DEBUG ((DEBUG_INFO, "Signature BP1 = 0x%x BP2 = 0x%x\n",Bp1HdrPtr->Signature,Bp2HdrPtr->Signature));
+ if (Bp1HdrPtr->Signature != BPDT_SIGN_GREEN || Bp2HdrPtr->Signature != BPDT_SIGN_GREEN) {
+ DEBUG ((DEBUG_INFO, "FW Recovery needed. \n"));
+ }
+
+ //
+ // Get the OBB payload, shadow it, and check the hash before processing it.
+ //
+ GetBpdtPayloadData (BootPart2, BpdtObb, &BpdtPayloadPtr);
+
+#if (BOOT_GUARD_ENABLE == 1)
+ //
+ // For Normal boot, just verify OBB, since CSE does hash verify of both IBBL and IBB.
+ // IBBL check is done before bringing cores out of reset,
+ // IBB check is done during RBP and indicated by IBB_VERIFICATION_DONE in IBBL
+ //
+
+ if (BootMode != BOOT_ON_S3_RESUME) {
+ Status = LocateAndVerifyHashBpm (HashObb);
+ if (EFI_ERROR (Status)) {
+ DEBUG((EFI_D_ERROR, "Verify OBB failed, Status = %r\n", Status));
+ CpuDeadLoop();
+ }
+ }
+#endif
+
DEBUG ((EFI_D_INFO, "GetFvNotifyCallback: Processing OBB Payload.\n"));
ParseObbPayload ((UINT8*) PcdGet32 (PcdFlashObbPayloadMappedBase), PcdGet32 (PcdFlashObbPayloadSize), BootMode);
diff --git a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/PlatformPreMemPei.inf b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/PlatformPreMemPei.inf index 22e9de212c..2c3ba738e3 100644 --- a/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/PlatformPreMemPei.inf +++ b/Platform/BroxtonPlatformPkg/Common/PlatformSettings/PlatformPreMemPei/PlatformPreMemPei.inf @@ -34,7 +34,7 @@ # 2. MemoryCallback.c - Includes a memory call back function notified when
# MRC is done.
#
-# Copyright (c) 2012 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -100,6 +100,7 @@ PeiPolicyInitLib
PeiVariableCacheLib
FspWrapperApiLib
+ BpdtLib
[Guids]
gEfiSetupVariableGuid
diff --git a/Platform/BroxtonPlatformPkg/PlatformDsc/Components.IA32.dsc b/Platform/BroxtonPlatformPkg/PlatformDsc/Components.IA32.dsc index 819f025a6a..fe1ea798c5 100644 --- a/Platform/BroxtonPlatformPkg/PlatformDsc/Components.IA32.dsc +++ b/Platform/BroxtonPlatformPkg/PlatformDsc/Components.IA32.dsc @@ -1,7 +1,7 @@ ## @file
# Platform Components for IA32 Description.
#
-# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -81,6 +81,11 @@ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
CpuPolicyLib|$(PLATFORM_SI_PACKAGE)/Cpu/Library/PeiCpuPolicyLibPreMem/PeiCpuPolicyLibPreMem.inf
<BuildOptions>
+ !if $(BOOT_GUARD_ENABLE) == TRUE
+ *_*_IA32_CC_FLAGS = -DBOOT_GUARD_ENABLE=1
+ !else
+ *_*_IA32_CC_FLAGS = -DBOOT_GUARD_ENABLE=0
+ !endif
!if $(TOOL_CHAIN_TAG) == GCC47
<PcdsFixedAtBuild>
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0
diff --git a/Platform/BroxtonPlatformPkg/PlatformDsc/Defines.dsc b/Platform/BroxtonPlatformPkg/PlatformDsc/Defines.dsc index ad38d4424b..47bb9200be 100644 --- a/Platform/BroxtonPlatformPkg/PlatformDsc/Defines.dsc +++ b/Platform/BroxtonPlatformPkg/PlatformDsc/Defines.dsc @@ -1,7 +1,7 @@ ## @file
# Platform Macro Define Description.
#
-# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -97,6 +97,7 @@ DEFINE NVM_VARIABLE_ENABLE = TRUE
DEFINE USB_DNX_ENABLE = FALSE
DEFINE SECURE_BOOT_ENABLE = TRUE
+ DEFINE BOOT_GUARD_ENABLE = FALSE
#
# Do not use 0x prefix, pass prefix 0x or postfix h through macro for C or ASM
#
|