diff options
author | raywu <raywu0301@gmail.com> | 2018-06-15 00:00:50 +0800 |
---|---|---|
committer | raywu <raywu0301@gmail.com> | 2018-06-15 00:00:50 +0800 |
commit | b7c51c9cf4864df6aabb99a1ae843becd577237c (patch) | |
tree | eebe9b0d0ca03062955223097e57da84dd618b9a /Board/EM/FIT | |
download | zprj-master.tar.xz |
Diffstat (limited to 'Board/EM/FIT')
46 files changed, 4092 insertions, 0 deletions
diff --git a/Board/EM/FIT/Boot_Guard_ACM_Rev1_1_PC_ES.bin b/Board/EM/FIT/Boot_Guard_ACM_Rev1_1_PC_ES.bin Binary files differnew file mode 100644 index 0000000..93da68e --- /dev/null +++ b/Board/EM/FIT/Boot_Guard_ACM_Rev1_1_PC_ES.bin diff --git a/Board/EM/FIT/Boot_Guard_ACM_Rev1_2_PC_QS.bin b/Board/EM/FIT/Boot_Guard_ACM_Rev1_2_PC_QS.bin Binary files differnew file mode 100644 index 0000000..d495bd9 --- /dev/null +++ b/Board/EM/FIT/Boot_Guard_ACM_Rev1_2_PC_QS.bin diff --git a/Board/EM/FIT/Boot_Guard_ACM_Rev1_2_PV_QS.bin b/Board/EM/FIT/Boot_Guard_ACM_Rev1_2_PV_QS.bin Binary files differnew file mode 100644 index 0000000..88ff342 --- /dev/null +++ b/Board/EM/FIT/Boot_Guard_ACM_Rev1_2_PV_QS.bin diff --git a/Board/EM/FIT/BpmKmGen.exe b/Board/EM/FIT/BpmKmGen.exe Binary files differnew file mode 100644 index 0000000..b0b6de9 --- /dev/null +++ b/Board/EM/FIT/BpmKmGen.exe diff --git a/Board/EM/FIT/CryptoCon.exe b/Board/EM/FIT/CryptoCon.exe Binary files differnew file mode 100644 index 0000000..5ce7893 --- /dev/null +++ b/Board/EM/FIT/CryptoCon.exe diff --git a/Board/EM/FIT/CutRom.exe b/Board/EM/FIT/CutRom.exe Binary files differnew file mode 100644 index 0000000..910e46c --- /dev/null +++ b/Board/EM/FIT/CutRom.exe diff --git a/Board/EM/FIT/Dxe/BootGuardDxe.c b/Board/EM/FIT/Dxe/BootGuardDxe.c new file mode 100644 index 0000000..4c4ccb0 --- /dev/null +++ b/Board/EM/FIT/Dxe/BootGuardDxe.c @@ -0,0 +1,186 @@ +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** +// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardDxe.c 1 2/25/13 1:11a Bensonlai $ +// +// $Revision: 1 $ +// +// $Date: 2/25/13 1:11a $ +//********************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardDxe.c $ +// +// 1 2/25/13 1:11a Bensonlai +// [TAG] EIP114386 +// [Category] Spec Update +// [Severity] Important +// [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard +// for 4th Gen Intel Core Processor based on Mobile U-Processor Line - +// BIOS Writer's Guide - Rev 0.8.1 +// [Files] BootGuardDxe.cif +// BootGuardDxe.c +// BootGuardDxe.h +// BootGuardDxe.sdl +// BootGuardDxe.dxs +// BootGuardDxe.mak +// +//********************************************************************** +//<AMI_FHDR_START> +// +// Name: BootGuardDxe.c +// +// Description: Chain of trust for Dxe +// +//<AMI_FHDR_END> +//********************************************************************** + +#include "BootGuardDxe.h" + +VOID +BootGuardDxeCallback ( + IN EFI_EVENT Event, + IN VOID *Context +) +{ + EFI_INPUT_KEY Key; + EFI_STATUS Status; + + gST->ConOut->ClearScreen (gST->ConOut); + + gST->ConOut->OutputString ( + gST->ConOut, + L"Anchor Cove verified DXE that is fail\n\r" + ); + + gST->ConOut->OutputString ( + gST->ConOut, + L"System will shutdown\n\r" + ); + + gST->ConOut->OutputString ( + gST->ConOut, + L"Press any key\n\r" + ); + + do { + Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key); + } while (Status != EFI_SUCCESS); + + gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL); + EFI_DEADLOOP (); + + gBS->CloseEvent (Event); +} + +VOID +BootGuardDxeRegisterCallBack ( + VOID +) +{ + EFI_EVENT Event; + VOID *NotifyReg; + EFI_STATUS Status; + + Status = gBS->CreateEvent ( + EFI_EVENT_NOTIFY_SIGNAL, + EFI_TPL_CALLBACK, + BootGuardDxeCallback, + NULL, + &Event + ); + + if ( EFI_ERROR(Status) ) { + ASSERT_EFI_ERROR (Status); + return; + } + + Status = gBS->RegisterProtocolNotify ( + &gNotifyProtocolGuid , + Event, + &NotifyReg + ); + + if ( EFI_ERROR(Status) ) { + ASSERT_EFI_ERROR (Status); + return; + } + + return; +} + +EFI_STATUS +BootGuardDxeEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable +) +{ + EFI_GUID AmiBootGuardHobGuid = AMI_ANCHOR_COVE_HOB_GUID; + AMI_ANCHOR_COVE_HOB *AmiBootGuardHobPtr; + PCH_SERIES PchSeries = GetPchSeries(); + EFI_BOOT_MODE BootMode; + EFI_PEI_HOB_POINTERS HobList; + + if ( PchSeries != PchLp ) { + return EFI_SUCCESS; + } + + if ( IsBootGuardSupported() == FALSE ) { + return EFI_SUCCESS; + } + + DEBUG ((EFI_D_INFO, "[BootGuardDxe.c] : Entry Point...\n")); + + // + // Check Boot Type + // + EfiGetSystemConfigurationTable (&gEfiHobListGuid, (VOID **) &HobList.Raw); + if (HobList.Header->HobType != EFI_HOB_TYPE_HANDOFF) { + DEBUG ((EFI_D_ERROR, "[BootGuardDxe.c] : Get HOB fail\n")); + return EFI_SUCCESS; + } + + BootMode = HobList.HandoffInformationTable->BootMode; + if ( BootMode == BOOT_IN_RECOVERY_MODE ) { + DEBUG ((EFI_D_ERROR, "[BootGuardDxe.c] : In the BOOT_IN_RECOVERY_MODE\n")); + return EFI_SUCCESS; + } + + AmiBootGuardHobPtr = GetFirstGuidHob (&AmiBootGuardHobGuid); + if (AmiBootGuardHobPtr == NULL) { + DEBUG ((EFI_D_ERROR, "[BootGuardDxe.c] : AmiBootGuard DXE Hob not available\n")); + return EFI_NOT_FOUND; + } + + if ( AmiBootGuardHobPtr->AmiBootGuardVerificationforPEItoDXEFlag == 0 ) { + BootGuardDxeRegisterCallBack(); + } + + DEBUG ((EFI_D_INFO, "[BootGuardDxe.c] : Entry End...\n")); + + return EFI_SUCCESS; +} + +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** diff --git a/Board/EM/FIT/Dxe/BootGuardDxe.cif b/Board/EM/FIT/Dxe/BootGuardDxe.cif new file mode 100644 index 0000000..ea40b8e --- /dev/null +++ b/Board/EM/FIT/Dxe/BootGuardDxe.cif @@ -0,0 +1,12 @@ +<component> + name = "BootGuardDxe" + category = ModulePart + LocalRoot = "Board\EM\FIT\Dxe" + RefName = "BootGuardDxe" +[files] +"BootGuardDxe.c" +"BootGuardDxe.h" +"BootGuardDxe.sdl" +"BootGuardDxe.dxs" +"BootGuardDxe.mak" +<endComponent> diff --git a/Board/EM/FIT/Dxe/BootGuardDxe.dxs b/Board/EM/FIT/Dxe/BootGuardDxe.dxs new file mode 100644 index 0000000..2034306 --- /dev/null +++ b/Board/EM/FIT/Dxe/BootGuardDxe.dxs @@ -0,0 +1,71 @@ +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** +// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardDxe.dxs 1 2/25/13 1:11a Bensonlai $ +// +// $Revision: 1 $ +// +// $Date: 2/25/13 1:11a $ +//********************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardDxe.dxs $ +// +// 1 2/25/13 1:11a Bensonlai +// [TAG] EIP114386 +// [Category] Spec Update +// [Severity] Important +// [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard +// for 4th Gen Intel Core Processor based on Mobile U-Processor Line - +// BIOS Writer's Guide - Rev 0.8.1 +// [Files] BootGuardDxe.cif +// BootGuardDxe.c +// BootGuardDxe.h +// BootGuardDxe.sdl +// BootGuardDxe.dxs +// BootGuardDxe.mak +// +//********************************************************************** +//<AMI_FHDR_START> +// +// Name: BootGuardDxe.dxs +// +// Description: Dependency expression file for BootGuardDxe Driver. +// +//<AMI_FHDR_END> +//********************************************************************** + +#include "AutoGen.h" +#include "DxeDepex.h" +#if defined (BUILD_WITH_GLUELIB) || defined (BUILD_WITH_EDKII_GLUE_LIB) +#include "EfiDepex.h" +#include EFI_ARCH_PROTOCOL_DEFINITION (Variable) +#endif + +DEPENDENCY_START + EFI_VARIABLE_ARCH_PROTOCOL_GUID +DEPENDENCY_END + +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** diff --git a/Board/EM/FIT/Dxe/BootGuardDxe.h b/Board/EM/FIT/Dxe/BootGuardDxe.h new file mode 100644 index 0000000..a5d49a7 --- /dev/null +++ b/Board/EM/FIT/Dxe/BootGuardDxe.h @@ -0,0 +1,114 @@ +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** +// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardDxe.h 2 3/07/13 5:41a Bensonlai $ +// +// $Revision: 2 $ +// +// $Date: 3/07/13 5:41a $ +//********************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardDxe.h $ +// +// 2 3/07/13 5:41a Bensonlai +// [TAG] EIP117307 +// [Category] Improvement +// [Description] [Boot Guard] Implementation of speed up the post time +// for Chain of Trust +// [Files] BootGuardDxe.h, BootGuardPei.c, BootGuardPei.h, +// BpmKmGen.exe, ReserveBootGuardFvMainHashKey.bin +// +// 1 2/25/13 1:11a Bensonlai +// [TAG] EIP114386 +// [Category] Spec Update +// [Severity] Important +// [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard +// for 4th Gen Intel Core Processor based on Mobile U-Processor Line - +// BIOS Writer's Guide - Rev 0.8.1 +// [Files] BootGuardDxe.cif +// BootGuardDxe.c +// BootGuardDxe.h +// BootGuardDxe.sdl +// BootGuardDxe.dxs +// BootGuardDxe.mak +// +//********************************************************************** +//<AMI_FHDR_START> +// +// Name: BootGuardDxe.h +// +// Description: Header file for BootGuardDxe +// +//<AMI_FHDR_END> +//********************************************************************** + +#ifndef _BootGuardDxe_H_ +#define _BootGuardDxe_H_ + +#if !defined(EDK_RELEASE_VERSION) || (EDK_RELEASE_VERSION < 0x00020000) +#include "EdkIIGlueDxe.h" +#include "CpuAccess.h" +#include "PchAccess.h" +#include "PchPlatformLib.h" +#include "BootGuardLibrary.h" +#include <token.h> +#endif + +#define BDS_ALL_DRIVERS_CONNECTED_PROTOCOL_GUID \ + { 0xdbc9fd21, 0xfad8, 0x45b0, 0x9e, 0x78, 0x27, 0x15, 0x88, 0x67, 0xcc, 0x93 } + +EFI_GUID gNotifyProtocolGuid = BDS_ALL_DRIVERS_CONNECTED_PROTOCOL_GUID; + +// +// GUID for the AMI_ANCHOR_COVE Module +// +#if !defined(EDK_RELEASE_VERSION) || (EDK_RELEASE_VERSION < 0x00020000) +#define AMI_ANCHOR_COVE_HOB_GUID \ + { \ + 0xb60ab175, 0x498d, 0x429d, 0xad, 0xba, 0xa, 0x62, 0x2c, 0x58, 0x16, 0xe2 \ + } +#else +#define AMI_ANCHOR_COVE_HOB_GUID \ + { \ + 0xb60ab175, 0x498d, 0x429d, \ + { \ + 0xad, 0xba, 0xa, 0x62, 0x2c, 0x58, 0x16, 0xe2 \ + } \ + } +#endif + +#pragma pack (1) + +typedef struct { + EFI_HOB_GUID_TYPE EfiHobGuidType; + UINT8 AmiBootGuardVerificationforPEItoDXEFlag; +} AMI_ANCHOR_COVE_HOB; + +#pragma pack () + +#endif + +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** diff --git a/Board/EM/FIT/Dxe/BootGuardDxe.mak b/Board/EM/FIT/Dxe/BootGuardDxe.mak new file mode 100644 index 0000000..72c3c26 --- /dev/null +++ b/Board/EM/FIT/Dxe/BootGuardDxe.mak @@ -0,0 +1,122 @@ +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** +# $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardDxe.mak 1 2/25/13 1:11a Bensonlai $ +# +# $Revision: 1 $ +# +# $Date: 2/25/13 1:11a $ +#********************************************************************** +# Revision History +# ---------------- +# $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardDxe.mak $ +# +# 1 2/25/13 1:11a Bensonlai +# [TAG] EIP114386 +# [Category] Spec Update +# [Severity] Important +# [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard +# for 4th Gen Intel Core Processor based on Mobile U-Processor Line - +# BIOS Writer's Guide - Rev 0.8.1 +# [Files] BootGuardDxe.cif +# BootGuardDxe.c +# BootGuardDxe.h +# BootGuardDxe.sdl +# BootGuardDxe.dxs +# BootGuardDxe.mak +# +#********************************************************************** +#<AMI_FHDR_START> +# +# Name: BootGuardDxe.mak +# +# Description: Make file for BootGuardDxe +# +#<AMI_FHDR_END> +#********************************************************************** + +all : BootGuardDxe + +BootGuardDxe : $(BUILD_DIR)\BootGuardDxe.mak BootGuardDxe_Bin + +$(BUILD_DIR)\BootGuardDxe.mak : $(BOOT_GUARD_DXE_PATH)\$(@B).cif $(BOOT_GUARD_DXE_PATH)\$(@B).mak $(BUILD_RULES) + $(CIF2MAK) $(BOOT_GUARD_DXE_PATH)\$(@B).cif $(CIF2MAK_DEFAULTS) + +BootGuardDxe_INCLUDES=\ + $(EdkIIGlueLib_INCLUDES)\ + $(EDK_INCLUDES)\ + $(INTEL_PCH_INCLUDES)\ + $(PROJECT_CPU_INCLUDES)\ + +BootGuardDxe_LIBS=\ + $(EDKPROTOCOLLIB)\ + $(EFIGUIDLIB)\ + $(EdkIIGlueBaseLib_LIB)\ +!IF "$(x64_BUILD)"=="1" + $(EdkIIGlueBaseLibX64_LIB)\ +!ELSE + $(EdkIIGlueBaseLibIA32_LIB)\ +!ENDIF + $(EDKFRAMEWORKGUIDLIB)\ + $(EDKFRAMEWORKPROTOCOLLIB)\ + $(EdkIIGlueBaseIoLibIntrinsic_LIB)\ + $(EdkIIGlueBaseMemoryLib_LIB)\ + $(EdkIIGlueDxeReportStatusCodeLib_LIB)\ + $(EdkIIGlueDxeServicesTableLib_LIB)\ + $(EdkIIGlueDxeDebugLibReportStatusCode_LIB)\ + $(EdkIIGlueUefiBootServicesTableLib_LIB)\ + $(EdkIIGlueUefiDevicePathLib_LIB)\ + $(EdkIIGlueBasePciLibPciExpress_LIB)\ + $(EdkIIGlueEdkDxeRuntimeDriverLib_LIB)\ + $(EdkIIGlueDxeHobLib_LIB)\ + $(PchPlatformDxeLib_LIB)\ + $(CpuPlatformLib_LIB)\ + $(BootGuardLib_LIB)\ + +BootGuardDxe_DEFINES=\ + $(MY_DEFINES)\ + /D"__EDKII_GLUE_MODULE_ENTRY_POINT__=BootGuardDxeEntryPoint"\ + /D __EDKII_GLUE_BASE_MEMORY_LIB__ \ + /D __EDKII_GLUE_DXE_REPORT_STATUS_CODE_LIB__ \ + /D __EDKII_GLUE_DXE_DEBUG_LIB_REPORT_STATUS_CODE__ \ + /D __EDKII_GLUE_UEFI_BOOT_SERVICES_TABLE_LIB__\ + /D __EDKII_GLUE_BASE_IO_LIB_INTRINSIC__ \ + /D __EDKII_GLUE_DXE_SERVICES_TABLE_LIB__ \ + /D __EDKII_GLUE_DXE_HOB_LIB__ \ + +BootGuardDxe_Bin : $(BootGuardDxe_LIBS) + $(MAKE) /$(MAKEFLAGS) $(EDKIIGLUE_DEFAULTS)\ + /f $(BUILD_DIR)\BootGuardDxe.mak all\ + "MY_INCLUDES=$(BootGuardDxe_INCLUDES)"\ + "MY_DEFINES=$(BootGuardDxe_DEFINES)"\ + GUID=1DB43EC9-DF5F-4cf5-AAF0-0E85DB4E149A \ + ENTRY_POINT=_ModuleEntryPoint \ + EDKIIModule=DXEDRIVER\ + TYPE=BS_DRIVER \ + DEPEX1=$(BOOT_GUARD_DXE_PATH)\BootGuardDxe.dxs \ + DEPEX1_TYPE=EFI_SECTION_DXE_DEPEX \ + COMPRESS=1\ + +#************************************************************************* +#************************************************************************* +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#************************************************************************* +#************************************************************************* diff --git a/Board/EM/FIT/Dxe/BootGuardDxe.sdl b/Board/EM/FIT/Dxe/BootGuardDxe.sdl new file mode 100644 index 0000000..10527a0 --- /dev/null +++ b/Board/EM/FIT/Dxe/BootGuardDxe.sdl @@ -0,0 +1,95 @@ +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** +# $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardDxe.sdl 2 3/06/13 2:54a Bensonlai $ +# +# $Revision: 2 $ +# +# $Date: 3/06/13 2:54a $ +#********************************************************************** +# Revision History +# ---------------- +# $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardDxe.sdl $ +# +# 2 3/06/13 2:54a Bensonlai +# [TAG] EIP116907 +# [Category] Improvement +# [Description] BpmKmGen.exe generates KM / BPM tables and +# BootGuardFvMainHash key separately +# [Files] BpmKmGen.exe, Fit.sdl, Fit.mak, BootGuardPei.sdl, +# BootGuardDxe.sdl +# +# 1 2/25/13 1:11a Bensonlai +# [TAG] EIP114386 +# [Category] Spec Update +# [Severity] Important +# [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard +# for 4th Gen Intel Core Processor based on Mobile U-Processor Line - +# BIOS Writer's Guide - Rev 0.8.1 +# [Files] BootGuardDxe.cif +# BootGuardDxe.c +# BootGuardDxe.h +# BootGuardDxe.sdl +# BootGuardDxe.dxs +# BootGuardDxe.mak +# +#********************************************************************** +#<AMI_FHDR_START> +# +# Name: BootGuardDxe.sdl +# +# Description: SDL file for BootGuardDxe +# +#<AMI_FHDR_END> +#********************************************************************** + +TOKEN + Name = "BOOT_GUARD_DXE_SUPPORT" + Value = "1" + TokenType = Boolean + TargetEQU = Yes + TargetMAK = Yes + TargetH = Yes + Master = Yes + Help = "Main switch to enable BootGuardDxe support in Project" + Token = "INTEL_BOOT_GUARD_CHAIN_OF_TRUST_SUPPORT" "=" "1" +End + +MODULE + File = "BootGuardDxe.mak" + Help = "Includes BootGuardDxe.mak to Project" +End + +PATH + Name = "BOOT_GUARD_DXE_PATH" +End + +ELINK + Name = "$(BUILD_DIR)\BootGuardDxe.ffs" + Parent = "FV_MAIN" + InvokeOrder = AfterParent +End + +#************************************************************************* +#************************************************************************* +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#************************************************************************* +#************************************************************************* diff --git a/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.c b/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.c new file mode 100644 index 0000000..16a317b --- /dev/null +++ b/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.c @@ -0,0 +1,350 @@ +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** + +//********************************************************************** +// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.c 2 10/29/13 5:15a Bensonlai $ +// +// $Revision: 2 $ +// +// $Date: 10/29/13 5:15a $ +//********************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.c $ +// +// 2 10/29/13 5:15a Bensonlai +// [TAG] EIPNone +// [Category] Bug Fix +// [Severity] Important +// [Symptom] Build error when enable the DEBUG mode. +// +// 1 9/06/13 6:17a Bensonlai +// [TAG] EIP135513 +// [Category] New Feature +// [Description] Implementation of Boot Guard of PTT flow for WHCK test. +// [Files] BootGuardTPM2Dxe.cif +// BootGuardTPM2Dxe.c +// BootGuardTPM2Dxe.h +// BootGuardTPM2Dxe.sdl +// BootGuardTPM2Dxe.mak +// +//********************************************************************** +//<AMI_FHDR_START> +// +// Name: BootGuardTPM2Dxe.c +// +// Description: TPM2 Initialization Flow for Boot Guard +// +//<AMI_FHDR_END> +//********************************************************************** + +#include <Efi.h> +#include <Pei.h> +#include "BootGuardTPM2Dxe.h" +#include <token.h> +#include "CpuRegs.h" +#include <AmiDxeLib.h> +#include "Include\Library\Tpm20.h" +#include <Protocol\TcgService\TcgService.h> + +UINT32 +EFIAPI +AsmReadMsr32 ( + IN UINT32 Index +); + +#define DEBUG(arg) + +VOID * +EFIAPI +GlueCopyMem ( + OUT VOID *DestinationBuffer, + IN CONST VOID *SourceBuffer, + IN UINTN Length +); + +VOID * +EFIAPI +GlueZeroMem ( + OUT VOID *Buffer, + IN UINTN Length +); + +VOID * +EFIAPI +GlueAllocatePool ( + IN UINTN AllocationSize +); + +#define CopyMem(_DESTINATIONBUFFER, _SOURCEBUFFER, _LENGTH) GlueCopyMem(_DESTINATIONBUFFER, _SOURCEBUFFER, _LENGTH) +#define ZeroMem(_BUFFER, _LENGTH) GlueZeroMem(_BUFFER, _LENGTH) +#define AllocatePool(_SIZE) GlueAllocatePool(_SIZE) + +#pragma pack(push, 1) + +typedef union { + UINT8 sha1[SHA1_DIGEST_SIZE]; + UINT8 sha256[SHA256_DIGEST_SIZE]; +} TPM_COMM_DIGEST_UNION; + +typedef struct { + UINT16 HashAlgId; + TPM_COMM_DIGEST_UNION Digest; +} TPM_COMM_DIGEST; + +#pragma pack(pop) + +EFI_STATUS +Tpm20Hash( + IN CONST UINT8 *DataToHash, + IN UINTN DataSize, + OUT TPM_COMM_DIGEST *Digest +); + +EFI_STATUS +TpmDxeLogEventI( + IN VOID *NewEventHdr, + IN UINT8 *NewEventData +); + +#define ACM_STATUS (*(UINT32*)0xFED30328) + +EFI_STATUS LogDetailPCREvent( + VOID +) +{ + UINT8 FoundACM = 0, FoundKM = 0, FoundBPM = 0; + UINT32 u32HashLen = 0; + UINT8 byteEventBuf[0x200]; + TCG_PCR_EVENT *TcgEvent = (TCG_PCR_EVENT*)&byteEventBuf[0]; + UINT32 EventNum = 0, FitEntryPointer = 0, FitEntryNumber = 0, i = 0; + UINTN Len; + CHAR8 DetailPCRStr[] = "Boot Guard Measured S-CRTM"; + EFI_STATUS Status = EFI_SUCCESS; + BOOT_POLICY *BP = NULL; + FIT_ENTRY *FitEntry = NULL; + KEY_MANIFEST_STRAUCTURE *KmStructure = NULL; + BpmStruct *BpmStructure = NULL; + + ZeroMem( + byteEventBuf, + sizeof(byteEventBuf) + ); + + Len = sizeof(DetailPCRStr)+1; + + TcgEvent->PCRIndex = 0; + TcgEvent->EventType = EV_S_CRTM_VERSION; + TcgEvent->EventSize = (UINT32)Len; + + DEBUG((-1, "[BootGuardTPM2Dxe.c] : Enter LogDetailPCREvent(...)\n")); + + GlueCopyMem( + TcgEvent->Event, + DetailPCRStr, + Len + ); + + // On page 44. + // The pHashData must be the format . + // SHA-1 { + // 1) One byte containing the lower 8 bit of the BP.RSTR + // 2) One byte contain the lower 8 bits of BP.TYPE + // .... + // 7) Digest of Hashed IBB Segments(s) + + BP = AllocatePool( sizeof (BOOT_POLICY)); + if ( NULL == BP ) { + return EFI_OUT_OF_RESOURCES; + } + + DEBUG(( -1, "MSR[0x%x]:[%08x]\n", MSR_BOOT_GUARD_SACM_INFO, AsmReadMsr32 (MSR_BOOT_GUARD_SACM_INFO) )); + DEBUG(( -1, "ACM_STATUS:[%08x]\n", ACM_STATUS )); + + BP->RSTR0 = (AsmReadMsr32 (MSR_BOOT_GUARD_SACM_INFO) & BIT4) ? 1 : 0; + BP->RSTR1 = (ACM_STATUS & BIT21) ? 1 : 0; + BP->RSTR2 = (ACM_STATUS & BIT22) ? 1 : 0; + BP->RSTR3 = (ACM_STATUS & BIT23) ? 1 : 0; + BP->RSTR4 = (ACM_STATUS & BIT24) ? 1 : 0; + BP->RSTR5 = 0; + BP->RSTR6 = 0; + BP->RSTR7 = 0; + + BP->TYPE0 = (AsmReadMsr32 (MSR_BOOT_GUARD_SACM_INFO) & BIT5) ? 1 : 0; + BP->TYPE1 = (AsmReadMsr32 (MSR_BOOT_GUARD_SACM_INFO) & BIT6) ? 1 : 0; + BP->TYPE2 = (ACM_STATUS & BIT20) ? 1 : 0; + BP->TYPE3 = 0; + BP->TYPE4 = 0; + BP->TYPE5 = 0; + BP->TYPE6 = 0; + BP->TYPE7 = 0; + + BP->ACM_SVN = ACMSVN; + { + FitEntryPointer = MmioRead32(IBB_ENTRYPOINT_M); + if ( FitEntryPointer == 0xFFFFFFFF ) { + DEBUG((-1, "[BootGuardTPM2Dxe.c] : FitEntryPointer(%lx) is empty\n", FitEntryPointer)); + } + + FitEntry = (FIT_ENTRY*)FitEntryPointer; + if ( FitEntry->TblAddress != EFI_SIGNATURE_64 ('_', 'F', 'I', 'T', '_', ' ', ' ', ' ') ) { + DEBUG((-1, "[BootGuardTPM2Dxe.c] : [Type 0] FitEntry->TblAddress(%lx) is error\n", FitEntry->TblAddress)); + } + + FitEntryNumber = FitEntry->TblSIZE; + + FoundACM = 0; + for(i=1; i<FitEntryNumber; i++) { + FitEntry = (FIT_ENTRY*)(FitEntryPointer + i*16); + if ( FitEntry->TblType == 0x02 ) { // FIT type 0x02 - Anc ACM location + FoundACM =1; + break; + } + } + + if ( FoundACM == 0 ) { + DEBUG((-1, "[BootGuardTPM2Dxe.c] : Can't find the Boot Guard ACM")); + } + + DEBUG((-1, "\n[BootGuardTPM2Dxe.c] : BP->ACM_Signature \n")); + + for ( i=0; i<256; i++ ) { + if (i % 16 == 0) DEBUG((-1, "\n")); + BP->ACM_Signature[i] = MmioRead8( FitEntry->TblAddress + 0x184 + i ); + DEBUG((-1, "%02x ", BP->ACM_Signature[i])); + } + + DEBUG((-1, "\n")); + + FoundKM = 0; + for(i=1; i<FitEntryNumber; i++) { + FitEntry = (FIT_ENTRY*)(FitEntryPointer + i*16); + if ( FitEntry->TblType == 0x0B ) { // FIT Type 0x0B - Key Manifest + FoundKM =1; + break; + } + } + + if ( FoundKM == 0 ) { + DEBUG((-1, "[BootGuardTPM2Dxe.c] : Can't find the Boot Guard KM")); + } + + KmStructure = (KEY_MANIFEST_STRAUCTURE*)FitEntry->TblAddress; + DEBUG((-1, "\nKmStructure:\n")); + + for ( i=0; i<256; i++ ) { + if (i % 16 == 0) DEBUG((-1, "\n")); + BP->Key_Manifest_Signature[i] = KmStructure->KeyManifestSignature.Signature.Signature[i]; + DEBUG((-1, "%02x ", BP->Key_Manifest_Signature[i])); + } + + DEBUG((-1, "\n")); + + FoundBPM = 0; + for(i=1; i<FitEntryNumber; i++) { + FitEntry = (FIT_ENTRY*)(FitEntryPointer + i*16); + if ( FitEntry->TblType == 0x0C ) { // FIT type 0x0C - Boot Policy Manifest + FoundBPM =1; + break; + } + } + + if ( FoundBPM == 0 ) { + DEBUG((-1, "[BootGuardTPM2Dxe.c] :Can't find the Boot Guard BPM")); + } + + BpmStructure = (BpmStruct*)FitEntry->TblAddress; + DEBUG((-1, "\nBpmStructure:\n")); + + for ( i=0; i<256; i++ ) { + if (i % 16 == 0) DEBUG((-1, "\n")); + BP->Boot_Policy_Manifest_Signature[i] = BpmStructure->Bpm_Signature_Element.KeySignature.Signature.Signature[i]; + DEBUG((-1, "%02x ", BP->Boot_Policy_Manifest_Signature[i])); + } + + DEBUG((-1, "\n\nBpmStructure->Digest_of_Hashed_IBB_Segment:\n\n")); + + for ( i=0; i<32; i++ ) { + if (i % 16 == 0) DEBUG((-1, "\n")); + BP->Digest_of_Hashed_IBB_Segment[i] = BpmStructure->Ibb_Element.Digest.HashBuffer[i]; + DEBUG((-1, "%02x ", BP->Digest_of_Hashed_IBB_Segment[i])); + } + + DEBUG((-1, "\n")); + } + + { + TPM_COMM_DIGEST Digest; + + u32HashLen = sizeof (BOOT_POLICY); + Tpm20Hash( (UINT8*)BP, u32HashLen, &Digest ); + CopyMem(&TcgEvent->Digest, &Digest.Digest.sha1, SHA1_DIGEST_SIZE); + } + Status = TpmDxeLogEventI ( + (VOID*)TcgEvent, + &TcgEvent->Event[0]); + + return Status; +} + +EFI_STATUS ACM_PostSuccess( + VOID +) +{ + UINT32 MsrValue; + + MsrValue = (UINT32) AsmReadMsr32 (MSR_BOOT_GUARD_SACM_INFO); + if ( ((MsrValue & B_NEM_INIT) == B_NEM_INIT) && + ((MsrValue & B_MEASURED) == B_MEASURED) && + ((MsrValue & V_TPM_PRESENT_PTT) == V_TPM_PRESENT_PTT) && + ((MsrValue & B_TPM_SUCCESS) == B_TPM_SUCCESS) ) { + DEBUG((-1, "[BootGuardTPM2Dxe.c] : ACM_PostSuccess(...) : EFI_SUCCESS\n")); + return EFI_SUCCESS; + } + + DEBUG((-1, "[BootGuardTPM2Dxe.c] : ACM_PostSuccess(...) : EFI_UNSUPPORTED\n")); + return EFI_UNSUPPORTED; +} + +EFI_STATUS +BootGuardMeasureCRTMVersion( + VOID ) +{ + EFI_STATUS Status; + DEBUG((-1, "[BootGuardTPM2Dxe.c] : Enter BootGuardMeasureCRTMVersion(...)\n")); + + Status = ACM_PostSuccess( ); + if( !EFI_ERROR(Status) ) + { + Status = LogDetailPCREvent(); + } + + DEBUG((-1, "[BootGuardTPM2Dxe.c] : End of BootGuardMeasureCRTMVersion\n")); + + return EFI_SUCCESS; +} + +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** diff --git a/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.cif b/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.cif new file mode 100644 index 0000000..704be62 --- /dev/null +++ b/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.cif @@ -0,0 +1,11 @@ +<component> + name = "BootGuardTPM2Dxe" + category = ModulePart + LocalRoot = "Board\EM\FIT\Dxe\BootGuardTPM2Dxe" + RefName = "BootGuardTPM2Dxe" +[files] +"BootGuardTPM2Dxe.c" +"BootGuardTPM2Dxe.h" +"BootGuardTPM2Dxe.sdl" +"BootGuardTPM2Dxe.mak" +<endComponent> diff --git a/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.h b/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.h new file mode 100644 index 0000000..7ab934a --- /dev/null +++ b/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.h @@ -0,0 +1,276 @@ +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** + +//********************************************************************** +// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.h 1 9/06/13 6:17a Bensonlai $ +// +// $Revision: 1 $ +// +// $Date: 9/06/13 6:17a $ +//********************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.h $ +// +// 1 9/06/13 6:17a Bensonlai +// [TAG] EIP135513 +// [Category] New Feature +// [Description] Implementation of Boot Guard of PTT flow for WHCK test. +// [Files] BootGuardTPM2Dxe.cif +// BootGuardTPM2Dxe.c +// BootGuardTPM2Dxe.h +// BootGuardTPM2Dxe.sdl +// BootGuardTPM2Dxe.mak +// +//********************************************************************** +//<AMI_FHDR_START> +// +// Name: BootGuardTPM2Dxe.c +// +// Description: TPM2 Initialization Flow for Boot Guard +// +//<AMI_FHDR_END> +//********************************************************************** + +#ifndef _BOOT_GUARD_TPM2_H_ +#define _BOOT_GUARD_TPM2_H_ + +#ifndef _EFI_MMIO_ACCESS_H_ +#define _EFI_MMIO_ACCESS_H_ + +#define MmioAddress(BaseAddr, Register) \ + ( (UINTN)BaseAddr + (UINTN)(Register) ) + +// 32-bit +#define Mmio32Ptr(BaseAddr, Register) \ + ( (volatile UINT32 *)MmioAddress(BaseAddr, Register) ) + +#define Mmio32(BaseAddr, Register) \ + *Mmio32Ptr(BaseAddr, Register) + +#define MmioRead32(Addr) \ + Mmio32(Addr, 0) + +#define MmioWrite32(Addr, Value) \ + (Mmio32(Addr, 0) = (UINT32)Value) + +#define MmioRW32(Addr, set, reset) \ + (Mmio32(Addr, 0) = ((Mmio32(Addr, 0) & (UINT32)~(reset)) | (UINT32)set)) + +// 16-bit +#define Mmio16Ptr(BaseAddr, Register) \ + ( (volatile UINT16 *)MmioAddress(BaseAddr, Register) ) + +#define Mmio16(BaseAddr, Register) \ + *Mmio16Ptr(BaseAddr, Register) + +#define MmioRead16(Addr) \ + Mmio16(Addr, 0) + +#define MmioWrite16(Addr, Value) \ + (Mmio16(Addr, 0) = (UINT16)Value) + +#define MmioRW16(Addr, set, reset) \ + (Mmio16(Addr, 0) = ((Mmio16(Addr, 0) & (UINT16)~(reset)) | (UINT16)set)) + +// 8-bit +#define Mmio8Ptr(BaseAddr, Register) \ + ( (volatile UINT8 *)MmioAddress(BaseAddr, Register) ) + +#define Mmio8(BaseAddr, Register) \ + *Mmio8Ptr(BaseAddr, Register) + +#define MmioRead8(Addr) \ + Mmio8(Addr, 0) + +#define MmioWrite8(Addr, Value) \ + (Mmio8(Addr, 0) = (UINT8)Value) + +#define MmioRW8(Addr, set, reset) \ + (Mmio8(Addr, 0) = ((Mmio8(Addr, 0) & (UINT8)~(reset)) | (UINT8)set)) + +#endif + +// +// Define macros to build data structure signatures from characters. +// +#define EFI_SIGNATURE_16(A, B) ((A) | (B << 8)) +#define EFI_SIGNATURE_32(A, B, C, D) (EFI_SIGNATURE_16 (A, B) | (EFI_SIGNATURE_16 (C, D) << 16)) +#define EFI_SIGNATURE_64(A, B, C, D, E, F, G, H) \ + (EFI_SIGNATURE_32 (A, B, C, D) | ((UINT64) (EFI_SIGNATURE_32 (E, F, G, H)) << 32)) + +#define IBB_ENTRYPOINT_M 0xFFFFFFC0 + +#pragma pack(1) + +typedef struct _BOOT_POLICY +{ + UINT8 RSTR0:1; + UINT8 RSTR1:1; + UINT8 RSTR2:1; + UINT8 RSTR3:1; + UINT8 RSTR4:1; + UINT8 RSTR5:1; + UINT8 RSTR6:1; + UINT8 RSTR7:1; + UINT8 TYPE0:1; + UINT8 TYPE1:1; + UINT8 TYPE2:1; + UINT8 TYPE3:1; + UINT8 TYPE4:1; + UINT8 TYPE5:1; + UINT8 TYPE6:1; + UINT8 TYPE7:1; + UINT16 ACM_SVN; + UINT8 ACM_Signature[256]; + UINT8 Key_Manifest_Signature[256]; + UINT8 Boot_Policy_Manifest_Signature[256]; + UINT8 Digest_of_Hashed_IBB_Segment[32]; +} BOOT_POLICY; + +typedef struct _FIT_ENTRY +{ + UINT64 TblAddress; + UINT32 TblSIZE; + UINT16 TblVer; + UINT8 TblType; + UINT8 TblChkSum; +} FIT_ENTRY; + +// +// Manifest definition +// +#define TPM_ALG_SHA1 0x4 +#define TPM_ALG_SHA256 0xB +#define SHA1_DIGEST_SIZE 20 +#define SHA256_DIGEST_SIZE 32 + +typedef struct { + UINT16 HashAlg; + UINT16 Size; + UINT8 HashBuffer[SHA256_DIGEST_SIZE]; +} HASH_STRUCTURE; + +#define RSA_PUBLIC_KEY_STRUCT_KEY_SIZE_DEFAULT 2048 +#define RSA_PUBLIC_KEY_STRUCT_KEY_LEN_DEFAULT (RSA_PUBLIC_KEY_STRUCT_KEY_SIZE_DEFAULT/8) +#define RSA_PUBLIC_KEY_STRUCT_KEY_EXPONENT_DEFAULT 0x10001 // NOT 0x10001 +typedef struct { + UINT8 Version; + UINT16 KeySize; + UINT32 Exponent; + UINT8 Modulus[RSA_PUBLIC_KEY_STRUCT_KEY_LEN_DEFAULT]; +} RSA_PUBLIC_KEY_STRUCT; + +#define RSASSA_SIGNATURE_STRUCT_KEY_SIZE_DEFAULT 2048 +#define RSASSA_SIGNATURE_STRUCT_KEY_LEN_DEFAULT (RSASSA_SIGNATURE_STRUCT_KEY_SIZE_DEFAULT/8) +typedef struct { + UINT8 Version; + UINT16 KeySize; + UINT16 HashAlg; + UINT8 Signature[RSASSA_SIGNATURE_STRUCT_KEY_LEN_DEFAULT]; +} RSASSA_SIGNATURE_STRUCT; + +typedef struct { + UINT8 Version; + UINT16 KeyAlg; + RSA_PUBLIC_KEY_STRUCT Key; + UINT16 SigScheme; + RSASSA_SIGNATURE_STRUCT Signature; +} KEY_SIGNATURE_STRUCT; + +typedef struct { + UINT8 StructureID[8]; + UINT8 StructVersion; + UINT8 HdrStructVersion; + UINT8 PMBPMVersion; + UINT8 BPSVN_BPM; + UINT8 ACMSVN_BPM; + UINT8 Reserved; + UINT16 NEMDataStack; +} BOOT_POLICY_MANIFEST_HEADER; + +typedef struct { + UINT16 Reserved; + UINT16 Flags; + UINT32 Base; + UINT32 Size; +} IBB_SEGMENT_ELEMENT; + +typedef struct { + UINT8 StructureID[8]; + UINT8 StructVersion; + UINT8 SetNumber; + UINT8 Reserved; + UINT8 PBETValue; + UINT32 Flags; + UINT64 IBB_MCHBAR; + UINT64 VTD_BAR; + UINT32 PMRL_Base; + UINT32 PMRL_Limit; + UINT64 PMRH_Base; + UINT64 PMRH_Limit; + HASH_STRUCTURE PostIbbHash; + UINT32 EntryPoint; + HASH_STRUCTURE Digest; + UINT8 SegmentCount; // 1 ~ 8 + IBB_SEGMENT_ELEMENT IBBSegment[1]; +} IBB_ELEMENT; + +typedef struct { + UINT8 StructureID[8]; + UINT8 StructVersion; + UINT16 PMDataSize; +//UINT8 PMData[PMDataSize]; +} PLATFORM_MANUFACTURER_ELEMENT; + +typedef struct { + UINT8 StructureID[8]; + UINT8 StructVersion; + KEY_SIGNATURE_STRUCT KeySignature; +} BOOT_POLICY_MANIFEST_SIGNATURE_ELEMENT; + +typedef struct { + BOOT_POLICY_MANIFEST_HEADER Bpm_Header; + IBB_ELEMENT Ibb_Element; + //PLATFORM_MANUFACTURER_ELEMENT Platform_Manufacture_Element; + BOOT_POLICY_MANIFEST_SIGNATURE_ELEMENT Bpm_Signature_Element; +} BpmStruct; + +typedef struct { + UINT8 StructureID[8]; + UINT8 StructVersion; + UINT8 KeyManifestVersion; + UINT8 KMSVN; + UINT8 KeyManifestID; + HASH_STRUCTURE BPKey; + KEY_SIGNATURE_STRUCT KeyManifestSignature; +} KEY_MANIFEST_STRAUCTURE; + +#pragma pack() + +#endif + +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** diff --git a/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.mak b/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.mak new file mode 100644 index 0000000..74259e1 --- /dev/null +++ b/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.mak @@ -0,0 +1,46 @@ +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 6145-F Northbelt Pkwy, Norcross, GA 30071 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** + +#********************************************************************** +#<AMI_FHDR_START> +# +# Name: BootGuardTPM2Dxe.mak +# +# Description: TPM2 Initialization Flow for Boot Guard +# +#<AMI_FHDR_END> +#********************************************************************** + +TpmDrvBin : $(BUILD_DIR)\BootGuardTPM2Dxe.obj + +TPM2_INCLUDE=\ + /I$(TpmDrv_DIR)\ + /I$(TCG_DIR)\ + +$(BUILD_DIR)\BootGuardTPM2Dxe.obj : $(BootGuardTPM2Dxe_PATH)\BootGuardTPM2Dxe.c + $(CC) $(CFLAGS) /I$(PROJECT_DIR) /I$(PROJECT_DIR)\Include $(TPM2_INCLUDE) $(PROJECT_CPU_INCLUDES) /Fo$(BUILD_DIR)\BootGuardTPM2Dxe.obj $(BootGuardTPM2Dxe_PATH)\BootGuardTPM2Dxe.c + +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 6145-F Northbelt Pkwy, Norcross, GA 30071 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** diff --git a/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.sdl b/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.sdl new file mode 100644 index 0000000..25872fe --- /dev/null +++ b/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.sdl @@ -0,0 +1,91 @@ +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** + +#********************************************************************** +# $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.sdl 2 10/29/13 5:16a Bensonlai $ +# +# $Revision: 2 $ +# +# $Date: 10/29/13 5:16a $ +#********************************************************************** +# Revision History +# ---------------- +# $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.sdl $ +# +# 2 10/29/13 5:16a Bensonlai +# [TAG] EIPNone +# [Category] Bug Fix +# [Severity] Important +# [Symptom] Build error when enable the DEBUG mode. +# +# 1 9/06/13 6:17a Bensonlai +# [TAG] EIP135513 +# [Category] New Feature +# [Description] Implementation of Boot Guard of PTT flow for WHCK test. +# [Files] BootGuardTPM2Dxe.cif +# BootGuardTPM2Dxe.c +# BootGuardTPM2Dxe.h +# BootGuardTPM2Dxe.sdl +# BootGuardTPM2Dxe.mak +# +#********************************************************************** +#<AMI_FHDR_START> +# +# Name: BootGuardTPM2Dxe.sdl +# +# Description: SDL file for BootGuard TPM2 +# +#<AMI_FHDR_END> +#********************************************************************** + +TOKEN + Name = "BootGuardTPM2Dxe_SUPPORT" + Value = "1" + Help = "Main switch to enable BootGuardTPM2Dxe support in Project" + TokenType = Boolean + TargetEQU = Yes + TargetMAK = Yes + Master = Yes + Token = "TpmDrv_SUPPORT" "=" "1" + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +PATH + Name = "BootGuardTPM2Dxe_PATH" +End + +MODULE + File = "BootGuardTPM2Dxe.mak" + Help = "Includes BootGuardTPM2Dxe.mak to Project" +End + +ELINK + Name = "BootGuardMeasureCRTMVersion," + Parent = "TcgPreMeasurementList" + InvokeOrder = AfterParent +End + +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** diff --git a/Board/EM/FIT/FITUtil.exe b/Board/EM/FIT/FITUtil.exe Binary files differnew file mode 100644 index 0000000..cfa4b8d --- /dev/null +++ b/Board/EM/FIT/FITUtil.exe diff --git a/Board/EM/FIT/Fit.chm b/Board/EM/FIT/Fit.chm Binary files differnew file mode 100644 index 0000000..a09cb38 --- /dev/null +++ b/Board/EM/FIT/Fit.chm diff --git a/Board/EM/FIT/Fit.cif b/Board/EM/FIT/Fit.cif new file mode 100644 index 0000000..e1d0527 --- /dev/null +++ b/Board/EM/FIT/Fit.cif @@ -0,0 +1,31 @@ +<component> + name = "Intel FIT" + category = eModule + Rank = 39 + LocalRoot = "Board\EM\FIT" + RefName = "FIT" +[files] +"Fit.chm" +"Fit.sdl" +"Fit.mak" +"FitTable.asm" +"ReserveBpmTable.bin" +"ReserveKmTable.bin" +"Boot_Guard_ACM_Rev1_1_PC_ES.bin" +"Boot_Guard_ACM_Rev1_2_PC_QS.bin" +"Boot_Guard_ACM_Rev1_2_PV_QS.bin" +"ReserveBootGuardFvMainHashKey.bin" +"ReserveBootGuardSigningServer.bin" +"FITUtil.exe" +"CryptoCon.exe" +"CutRom.exe" +"BpmKmGen.exe" +"keygen.exe" +"ReBuildFIT.bat" +[parts] +"BootGuardPei" +"BootGuardDxe" +"BootGuardTPMPei" +"FitHook" +"BootGuardTPM2Dxe" +<endComponent> diff --git a/Board/EM/FIT/Fit.mak b/Board/EM/FIT/Fit.mak new file mode 100644 index 0000000..3c5829c --- /dev/null +++ b/Board/EM/FIT/Fit.mak @@ -0,0 +1,292 @@ +#************************************************************************* +#************************************************************************* +#** ** +#** (C)Copyright 1987-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30071 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#************************************************************************* +#************************************************************************* + +#********************************************************************** +# $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Fit.mak 16 6/04/13 3:48a Bensonlai $ +# +# $Revision: 16 $ +# +# $Date: 6/04/13 3:48a $ +#********************************************************************** +# Revision History +# ---------------- +# $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Fit.mak $ +# +# 16 6/04/13 3:48a Bensonlai +# [TAG] EIP125148 +# [Category] Spec Update +# [Severity] Normal +# [Description] [SBY ULT] Boot Guard for 4th Gen Intel Core Processor +# based on Mobile U-Processor Line - BIOS Writer's Guide - Rev 1.0 +# +# 15 5/23/13 4:41a Bensonlai +# [TAG] EIP124550 +# [Category] New Feature +# [Description] Support signing server for Boot Guard +# +# 14 5/13/13 4:42a Bensonlai +# +# 13 3/27/13 1:19a Bensonlai +# [TAG] EIP118856 +# [Category] Spec Update +# [Severity] Critical +# [Description] [SBY ULT] Boot Guard ACM SDK Rev 1.0 PV Release for +# Shark Bay ULT Platforms +# [Files] Boot_Guard_ACM_Rev1_0_ES.bin, Boot_Guard_ACM_Rev1_0_QS.bin, +# Boot_Guard_ACM_Rev1_0_PV.bin, BpmKmGen.exe, Fit.cif, Fit.sdl, Fit.mak +# +# 12 3/20/13 12:02a Bensonlai +# [TAG] EIP118400 +# [Category] Improvement +# [Description] Add a token for attribution of FV_DATA +# [Files] Fit.mak, Fit.sdl +# +# 11 3/06/13 2:49a Bensonlai +# [TAG] EIP116907 +# [Category] Improvement +# [Description] BpmKmGen.exe generates KM / BPM tables and +# BootGuardFvMainHash key separately +# [Files] BpmKmGen.exe, Fit.sdl, Fit.mak, BootGuardPei.sdl, +# BootGuardDxe.sdl +# +# 10 2/27/13 4:39a Bensonlai +# [TAG] None +# [Category] Improvement +# [Description] Removing the FV_BLANK +# +# 9 2/25/13 1:21a Bensonlai +# [TAG] EIP114386 +# [Category] Spec Update +# [Severity] Important +# [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard +# for 4th Gen Intel Core Processor based on Mobile U-Processor Line - +# BIOS Writer's Guide - Rev 0.8.1 +# [Files] FIT\*.* +# +# 8 1/14/13 1:57a Bensonlai +# [TAG] EIP110952 +# [Category] New Feature +# [Description] [SBY] Anchor Cove function to continue chain of trust +# for verification +# [Files] AnchorCovePei.cif, AnchorCovePei.c, AnchorCovePei.h, +# AnchorCovePei.dxs, AnchorCovePei.sdl, AnchorCovePei.mak, +# PeiCryptLib.lib, OpensslLib.lib +# AnchorCoveDxe.c, AnchorCoveDxe.h, AnchorCoveDxe.sdl, AnchorCoveDxe.dxs, +# AnchorCoveDxe.mak +# FITUtil.exe, BpmKmGen.exe, Fit.mak, ReserveAnchorCoveFvMainHashKey.bin +# +# 7 1/04/13 5:56a Bensonlai +# [TAG] EIP110784 +# [Category] Improvement +# [Description] Anchor Cove ACM SDK Rev0.8 Beta Release for Shark Bay ULT +# Platforms. +# [Files] AnC_ACM_Rev0_8.bin, FitTable.asm, Fit.sdl, FITUtil.exe, +# BpmKmGen.exe, ReserveBpmTable.bin +# +# 6 12/21/12 4:08a Bensonlai +# [TAG] EIP110217 +# [Category] New Feature +# [Description] Support Fault Tolerant Boot Block Update for Intel FIT +# [Files] Fit.mak, Fit.sdl, FITUtil.exe +# +# 5 12/12/12 6:15a Bensonlai +# [TAG] EIP108904 +# [Category] Improvement +# [Description] GenFFS utility is not PI 1.2 compliant. +# Please use FWBuild to generate FFS for FIT. +# +# GenFFS utility will populate signature "5A" for FFS with fixed +# checksum. +# PI 1.2 requires this signature to be "AA". GenFFS does not support +# passing PI version.Please check the attachment to change Genffs usage +# to FWBuild. +# [Files] Fit.mak, Fit.sdl +# +# 4 11/12/12 1:03a Bensonlai +# [TAG] None +# [Category] Bug Fix +# [Severity] Critical +# [Symptom] Fixed build error when disabled ULT_SUPPORT +# [RootCause] We don't detect the Anchor Cove flag. +# [Solution] Add Anchor Cove flag. +# +# 3 11/09/12 3:34a Bensonlai +# [TAG] EIP104159 +# [Category] New Feature +# [Description] Supported ULT Anchor Cove BIOS Writer's Guide - Rev +# 0.7.1 +# +# 2 10/04/12 1:42a Bensonlai +# [TAG] None +# [Category] New Feature +# [Description] 1. Implementation of the Intel Anchor Cove for mobile +# platforms. +# 2. Implementation of FIT table using FFS. +# 3. Updated the FITUtil.exe to support the ACM, KM and BPM for Intel +# Anchor Cove. +# [Files] Fit.sdl +# Fit.mak +# FitTable.asm +# BpmTable.asm +# KmTable.asm +# FITUtil.exe +# Fit.cif +# +# 1 6/19/12 11:26p Davidhsieh +# +#********************************************************************** +#<AMI_FHDR_START> +# +# Name: Fit.mak +# +# Description: MAK file for Intel FIT module building +# +#<AMI_FHDR_END> +#********************************************************************** +!IF "$(INTEL_BOOT_GUARD_SUPPORT)"=="1" +!IF "$(IS_FV_DATA_ALIGNMENT64K)"!="0" +!ERROR The FV_DATA_BASE needs to align 64K, please check your FV_BB_BASE or FV_DATA_BASE for Boot Guard +!ENDIF +!ENDIF + +all : $(BUILD_DIR)\Fit.mak FitTableBin + +$(BUILD_DIR)\Fit.mak : $(FIT_DIR)\$(@B).cif $(FIT_DIR)\$(@B).mak $(BUILD_RULES) + $(CIF2MAK) $(FIT_DIR)\$(@B).cif $(CIF2MAK_DEFAULTS) + +!IF "$(INTEL_BOOT_GUARD_SUPPORT)"=="1" +!IF "$(INTEL_BOOT_GUARD_SIGNING_SERVER_SUPPROT)"=="1" +FitTableBin : $(BUILD_DIR)\FitTable.ffs $(BUILD_DIR)\BootGuardBpmBinary.ffs $(BUILD_DIR)\BootGuardKmBinary.ffs $(BUILD_DIR)\BootGuardAcmBinary.ffs $(BUILD_DIR)\ReserveBootGuardFvMainHashKey.ffs $(BUILD_DIR)\ReserveBootGuardSigningServer.ffs +!ELSE +FitTableBin : $(BUILD_DIR)\FitTable.ffs $(BUILD_DIR)\BootGuardBpmBinary.ffs $(BUILD_DIR)\BootGuardKmBinary.ffs $(BUILD_DIR)\BootGuardAcmBinary.ffs $(BUILD_DIR)\ReserveBootGuardFvMainHashKey.ffs +!ENDIF +!ELSE +FitTableBin : $(BUILD_DIR)\FitTable.ffs +!ENDIF + +$(BUILD_DIR)\FitTable.bin : $(FIT_DIR)\FitTable.asm $(BUILD_DIR)\Fit.mak + $(MAKE) /$(MAKEFLAGS)\ + /f $(BUILD_DIR)\Fit.mak bin\ + OBJECTS=$(BUILD_DIR)\$(FIT_DIR)\FitTable.obj\ + NAME=FitTable\ + MAKEFILE=$(BUILD_DIR)\Fit.mak \ + TYPE=BINARY + +$(BUILD_DIR)\FitTable.ffs : $(BUILD_DIR)\FitTable.bin + $(MAKE) /f Core\FFS.mak \ + BUILD_DIR=$(BUILD_DIR) \ + GUID=B52282EE-9B66-44B9-B1CF-7E5040F787C1\ + TYPE=EFI_FV_FILETYPE_RAW \ + FFS_ALIGNMENT=1 FFS_CHECKSUM=0\ + RAWFILE=$(BUILD_DIR)\FitTable.bin FFSFILE=$(BUILD_DIR)\FitTable.ffs COMPRESS=0 NAME=FitTable + +$(BUILD_DIR)\$(BootGuardBpmBinary) : + copy $(FIT_DIR)\$(BootGuardBpmBinary) $(BUILD_DIR)\$(BootGuardBpmBinary) $(SILENT_OUT) + +$(BUILD_DIR)\BootGuardBpmBinary.ffs : $(BUILD_DIR)\$(BootGuardBpmBinary) + $(MAKE) /f Core\FFS.mak \ + BUILD_DIR=$(BUILD_DIR) \ + GUID=C30FFF4A-10C6-4C0F-A454-FD319BAF6CE6\ + TYPE=EFI_FV_FILETYPE_RAW \ + FFS_ALIGNMENT=1 FFS_CHECKSUM=0\ + RAWFILE=$(BUILD_DIR)\$(BootGuardBpmBinary) FFSFILE=$(BUILD_DIR)\BootGuardBpmBinary.ffs COMPRESS=0 NAME=BootGuardBpmBinary + +$(BUILD_DIR)\$(BootGuardKmBinary) : + copy $(FIT_DIR)\$(BootGuardKmBinary) $(BUILD_DIR)\$(BootGuardKmBinary) $(SILENT_OUT) + +$(BUILD_DIR)\BootGuardKmBinary.ffs : $(BUILD_DIR)\$(BootGuardKmBinary) + $(MAKE) /f Core\FFS.mak \ + BUILD_DIR=$(BUILD_DIR) \ + GUID=7C9A98F8-2B2B-4027-8F16-F7D277D58025\ + TYPE=EFI_FV_FILETYPE_RAW \ + FFS_ALIGNMENT=1 FFS_CHECKSUM=0\ + RAWFILE=$(BUILD_DIR)\$(BootGuardKmBinary) FFSFILE=$(BUILD_DIR)\BootGuardKmBinary.ffs COMPRESS=0 NAME=BootGuardKmBinary + +$(BUILD_DIR)\$(BootGuardAcmBinary) : + copy $(FIT_DIR)\$(BootGuardAcmBinary) $(BUILD_DIR)\$(BootGuardAcmBinary) $(SILENT_OUT) + +$(BUILD_DIR)\BootGuardAcmBinary.ffs : $(BUILD_DIR)\$(BootGuardAcmBinary) + $(MAKE) /f Core\FFS.mak \ + BUILD_DIR=$(BUILD_DIR) \ + GUID=6520F532-2A27-4195-B331-C0854683E0BA\ + TYPE=EFI_FV_FILETYPE_RAW \ + FFS_ALIGNMENT=7 FFS_CHECKSUM=1\ + RAWFILE=$(BUILD_DIR)\$(BootGuardAcmBinary) FFSFILE=$(BUILD_DIR)\BootGuardAcmBinary.ffs COMPRESS=0 NAME=BootGuardAcmBinary + +RESERVE_BOOT_GUARD_FV_MAIN_HASH_KEY_FFS_FILE_RAW_GUID = CBC91F44-A4BC-4a5b-8696-703451D0B053 + +$(BUILD_DIR)\ReserveBootGuardFvMainHashKey.ffs : $(FIT_DIR)\ReserveBootGuardFvMainHashKey.bin + $(MAKE) /f Core\FFS.mak \ + BUILD_DIR=$(BUILD_DIR) \ + GUID=$(RESERVE_BOOT_GUARD_FV_MAIN_HASH_KEY_FFS_FILE_RAW_GUID)\ + TYPE=EFI_FV_FILETYPE_FREEFORM \ + FFS_ALIGNMENT=1 FFS_CHECKSUM=0\ + BINFILE=$** FFSFILE=$@ COMPRESS=0 NAME=ReserveBootGuardFvMainHashKey + +RESERVE_BOOT_GUARD_SIGNING_SERVER_FFS_FILE_RAW_GUID = 1068E0ED-5C8E-4724-B011-2C5F95065DF2 + +$(BUILD_DIR)\ReserveBootGuardSigningServer.ffs : $(FIT_DIR)\ReserveBootGuardSigningServer.bin + $(MAKE) /f Core\FFS.mak \ + BUILD_DIR=$(BUILD_DIR) \ + GUID=$(RESERVE_BOOT_GUARD_SIGNING_SERVER_FFS_FILE_RAW_GUID)\ + TYPE=EFI_FV_FILETYPE_FREEFORM \ + FFS_ALIGNMENT=1 FFS_CHECKSUM=0\ + BINFILE=$** FFSFILE=$@ COMPRESS=0 NAME=ReserveBootGuardSigningServer + +AFTER_FV: +FV_DATA_DESCRIPTOR=FV(\ + name=FV_DATA, address=$(FV_DATA_BASE),\ + offset=$(FV_DATA_BASE)-$(FLASH_BASE),\ + size=$(FV_DATA_SIZE), file_list=$(FV_DATA),\ + attr=$(FV_DATA_ATTR),\ +) + +FIT_UCODE_FIXUP: +!IF "$(INTEL_BOOT_GUARD_SUPPORT)"=="1" + if not exist $(BOOT_GUARD_BPM_PRIVATE_KEY_FILENAME) $(FIT_DIR)\keygen.exe $(BOOT_GUARD_BPM_PRIVATE_KEY_FILENAME) $(BOOT_GUARD_BPM_PUBLIC_KEY_FILENAME) $(BOOT_GUARD_PBULIC_KEY_EXPONENT) + if not exist $(BOOT_GUARD_KM_PRIVATE_KEY_FILENAME) $(FIT_DIR)\keygen.exe $(BOOT_GUARD_KM_PRIVATE_KEY_FILENAME) $(BOOT_GUARD_KM_PUBLIC_KEY_FILENAME) $(BOOT_GUARD_PBULIC_KEY_EXPONENT) + if exist $(BOOT_GUARD_BPM_PUBLIC_KEY_FILENAME) del $(BOOT_GUARD_BPM_PUBLIC_KEY_FILENAME) + if exist $(BOOT_GUARD_KM_PUBLIC_KEY_FILENAME) del $(BOOT_GUARD_KM_PUBLIC_KEY_FILENAME) +!ENDIF + $(FIT_DIR)\FITUtil.exe $(AMI_ROM) $(FITEntryPointToOtherFVBBRomAddress) +!IF "$(INTEL_BOOT_GUARD_SUPPORT)"=="1" + +!IF "$(INTEL_BOOT_GUARD_CHAIN_OF_TRUST_SUPPORT)"=="1" + $(FIT_DIR)\BpmKmGen.exe -PFVMAIN $(AMI_ROM) $(FIT_DIR) $(BIOS_STARTING_ADDRESS) $(DXE_SEGMENT_BASE) $(DXE_SEGMENT_SIZE) +!ENDIF + +!IF "$(INTEL_BOOT_GUARD_SIGNING_SERVER_SUPPROT)"=="1" + $(FIT_DIR)\BpmKmGen.exe -SDATA $(AMI_ROM) $(BootGuardTokens) + $(FIT_DIR)\BpmKmGen.exe -SBPMKM $(AMI_ROM) $(FIT_DIR) $(BOOT_GUARD_BPM_PRIVATE_KEY_FILENAME) $(BOOT_GUARD_KM_PRIVATE_KEY_FILENAME) +!ELSE + $(FIT_DIR)\BpmKmGen.exe -PBPMKM $(AMI_ROM) $(FIT_DIR) $(BOOT_GUARD_BPM_PRIVATE_KEY_FILENAME) $(BOOT_GUARD_KM_PRIVATE_KEY_FILENAME) $(BootGuardTokens) +!ENDIF + +!ENDIF + +AFTER_ROM: FIT_UCODE_FIXUP + +#************************************************************************* +#************************************************************************* +#** ** +#** (C)Copyright 1987-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30071 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#************************************************************************* +#************************************************************************* diff --git a/Board/EM/FIT/Fit.sdl b/Board/EM/FIT/Fit.sdl new file mode 100644 index 0000000..7b5c226 --- /dev/null +++ b/Board/EM/FIT/Fit.sdl @@ -0,0 +1,390 @@ +TOKEN + Name = "INTEL_FIT_SUPPORT" + Value = "1" + Help = "Main switch to enable Intel FIT in Project" + TokenType = Boolean + TargetEQU = Yes + TargetMAK = Yes + TargetH = Yes + Master = Yes +End + +TOKEN + Name = "INTEL_BOOT_GUARD_SUPPORT" + Value = "1" + Help = "Main switch to enable Intel Boot Guard in Project" + TokenType = Boolean + TargetEQU = Yes + TargetMAK = Yes + TargetH = Yes + Token = "ULT_SUPPORT" "=" "1" +End + +TOKEN + Name = "INTEL_BOOT_GUARD_CHAIN_OF_TRUST_SUPPORT" + Value = "1" + Help = "Main switch to enable Intel Boot Guard Chain of Trust in Project" + TokenType = Boolean + TargetEQU = Yes + TargetMAK = Yes + TargetH = Yes + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "INTEL_BOOT_GUARD_SIGNING_SERVER_SUPPROT" + Value = "1" + TokenType = Integer + TargetEQU = Yes + TargetMAK = Yes + TargetH = Yes +End + +TOKEN + Name = "INTEL_FIT_TABLE_ADDRESS" + Help = "The address must be 0xFFFFFFFF. It will be updated by the FITUtil.exe" + Value = "0xFFFFFFFF" + TokenType = Integer + TargetEQU = Yes + TargetMAK = Yes + TargetH = Yes +End + +ELINK + Name = "FV_DATA" + InvokeOrder = ReplaceParent +End + +ELINK + Name = "$(FV_DATA_DESCRIPTOR)" + Parent = "ROM_IMAGE" + InvokeOrder = AfterParent +End + +ELINK + Name = "$(BUILD_DIR)\FitTable.ffs" + Parent = "FV_DATA" + InvokeOrder = AfterParent +End + +ELINK + Name = "$(BUILD_DIR)\BootGuardBpmBinary.ffs" + Parent = "FV_DATA" + InvokeOrder = AfterParent + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "BootGuardBpmBinary" + Value = "ReserveBpmTable.bin" + TokenType = File + TargetMAK = Yes + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +ELINK + Name = "$(BUILD_DIR)\BootGuardKmBinary.ffs" + Parent = "FV_DATA" + InvokeOrder = AfterParent + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "BootGuardKmBinary" + Value = "ReserveKmTable.bin" + TokenType = File + TargetMAK = Yes + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +ELINK + Name = "$(BUILD_DIR)\BootGuardAcmBinary.ffs" + Parent = "FV_DATA" + InvokeOrder = AfterParent + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "BOOT_GUARD_ACM" + Value = "2" + Help = "MUST use the correct ACM binary for the matching CPUs, else platform will not behave as expected. Pre-ES and ES CPU set the token to 0, Pre-QS and QS CPU set the token to 1 and PV ME FW set the token to 2" + TokenType = Integer + TargetEQU = Yes + TargetMAK = Yes + TargetH = Yes + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "BootGuardAcmBinary" + Value = "Boot_Guard_ACM_Rev1_1_PC_ES.bin" + Help = "The ACM is for Pre-ES and ES CPU samples ONLY!" + TokenType = File + TargetMAK = Yes + Token = "BOOT_GUARD_ACM" "=" "0" + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "BootGuardAcmBinary" + Value = "Boot_Guard_ACM_Rev1_2_PC_QS.bin" + Help = "The ACM is for Pre-QS and QS or newer CPU samples ONLY! NOTE: PC_QS is only for development platform." + TokenType = File + TargetMAK = Yes + Token = "BOOT_GUARD_ACM" "=" "1" + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "BootGuardAcmBinary" + Value = "Boot_Guard_ACM_Rev1_2_PV_QS.bin" + Help = "PV Image should be used with PV ME FW. The ACM is for Pre-QS and QS or newer CPU samples ONLY!" + TokenType = File + TargetMAK = Yes + Token = "BOOT_GUARD_ACM" "=" "2" + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "ACMSVN" + Value = "0" + Help = "ACMSVN:0 for ES binaries" + TokenType = File + TargetMAK = Yes + TargetH = Yes + Token = "BOOT_GUARD_ACM" "=" "0" + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "ACMSVN" + Value = "0" + Help = "ACMSVN:0 for PC_QS binaries" + TokenType = File + TargetMAK = Yes + TargetH = Yes + Token = "BOOT_GUARD_ACM" "=" "1" + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "ACMSVN" + Value = "3" + Help = "ACMSVN:3 for PV_QS binary" + TokenType = File + TargetMAK = Yes + TargetH = Yes + Token = "BOOT_GUARD_ACM" "=" "2" + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "BOOT_GUARD_BPM_PRIVATE_KEY_FILENAME" + Value = "$(FIT_DIR)\BpmPrivate.key" + TokenType = File + TargetMAK = Yes + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "BOOT_GUARD_BPM_PUBLIC_KEY_FILENAME" + Value = "$(FIT_DIR)\BpmPublic.key" + TokenType = File + TargetMAK = Yes + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "BOOT_GUARD_KM_PRIVATE_KEY_FILENAME" + Value = "$(FIT_DIR)\KmPrivate.key" + TokenType = File + TargetMAK = Yes + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "BOOT_GUARD_KM_PUBLIC_KEY_FILENAME" + Value = "$(FIT_DIR)\KmPublic.key" + TokenType = File + TargetMAK = Yes + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "BOOT_GUARD_PBULIC_KEY_EXPONENT" + Help = "The token for the KeyGen.exe" + Value = "0x10001" + TokenType = Integer + TargetEQU = Yes + TargetMAK = Yes + TargetH = Yes + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "BPM_IBB_MCHBAR" + Help = "BpmKmGen.exe only support the decimal value" + Value = "$(NB_MCH_BASE_ADDRESS) + 0" + TokenType = Integer + TargetEQU = Yes + TargetMAK = Yes + TargetH = Yes + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "BPM_VTD_BAR" + Help = "BpmKmGen.exe only support the decimal value" + Value = "$(NB_VTD_BASE_ADDRESS) + 0" + TokenType = Integer + TargetEQU = Yes + TargetMAK = Yes + TargetH = Yes + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "IS_FV_DATA_ALIGNMENT64K" + Help = "BpmKmGen.exe only support the decimal value" + Value = "($(FV_DATA_BASE)&0x0000FFFF)" + TokenType = Integer + TargetEQU = Yes + TargetMAK = Yes + TargetH = Yes + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "BPM_IBB_SEGMENT_BASE" + Help = "BpmKmGen.exe only support the decimal value" + Value = "$(FV_BB_BASE) + 0" + TokenType = Integer + TargetEQU = Yes + TargetMAK = Yes + TargetH = Yes + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "BPM_IBB_SEGMENT_SIZE" + Help = "BpmKmGen.exe only support the decimal value" + Value = "$(FV_BB_BLOCKS) * $(FLASH_BLOCK_SIZE)" + TokenType = Integer + TargetEQU = Yes + TargetMAK = Yes + TargetH = Yes + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "KM_KEY_MANIFEST_ID" + Help = "BpmKmGen.exe only support the decimal value, and this field must match the Key Manifest ID of Secure boot of FITC." + Value = "1" + TokenType = Integer + TargetEQU = Yes + TargetMAK = Yes + TargetH = Yes + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "DXE_SEGMENT_BASE" + Help = "BpmKmGen.exe only support the decimal value" + Value = "$(FV_MAIN_BASE) + 0" + TokenType = Integer + TargetEQU = Yes + TargetMAK = Yes + TargetH = Yes + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "DXE_SEGMENT_SIZE" + Help = "BpmKmGen.exe only support the decimal value" + Value = "$(FV_MAIN_BLOCKS) * $(FLASH_BLOCK_SIZE)" + TokenType = Integer + TargetEQU = Yes + TargetMAK = Yes + TargetH = Yes + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "BIOS_STARTING_ADDRESS" + Help = "Support the decimal value" + Value = "0xFFFFFFFF - $(FLASH_SIZE) + 1" + TokenType = Integer + TargetEQU = Yes + TargetMAK = Yes + TargetH = Yes +End + +TOKEN + Name = "FITEntryPointToOtherFVBBRomAddress" + Help = "FitUtil.exe only support the decimal value. If you don't have other FV_BB, please set the OtherFVBBRomAddress to 0." + Value = "0" + TokenType = Integer + TargetEQU = Yes + TargetMAK = Yes + TargetH = Yes +End + +TOKEN + Name = "FITEntryPointToOtherFVBBRomAddress" + Help = "FitUtil.exe only support the decimal value. If you don't have other FV_BB, please set the OtherFVBBRomAddress to 0." + Value = "$(FT_FV_BB_BASE) + $(FV_BB_BLOCKS) * $(FLASH_BLOCK_SIZE) - $(BIOS_STARTING_ADDRESS) - 0x40" + TokenType = Integer + TargetEQU = Yes + TargetMAK = Yes + TargetH = Yes + Token = "FAULT_TOLERANT_BOOTBLOCK_UPDATE" "=" "1" +End + + +TOKEN + Name = "FV_DATA_ATTR" + Help = "The token is attribution of FV_DATA" + Value = "" + TokenType = File + TargetMAK = Yes + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +TOKEN + Name = "BootGuardTokens" + Value = "$(BPM_IBB_MCHBAR) $(BPM_VTD_BAR) $(BPM_IBB_SEGMENT_BASE) $(BPM_IBB_SEGMENT_SIZE) $(BIOS_STARTING_ADDRESS) $(KM_KEY_MANIFEST_ID) $(ACMSVN)" + Help = "Support the decimal value" + TokenType = Expression + TargetMAK = Yes +End + +ELINK + Name = "$(BUILD_DIR)\ReserveBootGuardSigningServer.ffs" + Parent = "FV_DATA" + InvokeOrder = AfterParent + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" + Token = "INTEL_BOOT_GUARD_SIGNING_SERVER_SUPPROT" "=" "1" +End + +ELINK + Name = "$(BUILD_DIR)\ReserveBootGuardFvMainHashKey.ffs" + Parent = "FV_BB" + InvokeOrder = AfterParent + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +PATH + Name = "FIT_DIR" +End + +MODULE + Help = "Includes Fit.mak to Project" + File = "Fit.mak" +End + +ELINK + Name = "/D BOOT_GUARD_SUPPORT_FLAG=1" + Parent = "GLOBAL_DEFINES" + InvokeOrder = AfterParent + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End diff --git a/Board/EM/FIT/FitTable.asm b/Board/EM/FIT/FitTable.asm new file mode 100644 index 0000000..ca45f86 --- /dev/null +++ b/Board/EM/FIT/FitTable.asm @@ -0,0 +1,66 @@ +include token.equ + +FitEntry Struct + TblAddress DQ 0 + TblSIZE DD 0 ;only 3 bytes valid, + TblVer DW 0 + TblType DB 0 + TblChkSum DB 0 +FitEntry ENDS + + +ifndef EFIx64 +.model small +endif + +.data + Type0Entry FitEntry <' _TIF_', 0, 100h, 00h, 0> ; FIT type 0x00 - FIT Header Entry + Type1Entry FitEntry <0FFFFFFFFh, 0, 100h, 01h, 0> ; FIT type 0x01 - Microcode Update Entry +IFDEF MKF_INTEL_BOOT_GUARD_SUPPORT +IF MKF_INTEL_BOOT_GUARD_SUPPORT + Type2Entry FitEntry <0FFFFFFFFh, 0, 100h, 02h, 0> ; FIT type 0x02 - Anc ACM location + TypebEntry FitEntry <0FFFFFFFFh, 241h, 100h, 0Bh, 0> ; FIT Type 0x0B - Key Manifest + TypecEntry FitEntry <0FFFFFFFFh, 2BBh, 100h, 0Ch, 0> ; FIT type 0x0C - Boot Policy Manifest +ENDIF +ENDIF + + ; Reserve + DQ 0FFFFFFFFFFFFFFFFh + DQ 0FFFFFFFFFFFFFFFFh + + ; Reserve + DQ 0FFFFFFFFFFFFFFFFh + DQ 0FFFFFFFFFFFFFFFFh + + ; Reserve + DQ 0FFFFFFFFFFFFFFFFh + DQ 0FFFFFFFFFFFFFFFFh + + ; Reserve + DQ 0FFFFFFFFFFFFFFFFh + DQ 0FFFFFFFFFFFFFFFFh + + ; Reserve + DQ 0FFFFFFFFFFFFFFFFh + DQ 0FFFFFFFFFFFFFFFFh + + ; Reserve + DQ 0FFFFFFFFFFFFFFFFh + DQ 0FFFFFFFFFFFFFFFFh + + ; Reserve + DQ 0FFFFFFFFFFFFFFFFh + DQ 0FFFFFFFFFFFFFFFFh + + ; Reserve + DQ 0FFFFFFFFFFFFFFFFh + DQ 0FFFFFFFFFFFFFFFFh + + ; Reserve + DQ 0FFFFFFFFFFFFFFFFh + DQ 0FFFFFFFFFFFFFFFFh + + ; Reserve + DQ 0FFFFFFFFFFFFFFFFh + DQ 0FFFFFFFFFFFFFFFFh +END diff --git a/Board/EM/FIT/Pei/BootGuardPei.c b/Board/EM/FIT/Pei/BootGuardPei.c new file mode 100644 index 0000000..1421634 --- /dev/null +++ b/Board/EM/FIT/Pei/BootGuardPei.c @@ -0,0 +1,285 @@ +//************************************************************************* +//************************************************************************* +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//************************************************************************* +//********************************************************************** +// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.c 2 3/07/13 5:43a Bensonlai $ +// +// $Revision: 2 $ +// +// $Date: 3/07/13 5:43a $ +//********************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.c $ +// +// 2 3/07/13 5:43a Bensonlai +// [TAG] EIP117307 +// [Category] Improvement +// [Description] [Boot Guard] Implementation of speed up the post time +// for Chain of Trust +// [Files] BootGuardDxe.h, BootGuardPei.c, BootGuardPei.h, +// BpmKmGen.exe, ReserveBootGuardFvMainHashKey.bin +// +// 1 2/25/13 1:15a Bensonlai +// [TAG] EIP114386 +// [Category] Spec Update +// [Severity] Important +// [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard +// for 4th Gen Intel Core Processor based on Mobile U-Processor Line - +// BIOS Writer's Guide - Rev 0.8.1 +// [Files] BootGuardPei.cif +// BootGuardPei.c +// BootGuardPei.h +// BootGuardPei.dxs +// BootGuardPei.sdl +// BootGuardPei.mak +// PeiCryptLib.lib +// OpensslLib.lib +// +//************************************************************************* +//<AMI_FHDR_START> +// +// Name: BootGuardPei.c +// +// Description: Chain of trust for Pei +// +//<AMI_FHDR_END> +//************************************************************************* + +#include "BootGuardPei.h" + +EFI_GUID ReserveBootGuardFvMainHashKeyGuid = RESERVE_BOOT_GUARD_FV_MAIN_HASH_KEY_FFS_FILE_RAW_GUID; + +STATIC EFI_PEI_NOTIFY_DESCRIPTOR BootGuardVerificationForPeiToDxeHandoffEndOfPeiNotifyDesc = { + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), + &gEndOfPeiSignalPpiGuid, + BootGuardVerificationForPeiToDxeHandoffEndOfPei +}; + +//********************************************************************** +//<AMI_PHDR_START> +// +// Procedure: LocateBootGuardFvMainHashKey +// +// Description: Loads binary from RAW section of X firwmare volume +// +// +// Output: Buffer - returns a pointer to allocated memory. Caller +// must free it when done. +// Size - returns the size of the binary loaded into the +// buffer. +// +//<AMI_PHDR_END> +//********************************************************************** +EFI_STATUS +LocateBootGuardFvMainHashKey ( + IN EFI_PEI_SERVICES **PpSv, + IN OUT VOID **Buffer +) +{ + EFI_STATUS Status; + EFI_FIRMWARE_VOLUME_HEADER *pFV; + UINTN FvNum=0; + EFI_FFS_FILE_HEADER *ppFile=NULL; + BOOLEAN Found = FALSE; + + Status = (*PpSv)->FfsFindNextVolume (PpSv, FvNum, &pFV); + + while ( TRUE ) { + Status = (*PpSv)->FfsFindNextVolume( PpSv, FvNum, &pFV ); + if ( EFI_ERROR( Status ) ) { + return Status; + } + + ppFile = NULL; + + while ( TRUE ) { + Status = (*PpSv)->FfsFindNextFile( PpSv, + EFI_FV_FILETYPE_FREEFORM, + pFV, + &ppFile ); + + if ( Status == EFI_NOT_FOUND ) { + break; + } + + if (CompareGuid( &ppFile->Name, &ReserveBootGuardFvMainHashKeyGuid )) { + Found = TRUE; + break; + } + } + + if ( Found ) { + break; + } else { + FvNum++; + } + } + + Status = (*PpSv)->FfsFindSectionData( PpSv, + EFI_SECTION_RAW, + ppFile, + Buffer ); + + if ( EFI_ERROR( Status ) ) { + return EFI_NOT_FOUND; + } + + return Status; +} + +//********************************************************************** +//<AMI_PHDR_START> +// +// Procedure: BootGuardVerificationForPeiToDxeHandoffEndOfPei +// +// Description: BootGuardVerificationForPeiToDxeHandoffEndOfPei at end of Pei +// handler. +// +// Output: PeiServices - Pointer to PEI Services Table. +// NotifyDesc - Pointer to the descriptor for the Notification +// event that caused this function to execute. +// Ppi - Pointer to the PPI data associated with +// this function. +// +//<AMI_PHDR_END> +//********************************************************************** +STATIC +EFI_STATUS +BootGuardVerificationForPeiToDxeHandoffEndOfPei ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi +) +{ + EFI_STATUS Status; + UINTN BootGuardHashDataSize = 0, i; + UINT8 CurrentBootGuardFvMainHash256Val[32]; + VOID *BootGuardSha256Context; + UINT8 *BootGuardOrgFvMainHash256; + AMI_BOOT_GUARD_HOB *AmiBootGuardHobPtr; + EFI_GUID AmiBootGuardHobGuid = AMI_BOOT_GUARD_HOB_GUID; + EFI_BOOT_MODE BootMode; + RESERVE_BOOT_GUARD_FV_MAIN_HASH_KEY *ReserveBootGuardFvMainHashKey; + + Status = PeiServicesGetBootMode (&BootMode); + if ( EFI_ERROR( Status ) ) { + DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] Get Boot Mode is fail\n")); + return Status; + } + + if ( BootMode == BOOT_IN_RECOVERY_MODE ) { + DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] In the BOOT_IN_RECOVERY_MODE\n")); + return Status; + } + + if ( BootMode == BOOT_ON_S3_RESUME ) { + DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] In the BOOT_ON_S3_RESUME\n")); + return Status; + } + + Status = (*PeiServices)->CreateHob (PeiServices, EFI_HOB_TYPE_GUID_EXTENSION, sizeof (AMI_BOOT_GUARD_HOB), (VOID **) &AmiBootGuardHobPtr); + if ( EFI_ERROR( Status ) ) { + DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] CreateHob is fail for AmiBootGuardHobPtr\n")); + return Status; + } + + AmiBootGuardHobPtr->EfiHobGuidType.Name = AmiBootGuardHobGuid; + AmiBootGuardHobPtr->AmiBootGuardVerificationforPEItoDXEFlag = 0; + BootGuardHashDataSize = Sha256GetContextSize (); + Status = ((*PeiServices)->AllocatePool) (PeiServices, BootGuardHashDataSize, &BootGuardSha256Context); + if ( EFI_ERROR( Status ) ) { + DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] AllocatePool is fail for BootGuardSha256Context\n")); + return Status; + } + + BootGuardOrgFvMainHash256 = AllocateZeroPool (32); + if (BootGuardOrgFvMainHash256 == NULL) { + DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] AllocateZeroPool is fail for BootGuardOrgFvMainHash256\n")); + return Status; + } + + Status = LocateBootGuardFvMainHashKey(PeiServices , &BootGuardOrgFvMainHash256); + if ( EFI_ERROR( Status ) ) { + DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] LocateBootGuardFvMainHashKey is fail\n")); + return Status; + } + + ReserveBootGuardFvMainHashKey = (RESERVE_BOOT_GUARD_FV_MAIN_HASH_KEY*)BootGuardOrgFvMainHash256; + + for ( i = 0; i < sizeof(ReserveBootGuardFvMainHashKey->BootGuardFvMainHashKey); i++ ) { + DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] BootGuardOrgFvMainHash256[%x]= %x.\n", i, ReserveBootGuardFvMainHashKey->BootGuardFvMainHashKey[i])); + } + DEBUG ((EFI_D_ERROR, "\n[BootGuardPei.c] BootGuardFvMainUsedLength= %x.\n", ReserveBootGuardFvMainHashKey->BootGuardFvMainUsedLength)); + + Sha256Init (BootGuardSha256Context); + Sha256Update (BootGuardSha256Context, (UINT8 *)(DXE_SEGMENT_BASE), (UINTN)ReserveBootGuardFvMainHashKey->BootGuardFvMainUsedLength); + Sha256Final (BootGuardSha256Context, CurrentBootGuardFvMainHash256Val); + + for ( i = 0; i < sizeof (CurrentBootGuardFvMainHash256Val); i++ ) { + DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] CurrentBootGuardFvMainHash256Val[%x]= %x.\n", i, CurrentBootGuardFvMainHash256Val[i])); + } + + if ( !CompareMem(BootGuardOrgFvMainHash256, CurrentBootGuardFvMainHash256Val, 32) ) { + AmiBootGuardHobPtr->AmiBootGuardVerificationforPEItoDXEFlag = 1; + } else { + AmiBootGuardHobPtr->AmiBootGuardVerificationforPEItoDXEFlag = 0; + } + + DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] AmiBootGuardHobPtr->AmiBootGuardVerificationforPEItoDXEFlag= %x.\n", AmiBootGuardHobPtr->AmiBootGuardVerificationforPEItoDXEFlag)); + + return Status; +} + +EFI_STATUS +BootGuardPeiEntryPoint ( + IN EFI_FFS_FILE_HEADER *FfsHeader, + IN EFI_PEI_SERVICES **PeiServices +) +{ + EFI_STATUS Status; + PCH_SERIES PchSeries = GetPchSeries(); + + if ( PchSeries != PchLp ) { + return EFI_SUCCESS; + } + + if ( IsBootGuardSupported() == FALSE ) { + return EFI_SUCCESS; + } + + if ( (UINT32)AsmReadMsr64 (MSR_BOOT_GUARD_SACM_INFO) == 0 ) { + DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] Boot Guard is disabled by Anchor Cove Profile Configuration in the Intel Fitc\n")); + return EFI_SUCCESS; + } + + Status = PeiServicesNotifyPpi (&BootGuardVerificationForPeiToDxeHandoffEndOfPeiNotifyDesc); + if ( EFI_ERROR( Status ) ) { + return Status; + } + + return Status; +} + +//************************************************************************* +//************************************************************************* +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//************************************************************************* +//************************************************************************* diff --git a/Board/EM/FIT/Pei/BootGuardPei.cif b/Board/EM/FIT/Pei/BootGuardPei.cif new file mode 100644 index 0000000..afb57a5 --- /dev/null +++ b/Board/EM/FIT/Pei/BootGuardPei.cif @@ -0,0 +1,14 @@ +<component> + name = "BootGuardPei" + category = ModulePart + LocalRoot = "Board\EM\FIT\Pei" + RefName = "BootGuardPei" +[files] +"BootGuardPei.c" +"BootGuardPei.h" +"BootGuardPei.dxs" +"BootGuardPei.sdl" +"BootGuardPei.mak" +"PeiCryptLib.lib" +"OpensslLib.lib" +<endComponent> diff --git a/Board/EM/FIT/Pei/BootGuardPei.dxs b/Board/EM/FIT/Pei/BootGuardPei.dxs new file mode 100644 index 0000000..920a857 --- /dev/null +++ b/Board/EM/FIT/Pei/BootGuardPei.dxs @@ -0,0 +1,76 @@ +//************************************************************************* +//************************************************************************* +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//************************************************************************* +//********************************************************************** +// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.dxs 1 2/25/13 1:15a Bensonlai $ +// +// $Revision: 1 $ +// +// $Date: 2/25/13 1:15a $ +//********************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.dxs $ +// +// 1 2/25/13 1:15a Bensonlai +// [TAG] EIP114386 +// [Category] Spec Update +// [Severity] Important +// [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard +// for 4th Gen Intel Core Processor based on Mobile U-Processor Line - +// BIOS Writer's Guide - Rev 0.8.1 +// [Files] BootGuardPei.cif +// BootGuardPei.c +// BootGuardPei.h +// BootGuardPei.dxs +// BootGuardPei.sdl +// BootGuardPei.mak +// PeiCryptLib.lib +// OpensslLib.lib +// +//************************************************************************* +//<AMI_FHDR_START> +// +// Name: BootGuardPei.dxs +// +// Description: BootGuardPei dependency file +// +//<AMI_FHDR_END> +//************************************************************************* + +#include "AutoGen.h" +#include "PeimDepex.h" +#if defined (BUILD_WITH_GLUELIB) || defined (BUILD_WITH_EDKII_GLUE_LIB) +#include "EfiDepex.h" +#include EFI_PPI_DEPENDENCY (Variable) + +#include EFI_PPI_DEPENDENCY (PchPeiInitDone) +#endif + +DEPENDENCY_START + PEI_READ_ONLY_VARIABLE_ACCESS_PPI_GUID AND + PCH_PEI_INIT_DONE_PPI_GUID +DEPENDENCY_END + +//************************************************************************* +//************************************************************************* +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//************************************************************************* +//************************************************************************* diff --git a/Board/EM/FIT/Pei/BootGuardPei.h b/Board/EM/FIT/Pei/BootGuardPei.h new file mode 100644 index 0000000..ca604d6 --- /dev/null +++ b/Board/EM/FIT/Pei/BootGuardPei.h @@ -0,0 +1,182 @@ +//************************************************************************* +//************************************************************************* +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//************************************************************************* +//********************************************************************** +// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.h 2 3/07/13 5:43a Bensonlai $ +// +// $Revision: 2 $ +// +// $Date: 3/07/13 5:43a $ +//********************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.h $ +// +// 2 3/07/13 5:43a Bensonlai +// [TAG] EIP117307 +// [Category] Improvement +// [Description] [Boot Guard] Implementation of speed up the post time +// for Chain of Trust +// [Files] BootGuardDxe.h, BootGuardPei.c, BootGuardPei.h, +// BpmKmGen.exe, ReserveBootGuardFvMainHashKey.bin +// +// 1 2/25/13 1:15a Bensonlai +// [TAG] EIP114386 +// [Category] Spec Update +// [Severity] Important +// [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard +// for 4th Gen Intel Core Processor based on Mobile U-Processor Line - +// BIOS Writer's Guide - Rev 0.8.1 +// [Files] BootGuardPei.cif +// BootGuardPei.c +// BootGuardPei.h +// BootGuardPei.dxs +// BootGuardPei.sdl +// BootGuardPei.mak +// PeiCryptLib.lib +// OpensslLib.lib +// +//************************************************************************* +//<AMI_FHDR_START> +// +// Name: BootGuardPei.h +// +// Description: Header file for BootGuardPei +// +//<AMI_FHDR_END> +//************************************************************************* + +#ifndef _BOOT_GUARD_PEI_H_ +#define _BOOT_GUARD_PEI_H_ + +#if !defined(EDK_RELEASE_VERSION) || (EDK_RELEASE_VERSION < 0x00020000) +#include "EdkIIGluePeim.h" +#include "CpuAccess.h" +#include "PchAccess.h" +#include "PchPlatformLib.h" +#include "BootGuardLibrary.h" +#include <Token.h> +#endif + +#define RESERVE_BOOT_GUARD_FV_MAIN_HASH_KEY_FFS_FILE_RAW_GUID \ + {0xcbc91f44, 0xa4bc, 0x4a5b, 0x86, 0x96, 0x70, 0x34, 0x51, 0xd0, 0xb0, 0x53} + +#if defined(BUILD_WITH_GLUELIB) +#undef SetMem +VOID * +SetMem ( + OUT VOID *Buffer, + IN UINTN Length, + IN UINT8 Value +) +{ + return GlueSetMem (Buffer, Length, Value); +} + +#undef CopyMem +VOID * +EFIAPI +CopyMem ( + OUT VOID *DestinationBuffer, + IN CONST VOID *SourceBuffer, + IN UINTN Length +) +{ + return GlueCopyMem (DestinationBuffer, SourceBuffer, Length); +} +#endif + +// +// Hash functions definitionS +// +UINTN +EFIAPI +Sha256GetContextSize ( + VOID +); + +BOOLEAN +EFIAPI +Sha256Init ( + IN OUT VOID *Sha256Context +); + +BOOLEAN +EFIAPI +Sha256Update ( + IN OUT VOID *Sha256Context, + IN CONST VOID *Data, + IN UINTN DataLength +); + +BOOLEAN +EFIAPI +Sha256Final ( + IN OUT VOID *Sha256Context, + OUT UINT8 *HashValue +); + +STATIC +EFI_STATUS +BootGuardVerificationForPeiToDxeHandoffEndOfPei ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi +); + +// +// GUID to AMI_BOOT_GUARD Module +// +#if !defined(EDK_RELEASE_VERSION) || (EDK_RELEASE_VERSION < 0x00020000) +#define AMI_BOOT_GUARD_HOB_GUID \ + { \ + 0xb60ab175, 0x498d, 0x429d, 0xad, 0xba, 0xa, 0x62, 0x2c, 0x58, 0x16, 0xe2 \ + } +#else +#define AMI_BOOT_GUARD_HOB_GUID \ + { \ + 0xb60ab175, 0x498d, 0x429d, \ + { \ + 0xad, 0xba, 0xa, 0x62, 0x2c, 0x58, 0x16, 0xe2 \ + } \ + } +#endif + +#pragma pack (1) + +typedef struct { + EFI_HOB_GUID_TYPE EfiHobGuidType; + UINT8 AmiBootGuardVerificationforPEItoDXEFlag; +} AMI_BOOT_GUARD_HOB; + +typedef struct { + UINT8 BootGuardFvMainHashKey[32]; + UINT32 BootGuardFvMainUsedLength; +} RESERVE_BOOT_GUARD_FV_MAIN_HASH_KEY; + +#pragma pack () + +#endif + +//************************************************************************* +//************************************************************************* +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//************************************************************************* +//************************************************************************* diff --git a/Board/EM/FIT/Pei/BootGuardPei.mak b/Board/EM/FIT/Pei/BootGuardPei.mak new file mode 100644 index 0000000..b1c6ca1 --- /dev/null +++ b/Board/EM/FIT/Pei/BootGuardPei.mak @@ -0,0 +1,119 @@ +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** +# $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.mak 1 2/25/13 1:15a Bensonlai $ +# +# $Revision: 1 $ +# +# $Date: 2/25/13 1:15a $ +#********************************************************************** +# Revision History +# ---------------- +# $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.mak $ +# +# 1 2/25/13 1:15a Bensonlai +# [TAG] EIP114386 +# [Category] Spec Update +# [Severity] Important +# [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard +# for 4th Gen Intel Core Processor based on Mobile U-Processor Line - +# BIOS Writer's Guide - Rev 0.8.1 +# [Files] BootGuardPei.cif +# BootGuardPei.c +# BootGuardPei.h +# BootGuardPei.dxs +# BootGuardPei.sdl +# BootGuardPei.mak +# PeiCryptLib.lib +# OpensslLib.lib +# +#********************************************************************** +#<AMI_FHDR_START> +# +# Name: BootGuardPei.mak +# +# Description: Make file for BootGuardPei +# +#<AMI_FHDR_END> +#********************************************************************** + +all : BootGuardPei + +BootGuardPei : $(BUILD_DIR)\BootGuardPei.mak BootGuardPeiBin + +$(BUILD_DIR)\BootGuardPei.mak : $(BOOT_GUARD_PEI_PATH)\BootGuardPei.cif $(BOOT_GUARD_PEI_PATH)\BootGuardPei.mak $(BUILD_RULES) + $(CIF2MAK) $(BOOT_GUARD_PEI_PATH)\BootGuardPei.cif $(CIF2MAK_DEFAULTS) + +BOOT_GUARD_PEI_INCLUDES = \ + $(EdkIIGlueLib_INCLUDES)\ + $(INTEL_PCH_INCLUDES)\ + $(PROJECT_CPU_INCLUDES)\ + +BOOT_GUARD_PEI_DEFINES=\ + $(MY_DEFINES)\ + /D"__EDKII_GLUE_MODULE_ENTRY_POINT__=BootGuardPeiEntryPoint"\ + /D __EDKII_GLUE_BASE_LIB__ \ + /D __EDKII_GLUE_BASE_IO_LIB_INTRINSIC__ \ + /D __EDKII_GLUE_BASE_MEMORY_LIB__\ + /D __EDKII_GLUE_PEI_DEBUG_LIB_REPORT_STATUS_CODE__ \ + /D __EDKII_GLUE_PEI_REPORT_STATUS_CODE_LIB__ \ + /D __EDKII_GLUE_PEI_SERVICES_LIB__ \ + /D __EDKII_GLUE_PEI_MEMORY_ALLOCATION_LIB__ \ + /D __EDKII_GLUE_BASE_PCI_LIB_PCI_EXPRESS__ \ + /D __EDKII_GLUE_PEI_HOB_LIB__ \ + +BOOT_GUARD_PEI_LIBS = \ + $(EdkIIGlueBaseIoLibIntrinsic_LIB)\ + $(EdkIIGlueBaseLib_LIB)\ + $(EdkIIGlueBaseLibIA32_LIB)\ + $(EdkIIGlueBasePrintLib_LIB)\ + $(EdkIIGluePeiMemoryAllocationLib_LIB)\ + $(EdkIIGluePeiDebugLibReportStatusCode_LIB)\ + $(EdkIIGluePeiReportStatusCodeLib_LIB)\ + $(EdkIIGluePeiServicesLib_LIB)\ + $(EdkIIGlueBasePciLibPciExpress_LIB)\ + $(EdkIIGlueBasePostCodeLibPort80_LIB)\ + $(EDKFRAMEWORKPPILIB)\ + $(EdkIIGluePeiHobLib_LIB)\ + $(PchPlatformPeiLib_LIB)\ + $(CpuPlatformLib_LIB)\ + $(BootGuardLib_LIB)\ + +BootGuardPeiBin: $(BOOT_GUARD_PEI_LIBS) + $(MAKE) /$(MAKEFLAGS) $(EDKIIGLUE_DEFAULTS)\ + /f $(BUILD_DIR)\BootGuardPei.mak all\ + NAME=BootGuardPei \ + MAKEFILE=$(BUILD_DIR)\BootGuardPei.mak \ + "MY_INCLUDES=$(BOOT_GUARD_PEI_INCLUDES)"\ + "MY_DEFINES=$(BOOT_GUARD_PEI_DEFINES)" \ + GUID=B41956E1-7CA2-42db-9562-168389F0F066 \ + ENTRY_POINT=_ModuleEntryPoint "EXT_HEADERS=$(BUILD_DIR)\token.h"\ + TYPE=PEIM \ + EDKIIModule=PEIM\ + DEPEX1=$(BOOT_GUARD_PEI_PATH)\BootGuardPei.dxs \ + DEPEX1_TYPE=EFI_SECTION_PEI_DEPEX \ + COMPRESS=0 + +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** diff --git a/Board/EM/FIT/Pei/BootGuardPei.sdl b/Board/EM/FIT/Pei/BootGuardPei.sdl new file mode 100644 index 0000000..30dd493 --- /dev/null +++ b/Board/EM/FIT/Pei/BootGuardPei.sdl @@ -0,0 +1,96 @@ +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** +# $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.sdl 2 3/06/13 2:51a Bensonlai $ +# +# $Revision: 2 $ +# +# $Date: 3/06/13 2:51a $ +#********************************************************************** +# Revision History +# ---------------- +# $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.sdl $ +# +# 2 3/06/13 2:51a Bensonlai +# [TAG] EIP116907 +# [Category] Improvement +# [Description] BpmKmGen.exe generates KM / BPM tables and +# BootGuardFvMainHash key separately +# [Files] BpmKmGen.exe, Fit.sdl, Fit.mak, BootGuardPei.sdl, +# BootGuardDxe.sdl +# +# 1 2/25/13 1:15a Bensonlai +# [TAG] EIP114386 +# [Category] Spec Update +# [Severity] Important +# [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard +# for 4th Gen Intel Core Processor based on Mobile U-Processor Line - +# BIOS Writer's Guide - Rev 0.8.1 +# [Files] BootGuardPei.cif +# BootGuardPei.c +# BootGuardPei.h +# BootGuardPei.dxs +# BootGuardPei.sdl +# BootGuardPei.mak +# PeiCryptLib.lib +# OpensslLib.lib +# +#********************************************************************** +#<AMI_FHDR_START> +# +# Name: BootGuardPei.sdl +# +# Description: SDL file for BootGuardPei +# +#<AMI_FHDR_END> +#********************************************************************** + +TOKEN + Name = "BOOT_GUARD_PEI_SUPPORT" + Value = "1" + Help = "Main switch to enable BOOT_GUARD_PEI_SUPPORT in Project" + TokenType = Boolean + TargetMAK = Yes + TargetH = Yes + Master = Yes + Token = "INTEL_BOOT_GUARD_CHAIN_OF_TRUST_SUPPORT" "=" "1" +End + +MODULE + Help = "Includes BootGuardPei.mak to Project" + File = "BootGuardPei.mak" +End + +PATH + Name = "BOOT_GUARD_PEI_PATH" +End + +ELINK + Name = "$(BUILD_DIR)\BootGuardPei.ffs" + Parent = "FV_BB" + InvokeOrder = AfterParent +End + +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** diff --git a/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.c b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.c new file mode 100644 index 0000000..5959528 --- /dev/null +++ b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.c @@ -0,0 +1,469 @@ +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** + +//********************************************************************** +// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.c 3 9/06/13 6:10a Bensonlai $ +// +// $Revision: 3 $ +// +// $Date: 9/06/13 6:10a $ +//********************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.c $ +// +// 3 9/06/13 6:10a Bensonlai +// [TAG] EIP135513 +// [Category] Improvement +// [Description] Support the TPM1.2 for WHCK test +// +// 2 7/25/13 11:02p Bensonlai +// [TAG] EIP130647 +// [Category] Bug Fix +// [Severity] Normal +// [Symptom] Detail PCR is incorrect for Boot Guard. +// [RootCause] Coding error. +// +// 1 6/04/13 5:15a Bensonlai +// [TAG] EIP125148 +// [Category] Spec Update +// [Severity] Normal +// [Description] [SBY ULT] Boot Guard for 4th Gen Intel Core Processor +// based on Mobile U-Processor Line - BIOS Writer's Guide - Rev 1.0 +// [Files] BootGuardTPMPei.cif +// BootGuardTPMPei.c +// BootGuardTPMPei.h +// BootGuardTPMPei.sdl +// BootGuardTPMPei.mak +// +//********************************************************************** +//<AMI_FHDR_START> +// +// Name: BootGuardTPMPei.c +// +// Description: TPM Initialization Flow for Boot Guard +// +//<AMI_FHDR_END> +//********************************************************************** + +#include <Efi.h> +#include <Pei.h> +#include <TcgCommon.h> +#include <AmiPeiLib.h> +#include <TcgMisc.h> +#include "PPI\TcgService\TcgTcmService.h" +#include "PPI\TcgService\TcgService.h" +#include "PPI\TpmDevice\TpmDevice.h" +#include "PPI\CpuIo.h" +#include "PPI\LoadFile.h" +#include <Ppi\ReadOnlyVariable.h> +#include "AmiTcgPlatformPei.h" +#include "TcgPlatformSetupPeiPolicy.h" +#include <Token.h> +#include "CpuRegs.h" +#include <AmiCspLibInc.h> +#include "BootGuardTPMPei.h" + +static +EFI_STATUS +__stdcall __FillCallbackContext( + IN EFI_PEI_SERVICES **PeiService, + OUT TCG_PEI_CALLBACK_CONTEXT *CallbackContext ) +{ + EFI_GUID _gPeiTpmPpiGuid = PEI_TPM_PPI_GUID; + CallbackContext->PeiServices = PeiService; + return (*PeiService)->LocatePpi( + PeiService, + &_gPeiTpmPpiGuid, + 0, + NULL, + &CallbackContext->TpmDevice + ); +} + +#define TCGPASSTHROUGH( cb, in, out ) \ + TcgCommonPassThrough( \ + cb, \ + sizeof (in) / sizeof (*(in)), \ + (in), \ + sizeof (out) / sizeof (*(out)), \ + (out) \ + ) + +EFI_STATUS TcgCommonSha1Complete( + IN VOID *CallbackContext, + IN VOID *Data, + IN UINT32 DataLen, + OUT TCG_DIGEST *Digest ) +{ + TPM_1_2_CMD_SHA1COMPLETE cmdSHA1Complete; + TPM_1_2_RET_HEADER retSHA1Complete; + TPM_TRANSMIT_BUFFER InBuffer[2], OutBuffer[2]; + + if ( DataLen >= 64 ) + { + return EFI_INVALID_PARAMETER; + } + + cmdSHA1Complete.Header.Tag = TPM_H2NS( TPM_TAG_RQU_COMMAND ); + cmdSHA1Complete.Header.ParamSize = TPM_H2NL(sizeof(cmdSHA1Complete) + DataLen); + cmdSHA1Complete.Header.Ordinal = TPM_H2NL( TPM_ORD_SHA1Complete ); + +// if(AutoSupportType()){ +// cmdSHA1Complete.Header.Ordinal = TPM_H2NL(TCM_ORD_SHA1Complete); +// } + + cmdSHA1Complete.NumBytes = TPM_H2NL( DataLen ); + + InBuffer[0].Buffer = &cmdSHA1Complete; + InBuffer[0].Size = sizeof (cmdSHA1Complete); + InBuffer[1].Buffer = Data; + InBuffer[1].Size = DataLen; + + OutBuffer[0].Buffer = &retSHA1Complete; + OutBuffer[0].Size = sizeof (retSHA1Complete); + OutBuffer[1].Buffer = Digest; + OutBuffer[1].Size = sizeof (*Digest); + + return TCGPASSTHROUGH( CallbackContext, InBuffer, OutBuffer ); +} + +EFI_STATUS +SHA1HashFunc ( + IN EFI_PEI_SERVICES **PeiServices, + IN UINT8 *HashData, + IN UINT32 HashDataLen, + OUT TCG_DIGEST *Digest +) +{ + EFI_STATUS Status; + UINT32 Sha1MaxBytes; + TCG_PEI_CALLBACK_CONTEXT Context; + + Status = __FillCallbackContext( PeiServices, &Context ); + ASSERT_PEI_ERROR( PeiServices, Status ); + + Status = Context.TpmDevice->Init( Context.TpmDevice, PeiServices ); + + if ( EFI_ERROR( Status )) { + goto Exit; + } + + Status = TcgCommonSha1Start( &Context, TCG_ALG_SHA, &Sha1MaxBytes ); + + if ( EFI_ERROR( Status )) { + goto Exit; + } + + Status = TcgCommonSha1Update( + &Context, + HashData, + HashDataLen, + Sha1MaxBytes + ); + + if ( EFI_ERROR( Status )) { + goto Exit; + } + + HashData += (HashDataLen & ~63); + HashDataLen &= 63; + + Status = TcgCommonSha1Complete( + &Context, + (UINT8 *)HashData, + (UINT32)HashDataLen, + Digest + ); + + if ( EFI_ERROR( Status )) { + goto Exit; + } + +Exit: + Context.TpmDevice->Close( Context.TpmDevice, PeiServices ); + return Status; +} + +EFI_STATUS ACM_PostSuccess( + IN EFI_PEI_SERVICES **PeiServices +) +{ + UINT32 MsrValue; + + MsrValue = (UINT32) ReadMsr (MSR_BOOT_GUARD_SACM_INFO); + if ( ((MsrValue & B_NEM_INIT) == B_NEM_INIT) && + ((MsrValue & B_MEASURED) == B_MEASURED) && + (((MsrValue & V_TPM_PRESENT_DTPM_12) == V_TPM_PRESENT_DTPM_12) || ((MsrValue & V_TPM_PRESENT_DTPM_20) == V_TPM_PRESENT_DTPM_20)) && + ((MsrValue & B_TPM_SUCCESS) == B_TPM_SUCCESS) ) { + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : ACM_PostSuccess : EFI_SUCCESS\n")); + return EFI_SUCCESS; + } + + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : ACM_PostSuccess : EFI_UNSUPPORTED\n")); + return EFI_UNSUPPORTED; +} + +EFI_STATUS LogDetailPCREvent( + IN EFI_PEI_SERVICES **PeiServices +) +{ + UINT8 FoundACM, FoundKM, FoundBPM; + UINT32 u32HashLen = 0; + EFI_TCG_PCR_EVENT TcgEvent; + UINT32 EventNum, FitEntryPointer, FitEntryNumber, i; + UINTN Len; + CHAR8 DetailPCRStr[] = "Boot Guard Measured S-CRTM"; + PEI_TPM_PPI *TpmPpi = NULL; + PEI_TCG_PPI *TcgPpi = NULL; + EFI_STATUS Status; + BOOT_POLICY *BP; + FIT_ENTRY *FitEntry; + KEY_MANIFEST_STRAUCTURE *KmStructure; + BpmStruct *BpmStructure; + + Len = sizeof(DetailPCRStr) < sizeof(EFI_GUID) ? sizeof(DetailPCRStr) : sizeof(EFI_GUID); + + TcgEvent.Header.PCRIndex = 0; + TcgEvent.Header.EventType = EV_S_CRTM_VERSION; + TcgEvent.Header.EventDataSize = Len; + + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] Starting 1")); + + MemCpy( + &TcgEvent.Event.SCrtmVersion, + DetailPCRStr, + Len + ); + + Status = LocateTcgPpi(PeiServices,&TpmPpi, &TcgPpi); + if(EFI_ERROR(Status))return EFI_NOT_FOUND; + + // On page 44. + // The pHashData must be the format . + // SHA-1 { + // 1) One byte containing the lower 8 bit of the BP.RSTR + // 2) One byte contain the lower 8 bits of BP.TYPE + // .... + // 7) Digest of Hashed IBB Segments(s) + + Status = (*PeiServices)->AllocatePool(PeiServices, sizeof (BOOT_POLICY),&BP); + if ( EFI_ERROR( Status ) ) { + return EFI_OUT_OF_RESOURCES; + } + + BP->RSTR0 = (ReadMsr (MSR_BOOT_GUARD_SACM_INFO) & BIT4) ? 1 : 0; + BP->RSTR1 = (MmioRead32 (ACM_STATUS) & BIT21) ? 1 : 0; + BP->RSTR2 = (MmioRead32 (ACM_STATUS) & BIT22) ? 1 : 0; + BP->RSTR3 = (MmioRead32 (ACM_STATUS) & BIT23) ? 1 : 0; + BP->RSTR4 = (MmioRead32 (ACM_STATUS) & BIT24) ? 1 : 0; + BP->RSTR5 = 0; + BP->RSTR6 = 0; + BP->RSTR7 = 0; + + BP->TYPE0 = (ReadMsr (MSR_BOOT_GUARD_SACM_INFO) & BIT5) ? 1 : 0; + BP->TYPE1 = (ReadMsr (MSR_BOOT_GUARD_SACM_INFO) & BIT6) ? 1 : 0; + BP->TYPE2 = (MmioRead32 (ACM_STATUS) & BIT20) ? 1 : 0; + BP->TYPE3 = 0; + BP->TYPE4 = 0; + BP->TYPE5 = 0; + BP->TYPE6 = 0; + BP->TYPE7 = 0; + + BP->ACM_SVN = ACMSVN; + { + FitEntryPointer = MmioRead32(IBB_ENTRYPOINT_M); + if ( FitEntryPointer == 0xFFFFFFFF ) { + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : FitEntryPointer(%lx) is empty\n", FitEntryPointer)); + ASSERT_PEI_ERROR( PeiServices, EFI_NOT_READY ); + } + + FitEntry = (FIT_ENTRY*)FitEntryPointer; + if ( FitEntry->TblAddress != EFI_SIGNATURE_64 ('_', 'F', 'I', 'T', '_', ' ', ' ', ' ') ) { + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : [Type 0] FitEntry->TblAddress(%lx) is error\n", FitEntry->TblAddress)); + ASSERT_PEI_ERROR( PeiServices, EFI_NOT_READY ); + } + + FitEntryNumber = FitEntry->TblSIZE; + + FoundACM = 0; + for(i=1; i<FitEntryNumber; i++) { + FitEntry = (FIT_ENTRY*)(FitEntryPointer + i*16); + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : FitEntry->TblType = %x\n", FitEntry->TblType)); + if ( FitEntry->TblType == 0x02 ) { // FIT type 0x02 - Anc ACM location + FoundACM =1; + break; + } + } + + if ( FoundACM == 0 ) { + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : Can't find the Boot Guard ACM")); + ASSERT_PEI_ERROR( PeiServices, EFI_NOT_READY ); + } + + PEI_TRACE((-1, PeiServices, "BP->ACM_Signature \n")); + + for ( i=0; i<256; i++ ) { + if (i % 16 == 0) PEI_TRACE((-1, PeiServices, "\n")); + BP->ACM_Signature[i] = MmioRead8( FitEntry->TblAddress + 0x184 + i ); + PEI_TRACE((-1, PeiServices, "%02x ", BP->ACM_Signature[i])); + } + + FoundKM = 0; + for(i=1; i<FitEntryNumber; i++) { + FitEntry = (FIT_ENTRY*)(FitEntryPointer + i*16); + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : FitEntry->TblType = %x\n", FitEntry->TblType)); + if ( FitEntry->TblType == 0x0B ) { // FIT Type 0x0B - Key Manifest + FoundKM =1; + break; + } + } + + if ( FoundKM == 0 ) { + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : Can't find the Boot Guard KM")); + ASSERT_PEI_ERROR( PeiServices, EFI_NOT_READY ); + } + + KmStructure = (KEY_MANIFEST_STRAUCTURE*)FitEntry->TblAddress; + PEI_TRACE((-1, PeiServices, "\nKmStructure:\n")); + + for ( i=0; i<256; i++ ) { + if (i % 16 == 0) PEI_TRACE((-1, PeiServices, "\n")); + BP->Key_Manifest_Signature[i] = KmStructure->KeyManifestSignature.Signature.Signature[i]; + PEI_TRACE((-1, PeiServices, "%02x ", BP->Key_Manifest_Signature[i])); + } + + FoundBPM = 0; + for(i=1; i<FitEntryNumber; i++) { + FitEntry = (FIT_ENTRY*)(FitEntryPointer + i*16); + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : FitEntry->TblType = %x\n", FitEntry->TblType)); + if ( FitEntry->TblType == 0x0C ) { // FIT type 0x0C - Boot Policy Manifest + FoundBPM =1; + break; + } + } + + if ( FoundBPM == 0 ) { + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : Can't find the Boot Guard BPM")); + ASSERT_PEI_ERROR( PeiServices, EFI_NOT_READY ); + } + + BpmStructure = (BpmStruct*)FitEntry->TblAddress; + PEI_TRACE((-1, PeiServices, "\nBpmStructure:\n")); + + for ( i=0; i<256; i++ ) { + if (i % 16 == 0) PEI_TRACE((-1, PeiServices, "\n")); + BP->Boot_Policy_Manifest_Signature[i] = BpmStructure->Bpm_Signature_Element.KeySignature.Signature.Signature[i]; + PEI_TRACE((-1, PeiServices, "%02x ", BP->Boot_Policy_Manifest_Signature[i])); + } + + PEI_TRACE((-1, PeiServices, "\n\nBpmStructure->Digest_of_Hashed_IBB_Segment:\n\n")); + + for ( i=0; i<32; i++ ) { + if (i % 16 == 0) PEI_TRACE((-1, PeiServices, "\n")); + BP->Digest_of_Hashed_IBB_Segment[i] = BpmStructure->Ibb_Element.Digest.HashBuffer[i]; + PEI_TRACE((-1, PeiServices, "%02x ", BP->Digest_of_Hashed_IBB_Segment[i])); + } + + PEI_TRACE((-1, PeiServices, "\n")); + } + + SHA1HashFunc( PeiServices, (UINT8*)BP, u32HashLen, &TcgEvent.Header.Digest ); + + Status = TcgPpi->TCGLogEvent(TcgPpi, PeiServices, (TCG_PCR_EVENT*)&TcgEvent, &EventNum); + + return Status; +} + +/* +EFI_STATUS LogAuthorityPCREvent( + IN EFI_PEI_SERVICES **PeiServices +) +{ + UINT8* pHashData = NULL; + UINT32 u32HashLen = 0; + + EFI_TCG_PCR_EVENT TcgEvent; + UINT32 EventNum; + UINTN Len; + CHAR16 AuthorityPCRStr[] = L"Boot Guard Measured S-CRTM"; + PEI_TPM_PPI *TpmPpi = NULL; + PEI_TCG_PPI *TcgPpi = NULL; + EFI_STATUS Status; + + Len = sizeof(AuthorityPCRStr) < sizeof(EFI_GUID) ? sizeof(AuthorityPCRStr) : sizeof(EFI_GUID); + + TcgEvent.Header.PCRIndex = 6; + TcgEvent.Header.EventType = EV_EFI_VARIABLE_DRIVER_CONFIG; + TcgEvent.Header.EventDataSize = Len; + + MemCpy( + &TcgEvent.Event.SCrtmVersion, + AuthorityPCRStr, + Len + ); + + Status = LocateTcgPpi(PeiServices,&TpmPpi, &TcgPpi); + if(EFI_ERROR(Status))return EFI_NOT_FOUND; + + // On page 45~46. + // The pHashData must be the format . + // SHA-1 { + // 1) One byte containing the lower 8 bit of the BP.RSTR + // 2) One byte contain the lower 8 bits of BP.TYPE + // .... + // 7) One byte indicating status of verified boot. + +// SHA1HashFunc( PeiServices, pHashData, u32HashLen, &TcgEvent.Header.Digest ); + + Status = TcgPpi->TCGLogEvent(TcgPpi, PeiServices, (TCG_PCR_EVENT*)&TcgEvent, &EventNum); + return Status; +} +*/ + +EFI_STATUS +BootGuardMeasureCRTMVersion( + IN EFI_PEI_SERVICES **PeiServices ) +{ + EFI_STATUS Status; + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] Start of BootGuardMeasureCRTMVersion\n")); + + Status = ACM_PostSuccess( PeiServices ); + if( !EFI_ERROR(Status) ) + { + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] Start the LogDetailPCREvent\n")); + Status = LogDetailPCREvent( PeiServices ); + ASSERT_PEI_ERROR( PeiServices, Status ); +// Status = LogAuthorityPCREvent( PeiServices ); +// ASSERT_PEI_ERROR( PeiServices, Status ); + } + + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] End of BootGuardMeasureCRTMVersion\n")); + + return MeasureCRTMVersion( PeiServices ); +} + +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** diff --git a/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.cif b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.cif new file mode 100644 index 0000000..91cf398 --- /dev/null +++ b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.cif @@ -0,0 +1,11 @@ +<component> + name = "BootGuardTPMPei" + category = ModulePart + LocalRoot = "Board\EM\FIT\Pei\BootGuardTPMPei" + RefName = "BootGuardTPMPei" +[files] +"BootGuardTPMPei.c" +"BootGuardTPMPei.h" +"BootGuardTPMPei.sdl" +"BootGuardTPMPei.mak" +<endComponent> diff --git a/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.h b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.h new file mode 100644 index 0000000..5d03aa0 --- /dev/null +++ b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.h @@ -0,0 +1,242 @@ +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** + +//********************************************************************** +// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.h 2 7/25/13 11:03p Bensonlai $ +// +// $Revision: 2 $ +// +// $Date: 7/25/13 11:03p $ +//********************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.h $ +// +// 2 7/25/13 11:03p Bensonlai +// [TAG] EIP130647 +// [Category] Bug Fix +// [Severity] Normal +// [Symptom] Detail PCR is incorrect for Boot Guard. +// [RootCause] Coding error. +// +// 1 6/04/13 5:15a Bensonlai +// [TAG] EIP125148 +// [Category] Spec Update +// [Severity] Normal +// [Description] [SBY ULT] Boot Guard for 4th Gen Intel Core Processor +// based on Mobile U-Processor Line - BIOS Writer's Guide - Rev 1.0 +// [Files] BootGuardTPMPei.cif +// BootGuardTPMPei.c +// BootGuardTPMPei.h +// BootGuardTPMPei.sdl +// BootGuardTPMPei.mak +// +//********************************************************************** +//<AMI_FHDR_START> +// +// Name: BootGuardTPMPei.c +// +// Description: TPM Initialization Flow for Boot Guard +// +//<AMI_FHDR_END> +//********************************************************************** + +#ifndef _BOOT_GUARD_TPM_PEI_H_ +#define _BOOT_GUARD_TPM_PEI_H_ + +// +// Define macros to build data structure signatures from characters. +// +#define EFI_SIGNATURE_16(A, B) ((A) | (B << 8)) +#define EFI_SIGNATURE_32(A, B, C, D) (EFI_SIGNATURE_16 (A, B) | (EFI_SIGNATURE_16 (C, D) << 16)) +#define EFI_SIGNATURE_64(A, B, C, D, E, F, G, H) \ + (EFI_SIGNATURE_32 (A, B, C, D) | ((UINT64) (EFI_SIGNATURE_32 (E, F, G, H)) << 32)) + +#define IBB_ENTRYPOINT_M 0xFFFFFFC0 +#define ACM_STATUS 0xFED30328 + +// The LocateTcgPPi(...) entry is call the AmiTcgPlatformPeiLib.obj +EFI_STATUS LocateTcgPpi( + IN EFI_PEI_SERVICES **PeiServices, + IN PEI_TPM_PPI **gTpmDevicePpi, + IN PEI_TCG_PPI **gTcgPpi +); + +#pragma pack(1) +typedef struct _TCG_PEI_CALLBACK_CONTEXT +{ + PEI_TPM_PPI *TpmDevice; + EFI_PEI_SERVICES **PeiServices; +} TCG_PEI_CALLBACK_CONTEXT; + +typedef struct _BOOT_POLICY +{ + UINT8 RSTR0:1; + UINT8 RSTR1:1; + UINT8 RSTR2:1; + UINT8 RSTR3:1; + UINT8 RSTR4:1; + UINT8 RSTR5:1; + UINT8 RSTR6:1; + UINT8 RSTR7:1; + UINT8 TYPE0:1; + UINT8 TYPE1:1; + UINT8 TYPE2:1; + UINT8 TYPE3:1; + UINT8 TYPE4:1; + UINT8 TYPE5:1; + UINT8 TYPE6:1; + UINT8 TYPE7:1; + UINT16 ACM_SVN; + UINT8 ACM_Signature[256]; + UINT8 Key_Manifest_Signature[256]; + UINT8 Boot_Policy_Manifest_Signature[256]; + UINT8 Digest_of_Hashed_IBB_Segment[32]; +} BOOT_POLICY; + +typedef struct _FIT_ENTRY +{ + UINT64 TblAddress; + UINT32 TblSIZE; + UINT16 TblVer; + UINT8 TblType; + UINT8 TblChkSum; +} FIT_ENTRY; + +// +// Manifest definition +// +#define TPM_ALG_SHA1 0x4 +#define TPM_ALG_SHA256 0xB +#define SHA1_DIGEST_SIZE 20 +#define SHA256_DIGEST_SIZE 32 + +typedef struct { + UINT16 HashAlg; + UINT16 Size; + UINT8 HashBuffer[SHA256_DIGEST_SIZE]; +} HASH_STRUCTURE; + +#define RSA_PUBLIC_KEY_STRUCT_KEY_SIZE_DEFAULT 2048 +#define RSA_PUBLIC_KEY_STRUCT_KEY_LEN_DEFAULT (RSA_PUBLIC_KEY_STRUCT_KEY_SIZE_DEFAULT/8) +#define RSA_PUBLIC_KEY_STRUCT_KEY_EXPONENT_DEFAULT 0x10001 // NOT 0x10001 +typedef struct { + UINT8 Version; + UINT16 KeySize; + UINT32 Exponent; + UINT8 Modulus[RSA_PUBLIC_KEY_STRUCT_KEY_LEN_DEFAULT]; +} RSA_PUBLIC_KEY_STRUCT; + +#define RSASSA_SIGNATURE_STRUCT_KEY_SIZE_DEFAULT 2048 +#define RSASSA_SIGNATURE_STRUCT_KEY_LEN_DEFAULT (RSASSA_SIGNATURE_STRUCT_KEY_SIZE_DEFAULT/8) +typedef struct { + UINT8 Version; + UINT16 KeySize; + UINT16 HashAlg; + UINT8 Signature[RSASSA_SIGNATURE_STRUCT_KEY_LEN_DEFAULT]; +} RSASSA_SIGNATURE_STRUCT; + +typedef struct { + UINT8 Version; + UINT16 KeyAlg; + RSA_PUBLIC_KEY_STRUCT Key; + UINT16 SigScheme; + RSASSA_SIGNATURE_STRUCT Signature; +} KEY_SIGNATURE_STRUCT; + +typedef struct { + UINT8 StructureID[8]; + UINT8 StructVersion; + UINT8 HdrStructVersion; + UINT8 PMBPMVersion; + UINT8 BPSVN_BPM; + UINT8 ACMSVN_BPM; + UINT8 Reserved; + UINT16 NEMDataStack; +} BOOT_POLICY_MANIFEST_HEADER; + +typedef struct { + UINT16 Reserved; + UINT16 Flags; + UINT32 Base; + UINT32 Size; +} IBB_SEGMENT_ELEMENT; + +typedef struct { + UINT8 StructureID[8]; + UINT8 StructVersion; + UINT8 SetNumber; + UINT8 Reserved; + UINT8 PBETValue; + UINT32 Flags; + UINT64 IBB_MCHBAR; + UINT64 VTD_BAR; + UINT32 PMRL_Base; + UINT32 PMRL_Limit; + UINT64 PMRH_Base; + UINT64 PMRH_Limit; + HASH_STRUCTURE PostIbbHash; + UINT32 EntryPoint; + HASH_STRUCTURE Digest; + UINT8 SegmentCount; // 1 ~ 8 + IBB_SEGMENT_ELEMENT IBBSegment[1]; +} IBB_ELEMENT; + +typedef struct { + UINT8 StructureID[8]; + UINT8 StructVersion; + UINT16 PMDataSize; +//UINT8 PMData[PMDataSize]; +} PLATFORM_MANUFACTURER_ELEMENT; + +typedef struct { + UINT8 StructureID[8]; + UINT8 StructVersion; + KEY_SIGNATURE_STRUCT KeySignature; +} BOOT_POLICY_MANIFEST_SIGNATURE_ELEMENT; + +typedef struct { + BOOT_POLICY_MANIFEST_HEADER Bpm_Header; + IBB_ELEMENT Ibb_Element; + //PLATFORM_MANUFACTURER_ELEMENT Platform_Manufacture_Element; + BOOT_POLICY_MANIFEST_SIGNATURE_ELEMENT Bpm_Signature_Element; +} BpmStruct; + +typedef struct { + UINT8 StructureID[8]; + UINT8 StructVersion; + UINT8 KeyManifestVersion; + UINT8 KMSVN; + UINT8 KeyManifestID; + HASH_STRUCTURE BPKey; + KEY_SIGNATURE_STRUCT KeyManifestSignature; +} KEY_MANIFEST_STRAUCTURE; + +#pragma pack() + +#endif + +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** diff --git a/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.mak b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.mak new file mode 100644 index 0000000..0967d28 --- /dev/null +++ b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.mak @@ -0,0 +1,50 @@ +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 6145-F Northbelt Pkwy, Norcross, GA 30071 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** + +#********************************************************************** +#<AMI_FHDR_START> +# +# Name: BootGuardTPMPei.mak +# +# Description: TPM Initialization Flow for Boot Guard +# +#<AMI_FHDR_END> +#********************************************************************** + +TCG_FILE_INCLUDE=\ + /I$(TcgPlatformSetupPeiPolicy_DIR)\ + /I$(TCG_DIR)\ + /I$(AMI_TCG_PLATFORM_PEI_DIR) + +AMI_TCG_LIB_OBJECTS = $(AMI_TCG_LIB_OBJECTS) \ +$(BUILD)\BootGuardTPMPei.obj + +Make_AMITTCG_LIB : $(BUILD_DIR)\BootGuardTPMPei.obj + +$(BUILD_DIR)\BootGuardTPMPei.obj : $(BootGuardTPMPei_PATH)\BootGuardTPMPei.c + $(CC) $(CFLAGS) /I$(PROJECT_DIR) /I$(PROJECT_DIR)\Include $(TCG_FILE_INCLUDE) $(PROJECT_CPU_INCLUDES) /Fo$(BUILD_DIR)\BootGuardTPMPei.obj $(BootGuardTPMPei_PATH)\BootGuardTPMPei.c + +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 6145-F Northbelt Pkwy, Norcross, GA 30071 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** diff --git a/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.sdl b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.sdl new file mode 100644 index 0000000..e2c81a1 --- /dev/null +++ b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.sdl @@ -0,0 +1,96 @@ +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** + +#********************************************************************** +# $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.sdl 3 10/29/13 5:18a Bensonlai $ +# +# $Revision: 3 $ +# +# $Date: 10/29/13 5:18a $ +#********************************************************************** +# Revision History +# ---------------- +# $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.sdl $ +# +# 3 10/29/13 5:18a Bensonlai +# +# 2 9/06/13 6:10a Bensonlai +# [TAG] EIP135513 +# [Category] Improvement +# [Description] Support the TPM1.2 for WHCK test +# +# 1 6/04/13 5:15a Bensonlai +# [TAG] EIP125148 +# [Category] Spec Update +# [Severity] Normal +# [Description] [SBY ULT] Boot Guard for 4th Gen Intel Core Processor +# based on Mobile U-Processor Line - BIOS Writer's Guide - Rev 1.0 +# [Files] BootGuardTPMPei.cif +# BootGuardTPMPei.c +# BootGuardTPMPei.h +# BootGuardTPMPei.sdl +# BootGuardTPMPei.mak +# +#********************************************************************** +#<AMI_FHDR_START> +# +# Name: BootGuardTPMPei.sdl +# +# Description: SDL file for BootGuardTPMPei +# +#<AMI_FHDR_END> +#********************************************************************** + +TOKEN + Name = "BootGuardTPMPei_SUPPORT" + Value = "1" + Help = "Main switch to enable BootGuardTPMPei support in Project" + TokenType = Boolean + TargetEQU = Yes + TargetMAK = Yes + Master = Yes + Token = "TCG_SUPPORT" "=" "1" + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +PATH + Name = "BootGuardTPMPei_PATH" +End + +MODULE + File = "BootGuardTPMPei.mak" + Help = "Includes BootGuardTPMPei.mak to Project" +End + +TOKEN + Name = "MEASURE_CRTM_VERSION_PEI_FUNCTION" + Value = "BootGuardMeasureCRTMVersion" + Help = "Function to measure crtm version. Input:EFI_PEI_SERVICES **. AMI function Modified Pcr 0" + TokenType = Expression + TargetH = Yes +End + +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** diff --git a/Board/EM/FIT/Pei/OpensslLib.lib b/Board/EM/FIT/Pei/OpensslLib.lib Binary files differnew file mode 100644 index 0000000..290a4fa --- /dev/null +++ b/Board/EM/FIT/Pei/OpensslLib.lib diff --git a/Board/EM/FIT/Pei/PeiCryptLib.lib b/Board/EM/FIT/Pei/PeiCryptLib.lib Binary files differnew file mode 100644 index 0000000..b05426c --- /dev/null +++ b/Board/EM/FIT/Pei/PeiCryptLib.lib diff --git a/Board/EM/FIT/ReBuildFIT.bat b/Board/EM/FIT/ReBuildFIT.bat new file mode 100644 index 0000000..4a694d0 --- /dev/null +++ b/Board/EM/FIT/ReBuildFIT.bat @@ -0,0 +1 @@ +FITUtil.exe BIOS.rom 0
\ No newline at end of file diff --git a/Board/EM/FIT/ReserveBootGuardFvMainHashKey.bin b/Board/EM/FIT/ReserveBootGuardFvMainHashKey.bin new file mode 100644 index 0000000..2d30da2 --- /dev/null +++ b/Board/EM/FIT/ReserveBootGuardFvMainHashKey.bin @@ -0,0 +1 @@ +ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
\ No newline at end of file diff --git a/Board/EM/FIT/ReserveBootGuardSigningServer.bin b/Board/EM/FIT/ReserveBootGuardSigningServer.bin new file mode 100644 index 0000000..a56146f --- /dev/null +++ b/Board/EM/FIT/ReserveBootGuardSigningServer.bin @@ -0,0 +1 @@ +ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
\ No newline at end of file diff --git a/Board/EM/FIT/ReserveBpmTable.bin b/Board/EM/FIT/ReserveBpmTable.bin Binary files differnew file mode 100644 index 0000000..08e7df1 --- /dev/null +++ b/Board/EM/FIT/ReserveBpmTable.bin diff --git a/Board/EM/FIT/ReserveKmTable.bin b/Board/EM/FIT/ReserveKmTable.bin Binary files differnew file mode 100644 index 0000000..08e7df1 --- /dev/null +++ b/Board/EM/FIT/ReserveKmTable.bin diff --git a/Board/EM/FIT/Smm/FitHook.c b/Board/EM/FIT/Smm/FitHook.c new file mode 100644 index 0000000..303b640 --- /dev/null +++ b/Board/EM/FIT/Smm/FitHook.c @@ -0,0 +1,113 @@ +//************************************************************************* +//************************************************************************* +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//************************************************************************* +//************************************************************************* + +//***************************************************************************** +// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Smm/FitHook.c 1 7/03/13 10:06p Bensonlai $ +// +// $Revision: 1 $ +// +// $Date: 7/03/13 10:06p $ +//***************************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Smm/FitHook.c $ +// +// 1 7/03/13 10:06p Bensonlai +// [TAG] EIP128151 +// [Category] Improvement +// [Description] Implement an option(/b) to flash FV_DATA region uisng +// AFU flash utility. +// [Files] FitHook.cif +// FitHook.c +// FitHook.sdl +// FitHook.mak +// +//***************************************************************************** +//<AMI_FHDR_START> +// +// Name: FitHook.c +// +// Description: SW SMI hook. +// +//<AMI_FHDR_END> +//***************************************************************************** + +#include <AmiDxeLib.h> +#include <Protocol/SmiFlash.h> +#include "token.h" + +#define FLASH_DEVICE_BASE_ADDRESS (0xFFFFFFFF-FLASH_SIZE+1) +#define FV_DATA_BLOCK_ADDRESS (FV_DATA_BASE-FLASH_DEVICE_BASE_ADDRESS) +#define FV_DATA_BLOCK_END (FV_DATA_BLOCK_ADDRESS+FV_DATA_SIZE) +#define FV_DATA_TABLE_OFFSET (0xFFFFFFFF-FV_DATA_BASE+1) + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// +// Procedure: AppendFvDataToAFU_UpdateBlockTypeId +// +// Description: This function is SW SMI hook that sets Flash Block Description +// type for AMI AFU utility. (EIP#58139) +// +// Input: +// SwSmiNum - SW SMI value number +// Buffer - Flash descriptor address +// +// Output: VOID +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> + +VOID AppendFvDataToAFU_UpdateBlockTypeId ( + IN UINT8 SwSmiNum, + IN UINT64 Buffer ) +{ + BLOCK_DESC *BlockDesc; + UINTN i; + + // return if SW SMI value is not "Get Flash Info" + if (SwSmiNum != SMIFLASH_GET_FLASH_INFO) + return; + + BlockDesc = (BLOCK_DESC*)&((INFO_BLOCK*)Buffer)->Blocks; + + for (i = 0; i < ((INFO_BLOCK*)Buffer)->TotalBlocks; i++) { + + TRACE((TRACE_ALWAYS,"AppendFvDataToAFU_UpdateBlockTypeId: %08X(%08X), Block %08X\n", FV_DATA_BLOCK_ADDRESS, FV_DATA_BLOCK_END, BlockDesc[i].StartAddress)); + + if (BlockDesc[i].StartAddress < FV_DATA_BLOCK_ADDRESS) + continue; + + if (BlockDesc[i].StartAddress >= FV_DATA_BLOCK_END) + continue; + + TRACE((TRACE_ALWAYS,"AppendFvDataToAFU_UpdateBlockTypeId: Found Blocks %08X\n",BlockDesc[i].StartAddress)); + + BlockDesc[i].Type = BOOT_BLOCK; + } +} + +//************************************************************************* +//************************************************************************* +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//************************************************************************* +//************************************************************************* diff --git a/Board/EM/FIT/Smm/FitHook.cif b/Board/EM/FIT/Smm/FitHook.cif new file mode 100644 index 0000000..50c2dc7 --- /dev/null +++ b/Board/EM/FIT/Smm/FitHook.cif @@ -0,0 +1,12 @@ +<component> + name = "FitHook" + category = ModulePart + LocalRoot = "Board\EM\FIT\Smm" + RefName = "FitHook" + +[files] +"FitHook.c" +"FitHook.sdl" +"FitHook.mak" + +<endComponent> diff --git a/Board/EM/FIT/Smm/FitHook.mak b/Board/EM/FIT/Smm/FitHook.mak new file mode 100644 index 0000000..78b432e --- /dev/null +++ b/Board/EM/FIT/Smm/FitHook.mak @@ -0,0 +1,77 @@ +#************************************************************************* +#************************************************************************* +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#************************************************************************* +#************************************************************************* + +#************************************************************************* +# $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Smm/FitHook.mak 1 7/03/13 10:06p Bensonlai $ +# +# $Revision: 1 $ +# +# $Date: 7/03/13 10:06p $ +#************************************************************************* +# Revision History +# ---------------- +# $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Smm/FitHook.mak $ +# +# 1 7/03/13 10:06p Bensonlai +# [TAG] EIP128151 +# [Category] Improvement +# [Description] Implement an option(/b) to flash FV_DATA region uisng +# AFU flash utility. +# [Files] FitHook.cif +# FitHook.c +# FitHook.sdl +# FitHook.mak +# +#************************************************************************* +#<AMI_FHDR_START> +# +# Name: FitHook.mak +# +# Description: Make file for FitHook eModule. +# +#<AMI_FHDR_END> +#************************************************************************* + +all : FitHook + +FitHook : $(BUILD_DIR)\FitHook.mak FitHookBin + +$(BUILD_DIR)\FitHook.mak : $(FIT_HOOK_PATH)\$(@B).cif $(FIT_HOOK_PATH)\$(@B).mak $(BUILD_RULES) + $(CIF2MAK) $(FIT_HOOK_PATH)\$(@B).cif $(CIF2MAK_DEFAULTS) + +FitHookObjs = $(BUILD_DIR)\$(FIT_HOOK_PATH)\FitHook.obj + +FitHookBin : $(AMIDXELIB) + $(MAKE) /$(MAKEFLAGS) $(BUILD_DEFAULTS)\ + /f $(BUILD_DIR)\FitHook.mak all\ + "CFLAGS=$(CFLAGS:/W4=/W3) /I$(OFBD_DIR)" \ + OBJECTS="$(FitHookObjs)" \ + NAME=FitHook \ + TYPE=LIBRARY LIBRARY_NAME=$(FIT_HOOK_LIB) + +$(FIT_HOOK_LIB) : FitHook + +#************************************************************************* +#************************************************************************* +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#************************************************************************* +#************************************************************************* diff --git a/Board/EM/FIT/Smm/FitHook.sdl b/Board/EM/FIT/Smm/FitHook.sdl new file mode 100644 index 0000000..d8af9f7 --- /dev/null +++ b/Board/EM/FIT/Smm/FitHook.sdl @@ -0,0 +1,94 @@ +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** +# $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Smm/FitHook.sdl 2 7/26/13 1:18a Bensonlai $ +# +# $Revision: 2 $ +# +# $Date: 7/26/13 1:18a $ +# +# $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Smm/FitHook.sdl $ +# +# 2 7/26/13 1:18a Bensonlai +# +# 1 7/03/13 10:06p Bensonlai +# [TAG] EIP128151 +# [Category] Improvement +# [Description] Implement an option(/b) to flash FV_DATA region uisng +# AFU flash utility. +# [Files] FitHook.cif +# FitHook.c +# FitHook.sdl +# FitHook.mak +# +#********************************************************************** +#<AMI_FHDR_START> +# +# Name: FitHook.sdl +# +# Description: SDL file for FitHook +# +#<AMI_FHDR_END> +#********************************************************************** + +TOKEN + Name = "FIT_HOOK_SUPPORT" + Value = "1" + TokenType = Boolean + TargetEQU = Yes + TargetMAK = Yes + TargetH = Yes + Master = Yes + Help = "Main switch to enable FitHook support in Project" +End + +MODULE + Help = "Includes FitHook.mak to Project" + File = "FitHook.mak" +End + +PATH + Name = "FIT_HOOK_PATH" +End + +ELINK + Name = "AppendFvDataToAFU_UpdateBlockTypeId," + Parent = "SMIFlashEndHandlerList" + InvokeOrder = AfterParent +End + +TOKEN + Name = "FIT_HOOK_LIB" + Value = "$(BUILD_DIR)\FitHook.lib" + TokenType = Expression + TargetMAK = Yes +End + +ELINK + Name = "$(BUILD_DIR)\FitHook.lib" + Parent = "PRESERVE_LIB" + InvokeOrder = AfterParent +End + +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** diff --git a/Board/EM/FIT/keygen.exe b/Board/EM/FIT/keygen.exe Binary files differnew file mode 100644 index 0000000..7367328 --- /dev/null +++ b/Board/EM/FIT/keygen.exe |