From fca178afd6a44ce0a8c2c7f2e4a2bded78ce6134 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Thu, 21 Sep 2017 12:04:14 -0700 Subject: Platform/SynQuacerEvalBoard: add signed capsule update support Add all the boilerplate to make the SPI NOR image updateable using signed capsules and the FMP protocol. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- .../SynQuacerEvalBoard/SynQuacerEvalBoard.dsc | 20 +++++ .../SynQuacerEvalBoard/SynQuacerEvalBoard.fdf | 86 ++++++++++++++++++++++ .../SystemFirmwareDescriptor.inf | 46 ++++++++++++ .../SystemFirmwareDescriptorPei.c | 68 +++++++++++++++++ .../SystemFirmwareDescriptorTable.aslc | 80 ++++++++++++++++++++ .../SystemFirmwareUpdateConfig.ini | 25 +++++++ 6 files changed, 325 insertions(+) create mode 100644 Platform/Socionext/SynQuacerEvalBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf create mode 100644 Platform/Socionext/SynQuacerEvalBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c create mode 100644 Platform/Socionext/SynQuacerEvalBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorTable.aslc create mode 100644 Platform/Socionext/SynQuacerEvalBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini (limited to 'Platform') diff --git a/Platform/Socionext/SynQuacerEvalBoard/SynQuacerEvalBoard.dsc b/Platform/Socionext/SynQuacerEvalBoard/SynQuacerEvalBoard.dsc index e59a7e504d..dd1469decc 100644 --- a/Platform/Socionext/SynQuacerEvalBoard/SynQuacerEvalBoard.dsc +++ b/Platform/Socionext/SynQuacerEvalBoard/SynQuacerEvalBoard.dsc @@ -120,6 +120,10 @@ NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + NorFlashInfoLib|EmbeddedPkg/Library/NorFlashInfoLib/NorFlashInfoLib.inf [LibraryClasses.common.SEC] @@ -157,7 +161,15 @@ DtPlatformDtbLoaderLib|EmbeddedPkg/Library/DxeDtPlatformDtbLoaderLibDefault/DxeDtPlatformDtbLoaderLibDefault.inf SecurityManagementLib|MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf PerformanceLib|MdeModulePkg/Library/DxePerformanceLib/DxePerformanceLib.inf + + # + # Firmware update + # CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf + EdkiiSystemCapsuleLib|SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf + FmpAuthenticationLib|SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf + PlatformFlashAccessLib|Silicon/Socionext/SynQuacer/Library/SynQuacerPlatformFlashAccessLib/SynQuacerPlatformFlashAccessLib.inf + IniParsingLib|SignedCapsulePkg/Library/IniParsingLib/IniParsingLib.inf # # PCI @@ -575,3 +587,11 @@ # DT support # Silicon/Socionext/SynQuacer/DeviceTree/SynQuacerEvalBoard.inf + + # + # Firmware update + # + Platform/Socionext/SynQuacerEvalBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf + MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf + SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf + SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf diff --git a/Platform/Socionext/SynQuacerEvalBoard/SynQuacerEvalBoard.fdf b/Platform/Socionext/SynQuacerEvalBoard/SynQuacerEvalBoard.fdf index 80cbcdad18..365085c8f2 100644 --- a/Platform/Socionext/SynQuacerEvalBoard/SynQuacerEvalBoard.fdf +++ b/Platform/Socionext/SynQuacerEvalBoard/SynQuacerEvalBoard.fdf @@ -209,6 +209,16 @@ READ_LOCK_STATUS = TRUE # INF RuleOverride = DTB Silicon/Socionext/SynQuacer/DeviceTree/SynQuacerEvalBoard.inf + # + # Firmware update + # + INF MdeModulePkg/Universal/EsrtDxe/EsrtDxe.inf + INF SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareReportDxe.inf + FILE FREEFORM = PCD(gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiPkcs7TestPublicKeyFileGuid) { + SECTION RAW = BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer + SECTION UI = "Pkcs7TestRoot" + } + [FV.FVMAIN_COMPACT] FvAlignment = 16 BlockSize = 0x10000 @@ -238,6 +248,7 @@ READ_LOCK_STATUS = TRUE INF MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf INF MdeModulePkg/Universal/CapsulePei/CapsulePei.inf + INF RuleOverride = FMP_IMAGE_DESC Platform/Socionext/SynQuacerEvalBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 { @@ -246,6 +257,72 @@ READ_LOCK_STATUS = TRUE } } +[FV.CapsuleDispatchFv] +FvAlignment = 16 +ERASE_POLARITY = 1 +MEMORY_MAPPED = TRUE +STICKY_WRITE = TRUE +LOCK_CAP = TRUE +LOCK_STATUS = TRUE +WRITE_DISABLED_CAP = TRUE +WRITE_ENABLED_CAP = TRUE +WRITE_STATUS = TRUE +WRITE_LOCK_CAP = TRUE +WRITE_LOCK_STATUS = TRUE +READ_DISABLED_CAP = TRUE +READ_ENABLED_CAP = TRUE +READ_STATUS = TRUE +READ_LOCK_CAP = TRUE +READ_LOCK_STATUS = TRUE + +INF SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareUpdateDxe.inf + +[FV.SystemFirmwareUpdateCargo] +FvAlignment = 16 +ERASE_POLARITY = 1 +MEMORY_MAPPED = TRUE +STICKY_WRITE = TRUE +LOCK_CAP = TRUE +LOCK_STATUS = TRUE +WRITE_DISABLED_CAP = TRUE +WRITE_ENABLED_CAP = TRUE +WRITE_STATUS = TRUE +WRITE_LOCK_CAP = TRUE +WRITE_LOCK_STATUS = TRUE +READ_DISABLED_CAP = TRUE +READ_ENABLED_CAP = TRUE +READ_STATUS = TRUE +READ_LOCK_CAP = TRUE +READ_LOCK_STATUS = TRUE + + FILE RAW = e99b89f7-c120-4b25-4db1-8394edb0b4f5 { # PcdEdkiiSystemFirmwareFileGuid + FD = BL33_AP_UEFI + } + + FILE RAW = ce57b167-b0e4-41e8-a897-5f4feb781d40 { # gEdkiiSystemFmpCapsuleDriverFvFileGuid + FV = CapsuleDispatchFv + } + + FILE RAW = 812136D3-4D3A-433A-9418-29BB9BF78F6E { # gEdkiiSystemFmpCapsuleConfigFileGuid + Platform/Socionext/SynQuacerEvalBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini + } + +[FmpPayload.FmpPayloadSystemFirmwarePkcs7] +IMAGE_HEADER_INIT_VERSION = 0x02 +IMAGE_TYPE_ID = 50b94ce5-8b63-4849-8af4-ea479356f0e3 # PcdSystemFmpCapsuleImageTypeIdGuid +IMAGE_INDEX = 0x1 +HARDWARE_INSTANCE = 0x0 +MONOTONIC_COUNT = 0x1 +CERTIFICATE_GUID = 4AAFD29D-68DF-49EE-8AA9-347D375665A7 # PKCS7 + +FV = SystemFirmwareUpdateCargo + +[Capsule.SynQuacerFirmwareUpdateCapsuleFmpPkcs7] +CAPSULE_GUID = 6dcbd5ed-e82d-4c44-bda1-7194199ad92a # gEfiFmpCapsuleGuid +CAPSULE_HEADER_SIZE = 0x20 +CAPSULE_HEADER_INIT_VERSION = 0x1 + +FMP_PAYLOAD = FmpPayloadSystemFirmwarePkcs7 ################################################################################ # @@ -354,3 +431,12 @@ READ_LOCK_STATUS = TRUE FILE FREEFORM = $(NAMED_GUID) { RAW BIN |.dtb } + +[Rule.Common.PEIM.FMP_IMAGE_DESC] + FILE PEIM = $(NAMED_GUID) { + RAW BIN |.acpi + PEI_DEPEX PEI_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex + PE32 PE32 Align=4K $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING="$(MODULE_NAME)" Optional + VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER) + } diff --git a/Platform/Socionext/SynQuacerEvalBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf b/Platform/Socionext/SynQuacerEvalBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf new file mode 100644 index 0000000000..f5272c0f0d --- /dev/null +++ b/Platform/Socionext/SynQuacerEvalBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptor.inf @@ -0,0 +1,46 @@ +## @file +# System Firmware descriptor. +# +# Copyright (c) 2016, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x0001001A + BASE_NAME = SystemFirmwareDescriptor + FILE_GUID = 90B2B846-CA6D-4D6E-A8D3-C140A8E110AC + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + ENTRY_POINT = SystemFirmwareDescriptorPeimEntry + +[Sources] + SystemFirmwareDescriptorTable.aslc + SystemFirmwareDescriptorPei.c + +[Packages] + ArmPkg/ArmPkg.dec + MdeModulePkg/MdeModulePkg.dec + MdePkg/MdePkg.dec + SignedCapsulePkg/SignedCapsulePkg.dec + +[LibraryClasses] + DebugLib + PcdLib + PeimEntryPoint + PeiServicesLib + +[FixedPcd] + gArmTokenSpaceGuid.PcdFdSize + +[Pcd] + gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor + +[Depex] + TRUE diff --git a/Platform/Socionext/SynQuacerEvalBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c b/Platform/Socionext/SynQuacerEvalBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c new file mode 100644 index 0000000000..f89d9f4842 --- /dev/null +++ b/Platform/Socionext/SynQuacerEvalBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorPei.c @@ -0,0 +1,68 @@ +/** @file + System Firmware descriptor producer. + + Copyright (c) 2016, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include +#include +#include +#include +#include + +/** + Entrypoint for SystemFirmwareDescriptor PEIM. + + @param[in] FileHandle Handle of the file being invoked. + @param[in] PeiServices Describes the list of possible PEI Services. + + @retval EFI_SUCCESS PPI successfully installed. +**/ +EFI_STATUS +EFIAPI +SystemFirmwareDescriptorPeimEntry ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + EFI_STATUS Status; + EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR *Descriptor; + UINTN Size; + UINTN Index; + UINT32 AuthenticationStatus; + + // + // Search RAW section. + // + Index = 0; + while (TRUE) { + Status = PeiServicesFfsFindSectionData3(EFI_SECTION_RAW, Index, FileHandle, + (VOID **)&Descriptor, &AuthenticationStatus); + if (EFI_ERROR(Status)) { + // Should not happen, must something wrong in FDF. + ASSERT(FALSE); + return EFI_NOT_FOUND; + } + if (Descriptor->Signature == EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR_SIGNATURE) { + break; + } + Index++; + } + + DEBUG((DEBUG_INFO, "EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR size - 0x%x\n", + Descriptor->Length)); + + Size = Descriptor->Length; + PcdSetPtrS (PcdEdkiiSystemFirmwareImageDescriptor, &Size, Descriptor); + + return EFI_SUCCESS; +} diff --git a/Platform/Socionext/SynQuacerEvalBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorTable.aslc b/Platform/Socionext/SynQuacerEvalBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorTable.aslc new file mode 100644 index 0000000000..3413f76f95 --- /dev/null +++ b/Platform/Socionext/SynQuacerEvalBoard/SystemFirmwareDescriptor/SystemFirmwareDescriptorTable.aslc @@ -0,0 +1,80 @@ +/** @file + System Firmware descriptor. + + Copyright (c) 2016, Intel Corporation. All rights reserved.
+ Copyright (c) 2017, Linaro, Ltd. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include +#include + +#define PACKAGE_VERSION 0xFFFFFFFF +#define PACKAGE_VERSION_STRING L"Unknown" + +#define CURRENT_FIRMWARE_VERSION 0x00000001 +#define CURRENT_FIRMWARE_VERSION_STRING L"0x00000001" +#define LOWEST_SUPPORTED_FIRMWARE_VERSION 0x00000001 + +#define IMAGE_ID SIGNATURE_64('S', 'N', 'I', 'S', 'Y', 'N', 'Q', 'U') +#define IMAGE_ID_STRING L"Socionext SynQuacer EVB" + +// PcdSystemFmpCapsuleImageTypeIdGuid +#define IMAGE_TYPE_ID_GUID { 0x50b94ce5, 0x8b63, 0x4849, { 0x8a, 0xf4, 0xea, 0x47, 0x93, 0x56, 0xf0, 0xe3 } } + +typedef struct { + EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR Descriptor; + // real string data + CHAR16 ImageIdNameStr[sizeof(IMAGE_ID_STRING)/sizeof(CHAR16)]; + CHAR16 VersionNameStr[sizeof(CURRENT_FIRMWARE_VERSION_STRING)/sizeof(CHAR16)]; + CHAR16 PackageVersionNameStr[sizeof(PACKAGE_VERSION_STRING)/sizeof(CHAR16)]; +} IMAGE_DESCRIPTOR; + +STATIC IMAGE_DESCRIPTOR mImageDescriptor = +{ + { + EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR_SIGNATURE, + sizeof(EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR), + sizeof(IMAGE_DESCRIPTOR), + PACKAGE_VERSION, // PackageVersion + OFFSET_OF (IMAGE_DESCRIPTOR, PackageVersionNameStr), // PackageVersionName + 1, // ImageIndex; + {0x0}, // Reserved + IMAGE_TYPE_ID_GUID, // ImageTypeId; + IMAGE_ID, // ImageId; + OFFSET_OF (IMAGE_DESCRIPTOR, ImageIdNameStr), // ImageIdName; + CURRENT_FIRMWARE_VERSION, // Version; + OFFSET_OF (IMAGE_DESCRIPTOR, VersionNameStr), // VersionName; + {0x0}, // Reserved2 + FixedPcdGet32(PcdFdSize), // Size; + IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | + IMAGE_ATTRIBUTE_RESET_REQUIRED | + IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED | + IMAGE_ATTRIBUTE_IN_USE, // AttributesSupported; + IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | + IMAGE_ATTRIBUTE_RESET_REQUIRED | + IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED | + IMAGE_ATTRIBUTE_IN_USE, // AttributesSetting; + 0x0, // Compatibilities; + LOWEST_SUPPORTED_FIRMWARE_VERSION, // LowestSupportedImageVersion; + 0x00000000, // LastAttemptVersion; + 0, // LastAttemptStatus; + {0x0}, // Reserved3 + 0, // HardwareInstance; + }, + // real string data + {IMAGE_ID_STRING}, + {CURRENT_FIRMWARE_VERSION_STRING}, + {PACKAGE_VERSION_STRING}, +}; + +VOID* CONST ReferenceAcpiTable = &mImageDescriptor; diff --git a/Platform/Socionext/SynQuacerEvalBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini b/Platform/Socionext/SynQuacerEvalBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini new file mode 100644 index 0000000000..f3983da961 --- /dev/null +++ b/Platform/Socionext/SynQuacerEvalBoard/SystemFirmwareUpdateConfig/SystemFirmwareUpdateConfig.ini @@ -0,0 +1,25 @@ +## @file +# +# Copyright (c) 2016, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Head] +NumOfUpdate = 1 +NumOfRecovery = 0 +Update0 = SynQuacerFvMain + +[SynQuacerFvMain] +FirmwareType = 0 # SystemFirmware +AddressType = 1 # 0 - relative address, 1 - absolute address. +BaseAddress = 0x08200000 # Base address offset on flash +Length = 0x001C0000 # Length +ImageOffset = 0x00000000 # Image offset of this SystemFirmware image +FileGuid = e99b89f7-c120-4b25-4db1-8394edb0b4f5 # PcdEdkiiSystemFirmwareFileGuid -- cgit v1.2.3