summaryrefslogtreecommitdiff
path: root/Board/EM/FIT
diff options
context:
space:
mode:
authorraywu <raywu0301@gmail.com>2018-06-15 00:00:50 +0800
committerraywu <raywu0301@gmail.com>2018-06-15 00:00:50 +0800
commitb7c51c9cf4864df6aabb99a1ae843becd577237c (patch)
treeeebe9b0d0ca03062955223097e57da84dd618b9a /Board/EM/FIT
downloadzprj-b7c51c9cf4864df6aabb99a1ae843becd577237c.tar.xz
init. 1AQQW051HEADmaster
Diffstat (limited to 'Board/EM/FIT')
-rw-r--r--Board/EM/FIT/Boot_Guard_ACM_Rev1_1_PC_ES.binbin0 -> 32768 bytes
-rw-r--r--Board/EM/FIT/Boot_Guard_ACM_Rev1_2_PC_QS.binbin0 -> 32768 bytes
-rw-r--r--Board/EM/FIT/Boot_Guard_ACM_Rev1_2_PV_QS.binbin0 -> 32768 bytes
-rw-r--r--Board/EM/FIT/BpmKmGen.exebin0 -> 76800 bytes
-rw-r--r--Board/EM/FIT/CryptoCon.exebin0 -> 126976 bytes
-rw-r--r--Board/EM/FIT/CutRom.exebin0 -> 59392 bytes
-rw-r--r--Board/EM/FIT/Dxe/BootGuardDxe.c186
-rw-r--r--Board/EM/FIT/Dxe/BootGuardDxe.cif12
-rw-r--r--Board/EM/FIT/Dxe/BootGuardDxe.dxs71
-rw-r--r--Board/EM/FIT/Dxe/BootGuardDxe.h114
-rw-r--r--Board/EM/FIT/Dxe/BootGuardDxe.mak122
-rw-r--r--Board/EM/FIT/Dxe/BootGuardDxe.sdl95
-rw-r--r--Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.c350
-rw-r--r--Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.cif11
-rw-r--r--Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.h276
-rw-r--r--Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.mak46
-rw-r--r--Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.sdl91
-rw-r--r--Board/EM/FIT/FITUtil.exebin0 -> 69120 bytes
-rw-r--r--Board/EM/FIT/Fit.chmbin0 -> 80120 bytes
-rw-r--r--Board/EM/FIT/Fit.cif31
-rw-r--r--Board/EM/FIT/Fit.mak292
-rw-r--r--Board/EM/FIT/Fit.sdl390
-rw-r--r--Board/EM/FIT/FitTable.asm66
-rw-r--r--Board/EM/FIT/Pei/BootGuardPei.c285
-rw-r--r--Board/EM/FIT/Pei/BootGuardPei.cif14
-rw-r--r--Board/EM/FIT/Pei/BootGuardPei.dxs76
-rw-r--r--Board/EM/FIT/Pei/BootGuardPei.h182
-rw-r--r--Board/EM/FIT/Pei/BootGuardPei.mak119
-rw-r--r--Board/EM/FIT/Pei/BootGuardPei.sdl96
-rw-r--r--Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.c469
-rw-r--r--Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.cif11
-rw-r--r--Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.h242
-rw-r--r--Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.mak50
-rw-r--r--Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.sdl96
-rw-r--r--Board/EM/FIT/Pei/OpensslLib.libbin0 -> 132502 bytes
-rw-r--r--Board/EM/FIT/Pei/PeiCryptLib.libbin0 -> 115966 bytes
-rw-r--r--Board/EM/FIT/ReBuildFIT.bat1
-rw-r--r--Board/EM/FIT/ReserveBootGuardFvMainHashKey.bin1
-rw-r--r--Board/EM/FIT/ReserveBootGuardSigningServer.bin1
-rw-r--r--Board/EM/FIT/ReserveBpmTable.binbin0 -> 4096 bytes
-rw-r--r--Board/EM/FIT/ReserveKmTable.binbin0 -> 4096 bytes
-rw-r--r--Board/EM/FIT/Smm/FitHook.c113
-rw-r--r--Board/EM/FIT/Smm/FitHook.cif12
-rw-r--r--Board/EM/FIT/Smm/FitHook.mak77
-rw-r--r--Board/EM/FIT/Smm/FitHook.sdl94
-rw-r--r--Board/EM/FIT/keygen.exebin0 -> 122880 bytes
46 files changed, 4092 insertions, 0 deletions
diff --git a/Board/EM/FIT/Boot_Guard_ACM_Rev1_1_PC_ES.bin b/Board/EM/FIT/Boot_Guard_ACM_Rev1_1_PC_ES.bin
new file mode 100644
index 0000000..93da68e
--- /dev/null
+++ b/Board/EM/FIT/Boot_Guard_ACM_Rev1_1_PC_ES.bin
Binary files differ
diff --git a/Board/EM/FIT/Boot_Guard_ACM_Rev1_2_PC_QS.bin b/Board/EM/FIT/Boot_Guard_ACM_Rev1_2_PC_QS.bin
new file mode 100644
index 0000000..d495bd9
--- /dev/null
+++ b/Board/EM/FIT/Boot_Guard_ACM_Rev1_2_PC_QS.bin
Binary files differ
diff --git a/Board/EM/FIT/Boot_Guard_ACM_Rev1_2_PV_QS.bin b/Board/EM/FIT/Boot_Guard_ACM_Rev1_2_PV_QS.bin
new file mode 100644
index 0000000..88ff342
--- /dev/null
+++ b/Board/EM/FIT/Boot_Guard_ACM_Rev1_2_PV_QS.bin
Binary files differ
diff --git a/Board/EM/FIT/BpmKmGen.exe b/Board/EM/FIT/BpmKmGen.exe
new file mode 100644
index 0000000..b0b6de9
--- /dev/null
+++ b/Board/EM/FIT/BpmKmGen.exe
Binary files differ
diff --git a/Board/EM/FIT/CryptoCon.exe b/Board/EM/FIT/CryptoCon.exe
new file mode 100644
index 0000000..5ce7893
--- /dev/null
+++ b/Board/EM/FIT/CryptoCon.exe
Binary files differ
diff --git a/Board/EM/FIT/CutRom.exe b/Board/EM/FIT/CutRom.exe
new file mode 100644
index 0000000..910e46c
--- /dev/null
+++ b/Board/EM/FIT/CutRom.exe
Binary files differ
diff --git a/Board/EM/FIT/Dxe/BootGuardDxe.c b/Board/EM/FIT/Dxe/BootGuardDxe.c
new file mode 100644
index 0000000..4c4ccb0
--- /dev/null
+++ b/Board/EM/FIT/Dxe/BootGuardDxe.c
@@ -0,0 +1,186 @@
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardDxe.c 1 2/25/13 1:11a Bensonlai $
+//
+// $Revision: 1 $
+//
+// $Date: 2/25/13 1:11a $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardDxe.c $
+//
+// 1 2/25/13 1:11a Bensonlai
+// [TAG] EIP114386
+// [Category] Spec Update
+// [Severity] Important
+// [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard
+// for 4th Gen Intel Core Processor based on Mobile U-Processor Line -
+// BIOS Writer's Guide - Rev 0.8.1
+// [Files] BootGuardDxe.cif
+// BootGuardDxe.c
+// BootGuardDxe.h
+// BootGuardDxe.sdl
+// BootGuardDxe.dxs
+// BootGuardDxe.mak
+//
+//**********************************************************************
+//<AMI_FHDR_START>
+//
+// Name: BootGuardDxe.c
+//
+// Description: Chain of trust for Dxe
+//
+//<AMI_FHDR_END>
+//**********************************************************************
+
+#include "BootGuardDxe.h"
+
+VOID
+BootGuardDxeCallback (
+ IN EFI_EVENT Event,
+ IN VOID *Context
+)
+{
+ EFI_INPUT_KEY Key;
+ EFI_STATUS Status;
+
+ gST->ConOut->ClearScreen (gST->ConOut);
+
+ gST->ConOut->OutputString (
+ gST->ConOut,
+ L"Anchor Cove verified DXE that is fail\n\r"
+ );
+
+ gST->ConOut->OutputString (
+ gST->ConOut,
+ L"System will shutdown\n\r"
+ );
+
+ gST->ConOut->OutputString (
+ gST->ConOut,
+ L"Press any key\n\r"
+ );
+
+ do {
+ Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);
+ } while (Status != EFI_SUCCESS);
+
+ gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL);
+ EFI_DEADLOOP ();
+
+ gBS->CloseEvent (Event);
+}
+
+VOID
+BootGuardDxeRegisterCallBack (
+ VOID
+)
+{
+ EFI_EVENT Event;
+ VOID *NotifyReg;
+ EFI_STATUS Status;
+
+ Status = gBS->CreateEvent (
+ EFI_EVENT_NOTIFY_SIGNAL,
+ EFI_TPL_CALLBACK,
+ BootGuardDxeCallback,
+ NULL,
+ &Event
+ );
+
+ if ( EFI_ERROR(Status) ) {
+ ASSERT_EFI_ERROR (Status);
+ return;
+ }
+
+ Status = gBS->RegisterProtocolNotify (
+ &gNotifyProtocolGuid ,
+ Event,
+ &NotifyReg
+ );
+
+ if ( EFI_ERROR(Status) ) {
+ ASSERT_EFI_ERROR (Status);
+ return;
+ }
+
+ return;
+}
+
+EFI_STATUS
+BootGuardDxeEntryPoint (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+)
+{
+ EFI_GUID AmiBootGuardHobGuid = AMI_ANCHOR_COVE_HOB_GUID;
+ AMI_ANCHOR_COVE_HOB *AmiBootGuardHobPtr;
+ PCH_SERIES PchSeries = GetPchSeries();
+ EFI_BOOT_MODE BootMode;
+ EFI_PEI_HOB_POINTERS HobList;
+
+ if ( PchSeries != PchLp ) {
+ return EFI_SUCCESS;
+ }
+
+ if ( IsBootGuardSupported() == FALSE ) {
+ return EFI_SUCCESS;
+ }
+
+ DEBUG ((EFI_D_INFO, "[BootGuardDxe.c] : Entry Point...\n"));
+
+ //
+ // Check Boot Type
+ //
+ EfiGetSystemConfigurationTable (&gEfiHobListGuid, (VOID **) &HobList.Raw);
+ if (HobList.Header->HobType != EFI_HOB_TYPE_HANDOFF) {
+ DEBUG ((EFI_D_ERROR, "[BootGuardDxe.c] : Get HOB fail\n"));
+ return EFI_SUCCESS;
+ }
+
+ BootMode = HobList.HandoffInformationTable->BootMode;
+ if ( BootMode == BOOT_IN_RECOVERY_MODE ) {
+ DEBUG ((EFI_D_ERROR, "[BootGuardDxe.c] : In the BOOT_IN_RECOVERY_MODE\n"));
+ return EFI_SUCCESS;
+ }
+
+ AmiBootGuardHobPtr = GetFirstGuidHob (&AmiBootGuardHobGuid);
+ if (AmiBootGuardHobPtr == NULL) {
+ DEBUG ((EFI_D_ERROR, "[BootGuardDxe.c] : AmiBootGuard DXE Hob not available\n"));
+ return EFI_NOT_FOUND;
+ }
+
+ if ( AmiBootGuardHobPtr->AmiBootGuardVerificationforPEItoDXEFlag == 0 ) {
+ BootGuardDxeRegisterCallBack();
+ }
+
+ DEBUG ((EFI_D_INFO, "[BootGuardDxe.c] : Entry End...\n"));
+
+ return EFI_SUCCESS;
+}
+
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
diff --git a/Board/EM/FIT/Dxe/BootGuardDxe.cif b/Board/EM/FIT/Dxe/BootGuardDxe.cif
new file mode 100644
index 0000000..ea40b8e
--- /dev/null
+++ b/Board/EM/FIT/Dxe/BootGuardDxe.cif
@@ -0,0 +1,12 @@
+<component>
+ name = "BootGuardDxe"
+ category = ModulePart
+ LocalRoot = "Board\EM\FIT\Dxe"
+ RefName = "BootGuardDxe"
+[files]
+"BootGuardDxe.c"
+"BootGuardDxe.h"
+"BootGuardDxe.sdl"
+"BootGuardDxe.dxs"
+"BootGuardDxe.mak"
+<endComponent>
diff --git a/Board/EM/FIT/Dxe/BootGuardDxe.dxs b/Board/EM/FIT/Dxe/BootGuardDxe.dxs
new file mode 100644
index 0000000..2034306
--- /dev/null
+++ b/Board/EM/FIT/Dxe/BootGuardDxe.dxs
@@ -0,0 +1,71 @@
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardDxe.dxs 1 2/25/13 1:11a Bensonlai $
+//
+// $Revision: 1 $
+//
+// $Date: 2/25/13 1:11a $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardDxe.dxs $
+//
+// 1 2/25/13 1:11a Bensonlai
+// [TAG] EIP114386
+// [Category] Spec Update
+// [Severity] Important
+// [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard
+// for 4th Gen Intel Core Processor based on Mobile U-Processor Line -
+// BIOS Writer's Guide - Rev 0.8.1
+// [Files] BootGuardDxe.cif
+// BootGuardDxe.c
+// BootGuardDxe.h
+// BootGuardDxe.sdl
+// BootGuardDxe.dxs
+// BootGuardDxe.mak
+//
+//**********************************************************************
+//<AMI_FHDR_START>
+//
+// Name: BootGuardDxe.dxs
+//
+// Description: Dependency expression file for BootGuardDxe Driver.
+//
+//<AMI_FHDR_END>
+//**********************************************************************
+
+#include "AutoGen.h"
+#include "DxeDepex.h"
+#if defined (BUILD_WITH_GLUELIB) || defined (BUILD_WITH_EDKII_GLUE_LIB)
+#include "EfiDepex.h"
+#include EFI_ARCH_PROTOCOL_DEFINITION (Variable)
+#endif
+
+DEPENDENCY_START
+ EFI_VARIABLE_ARCH_PROTOCOL_GUID
+DEPENDENCY_END
+
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
diff --git a/Board/EM/FIT/Dxe/BootGuardDxe.h b/Board/EM/FIT/Dxe/BootGuardDxe.h
new file mode 100644
index 0000000..a5d49a7
--- /dev/null
+++ b/Board/EM/FIT/Dxe/BootGuardDxe.h
@@ -0,0 +1,114 @@
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardDxe.h 2 3/07/13 5:41a Bensonlai $
+//
+// $Revision: 2 $
+//
+// $Date: 3/07/13 5:41a $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardDxe.h $
+//
+// 2 3/07/13 5:41a Bensonlai
+// [TAG] EIP117307
+// [Category] Improvement
+// [Description] [Boot Guard] Implementation of speed up the post time
+// for Chain of Trust
+// [Files] BootGuardDxe.h, BootGuardPei.c, BootGuardPei.h,
+// BpmKmGen.exe, ReserveBootGuardFvMainHashKey.bin
+//
+// 1 2/25/13 1:11a Bensonlai
+// [TAG] EIP114386
+// [Category] Spec Update
+// [Severity] Important
+// [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard
+// for 4th Gen Intel Core Processor based on Mobile U-Processor Line -
+// BIOS Writer's Guide - Rev 0.8.1
+// [Files] BootGuardDxe.cif
+// BootGuardDxe.c
+// BootGuardDxe.h
+// BootGuardDxe.sdl
+// BootGuardDxe.dxs
+// BootGuardDxe.mak
+//
+//**********************************************************************
+//<AMI_FHDR_START>
+//
+// Name: BootGuardDxe.h
+//
+// Description: Header file for BootGuardDxe
+//
+//<AMI_FHDR_END>
+//**********************************************************************
+
+#ifndef _BootGuardDxe_H_
+#define _BootGuardDxe_H_
+
+#if !defined(EDK_RELEASE_VERSION) || (EDK_RELEASE_VERSION < 0x00020000)
+#include "EdkIIGlueDxe.h"
+#include "CpuAccess.h"
+#include "PchAccess.h"
+#include "PchPlatformLib.h"
+#include "BootGuardLibrary.h"
+#include <token.h>
+#endif
+
+#define BDS_ALL_DRIVERS_CONNECTED_PROTOCOL_GUID \
+ { 0xdbc9fd21, 0xfad8, 0x45b0, 0x9e, 0x78, 0x27, 0x15, 0x88, 0x67, 0xcc, 0x93 }
+
+EFI_GUID gNotifyProtocolGuid = BDS_ALL_DRIVERS_CONNECTED_PROTOCOL_GUID;
+
+//
+// GUID for the AMI_ANCHOR_COVE Module
+//
+#if !defined(EDK_RELEASE_VERSION) || (EDK_RELEASE_VERSION < 0x00020000)
+#define AMI_ANCHOR_COVE_HOB_GUID \
+ { \
+ 0xb60ab175, 0x498d, 0x429d, 0xad, 0xba, 0xa, 0x62, 0x2c, 0x58, 0x16, 0xe2 \
+ }
+#else
+#define AMI_ANCHOR_COVE_HOB_GUID \
+ { \
+ 0xb60ab175, 0x498d, 0x429d, \
+ { \
+ 0xad, 0xba, 0xa, 0x62, 0x2c, 0x58, 0x16, 0xe2 \
+ } \
+ }
+#endif
+
+#pragma pack (1)
+
+typedef struct {
+ EFI_HOB_GUID_TYPE EfiHobGuidType;
+ UINT8 AmiBootGuardVerificationforPEItoDXEFlag;
+} AMI_ANCHOR_COVE_HOB;
+
+#pragma pack ()
+
+#endif
+
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
diff --git a/Board/EM/FIT/Dxe/BootGuardDxe.mak b/Board/EM/FIT/Dxe/BootGuardDxe.mak
new file mode 100644
index 0000000..72c3c26
--- /dev/null
+++ b/Board/EM/FIT/Dxe/BootGuardDxe.mak
@@ -0,0 +1,122 @@
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
+# $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardDxe.mak 1 2/25/13 1:11a Bensonlai $
+#
+# $Revision: 1 $
+#
+# $Date: 2/25/13 1:11a $
+#**********************************************************************
+# Revision History
+# ----------------
+# $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardDxe.mak $
+#
+# 1 2/25/13 1:11a Bensonlai
+# [TAG] EIP114386
+# [Category] Spec Update
+# [Severity] Important
+# [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard
+# for 4th Gen Intel Core Processor based on Mobile U-Processor Line -
+# BIOS Writer's Guide - Rev 0.8.1
+# [Files] BootGuardDxe.cif
+# BootGuardDxe.c
+# BootGuardDxe.h
+# BootGuardDxe.sdl
+# BootGuardDxe.dxs
+# BootGuardDxe.mak
+#
+#**********************************************************************
+#<AMI_FHDR_START>
+#
+# Name: BootGuardDxe.mak
+#
+# Description: Make file for BootGuardDxe
+#
+#<AMI_FHDR_END>
+#**********************************************************************
+
+all : BootGuardDxe
+
+BootGuardDxe : $(BUILD_DIR)\BootGuardDxe.mak BootGuardDxe_Bin
+
+$(BUILD_DIR)\BootGuardDxe.mak : $(BOOT_GUARD_DXE_PATH)\$(@B).cif $(BOOT_GUARD_DXE_PATH)\$(@B).mak $(BUILD_RULES)
+ $(CIF2MAK) $(BOOT_GUARD_DXE_PATH)\$(@B).cif $(CIF2MAK_DEFAULTS)
+
+BootGuardDxe_INCLUDES=\
+ $(EdkIIGlueLib_INCLUDES)\
+ $(EDK_INCLUDES)\
+ $(INTEL_PCH_INCLUDES)\
+ $(PROJECT_CPU_INCLUDES)\
+
+BootGuardDxe_LIBS=\
+ $(EDKPROTOCOLLIB)\
+ $(EFIGUIDLIB)\
+ $(EdkIIGlueBaseLib_LIB)\
+!IF "$(x64_BUILD)"=="1"
+ $(EdkIIGlueBaseLibX64_LIB)\
+!ELSE
+ $(EdkIIGlueBaseLibIA32_LIB)\
+!ENDIF
+ $(EDKFRAMEWORKGUIDLIB)\
+ $(EDKFRAMEWORKPROTOCOLLIB)\
+ $(EdkIIGlueBaseIoLibIntrinsic_LIB)\
+ $(EdkIIGlueBaseMemoryLib_LIB)\
+ $(EdkIIGlueDxeReportStatusCodeLib_LIB)\
+ $(EdkIIGlueDxeServicesTableLib_LIB)\
+ $(EdkIIGlueDxeDebugLibReportStatusCode_LIB)\
+ $(EdkIIGlueUefiBootServicesTableLib_LIB)\
+ $(EdkIIGlueUefiDevicePathLib_LIB)\
+ $(EdkIIGlueBasePciLibPciExpress_LIB)\
+ $(EdkIIGlueEdkDxeRuntimeDriverLib_LIB)\
+ $(EdkIIGlueDxeHobLib_LIB)\
+ $(PchPlatformDxeLib_LIB)\
+ $(CpuPlatformLib_LIB)\
+ $(BootGuardLib_LIB)\
+
+BootGuardDxe_DEFINES=\
+ $(MY_DEFINES)\
+ /D"__EDKII_GLUE_MODULE_ENTRY_POINT__=BootGuardDxeEntryPoint"\
+ /D __EDKII_GLUE_BASE_MEMORY_LIB__ \
+ /D __EDKII_GLUE_DXE_REPORT_STATUS_CODE_LIB__ \
+ /D __EDKII_GLUE_DXE_DEBUG_LIB_REPORT_STATUS_CODE__ \
+ /D __EDKII_GLUE_UEFI_BOOT_SERVICES_TABLE_LIB__\
+ /D __EDKII_GLUE_BASE_IO_LIB_INTRINSIC__ \
+ /D __EDKII_GLUE_DXE_SERVICES_TABLE_LIB__ \
+ /D __EDKII_GLUE_DXE_HOB_LIB__ \
+
+BootGuardDxe_Bin : $(BootGuardDxe_LIBS)
+ $(MAKE) /$(MAKEFLAGS) $(EDKIIGLUE_DEFAULTS)\
+ /f $(BUILD_DIR)\BootGuardDxe.mak all\
+ "MY_INCLUDES=$(BootGuardDxe_INCLUDES)"\
+ "MY_DEFINES=$(BootGuardDxe_DEFINES)"\
+ GUID=1DB43EC9-DF5F-4cf5-AAF0-0E85DB4E149A \
+ ENTRY_POINT=_ModuleEntryPoint \
+ EDKIIModule=DXEDRIVER\
+ TYPE=BS_DRIVER \
+ DEPEX1=$(BOOT_GUARD_DXE_PATH)\BootGuardDxe.dxs \
+ DEPEX1_TYPE=EFI_SECTION_DXE_DEPEX \
+ COMPRESS=1\
+
+#*************************************************************************
+#*************************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#*************************************************************************
+#*************************************************************************
diff --git a/Board/EM/FIT/Dxe/BootGuardDxe.sdl b/Board/EM/FIT/Dxe/BootGuardDxe.sdl
new file mode 100644
index 0000000..10527a0
--- /dev/null
+++ b/Board/EM/FIT/Dxe/BootGuardDxe.sdl
@@ -0,0 +1,95 @@
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
+# $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardDxe.sdl 2 3/06/13 2:54a Bensonlai $
+#
+# $Revision: 2 $
+#
+# $Date: 3/06/13 2:54a $
+#**********************************************************************
+# Revision History
+# ----------------
+# $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardDxe.sdl $
+#
+# 2 3/06/13 2:54a Bensonlai
+# [TAG] EIP116907
+# [Category] Improvement
+# [Description] BpmKmGen.exe generates KM / BPM tables and
+# BootGuardFvMainHash key separately
+# [Files] BpmKmGen.exe, Fit.sdl, Fit.mak, BootGuardPei.sdl,
+# BootGuardDxe.sdl
+#
+# 1 2/25/13 1:11a Bensonlai
+# [TAG] EIP114386
+# [Category] Spec Update
+# [Severity] Important
+# [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard
+# for 4th Gen Intel Core Processor based on Mobile U-Processor Line -
+# BIOS Writer's Guide - Rev 0.8.1
+# [Files] BootGuardDxe.cif
+# BootGuardDxe.c
+# BootGuardDxe.h
+# BootGuardDxe.sdl
+# BootGuardDxe.dxs
+# BootGuardDxe.mak
+#
+#**********************************************************************
+#<AMI_FHDR_START>
+#
+# Name: BootGuardDxe.sdl
+#
+# Description: SDL file for BootGuardDxe
+#
+#<AMI_FHDR_END>
+#**********************************************************************
+
+TOKEN
+ Name = "BOOT_GUARD_DXE_SUPPORT"
+ Value = "1"
+ TokenType = Boolean
+ TargetEQU = Yes
+ TargetMAK = Yes
+ TargetH = Yes
+ Master = Yes
+ Help = "Main switch to enable BootGuardDxe support in Project"
+ Token = "INTEL_BOOT_GUARD_CHAIN_OF_TRUST_SUPPORT" "=" "1"
+End
+
+MODULE
+ File = "BootGuardDxe.mak"
+ Help = "Includes BootGuardDxe.mak to Project"
+End
+
+PATH
+ Name = "BOOT_GUARD_DXE_PATH"
+End
+
+ELINK
+ Name = "$(BUILD_DIR)\BootGuardDxe.ffs"
+ Parent = "FV_MAIN"
+ InvokeOrder = AfterParent
+End
+
+#*************************************************************************
+#*************************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#*************************************************************************
+#*************************************************************************
diff --git a/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.c b/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.c
new file mode 100644
index 0000000..16a317b
--- /dev/null
+++ b/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.c
@@ -0,0 +1,350 @@
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
+
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.c 2 10/29/13 5:15a Bensonlai $
+//
+// $Revision: 2 $
+//
+// $Date: 10/29/13 5:15a $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.c $
+//
+// 2 10/29/13 5:15a Bensonlai
+// [TAG] EIPNone
+// [Category] Bug Fix
+// [Severity] Important
+// [Symptom] Build error when enable the DEBUG mode.
+//
+// 1 9/06/13 6:17a Bensonlai
+// [TAG] EIP135513
+// [Category] New Feature
+// [Description] Implementation of Boot Guard of PTT flow for WHCK test.
+// [Files] BootGuardTPM2Dxe.cif
+// BootGuardTPM2Dxe.c
+// BootGuardTPM2Dxe.h
+// BootGuardTPM2Dxe.sdl
+// BootGuardTPM2Dxe.mak
+//
+//**********************************************************************
+//<AMI_FHDR_START>
+//
+// Name: BootGuardTPM2Dxe.c
+//
+// Description: TPM2 Initialization Flow for Boot Guard
+//
+//<AMI_FHDR_END>
+//**********************************************************************
+
+#include <Efi.h>
+#include <Pei.h>
+#include "BootGuardTPM2Dxe.h"
+#include <token.h>
+#include "CpuRegs.h"
+#include <AmiDxeLib.h>
+#include "Include\Library\Tpm20.h"
+#include <Protocol\TcgService\TcgService.h>
+
+UINT32
+EFIAPI
+AsmReadMsr32 (
+ IN UINT32 Index
+);
+
+#define DEBUG(arg)
+
+VOID *
+EFIAPI
+GlueCopyMem (
+ OUT VOID *DestinationBuffer,
+ IN CONST VOID *SourceBuffer,
+ IN UINTN Length
+);
+
+VOID *
+EFIAPI
+GlueZeroMem (
+ OUT VOID *Buffer,
+ IN UINTN Length
+);
+
+VOID *
+EFIAPI
+GlueAllocatePool (
+ IN UINTN AllocationSize
+);
+
+#define CopyMem(_DESTINATIONBUFFER, _SOURCEBUFFER, _LENGTH) GlueCopyMem(_DESTINATIONBUFFER, _SOURCEBUFFER, _LENGTH)
+#define ZeroMem(_BUFFER, _LENGTH) GlueZeroMem(_BUFFER, _LENGTH)
+#define AllocatePool(_SIZE) GlueAllocatePool(_SIZE)
+
+#pragma pack(push, 1)
+
+typedef union {
+ UINT8 sha1[SHA1_DIGEST_SIZE];
+ UINT8 sha256[SHA256_DIGEST_SIZE];
+} TPM_COMM_DIGEST_UNION;
+
+typedef struct {
+ UINT16 HashAlgId;
+ TPM_COMM_DIGEST_UNION Digest;
+} TPM_COMM_DIGEST;
+
+#pragma pack(pop)
+
+EFI_STATUS
+Tpm20Hash(
+ IN CONST UINT8 *DataToHash,
+ IN UINTN DataSize,
+ OUT TPM_COMM_DIGEST *Digest
+);
+
+EFI_STATUS
+TpmDxeLogEventI(
+ IN VOID *NewEventHdr,
+ IN UINT8 *NewEventData
+);
+
+#define ACM_STATUS (*(UINT32*)0xFED30328)
+
+EFI_STATUS LogDetailPCREvent(
+ VOID
+)
+{
+ UINT8 FoundACM = 0, FoundKM = 0, FoundBPM = 0;
+ UINT32 u32HashLen = 0;
+ UINT8 byteEventBuf[0x200];
+ TCG_PCR_EVENT *TcgEvent = (TCG_PCR_EVENT*)&byteEventBuf[0];
+ UINT32 EventNum = 0, FitEntryPointer = 0, FitEntryNumber = 0, i = 0;
+ UINTN Len;
+ CHAR8 DetailPCRStr[] = "Boot Guard Measured S-CRTM";
+ EFI_STATUS Status = EFI_SUCCESS;
+ BOOT_POLICY *BP = NULL;
+ FIT_ENTRY *FitEntry = NULL;
+ KEY_MANIFEST_STRAUCTURE *KmStructure = NULL;
+ BpmStruct *BpmStructure = NULL;
+
+ ZeroMem(
+ byteEventBuf,
+ sizeof(byteEventBuf)
+ );
+
+ Len = sizeof(DetailPCRStr)+1;
+
+ TcgEvent->PCRIndex = 0;
+ TcgEvent->EventType = EV_S_CRTM_VERSION;
+ TcgEvent->EventSize = (UINT32)Len;
+
+ DEBUG((-1, "[BootGuardTPM2Dxe.c] : Enter LogDetailPCREvent(...)\n"));
+
+ GlueCopyMem(
+ TcgEvent->Event,
+ DetailPCRStr,
+ Len
+ );
+
+ // On page 44.
+ // The pHashData must be the format .
+ // SHA-1 {
+ // 1) One byte containing the lower 8 bit of the BP.RSTR
+ // 2) One byte contain the lower 8 bits of BP.TYPE
+ // ....
+ // 7) Digest of Hashed IBB Segments(s)
+
+ BP = AllocatePool( sizeof (BOOT_POLICY));
+ if ( NULL == BP ) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ DEBUG(( -1, "MSR[0x%x]:[%08x]\n", MSR_BOOT_GUARD_SACM_INFO, AsmReadMsr32 (MSR_BOOT_GUARD_SACM_INFO) ));
+ DEBUG(( -1, "ACM_STATUS:[%08x]\n", ACM_STATUS ));
+
+ BP->RSTR0 = (AsmReadMsr32 (MSR_BOOT_GUARD_SACM_INFO) & BIT4) ? 1 : 0;
+ BP->RSTR1 = (ACM_STATUS & BIT21) ? 1 : 0;
+ BP->RSTR2 = (ACM_STATUS & BIT22) ? 1 : 0;
+ BP->RSTR3 = (ACM_STATUS & BIT23) ? 1 : 0;
+ BP->RSTR4 = (ACM_STATUS & BIT24) ? 1 : 0;
+ BP->RSTR5 = 0;
+ BP->RSTR6 = 0;
+ BP->RSTR7 = 0;
+
+ BP->TYPE0 = (AsmReadMsr32 (MSR_BOOT_GUARD_SACM_INFO) & BIT5) ? 1 : 0;
+ BP->TYPE1 = (AsmReadMsr32 (MSR_BOOT_GUARD_SACM_INFO) & BIT6) ? 1 : 0;
+ BP->TYPE2 = (ACM_STATUS & BIT20) ? 1 : 0;
+ BP->TYPE3 = 0;
+ BP->TYPE4 = 0;
+ BP->TYPE5 = 0;
+ BP->TYPE6 = 0;
+ BP->TYPE7 = 0;
+
+ BP->ACM_SVN = ACMSVN;
+ {
+ FitEntryPointer = MmioRead32(IBB_ENTRYPOINT_M);
+ if ( FitEntryPointer == 0xFFFFFFFF ) {
+ DEBUG((-1, "[BootGuardTPM2Dxe.c] : FitEntryPointer(%lx) is empty\n", FitEntryPointer));
+ }
+
+ FitEntry = (FIT_ENTRY*)FitEntryPointer;
+ if ( FitEntry->TblAddress != EFI_SIGNATURE_64 ('_', 'F', 'I', 'T', '_', ' ', ' ', ' ') ) {
+ DEBUG((-1, "[BootGuardTPM2Dxe.c] : [Type 0] FitEntry->TblAddress(%lx) is error\n", FitEntry->TblAddress));
+ }
+
+ FitEntryNumber = FitEntry->TblSIZE;
+
+ FoundACM = 0;
+ for(i=1; i<FitEntryNumber; i++) {
+ FitEntry = (FIT_ENTRY*)(FitEntryPointer + i*16);
+ if ( FitEntry->TblType == 0x02 ) { // FIT type 0x02 - Anc ACM location
+ FoundACM =1;
+ break;
+ }
+ }
+
+ if ( FoundACM == 0 ) {
+ DEBUG((-1, "[BootGuardTPM2Dxe.c] : Can't find the Boot Guard ACM"));
+ }
+
+ DEBUG((-1, "\n[BootGuardTPM2Dxe.c] : BP->ACM_Signature \n"));
+
+ for ( i=0; i<256; i++ ) {
+ if (i % 16 == 0) DEBUG((-1, "\n"));
+ BP->ACM_Signature[i] = MmioRead8( FitEntry->TblAddress + 0x184 + i );
+ DEBUG((-1, "%02x ", BP->ACM_Signature[i]));
+ }
+
+ DEBUG((-1, "\n"));
+
+ FoundKM = 0;
+ for(i=1; i<FitEntryNumber; i++) {
+ FitEntry = (FIT_ENTRY*)(FitEntryPointer + i*16);
+ if ( FitEntry->TblType == 0x0B ) { // FIT Type 0x0B - Key Manifest
+ FoundKM =1;
+ break;
+ }
+ }
+
+ if ( FoundKM == 0 ) {
+ DEBUG((-1, "[BootGuardTPM2Dxe.c] : Can't find the Boot Guard KM"));
+ }
+
+ KmStructure = (KEY_MANIFEST_STRAUCTURE*)FitEntry->TblAddress;
+ DEBUG((-1, "\nKmStructure:\n"));
+
+ for ( i=0; i<256; i++ ) {
+ if (i % 16 == 0) DEBUG((-1, "\n"));
+ BP->Key_Manifest_Signature[i] = KmStructure->KeyManifestSignature.Signature.Signature[i];
+ DEBUG((-1, "%02x ", BP->Key_Manifest_Signature[i]));
+ }
+
+ DEBUG((-1, "\n"));
+
+ FoundBPM = 0;
+ for(i=1; i<FitEntryNumber; i++) {
+ FitEntry = (FIT_ENTRY*)(FitEntryPointer + i*16);
+ if ( FitEntry->TblType == 0x0C ) { // FIT type 0x0C - Boot Policy Manifest
+ FoundBPM =1;
+ break;
+ }
+ }
+
+ if ( FoundBPM == 0 ) {
+ DEBUG((-1, "[BootGuardTPM2Dxe.c] :Can't find the Boot Guard BPM"));
+ }
+
+ BpmStructure = (BpmStruct*)FitEntry->TblAddress;
+ DEBUG((-1, "\nBpmStructure:\n"));
+
+ for ( i=0; i<256; i++ ) {
+ if (i % 16 == 0) DEBUG((-1, "\n"));
+ BP->Boot_Policy_Manifest_Signature[i] = BpmStructure->Bpm_Signature_Element.KeySignature.Signature.Signature[i];
+ DEBUG((-1, "%02x ", BP->Boot_Policy_Manifest_Signature[i]));
+ }
+
+ DEBUG((-1, "\n\nBpmStructure->Digest_of_Hashed_IBB_Segment:\n\n"));
+
+ for ( i=0; i<32; i++ ) {
+ if (i % 16 == 0) DEBUG((-1, "\n"));
+ BP->Digest_of_Hashed_IBB_Segment[i] = BpmStructure->Ibb_Element.Digest.HashBuffer[i];
+ DEBUG((-1, "%02x ", BP->Digest_of_Hashed_IBB_Segment[i]));
+ }
+
+ DEBUG((-1, "\n"));
+ }
+
+ {
+ TPM_COMM_DIGEST Digest;
+
+ u32HashLen = sizeof (BOOT_POLICY);
+ Tpm20Hash( (UINT8*)BP, u32HashLen, &Digest );
+ CopyMem(&TcgEvent->Digest, &Digest.Digest.sha1, SHA1_DIGEST_SIZE);
+ }
+ Status = TpmDxeLogEventI (
+ (VOID*)TcgEvent,
+ &TcgEvent->Event[0]);
+
+ return Status;
+}
+
+EFI_STATUS ACM_PostSuccess(
+ VOID
+)
+{
+ UINT32 MsrValue;
+
+ MsrValue = (UINT32) AsmReadMsr32 (MSR_BOOT_GUARD_SACM_INFO);
+ if ( ((MsrValue & B_NEM_INIT) == B_NEM_INIT) &&
+ ((MsrValue & B_MEASURED) == B_MEASURED) &&
+ ((MsrValue & V_TPM_PRESENT_PTT) == V_TPM_PRESENT_PTT) &&
+ ((MsrValue & B_TPM_SUCCESS) == B_TPM_SUCCESS) ) {
+ DEBUG((-1, "[BootGuardTPM2Dxe.c] : ACM_PostSuccess(...) : EFI_SUCCESS\n"));
+ return EFI_SUCCESS;
+ }
+
+ DEBUG((-1, "[BootGuardTPM2Dxe.c] : ACM_PostSuccess(...) : EFI_UNSUPPORTED\n"));
+ return EFI_UNSUPPORTED;
+}
+
+EFI_STATUS
+BootGuardMeasureCRTMVersion(
+ VOID )
+{
+ EFI_STATUS Status;
+ DEBUG((-1, "[BootGuardTPM2Dxe.c] : Enter BootGuardMeasureCRTMVersion(...)\n"));
+
+ Status = ACM_PostSuccess( );
+ if( !EFI_ERROR(Status) )
+ {
+ Status = LogDetailPCREvent();
+ }
+
+ DEBUG((-1, "[BootGuardTPM2Dxe.c] : End of BootGuardMeasureCRTMVersion\n"));
+
+ return EFI_SUCCESS;
+}
+
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
diff --git a/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.cif b/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.cif
new file mode 100644
index 0000000..704be62
--- /dev/null
+++ b/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.cif
@@ -0,0 +1,11 @@
+<component>
+ name = "BootGuardTPM2Dxe"
+ category = ModulePart
+ LocalRoot = "Board\EM\FIT\Dxe\BootGuardTPM2Dxe"
+ RefName = "BootGuardTPM2Dxe"
+[files]
+"BootGuardTPM2Dxe.c"
+"BootGuardTPM2Dxe.h"
+"BootGuardTPM2Dxe.sdl"
+"BootGuardTPM2Dxe.mak"
+<endComponent>
diff --git a/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.h b/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.h
new file mode 100644
index 0000000..7ab934a
--- /dev/null
+++ b/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.h
@@ -0,0 +1,276 @@
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
+
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.h 1 9/06/13 6:17a Bensonlai $
+//
+// $Revision: 1 $
+//
+// $Date: 9/06/13 6:17a $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.h $
+//
+// 1 9/06/13 6:17a Bensonlai
+// [TAG] EIP135513
+// [Category] New Feature
+// [Description] Implementation of Boot Guard of PTT flow for WHCK test.
+// [Files] BootGuardTPM2Dxe.cif
+// BootGuardTPM2Dxe.c
+// BootGuardTPM2Dxe.h
+// BootGuardTPM2Dxe.sdl
+// BootGuardTPM2Dxe.mak
+//
+//**********************************************************************
+//<AMI_FHDR_START>
+//
+// Name: BootGuardTPM2Dxe.c
+//
+// Description: TPM2 Initialization Flow for Boot Guard
+//
+//<AMI_FHDR_END>
+//**********************************************************************
+
+#ifndef _BOOT_GUARD_TPM2_H_
+#define _BOOT_GUARD_TPM2_H_
+
+#ifndef _EFI_MMIO_ACCESS_H_
+#define _EFI_MMIO_ACCESS_H_
+
+#define MmioAddress(BaseAddr, Register) \
+ ( (UINTN)BaseAddr + (UINTN)(Register) )
+
+// 32-bit
+#define Mmio32Ptr(BaseAddr, Register) \
+ ( (volatile UINT32 *)MmioAddress(BaseAddr, Register) )
+
+#define Mmio32(BaseAddr, Register) \
+ *Mmio32Ptr(BaseAddr, Register)
+
+#define MmioRead32(Addr) \
+ Mmio32(Addr, 0)
+
+#define MmioWrite32(Addr, Value) \
+ (Mmio32(Addr, 0) = (UINT32)Value)
+
+#define MmioRW32(Addr, set, reset) \
+ (Mmio32(Addr, 0) = ((Mmio32(Addr, 0) & (UINT32)~(reset)) | (UINT32)set))
+
+// 16-bit
+#define Mmio16Ptr(BaseAddr, Register) \
+ ( (volatile UINT16 *)MmioAddress(BaseAddr, Register) )
+
+#define Mmio16(BaseAddr, Register) \
+ *Mmio16Ptr(BaseAddr, Register)
+
+#define MmioRead16(Addr) \
+ Mmio16(Addr, 0)
+
+#define MmioWrite16(Addr, Value) \
+ (Mmio16(Addr, 0) = (UINT16)Value)
+
+#define MmioRW16(Addr, set, reset) \
+ (Mmio16(Addr, 0) = ((Mmio16(Addr, 0) & (UINT16)~(reset)) | (UINT16)set))
+
+// 8-bit
+#define Mmio8Ptr(BaseAddr, Register) \
+ ( (volatile UINT8 *)MmioAddress(BaseAddr, Register) )
+
+#define Mmio8(BaseAddr, Register) \
+ *Mmio8Ptr(BaseAddr, Register)
+
+#define MmioRead8(Addr) \
+ Mmio8(Addr, 0)
+
+#define MmioWrite8(Addr, Value) \
+ (Mmio8(Addr, 0) = (UINT8)Value)
+
+#define MmioRW8(Addr, set, reset) \
+ (Mmio8(Addr, 0) = ((Mmio8(Addr, 0) & (UINT8)~(reset)) | (UINT8)set))
+
+#endif
+
+//
+// Define macros to build data structure signatures from characters.
+//
+#define EFI_SIGNATURE_16(A, B) ((A) | (B << 8))
+#define EFI_SIGNATURE_32(A, B, C, D) (EFI_SIGNATURE_16 (A, B) | (EFI_SIGNATURE_16 (C, D) << 16))
+#define EFI_SIGNATURE_64(A, B, C, D, E, F, G, H) \
+ (EFI_SIGNATURE_32 (A, B, C, D) | ((UINT64) (EFI_SIGNATURE_32 (E, F, G, H)) << 32))
+
+#define IBB_ENTRYPOINT_M 0xFFFFFFC0
+
+#pragma pack(1)
+
+typedef struct _BOOT_POLICY
+{
+ UINT8 RSTR0:1;
+ UINT8 RSTR1:1;
+ UINT8 RSTR2:1;
+ UINT8 RSTR3:1;
+ UINT8 RSTR4:1;
+ UINT8 RSTR5:1;
+ UINT8 RSTR6:1;
+ UINT8 RSTR7:1;
+ UINT8 TYPE0:1;
+ UINT8 TYPE1:1;
+ UINT8 TYPE2:1;
+ UINT8 TYPE3:1;
+ UINT8 TYPE4:1;
+ UINT8 TYPE5:1;
+ UINT8 TYPE6:1;
+ UINT8 TYPE7:1;
+ UINT16 ACM_SVN;
+ UINT8 ACM_Signature[256];
+ UINT8 Key_Manifest_Signature[256];
+ UINT8 Boot_Policy_Manifest_Signature[256];
+ UINT8 Digest_of_Hashed_IBB_Segment[32];
+} BOOT_POLICY;
+
+typedef struct _FIT_ENTRY
+{
+ UINT64 TblAddress;
+ UINT32 TblSIZE;
+ UINT16 TblVer;
+ UINT8 TblType;
+ UINT8 TblChkSum;
+} FIT_ENTRY;
+
+//
+// Manifest definition
+//
+#define TPM_ALG_SHA1 0x4
+#define TPM_ALG_SHA256 0xB
+#define SHA1_DIGEST_SIZE 20
+#define SHA256_DIGEST_SIZE 32
+
+typedef struct {
+ UINT16 HashAlg;
+ UINT16 Size;
+ UINT8 HashBuffer[SHA256_DIGEST_SIZE];
+} HASH_STRUCTURE;
+
+#define RSA_PUBLIC_KEY_STRUCT_KEY_SIZE_DEFAULT 2048
+#define RSA_PUBLIC_KEY_STRUCT_KEY_LEN_DEFAULT (RSA_PUBLIC_KEY_STRUCT_KEY_SIZE_DEFAULT/8)
+#define RSA_PUBLIC_KEY_STRUCT_KEY_EXPONENT_DEFAULT 0x10001 // NOT 0x10001
+typedef struct {
+ UINT8 Version;
+ UINT16 KeySize;
+ UINT32 Exponent;
+ UINT8 Modulus[RSA_PUBLIC_KEY_STRUCT_KEY_LEN_DEFAULT];
+} RSA_PUBLIC_KEY_STRUCT;
+
+#define RSASSA_SIGNATURE_STRUCT_KEY_SIZE_DEFAULT 2048
+#define RSASSA_SIGNATURE_STRUCT_KEY_LEN_DEFAULT (RSASSA_SIGNATURE_STRUCT_KEY_SIZE_DEFAULT/8)
+typedef struct {
+ UINT8 Version;
+ UINT16 KeySize;
+ UINT16 HashAlg;
+ UINT8 Signature[RSASSA_SIGNATURE_STRUCT_KEY_LEN_DEFAULT];
+} RSASSA_SIGNATURE_STRUCT;
+
+typedef struct {
+ UINT8 Version;
+ UINT16 KeyAlg;
+ RSA_PUBLIC_KEY_STRUCT Key;
+ UINT16 SigScheme;
+ RSASSA_SIGNATURE_STRUCT Signature;
+} KEY_SIGNATURE_STRUCT;
+
+typedef struct {
+ UINT8 StructureID[8];
+ UINT8 StructVersion;
+ UINT8 HdrStructVersion;
+ UINT8 PMBPMVersion;
+ UINT8 BPSVN_BPM;
+ UINT8 ACMSVN_BPM;
+ UINT8 Reserved;
+ UINT16 NEMDataStack;
+} BOOT_POLICY_MANIFEST_HEADER;
+
+typedef struct {
+ UINT16 Reserved;
+ UINT16 Flags;
+ UINT32 Base;
+ UINT32 Size;
+} IBB_SEGMENT_ELEMENT;
+
+typedef struct {
+ UINT8 StructureID[8];
+ UINT8 StructVersion;
+ UINT8 SetNumber;
+ UINT8 Reserved;
+ UINT8 PBETValue;
+ UINT32 Flags;
+ UINT64 IBB_MCHBAR;
+ UINT64 VTD_BAR;
+ UINT32 PMRL_Base;
+ UINT32 PMRL_Limit;
+ UINT64 PMRH_Base;
+ UINT64 PMRH_Limit;
+ HASH_STRUCTURE PostIbbHash;
+ UINT32 EntryPoint;
+ HASH_STRUCTURE Digest;
+ UINT8 SegmentCount; // 1 ~ 8
+ IBB_SEGMENT_ELEMENT IBBSegment[1];
+} IBB_ELEMENT;
+
+typedef struct {
+ UINT8 StructureID[8];
+ UINT8 StructVersion;
+ UINT16 PMDataSize;
+//UINT8 PMData[PMDataSize];
+} PLATFORM_MANUFACTURER_ELEMENT;
+
+typedef struct {
+ UINT8 StructureID[8];
+ UINT8 StructVersion;
+ KEY_SIGNATURE_STRUCT KeySignature;
+} BOOT_POLICY_MANIFEST_SIGNATURE_ELEMENT;
+
+typedef struct {
+ BOOT_POLICY_MANIFEST_HEADER Bpm_Header;
+ IBB_ELEMENT Ibb_Element;
+ //PLATFORM_MANUFACTURER_ELEMENT Platform_Manufacture_Element;
+ BOOT_POLICY_MANIFEST_SIGNATURE_ELEMENT Bpm_Signature_Element;
+} BpmStruct;
+
+typedef struct {
+ UINT8 StructureID[8];
+ UINT8 StructVersion;
+ UINT8 KeyManifestVersion;
+ UINT8 KMSVN;
+ UINT8 KeyManifestID;
+ HASH_STRUCTURE BPKey;
+ KEY_SIGNATURE_STRUCT KeyManifestSignature;
+} KEY_MANIFEST_STRAUCTURE;
+
+#pragma pack()
+
+#endif
+
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
diff --git a/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.mak b/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.mak
new file mode 100644
index 0000000..74259e1
--- /dev/null
+++ b/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.mak
@@ -0,0 +1,46 @@
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 6145-F Northbelt Pkwy, Norcross, GA 30071 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
+
+#**********************************************************************
+#<AMI_FHDR_START>
+#
+# Name: BootGuardTPM2Dxe.mak
+#
+# Description: TPM2 Initialization Flow for Boot Guard
+#
+#<AMI_FHDR_END>
+#**********************************************************************
+
+TpmDrvBin : $(BUILD_DIR)\BootGuardTPM2Dxe.obj
+
+TPM2_INCLUDE=\
+ /I$(TpmDrv_DIR)\
+ /I$(TCG_DIR)\
+
+$(BUILD_DIR)\BootGuardTPM2Dxe.obj : $(BootGuardTPM2Dxe_PATH)\BootGuardTPM2Dxe.c
+ $(CC) $(CFLAGS) /I$(PROJECT_DIR) /I$(PROJECT_DIR)\Include $(TPM2_INCLUDE) $(PROJECT_CPU_INCLUDES) /Fo$(BUILD_DIR)\BootGuardTPM2Dxe.obj $(BootGuardTPM2Dxe_PATH)\BootGuardTPM2Dxe.c
+
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 6145-F Northbelt Pkwy, Norcross, GA 30071 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
diff --git a/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.sdl b/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.sdl
new file mode 100644
index 0000000..25872fe
--- /dev/null
+++ b/Board/EM/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.sdl
@@ -0,0 +1,91 @@
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
+
+#**********************************************************************
+# $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.sdl 2 10/29/13 5:16a Bensonlai $
+#
+# $Revision: 2 $
+#
+# $Date: 10/29/13 5:16a $
+#**********************************************************************
+# Revision History
+# ----------------
+# $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Dxe/BootGuardTPM2Dxe/BootGuardTPM2Dxe.sdl $
+#
+# 2 10/29/13 5:16a Bensonlai
+# [TAG] EIPNone
+# [Category] Bug Fix
+# [Severity] Important
+# [Symptom] Build error when enable the DEBUG mode.
+#
+# 1 9/06/13 6:17a Bensonlai
+# [TAG] EIP135513
+# [Category] New Feature
+# [Description] Implementation of Boot Guard of PTT flow for WHCK test.
+# [Files] BootGuardTPM2Dxe.cif
+# BootGuardTPM2Dxe.c
+# BootGuardTPM2Dxe.h
+# BootGuardTPM2Dxe.sdl
+# BootGuardTPM2Dxe.mak
+#
+#**********************************************************************
+#<AMI_FHDR_START>
+#
+# Name: BootGuardTPM2Dxe.sdl
+#
+# Description: SDL file for BootGuard TPM2
+#
+#<AMI_FHDR_END>
+#**********************************************************************
+
+TOKEN
+ Name = "BootGuardTPM2Dxe_SUPPORT"
+ Value = "1"
+ Help = "Main switch to enable BootGuardTPM2Dxe support in Project"
+ TokenType = Boolean
+ TargetEQU = Yes
+ TargetMAK = Yes
+ Master = Yes
+ Token = "TpmDrv_SUPPORT" "=" "1"
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+PATH
+ Name = "BootGuardTPM2Dxe_PATH"
+End
+
+MODULE
+ File = "BootGuardTPM2Dxe.mak"
+ Help = "Includes BootGuardTPM2Dxe.mak to Project"
+End
+
+ELINK
+ Name = "BootGuardMeasureCRTMVersion,"
+ Parent = "TcgPreMeasurementList"
+ InvokeOrder = AfterParent
+End
+
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
diff --git a/Board/EM/FIT/FITUtil.exe b/Board/EM/FIT/FITUtil.exe
new file mode 100644
index 0000000..cfa4b8d
--- /dev/null
+++ b/Board/EM/FIT/FITUtil.exe
Binary files differ
diff --git a/Board/EM/FIT/Fit.chm b/Board/EM/FIT/Fit.chm
new file mode 100644
index 0000000..a09cb38
--- /dev/null
+++ b/Board/EM/FIT/Fit.chm
Binary files differ
diff --git a/Board/EM/FIT/Fit.cif b/Board/EM/FIT/Fit.cif
new file mode 100644
index 0000000..e1d0527
--- /dev/null
+++ b/Board/EM/FIT/Fit.cif
@@ -0,0 +1,31 @@
+<component>
+ name = "Intel FIT"
+ category = eModule
+ Rank = 39
+ LocalRoot = "Board\EM\FIT"
+ RefName = "FIT"
+[files]
+"Fit.chm"
+"Fit.sdl"
+"Fit.mak"
+"FitTable.asm"
+"ReserveBpmTable.bin"
+"ReserveKmTable.bin"
+"Boot_Guard_ACM_Rev1_1_PC_ES.bin"
+"Boot_Guard_ACM_Rev1_2_PC_QS.bin"
+"Boot_Guard_ACM_Rev1_2_PV_QS.bin"
+"ReserveBootGuardFvMainHashKey.bin"
+"ReserveBootGuardSigningServer.bin"
+"FITUtil.exe"
+"CryptoCon.exe"
+"CutRom.exe"
+"BpmKmGen.exe"
+"keygen.exe"
+"ReBuildFIT.bat"
+[parts]
+"BootGuardPei"
+"BootGuardDxe"
+"BootGuardTPMPei"
+"FitHook"
+"BootGuardTPM2Dxe"
+<endComponent>
diff --git a/Board/EM/FIT/Fit.mak b/Board/EM/FIT/Fit.mak
new file mode 100644
index 0000000..3c5829c
--- /dev/null
+++ b/Board/EM/FIT/Fit.mak
@@ -0,0 +1,292 @@
+#*************************************************************************
+#*************************************************************************
+#** **
+#** (C)Copyright 1987-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30071 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#*************************************************************************
+#*************************************************************************
+
+#**********************************************************************
+# $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Fit.mak 16 6/04/13 3:48a Bensonlai $
+#
+# $Revision: 16 $
+#
+# $Date: 6/04/13 3:48a $
+#**********************************************************************
+# Revision History
+# ----------------
+# $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Fit.mak $
+#
+# 16 6/04/13 3:48a Bensonlai
+# [TAG] EIP125148
+# [Category] Spec Update
+# [Severity] Normal
+# [Description] [SBY ULT] Boot Guard for 4th Gen Intel Core Processor
+# based on Mobile U-Processor Line - BIOS Writer's Guide - Rev 1.0
+#
+# 15 5/23/13 4:41a Bensonlai
+# [TAG] EIP124550
+# [Category] New Feature
+# [Description] Support signing server for Boot Guard
+#
+# 14 5/13/13 4:42a Bensonlai
+#
+# 13 3/27/13 1:19a Bensonlai
+# [TAG] EIP118856
+# [Category] Spec Update
+# [Severity] Critical
+# [Description] [SBY ULT] Boot Guard ACM SDK Rev 1.0 PV Release for
+# Shark Bay ULT Platforms
+# [Files] Boot_Guard_ACM_Rev1_0_ES.bin, Boot_Guard_ACM_Rev1_0_QS.bin,
+# Boot_Guard_ACM_Rev1_0_PV.bin, BpmKmGen.exe, Fit.cif, Fit.sdl, Fit.mak
+#
+# 12 3/20/13 12:02a Bensonlai
+# [TAG] EIP118400
+# [Category] Improvement
+# [Description] Add a token for attribution of FV_DATA
+# [Files] Fit.mak, Fit.sdl
+#
+# 11 3/06/13 2:49a Bensonlai
+# [TAG] EIP116907
+# [Category] Improvement
+# [Description] BpmKmGen.exe generates KM / BPM tables and
+# BootGuardFvMainHash key separately
+# [Files] BpmKmGen.exe, Fit.sdl, Fit.mak, BootGuardPei.sdl,
+# BootGuardDxe.sdl
+#
+# 10 2/27/13 4:39a Bensonlai
+# [TAG] None
+# [Category] Improvement
+# [Description] Removing the FV_BLANK
+#
+# 9 2/25/13 1:21a Bensonlai
+# [TAG] EIP114386
+# [Category] Spec Update
+# [Severity] Important
+# [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard
+# for 4th Gen Intel Core Processor based on Mobile U-Processor Line -
+# BIOS Writer's Guide - Rev 0.8.1
+# [Files] FIT\*.*
+#
+# 8 1/14/13 1:57a Bensonlai
+# [TAG] EIP110952
+# [Category] New Feature
+# [Description] [SBY] Anchor Cove function to continue chain of trust
+# for verification
+# [Files] AnchorCovePei.cif, AnchorCovePei.c, AnchorCovePei.h,
+# AnchorCovePei.dxs, AnchorCovePei.sdl, AnchorCovePei.mak,
+# PeiCryptLib.lib, OpensslLib.lib
+# AnchorCoveDxe.c, AnchorCoveDxe.h, AnchorCoveDxe.sdl, AnchorCoveDxe.dxs,
+# AnchorCoveDxe.mak
+# FITUtil.exe, BpmKmGen.exe, Fit.mak, ReserveAnchorCoveFvMainHashKey.bin
+#
+# 7 1/04/13 5:56a Bensonlai
+# [TAG] EIP110784
+# [Category] Improvement
+# [Description] Anchor Cove ACM SDK Rev0.8 Beta Release for Shark Bay ULT
+# Platforms.
+# [Files] AnC_ACM_Rev0_8.bin, FitTable.asm, Fit.sdl, FITUtil.exe,
+# BpmKmGen.exe, ReserveBpmTable.bin
+#
+# 6 12/21/12 4:08a Bensonlai
+# [TAG] EIP110217
+# [Category] New Feature
+# [Description] Support Fault Tolerant Boot Block Update for Intel FIT
+# [Files] Fit.mak, Fit.sdl, FITUtil.exe
+#
+# 5 12/12/12 6:15a Bensonlai
+# [TAG] EIP108904
+# [Category] Improvement
+# [Description] GenFFS utility is not PI 1.2 compliant.
+# Please use FWBuild to generate FFS for FIT.
+#
+# GenFFS utility will populate signature "5A" for FFS with fixed
+# checksum.
+# PI 1.2 requires this signature to be "AA". GenFFS does not support
+# passing PI version.Please check the attachment to change Genffs usage
+# to FWBuild.
+# [Files] Fit.mak, Fit.sdl
+#
+# 4 11/12/12 1:03a Bensonlai
+# [TAG] None
+# [Category] Bug Fix
+# [Severity] Critical
+# [Symptom] Fixed build error when disabled ULT_SUPPORT
+# [RootCause] We don't detect the Anchor Cove flag.
+# [Solution] Add Anchor Cove flag.
+#
+# 3 11/09/12 3:34a Bensonlai
+# [TAG] EIP104159
+# [Category] New Feature
+# [Description] Supported ULT Anchor Cove BIOS Writer's Guide - Rev
+# 0.7.1
+#
+# 2 10/04/12 1:42a Bensonlai
+# [TAG] None
+# [Category] New Feature
+# [Description] 1. Implementation of the Intel Anchor Cove for mobile
+# platforms.
+# 2. Implementation of FIT table using FFS.
+# 3. Updated the FITUtil.exe to support the ACM, KM and BPM for Intel
+# Anchor Cove.
+# [Files] Fit.sdl
+# Fit.mak
+# FitTable.asm
+# BpmTable.asm
+# KmTable.asm
+# FITUtil.exe
+# Fit.cif
+#
+# 1 6/19/12 11:26p Davidhsieh
+#
+#**********************************************************************
+#<AMI_FHDR_START>
+#
+# Name: Fit.mak
+#
+# Description: MAK file for Intel FIT module building
+#
+#<AMI_FHDR_END>
+#**********************************************************************
+!IF "$(INTEL_BOOT_GUARD_SUPPORT)"=="1"
+!IF "$(IS_FV_DATA_ALIGNMENT64K)"!="0"
+!ERROR The FV_DATA_BASE needs to align 64K, please check your FV_BB_BASE or FV_DATA_BASE for Boot Guard
+!ENDIF
+!ENDIF
+
+all : $(BUILD_DIR)\Fit.mak FitTableBin
+
+$(BUILD_DIR)\Fit.mak : $(FIT_DIR)\$(@B).cif $(FIT_DIR)\$(@B).mak $(BUILD_RULES)
+ $(CIF2MAK) $(FIT_DIR)\$(@B).cif $(CIF2MAK_DEFAULTS)
+
+!IF "$(INTEL_BOOT_GUARD_SUPPORT)"=="1"
+!IF "$(INTEL_BOOT_GUARD_SIGNING_SERVER_SUPPROT)"=="1"
+FitTableBin : $(BUILD_DIR)\FitTable.ffs $(BUILD_DIR)\BootGuardBpmBinary.ffs $(BUILD_DIR)\BootGuardKmBinary.ffs $(BUILD_DIR)\BootGuardAcmBinary.ffs $(BUILD_DIR)\ReserveBootGuardFvMainHashKey.ffs $(BUILD_DIR)\ReserveBootGuardSigningServer.ffs
+!ELSE
+FitTableBin : $(BUILD_DIR)\FitTable.ffs $(BUILD_DIR)\BootGuardBpmBinary.ffs $(BUILD_DIR)\BootGuardKmBinary.ffs $(BUILD_DIR)\BootGuardAcmBinary.ffs $(BUILD_DIR)\ReserveBootGuardFvMainHashKey.ffs
+!ENDIF
+!ELSE
+FitTableBin : $(BUILD_DIR)\FitTable.ffs
+!ENDIF
+
+$(BUILD_DIR)\FitTable.bin : $(FIT_DIR)\FitTable.asm $(BUILD_DIR)\Fit.mak
+ $(MAKE) /$(MAKEFLAGS)\
+ /f $(BUILD_DIR)\Fit.mak bin\
+ OBJECTS=$(BUILD_DIR)\$(FIT_DIR)\FitTable.obj\
+ NAME=FitTable\
+ MAKEFILE=$(BUILD_DIR)\Fit.mak \
+ TYPE=BINARY
+
+$(BUILD_DIR)\FitTable.ffs : $(BUILD_DIR)\FitTable.bin
+ $(MAKE) /f Core\FFS.mak \
+ BUILD_DIR=$(BUILD_DIR) \
+ GUID=B52282EE-9B66-44B9-B1CF-7E5040F787C1\
+ TYPE=EFI_FV_FILETYPE_RAW \
+ FFS_ALIGNMENT=1 FFS_CHECKSUM=0\
+ RAWFILE=$(BUILD_DIR)\FitTable.bin FFSFILE=$(BUILD_DIR)\FitTable.ffs COMPRESS=0 NAME=FitTable
+
+$(BUILD_DIR)\$(BootGuardBpmBinary) :
+ copy $(FIT_DIR)\$(BootGuardBpmBinary) $(BUILD_DIR)\$(BootGuardBpmBinary) $(SILENT_OUT)
+
+$(BUILD_DIR)\BootGuardBpmBinary.ffs : $(BUILD_DIR)\$(BootGuardBpmBinary)
+ $(MAKE) /f Core\FFS.mak \
+ BUILD_DIR=$(BUILD_DIR) \
+ GUID=C30FFF4A-10C6-4C0F-A454-FD319BAF6CE6\
+ TYPE=EFI_FV_FILETYPE_RAW \
+ FFS_ALIGNMENT=1 FFS_CHECKSUM=0\
+ RAWFILE=$(BUILD_DIR)\$(BootGuardBpmBinary) FFSFILE=$(BUILD_DIR)\BootGuardBpmBinary.ffs COMPRESS=0 NAME=BootGuardBpmBinary
+
+$(BUILD_DIR)\$(BootGuardKmBinary) :
+ copy $(FIT_DIR)\$(BootGuardKmBinary) $(BUILD_DIR)\$(BootGuardKmBinary) $(SILENT_OUT)
+
+$(BUILD_DIR)\BootGuardKmBinary.ffs : $(BUILD_DIR)\$(BootGuardKmBinary)
+ $(MAKE) /f Core\FFS.mak \
+ BUILD_DIR=$(BUILD_DIR) \
+ GUID=7C9A98F8-2B2B-4027-8F16-F7D277D58025\
+ TYPE=EFI_FV_FILETYPE_RAW \
+ FFS_ALIGNMENT=1 FFS_CHECKSUM=0\
+ RAWFILE=$(BUILD_DIR)\$(BootGuardKmBinary) FFSFILE=$(BUILD_DIR)\BootGuardKmBinary.ffs COMPRESS=0 NAME=BootGuardKmBinary
+
+$(BUILD_DIR)\$(BootGuardAcmBinary) :
+ copy $(FIT_DIR)\$(BootGuardAcmBinary) $(BUILD_DIR)\$(BootGuardAcmBinary) $(SILENT_OUT)
+
+$(BUILD_DIR)\BootGuardAcmBinary.ffs : $(BUILD_DIR)\$(BootGuardAcmBinary)
+ $(MAKE) /f Core\FFS.mak \
+ BUILD_DIR=$(BUILD_DIR) \
+ GUID=6520F532-2A27-4195-B331-C0854683E0BA\
+ TYPE=EFI_FV_FILETYPE_RAW \
+ FFS_ALIGNMENT=7 FFS_CHECKSUM=1\
+ RAWFILE=$(BUILD_DIR)\$(BootGuardAcmBinary) FFSFILE=$(BUILD_DIR)\BootGuardAcmBinary.ffs COMPRESS=0 NAME=BootGuardAcmBinary
+
+RESERVE_BOOT_GUARD_FV_MAIN_HASH_KEY_FFS_FILE_RAW_GUID = CBC91F44-A4BC-4a5b-8696-703451D0B053
+
+$(BUILD_DIR)\ReserveBootGuardFvMainHashKey.ffs : $(FIT_DIR)\ReserveBootGuardFvMainHashKey.bin
+ $(MAKE) /f Core\FFS.mak \
+ BUILD_DIR=$(BUILD_DIR) \
+ GUID=$(RESERVE_BOOT_GUARD_FV_MAIN_HASH_KEY_FFS_FILE_RAW_GUID)\
+ TYPE=EFI_FV_FILETYPE_FREEFORM \
+ FFS_ALIGNMENT=1 FFS_CHECKSUM=0\
+ BINFILE=$** FFSFILE=$@ COMPRESS=0 NAME=ReserveBootGuardFvMainHashKey
+
+RESERVE_BOOT_GUARD_SIGNING_SERVER_FFS_FILE_RAW_GUID = 1068E0ED-5C8E-4724-B011-2C5F95065DF2
+
+$(BUILD_DIR)\ReserveBootGuardSigningServer.ffs : $(FIT_DIR)\ReserveBootGuardSigningServer.bin
+ $(MAKE) /f Core\FFS.mak \
+ BUILD_DIR=$(BUILD_DIR) \
+ GUID=$(RESERVE_BOOT_GUARD_SIGNING_SERVER_FFS_FILE_RAW_GUID)\
+ TYPE=EFI_FV_FILETYPE_FREEFORM \
+ FFS_ALIGNMENT=1 FFS_CHECKSUM=0\
+ BINFILE=$** FFSFILE=$@ COMPRESS=0 NAME=ReserveBootGuardSigningServer
+
+AFTER_FV:
+FV_DATA_DESCRIPTOR=FV(\
+ name=FV_DATA, address=$(FV_DATA_BASE),\
+ offset=$(FV_DATA_BASE)-$(FLASH_BASE),\
+ size=$(FV_DATA_SIZE), file_list=$(FV_DATA),\
+ attr=$(FV_DATA_ATTR),\
+)
+
+FIT_UCODE_FIXUP:
+!IF "$(INTEL_BOOT_GUARD_SUPPORT)"=="1"
+ if not exist $(BOOT_GUARD_BPM_PRIVATE_KEY_FILENAME) $(FIT_DIR)\keygen.exe $(BOOT_GUARD_BPM_PRIVATE_KEY_FILENAME) $(BOOT_GUARD_BPM_PUBLIC_KEY_FILENAME) $(BOOT_GUARD_PBULIC_KEY_EXPONENT)
+ if not exist $(BOOT_GUARD_KM_PRIVATE_KEY_FILENAME) $(FIT_DIR)\keygen.exe $(BOOT_GUARD_KM_PRIVATE_KEY_FILENAME) $(BOOT_GUARD_KM_PUBLIC_KEY_FILENAME) $(BOOT_GUARD_PBULIC_KEY_EXPONENT)
+ if exist $(BOOT_GUARD_BPM_PUBLIC_KEY_FILENAME) del $(BOOT_GUARD_BPM_PUBLIC_KEY_FILENAME)
+ if exist $(BOOT_GUARD_KM_PUBLIC_KEY_FILENAME) del $(BOOT_GUARD_KM_PUBLIC_KEY_FILENAME)
+!ENDIF
+ $(FIT_DIR)\FITUtil.exe $(AMI_ROM) $(FITEntryPointToOtherFVBBRomAddress)
+!IF "$(INTEL_BOOT_GUARD_SUPPORT)"=="1"
+
+!IF "$(INTEL_BOOT_GUARD_CHAIN_OF_TRUST_SUPPORT)"=="1"
+ $(FIT_DIR)\BpmKmGen.exe -PFVMAIN $(AMI_ROM) $(FIT_DIR) $(BIOS_STARTING_ADDRESS) $(DXE_SEGMENT_BASE) $(DXE_SEGMENT_SIZE)
+!ENDIF
+
+!IF "$(INTEL_BOOT_GUARD_SIGNING_SERVER_SUPPROT)"=="1"
+ $(FIT_DIR)\BpmKmGen.exe -SDATA $(AMI_ROM) $(BootGuardTokens)
+ $(FIT_DIR)\BpmKmGen.exe -SBPMKM $(AMI_ROM) $(FIT_DIR) $(BOOT_GUARD_BPM_PRIVATE_KEY_FILENAME) $(BOOT_GUARD_KM_PRIVATE_KEY_FILENAME)
+!ELSE
+ $(FIT_DIR)\BpmKmGen.exe -PBPMKM $(AMI_ROM) $(FIT_DIR) $(BOOT_GUARD_BPM_PRIVATE_KEY_FILENAME) $(BOOT_GUARD_KM_PRIVATE_KEY_FILENAME) $(BootGuardTokens)
+!ENDIF
+
+!ENDIF
+
+AFTER_ROM: FIT_UCODE_FIXUP
+
+#*************************************************************************
+#*************************************************************************
+#** **
+#** (C)Copyright 1987-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30071 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#*************************************************************************
+#*************************************************************************
diff --git a/Board/EM/FIT/Fit.sdl b/Board/EM/FIT/Fit.sdl
new file mode 100644
index 0000000..7b5c226
--- /dev/null
+++ b/Board/EM/FIT/Fit.sdl
@@ -0,0 +1,390 @@
+TOKEN
+ Name = "INTEL_FIT_SUPPORT"
+ Value = "1"
+ Help = "Main switch to enable Intel FIT in Project"
+ TokenType = Boolean
+ TargetEQU = Yes
+ TargetMAK = Yes
+ TargetH = Yes
+ Master = Yes
+End
+
+TOKEN
+ Name = "INTEL_BOOT_GUARD_SUPPORT"
+ Value = "1"
+ Help = "Main switch to enable Intel Boot Guard in Project"
+ TokenType = Boolean
+ TargetEQU = Yes
+ TargetMAK = Yes
+ TargetH = Yes
+ Token = "ULT_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "INTEL_BOOT_GUARD_CHAIN_OF_TRUST_SUPPORT"
+ Value = "1"
+ Help = "Main switch to enable Intel Boot Guard Chain of Trust in Project"
+ TokenType = Boolean
+ TargetEQU = Yes
+ TargetMAK = Yes
+ TargetH = Yes
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "INTEL_BOOT_GUARD_SIGNING_SERVER_SUPPROT"
+ Value = "1"
+ TokenType = Integer
+ TargetEQU = Yes
+ TargetMAK = Yes
+ TargetH = Yes
+End
+
+TOKEN
+ Name = "INTEL_FIT_TABLE_ADDRESS"
+ Help = "The address must be 0xFFFFFFFF. It will be updated by the FITUtil.exe"
+ Value = "0xFFFFFFFF"
+ TokenType = Integer
+ TargetEQU = Yes
+ TargetMAK = Yes
+ TargetH = Yes
+End
+
+ELINK
+ Name = "FV_DATA"
+ InvokeOrder = ReplaceParent
+End
+
+ELINK
+ Name = "$(FV_DATA_DESCRIPTOR)"
+ Parent = "ROM_IMAGE"
+ InvokeOrder = AfterParent
+End
+
+ELINK
+ Name = "$(BUILD_DIR)\FitTable.ffs"
+ Parent = "FV_DATA"
+ InvokeOrder = AfterParent
+End
+
+ELINK
+ Name = "$(BUILD_DIR)\BootGuardBpmBinary.ffs"
+ Parent = "FV_DATA"
+ InvokeOrder = AfterParent
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "BootGuardBpmBinary"
+ Value = "ReserveBpmTable.bin"
+ TokenType = File
+ TargetMAK = Yes
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+ELINK
+ Name = "$(BUILD_DIR)\BootGuardKmBinary.ffs"
+ Parent = "FV_DATA"
+ InvokeOrder = AfterParent
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "BootGuardKmBinary"
+ Value = "ReserveKmTable.bin"
+ TokenType = File
+ TargetMAK = Yes
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+ELINK
+ Name = "$(BUILD_DIR)\BootGuardAcmBinary.ffs"
+ Parent = "FV_DATA"
+ InvokeOrder = AfterParent
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "BOOT_GUARD_ACM"
+ Value = "2"
+ Help = "MUST use the correct ACM binary for the matching CPUs, else platform will not behave as expected. Pre-ES and ES CPU set the token to 0, Pre-QS and QS CPU set the token to 1 and PV ME FW set the token to 2"
+ TokenType = Integer
+ TargetEQU = Yes
+ TargetMAK = Yes
+ TargetH = Yes
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "BootGuardAcmBinary"
+ Value = "Boot_Guard_ACM_Rev1_1_PC_ES.bin"
+ Help = "The ACM is for Pre-ES and ES CPU samples ONLY!"
+ TokenType = File
+ TargetMAK = Yes
+ Token = "BOOT_GUARD_ACM" "=" "0"
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "BootGuardAcmBinary"
+ Value = "Boot_Guard_ACM_Rev1_2_PC_QS.bin"
+ Help = "The ACM is for Pre-QS and QS or newer CPU samples ONLY! NOTE: PC_QS is only for development platform."
+ TokenType = File
+ TargetMAK = Yes
+ Token = "BOOT_GUARD_ACM" "=" "1"
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "BootGuardAcmBinary"
+ Value = "Boot_Guard_ACM_Rev1_2_PV_QS.bin"
+ Help = "PV Image should be used with PV ME FW. The ACM is for Pre-QS and QS or newer CPU samples ONLY!"
+ TokenType = File
+ TargetMAK = Yes
+ Token = "BOOT_GUARD_ACM" "=" "2"
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "ACMSVN"
+ Value = "0"
+ Help = "ACMSVN:0 for ES binaries"
+ TokenType = File
+ TargetMAK = Yes
+ TargetH = Yes
+ Token = "BOOT_GUARD_ACM" "=" "0"
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "ACMSVN"
+ Value = "0"
+ Help = "ACMSVN:0 for PC_QS binaries"
+ TokenType = File
+ TargetMAK = Yes
+ TargetH = Yes
+ Token = "BOOT_GUARD_ACM" "=" "1"
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "ACMSVN"
+ Value = "3"
+ Help = "ACMSVN:3 for PV_QS binary"
+ TokenType = File
+ TargetMAK = Yes
+ TargetH = Yes
+ Token = "BOOT_GUARD_ACM" "=" "2"
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "BOOT_GUARD_BPM_PRIVATE_KEY_FILENAME"
+ Value = "$(FIT_DIR)\BpmPrivate.key"
+ TokenType = File
+ TargetMAK = Yes
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "BOOT_GUARD_BPM_PUBLIC_KEY_FILENAME"
+ Value = "$(FIT_DIR)\BpmPublic.key"
+ TokenType = File
+ TargetMAK = Yes
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "BOOT_GUARD_KM_PRIVATE_KEY_FILENAME"
+ Value = "$(FIT_DIR)\KmPrivate.key"
+ TokenType = File
+ TargetMAK = Yes
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "BOOT_GUARD_KM_PUBLIC_KEY_FILENAME"
+ Value = "$(FIT_DIR)\KmPublic.key"
+ TokenType = File
+ TargetMAK = Yes
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "BOOT_GUARD_PBULIC_KEY_EXPONENT"
+ Help = "The token for the KeyGen.exe"
+ Value = "0x10001"
+ TokenType = Integer
+ TargetEQU = Yes
+ TargetMAK = Yes
+ TargetH = Yes
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "BPM_IBB_MCHBAR"
+ Help = "BpmKmGen.exe only support the decimal value"
+ Value = "$(NB_MCH_BASE_ADDRESS) + 0"
+ TokenType = Integer
+ TargetEQU = Yes
+ TargetMAK = Yes
+ TargetH = Yes
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "BPM_VTD_BAR"
+ Help = "BpmKmGen.exe only support the decimal value"
+ Value = "$(NB_VTD_BASE_ADDRESS) + 0"
+ TokenType = Integer
+ TargetEQU = Yes
+ TargetMAK = Yes
+ TargetH = Yes
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "IS_FV_DATA_ALIGNMENT64K"
+ Help = "BpmKmGen.exe only support the decimal value"
+ Value = "($(FV_DATA_BASE)&0x0000FFFF)"
+ TokenType = Integer
+ TargetEQU = Yes
+ TargetMAK = Yes
+ TargetH = Yes
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "BPM_IBB_SEGMENT_BASE"
+ Help = "BpmKmGen.exe only support the decimal value"
+ Value = "$(FV_BB_BASE) + 0"
+ TokenType = Integer
+ TargetEQU = Yes
+ TargetMAK = Yes
+ TargetH = Yes
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "BPM_IBB_SEGMENT_SIZE"
+ Help = "BpmKmGen.exe only support the decimal value"
+ Value = "$(FV_BB_BLOCKS) * $(FLASH_BLOCK_SIZE)"
+ TokenType = Integer
+ TargetEQU = Yes
+ TargetMAK = Yes
+ TargetH = Yes
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "KM_KEY_MANIFEST_ID"
+ Help = "BpmKmGen.exe only support the decimal value, and this field must match the Key Manifest ID of Secure boot of FITC."
+ Value = "1"
+ TokenType = Integer
+ TargetEQU = Yes
+ TargetMAK = Yes
+ TargetH = Yes
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "DXE_SEGMENT_BASE"
+ Help = "BpmKmGen.exe only support the decimal value"
+ Value = "$(FV_MAIN_BASE) + 0"
+ TokenType = Integer
+ TargetEQU = Yes
+ TargetMAK = Yes
+ TargetH = Yes
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "DXE_SEGMENT_SIZE"
+ Help = "BpmKmGen.exe only support the decimal value"
+ Value = "$(FV_MAIN_BLOCKS) * $(FLASH_BLOCK_SIZE)"
+ TokenType = Integer
+ TargetEQU = Yes
+ TargetMAK = Yes
+ TargetH = Yes
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "BIOS_STARTING_ADDRESS"
+ Help = "Support the decimal value"
+ Value = "0xFFFFFFFF - $(FLASH_SIZE) + 1"
+ TokenType = Integer
+ TargetEQU = Yes
+ TargetMAK = Yes
+ TargetH = Yes
+End
+
+TOKEN
+ Name = "FITEntryPointToOtherFVBBRomAddress"
+ Help = "FitUtil.exe only support the decimal value. If you don't have other FV_BB, please set the OtherFVBBRomAddress to 0."
+ Value = "0"
+ TokenType = Integer
+ TargetEQU = Yes
+ TargetMAK = Yes
+ TargetH = Yes
+End
+
+TOKEN
+ Name = "FITEntryPointToOtherFVBBRomAddress"
+ Help = "FitUtil.exe only support the decimal value. If you don't have other FV_BB, please set the OtherFVBBRomAddress to 0."
+ Value = "$(FT_FV_BB_BASE) + $(FV_BB_BLOCKS) * $(FLASH_BLOCK_SIZE) - $(BIOS_STARTING_ADDRESS) - 0x40"
+ TokenType = Integer
+ TargetEQU = Yes
+ TargetMAK = Yes
+ TargetH = Yes
+ Token = "FAULT_TOLERANT_BOOTBLOCK_UPDATE" "=" "1"
+End
+
+
+TOKEN
+ Name = "FV_DATA_ATTR"
+ Help = "The token is attribution of FV_DATA"
+ Value = ""
+ TokenType = File
+ TargetMAK = Yes
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "BootGuardTokens"
+ Value = "$(BPM_IBB_MCHBAR) $(BPM_VTD_BAR) $(BPM_IBB_SEGMENT_BASE) $(BPM_IBB_SEGMENT_SIZE) $(BIOS_STARTING_ADDRESS) $(KM_KEY_MANIFEST_ID) $(ACMSVN)"
+ Help = "Support the decimal value"
+ TokenType = Expression
+ TargetMAK = Yes
+End
+
+ELINK
+ Name = "$(BUILD_DIR)\ReserveBootGuardSigningServer.ffs"
+ Parent = "FV_DATA"
+ InvokeOrder = AfterParent
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+ Token = "INTEL_BOOT_GUARD_SIGNING_SERVER_SUPPROT" "=" "1"
+End
+
+ELINK
+ Name = "$(BUILD_DIR)\ReserveBootGuardFvMainHashKey.ffs"
+ Parent = "FV_BB"
+ InvokeOrder = AfterParent
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+PATH
+ Name = "FIT_DIR"
+End
+
+MODULE
+ Help = "Includes Fit.mak to Project"
+ File = "Fit.mak"
+End
+
+ELINK
+ Name = "/D BOOT_GUARD_SUPPORT_FLAG=1"
+ Parent = "GLOBAL_DEFINES"
+ InvokeOrder = AfterParent
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
diff --git a/Board/EM/FIT/FitTable.asm b/Board/EM/FIT/FitTable.asm
new file mode 100644
index 0000000..ca45f86
--- /dev/null
+++ b/Board/EM/FIT/FitTable.asm
@@ -0,0 +1,66 @@
+include token.equ
+
+FitEntry Struct
+ TblAddress DQ 0
+ TblSIZE DD 0 ;only 3 bytes valid,
+ TblVer DW 0
+ TblType DB 0
+ TblChkSum DB 0
+FitEntry ENDS
+
+
+ifndef EFIx64
+.model small
+endif
+
+.data
+ Type0Entry FitEntry <' _TIF_', 0, 100h, 00h, 0> ; FIT type 0x00 - FIT Header Entry
+ Type1Entry FitEntry <0FFFFFFFFh, 0, 100h, 01h, 0> ; FIT type 0x01 - Microcode Update Entry
+IFDEF MKF_INTEL_BOOT_GUARD_SUPPORT
+IF MKF_INTEL_BOOT_GUARD_SUPPORT
+ Type2Entry FitEntry <0FFFFFFFFh, 0, 100h, 02h, 0> ; FIT type 0x02 - Anc ACM location
+ TypebEntry FitEntry <0FFFFFFFFh, 241h, 100h, 0Bh, 0> ; FIT Type 0x0B - Key Manifest
+ TypecEntry FitEntry <0FFFFFFFFh, 2BBh, 100h, 0Ch, 0> ; FIT type 0x0C - Boot Policy Manifest
+ENDIF
+ENDIF
+
+ ; Reserve
+ DQ 0FFFFFFFFFFFFFFFFh
+ DQ 0FFFFFFFFFFFFFFFFh
+
+ ; Reserve
+ DQ 0FFFFFFFFFFFFFFFFh
+ DQ 0FFFFFFFFFFFFFFFFh
+
+ ; Reserve
+ DQ 0FFFFFFFFFFFFFFFFh
+ DQ 0FFFFFFFFFFFFFFFFh
+
+ ; Reserve
+ DQ 0FFFFFFFFFFFFFFFFh
+ DQ 0FFFFFFFFFFFFFFFFh
+
+ ; Reserve
+ DQ 0FFFFFFFFFFFFFFFFh
+ DQ 0FFFFFFFFFFFFFFFFh
+
+ ; Reserve
+ DQ 0FFFFFFFFFFFFFFFFh
+ DQ 0FFFFFFFFFFFFFFFFh
+
+ ; Reserve
+ DQ 0FFFFFFFFFFFFFFFFh
+ DQ 0FFFFFFFFFFFFFFFFh
+
+ ; Reserve
+ DQ 0FFFFFFFFFFFFFFFFh
+ DQ 0FFFFFFFFFFFFFFFFh
+
+ ; Reserve
+ DQ 0FFFFFFFFFFFFFFFFh
+ DQ 0FFFFFFFFFFFFFFFFh
+
+ ; Reserve
+ DQ 0FFFFFFFFFFFFFFFFh
+ DQ 0FFFFFFFFFFFFFFFFh
+END
diff --git a/Board/EM/FIT/Pei/BootGuardPei.c b/Board/EM/FIT/Pei/BootGuardPei.c
new file mode 100644
index 0000000..1421634
--- /dev/null
+++ b/Board/EM/FIT/Pei/BootGuardPei.c
@@ -0,0 +1,285 @@
+//*************************************************************************
+//*************************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//*************************************************************************
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.c 2 3/07/13 5:43a Bensonlai $
+//
+// $Revision: 2 $
+//
+// $Date: 3/07/13 5:43a $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.c $
+//
+// 2 3/07/13 5:43a Bensonlai
+// [TAG] EIP117307
+// [Category] Improvement
+// [Description] [Boot Guard] Implementation of speed up the post time
+// for Chain of Trust
+// [Files] BootGuardDxe.h, BootGuardPei.c, BootGuardPei.h,
+// BpmKmGen.exe, ReserveBootGuardFvMainHashKey.bin
+//
+// 1 2/25/13 1:15a Bensonlai
+// [TAG] EIP114386
+// [Category] Spec Update
+// [Severity] Important
+// [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard
+// for 4th Gen Intel Core Processor based on Mobile U-Processor Line -
+// BIOS Writer's Guide - Rev 0.8.1
+// [Files] BootGuardPei.cif
+// BootGuardPei.c
+// BootGuardPei.h
+// BootGuardPei.dxs
+// BootGuardPei.sdl
+// BootGuardPei.mak
+// PeiCryptLib.lib
+// OpensslLib.lib
+//
+//*************************************************************************
+//<AMI_FHDR_START>
+//
+// Name: BootGuardPei.c
+//
+// Description: Chain of trust for Pei
+//
+//<AMI_FHDR_END>
+//*************************************************************************
+
+#include "BootGuardPei.h"
+
+EFI_GUID ReserveBootGuardFvMainHashKeyGuid = RESERVE_BOOT_GUARD_FV_MAIN_HASH_KEY_FFS_FILE_RAW_GUID;
+
+STATIC EFI_PEI_NOTIFY_DESCRIPTOR BootGuardVerificationForPeiToDxeHandoffEndOfPeiNotifyDesc = {
+ (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
+ &gEndOfPeiSignalPpiGuid,
+ BootGuardVerificationForPeiToDxeHandoffEndOfPei
+};
+
+//**********************************************************************
+//<AMI_PHDR_START>
+//
+// Procedure: LocateBootGuardFvMainHashKey
+//
+// Description: Loads binary from RAW section of X firwmare volume
+//
+//
+// Output: Buffer - returns a pointer to allocated memory. Caller
+// must free it when done.
+// Size - returns the size of the binary loaded into the
+// buffer.
+//
+//<AMI_PHDR_END>
+//**********************************************************************
+EFI_STATUS
+LocateBootGuardFvMainHashKey (
+ IN EFI_PEI_SERVICES **PpSv,
+ IN OUT VOID **Buffer
+)
+{
+ EFI_STATUS Status;
+ EFI_FIRMWARE_VOLUME_HEADER *pFV;
+ UINTN FvNum=0;
+ EFI_FFS_FILE_HEADER *ppFile=NULL;
+ BOOLEAN Found = FALSE;
+
+ Status = (*PpSv)->FfsFindNextVolume (PpSv, FvNum, &pFV);
+
+ while ( TRUE ) {
+ Status = (*PpSv)->FfsFindNextVolume( PpSv, FvNum, &pFV );
+ if ( EFI_ERROR( Status ) ) {
+ return Status;
+ }
+
+ ppFile = NULL;
+
+ while ( TRUE ) {
+ Status = (*PpSv)->FfsFindNextFile( PpSv,
+ EFI_FV_FILETYPE_FREEFORM,
+ pFV,
+ &ppFile );
+
+ if ( Status == EFI_NOT_FOUND ) {
+ break;
+ }
+
+ if (CompareGuid( &ppFile->Name, &ReserveBootGuardFvMainHashKeyGuid )) {
+ Found = TRUE;
+ break;
+ }
+ }
+
+ if ( Found ) {
+ break;
+ } else {
+ FvNum++;
+ }
+ }
+
+ Status = (*PpSv)->FfsFindSectionData( PpSv,
+ EFI_SECTION_RAW,
+ ppFile,
+ Buffer );
+
+ if ( EFI_ERROR( Status ) ) {
+ return EFI_NOT_FOUND;
+ }
+
+ return Status;
+}
+
+//**********************************************************************
+//<AMI_PHDR_START>
+//
+// Procedure: BootGuardVerificationForPeiToDxeHandoffEndOfPei
+//
+// Description: BootGuardVerificationForPeiToDxeHandoffEndOfPei at end of Pei
+// handler.
+//
+// Output: PeiServices - Pointer to PEI Services Table.
+// NotifyDesc - Pointer to the descriptor for the Notification
+// event that caused this function to execute.
+// Ppi - Pointer to the PPI data associated with
+// this function.
+//
+//<AMI_PHDR_END>
+//**********************************************************************
+STATIC
+EFI_STATUS
+BootGuardVerificationForPeiToDxeHandoffEndOfPei (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
+ IN VOID *Ppi
+)
+{
+ EFI_STATUS Status;
+ UINTN BootGuardHashDataSize = 0, i;
+ UINT8 CurrentBootGuardFvMainHash256Val[32];
+ VOID *BootGuardSha256Context;
+ UINT8 *BootGuardOrgFvMainHash256;
+ AMI_BOOT_GUARD_HOB *AmiBootGuardHobPtr;
+ EFI_GUID AmiBootGuardHobGuid = AMI_BOOT_GUARD_HOB_GUID;
+ EFI_BOOT_MODE BootMode;
+ RESERVE_BOOT_GUARD_FV_MAIN_HASH_KEY *ReserveBootGuardFvMainHashKey;
+
+ Status = PeiServicesGetBootMode (&BootMode);
+ if ( EFI_ERROR( Status ) ) {
+ DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] Get Boot Mode is fail\n"));
+ return Status;
+ }
+
+ if ( BootMode == BOOT_IN_RECOVERY_MODE ) {
+ DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] In the BOOT_IN_RECOVERY_MODE\n"));
+ return Status;
+ }
+
+ if ( BootMode == BOOT_ON_S3_RESUME ) {
+ DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] In the BOOT_ON_S3_RESUME\n"));
+ return Status;
+ }
+
+ Status = (*PeiServices)->CreateHob (PeiServices, EFI_HOB_TYPE_GUID_EXTENSION, sizeof (AMI_BOOT_GUARD_HOB), (VOID **) &AmiBootGuardHobPtr);
+ if ( EFI_ERROR( Status ) ) {
+ DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] CreateHob is fail for AmiBootGuardHobPtr\n"));
+ return Status;
+ }
+
+ AmiBootGuardHobPtr->EfiHobGuidType.Name = AmiBootGuardHobGuid;
+ AmiBootGuardHobPtr->AmiBootGuardVerificationforPEItoDXEFlag = 0;
+ BootGuardHashDataSize = Sha256GetContextSize ();
+ Status = ((*PeiServices)->AllocatePool) (PeiServices, BootGuardHashDataSize, &BootGuardSha256Context);
+ if ( EFI_ERROR( Status ) ) {
+ DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] AllocatePool is fail for BootGuardSha256Context\n"));
+ return Status;
+ }
+
+ BootGuardOrgFvMainHash256 = AllocateZeroPool (32);
+ if (BootGuardOrgFvMainHash256 == NULL) {
+ DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] AllocateZeroPool is fail for BootGuardOrgFvMainHash256\n"));
+ return Status;
+ }
+
+ Status = LocateBootGuardFvMainHashKey(PeiServices , &BootGuardOrgFvMainHash256);
+ if ( EFI_ERROR( Status ) ) {
+ DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] LocateBootGuardFvMainHashKey is fail\n"));
+ return Status;
+ }
+
+ ReserveBootGuardFvMainHashKey = (RESERVE_BOOT_GUARD_FV_MAIN_HASH_KEY*)BootGuardOrgFvMainHash256;
+
+ for ( i = 0; i < sizeof(ReserveBootGuardFvMainHashKey->BootGuardFvMainHashKey); i++ ) {
+ DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] BootGuardOrgFvMainHash256[%x]= %x.\n", i, ReserveBootGuardFvMainHashKey->BootGuardFvMainHashKey[i]));
+ }
+ DEBUG ((EFI_D_ERROR, "\n[BootGuardPei.c] BootGuardFvMainUsedLength= %x.\n", ReserveBootGuardFvMainHashKey->BootGuardFvMainUsedLength));
+
+ Sha256Init (BootGuardSha256Context);
+ Sha256Update (BootGuardSha256Context, (UINT8 *)(DXE_SEGMENT_BASE), (UINTN)ReserveBootGuardFvMainHashKey->BootGuardFvMainUsedLength);
+ Sha256Final (BootGuardSha256Context, CurrentBootGuardFvMainHash256Val);
+
+ for ( i = 0; i < sizeof (CurrentBootGuardFvMainHash256Val); i++ ) {
+ DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] CurrentBootGuardFvMainHash256Val[%x]= %x.\n", i, CurrentBootGuardFvMainHash256Val[i]));
+ }
+
+ if ( !CompareMem(BootGuardOrgFvMainHash256, CurrentBootGuardFvMainHash256Val, 32) ) {
+ AmiBootGuardHobPtr->AmiBootGuardVerificationforPEItoDXEFlag = 1;
+ } else {
+ AmiBootGuardHobPtr->AmiBootGuardVerificationforPEItoDXEFlag = 0;
+ }
+
+ DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] AmiBootGuardHobPtr->AmiBootGuardVerificationforPEItoDXEFlag= %x.\n", AmiBootGuardHobPtr->AmiBootGuardVerificationforPEItoDXEFlag));
+
+ return Status;
+}
+
+EFI_STATUS
+BootGuardPeiEntryPoint (
+ IN EFI_FFS_FILE_HEADER *FfsHeader,
+ IN EFI_PEI_SERVICES **PeiServices
+)
+{
+ EFI_STATUS Status;
+ PCH_SERIES PchSeries = GetPchSeries();
+
+ if ( PchSeries != PchLp ) {
+ return EFI_SUCCESS;
+ }
+
+ if ( IsBootGuardSupported() == FALSE ) {
+ return EFI_SUCCESS;
+ }
+
+ if ( (UINT32)AsmReadMsr64 (MSR_BOOT_GUARD_SACM_INFO) == 0 ) {
+ DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] Boot Guard is disabled by Anchor Cove Profile Configuration in the Intel Fitc\n"));
+ return EFI_SUCCESS;
+ }
+
+ Status = PeiServicesNotifyPpi (&BootGuardVerificationForPeiToDxeHandoffEndOfPeiNotifyDesc);
+ if ( EFI_ERROR( Status ) ) {
+ return Status;
+ }
+
+ return Status;
+}
+
+//*************************************************************************
+//*************************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//*************************************************************************
+//*************************************************************************
diff --git a/Board/EM/FIT/Pei/BootGuardPei.cif b/Board/EM/FIT/Pei/BootGuardPei.cif
new file mode 100644
index 0000000..afb57a5
--- /dev/null
+++ b/Board/EM/FIT/Pei/BootGuardPei.cif
@@ -0,0 +1,14 @@
+<component>
+ name = "BootGuardPei"
+ category = ModulePart
+ LocalRoot = "Board\EM\FIT\Pei"
+ RefName = "BootGuardPei"
+[files]
+"BootGuardPei.c"
+"BootGuardPei.h"
+"BootGuardPei.dxs"
+"BootGuardPei.sdl"
+"BootGuardPei.mak"
+"PeiCryptLib.lib"
+"OpensslLib.lib"
+<endComponent>
diff --git a/Board/EM/FIT/Pei/BootGuardPei.dxs b/Board/EM/FIT/Pei/BootGuardPei.dxs
new file mode 100644
index 0000000..920a857
--- /dev/null
+++ b/Board/EM/FIT/Pei/BootGuardPei.dxs
@@ -0,0 +1,76 @@
+//*************************************************************************
+//*************************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//*************************************************************************
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.dxs 1 2/25/13 1:15a Bensonlai $
+//
+// $Revision: 1 $
+//
+// $Date: 2/25/13 1:15a $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.dxs $
+//
+// 1 2/25/13 1:15a Bensonlai
+// [TAG] EIP114386
+// [Category] Spec Update
+// [Severity] Important
+// [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard
+// for 4th Gen Intel Core Processor based on Mobile U-Processor Line -
+// BIOS Writer's Guide - Rev 0.8.1
+// [Files] BootGuardPei.cif
+// BootGuardPei.c
+// BootGuardPei.h
+// BootGuardPei.dxs
+// BootGuardPei.sdl
+// BootGuardPei.mak
+// PeiCryptLib.lib
+// OpensslLib.lib
+//
+//*************************************************************************
+//<AMI_FHDR_START>
+//
+// Name: BootGuardPei.dxs
+//
+// Description: BootGuardPei dependency file
+//
+//<AMI_FHDR_END>
+//*************************************************************************
+
+#include "AutoGen.h"
+#include "PeimDepex.h"
+#if defined (BUILD_WITH_GLUELIB) || defined (BUILD_WITH_EDKII_GLUE_LIB)
+#include "EfiDepex.h"
+#include EFI_PPI_DEPENDENCY (Variable)
+
+#include EFI_PPI_DEPENDENCY (PchPeiInitDone)
+#endif
+
+DEPENDENCY_START
+ PEI_READ_ONLY_VARIABLE_ACCESS_PPI_GUID AND
+ PCH_PEI_INIT_DONE_PPI_GUID
+DEPENDENCY_END
+
+//*************************************************************************
+//*************************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//*************************************************************************
+//*************************************************************************
diff --git a/Board/EM/FIT/Pei/BootGuardPei.h b/Board/EM/FIT/Pei/BootGuardPei.h
new file mode 100644
index 0000000..ca604d6
--- /dev/null
+++ b/Board/EM/FIT/Pei/BootGuardPei.h
@@ -0,0 +1,182 @@
+//*************************************************************************
+//*************************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//*************************************************************************
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.h 2 3/07/13 5:43a Bensonlai $
+//
+// $Revision: 2 $
+//
+// $Date: 3/07/13 5:43a $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.h $
+//
+// 2 3/07/13 5:43a Bensonlai
+// [TAG] EIP117307
+// [Category] Improvement
+// [Description] [Boot Guard] Implementation of speed up the post time
+// for Chain of Trust
+// [Files] BootGuardDxe.h, BootGuardPei.c, BootGuardPei.h,
+// BpmKmGen.exe, ReserveBootGuardFvMainHashKey.bin
+//
+// 1 2/25/13 1:15a Bensonlai
+// [TAG] EIP114386
+// [Category] Spec Update
+// [Severity] Important
+// [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard
+// for 4th Gen Intel Core Processor based on Mobile U-Processor Line -
+// BIOS Writer's Guide - Rev 0.8.1
+// [Files] BootGuardPei.cif
+// BootGuardPei.c
+// BootGuardPei.h
+// BootGuardPei.dxs
+// BootGuardPei.sdl
+// BootGuardPei.mak
+// PeiCryptLib.lib
+// OpensslLib.lib
+//
+//*************************************************************************
+//<AMI_FHDR_START>
+//
+// Name: BootGuardPei.h
+//
+// Description: Header file for BootGuardPei
+//
+//<AMI_FHDR_END>
+//*************************************************************************
+
+#ifndef _BOOT_GUARD_PEI_H_
+#define _BOOT_GUARD_PEI_H_
+
+#if !defined(EDK_RELEASE_VERSION) || (EDK_RELEASE_VERSION < 0x00020000)
+#include "EdkIIGluePeim.h"
+#include "CpuAccess.h"
+#include "PchAccess.h"
+#include "PchPlatformLib.h"
+#include "BootGuardLibrary.h"
+#include <Token.h>
+#endif
+
+#define RESERVE_BOOT_GUARD_FV_MAIN_HASH_KEY_FFS_FILE_RAW_GUID \
+ {0xcbc91f44, 0xa4bc, 0x4a5b, 0x86, 0x96, 0x70, 0x34, 0x51, 0xd0, 0xb0, 0x53}
+
+#if defined(BUILD_WITH_GLUELIB)
+#undef SetMem
+VOID *
+SetMem (
+ OUT VOID *Buffer,
+ IN UINTN Length,
+ IN UINT8 Value
+)
+{
+ return GlueSetMem (Buffer, Length, Value);
+}
+
+#undef CopyMem
+VOID *
+EFIAPI
+CopyMem (
+ OUT VOID *DestinationBuffer,
+ IN CONST VOID *SourceBuffer,
+ IN UINTN Length
+)
+{
+ return GlueCopyMem (DestinationBuffer, SourceBuffer, Length);
+}
+#endif
+
+//
+// Hash functions definitionS
+//
+UINTN
+EFIAPI
+Sha256GetContextSize (
+ VOID
+);
+
+BOOLEAN
+EFIAPI
+Sha256Init (
+ IN OUT VOID *Sha256Context
+);
+
+BOOLEAN
+EFIAPI
+Sha256Update (
+ IN OUT VOID *Sha256Context,
+ IN CONST VOID *Data,
+ IN UINTN DataLength
+);
+
+BOOLEAN
+EFIAPI
+Sha256Final (
+ IN OUT VOID *Sha256Context,
+ OUT UINT8 *HashValue
+);
+
+STATIC
+EFI_STATUS
+BootGuardVerificationForPeiToDxeHandoffEndOfPei (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
+ IN VOID *Ppi
+);
+
+//
+// GUID to AMI_BOOT_GUARD Module
+//
+#if !defined(EDK_RELEASE_VERSION) || (EDK_RELEASE_VERSION < 0x00020000)
+#define AMI_BOOT_GUARD_HOB_GUID \
+ { \
+ 0xb60ab175, 0x498d, 0x429d, 0xad, 0xba, 0xa, 0x62, 0x2c, 0x58, 0x16, 0xe2 \
+ }
+#else
+#define AMI_BOOT_GUARD_HOB_GUID \
+ { \
+ 0xb60ab175, 0x498d, 0x429d, \
+ { \
+ 0xad, 0xba, 0xa, 0x62, 0x2c, 0x58, 0x16, 0xe2 \
+ } \
+ }
+#endif
+
+#pragma pack (1)
+
+typedef struct {
+ EFI_HOB_GUID_TYPE EfiHobGuidType;
+ UINT8 AmiBootGuardVerificationforPEItoDXEFlag;
+} AMI_BOOT_GUARD_HOB;
+
+typedef struct {
+ UINT8 BootGuardFvMainHashKey[32];
+ UINT32 BootGuardFvMainUsedLength;
+} RESERVE_BOOT_GUARD_FV_MAIN_HASH_KEY;
+
+#pragma pack ()
+
+#endif
+
+//*************************************************************************
+//*************************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//*************************************************************************
+//*************************************************************************
diff --git a/Board/EM/FIT/Pei/BootGuardPei.mak b/Board/EM/FIT/Pei/BootGuardPei.mak
new file mode 100644
index 0000000..b1c6ca1
--- /dev/null
+++ b/Board/EM/FIT/Pei/BootGuardPei.mak
@@ -0,0 +1,119 @@
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
+# $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.mak 1 2/25/13 1:15a Bensonlai $
+#
+# $Revision: 1 $
+#
+# $Date: 2/25/13 1:15a $
+#**********************************************************************
+# Revision History
+# ----------------
+# $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.mak $
+#
+# 1 2/25/13 1:15a Bensonlai
+# [TAG] EIP114386
+# [Category] Spec Update
+# [Severity] Important
+# [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard
+# for 4th Gen Intel Core Processor based on Mobile U-Processor Line -
+# BIOS Writer's Guide - Rev 0.8.1
+# [Files] BootGuardPei.cif
+# BootGuardPei.c
+# BootGuardPei.h
+# BootGuardPei.dxs
+# BootGuardPei.sdl
+# BootGuardPei.mak
+# PeiCryptLib.lib
+# OpensslLib.lib
+#
+#**********************************************************************
+#<AMI_FHDR_START>
+#
+# Name: BootGuardPei.mak
+#
+# Description: Make file for BootGuardPei
+#
+#<AMI_FHDR_END>
+#**********************************************************************
+
+all : BootGuardPei
+
+BootGuardPei : $(BUILD_DIR)\BootGuardPei.mak BootGuardPeiBin
+
+$(BUILD_DIR)\BootGuardPei.mak : $(BOOT_GUARD_PEI_PATH)\BootGuardPei.cif $(BOOT_GUARD_PEI_PATH)\BootGuardPei.mak $(BUILD_RULES)
+ $(CIF2MAK) $(BOOT_GUARD_PEI_PATH)\BootGuardPei.cif $(CIF2MAK_DEFAULTS)
+
+BOOT_GUARD_PEI_INCLUDES = \
+ $(EdkIIGlueLib_INCLUDES)\
+ $(INTEL_PCH_INCLUDES)\
+ $(PROJECT_CPU_INCLUDES)\
+
+BOOT_GUARD_PEI_DEFINES=\
+ $(MY_DEFINES)\
+ /D"__EDKII_GLUE_MODULE_ENTRY_POINT__=BootGuardPeiEntryPoint"\
+ /D __EDKII_GLUE_BASE_LIB__ \
+ /D __EDKII_GLUE_BASE_IO_LIB_INTRINSIC__ \
+ /D __EDKII_GLUE_BASE_MEMORY_LIB__\
+ /D __EDKII_GLUE_PEI_DEBUG_LIB_REPORT_STATUS_CODE__ \
+ /D __EDKII_GLUE_PEI_REPORT_STATUS_CODE_LIB__ \
+ /D __EDKII_GLUE_PEI_SERVICES_LIB__ \
+ /D __EDKII_GLUE_PEI_MEMORY_ALLOCATION_LIB__ \
+ /D __EDKII_GLUE_BASE_PCI_LIB_PCI_EXPRESS__ \
+ /D __EDKII_GLUE_PEI_HOB_LIB__ \
+
+BOOT_GUARD_PEI_LIBS = \
+ $(EdkIIGlueBaseIoLibIntrinsic_LIB)\
+ $(EdkIIGlueBaseLib_LIB)\
+ $(EdkIIGlueBaseLibIA32_LIB)\
+ $(EdkIIGlueBasePrintLib_LIB)\
+ $(EdkIIGluePeiMemoryAllocationLib_LIB)\
+ $(EdkIIGluePeiDebugLibReportStatusCode_LIB)\
+ $(EdkIIGluePeiReportStatusCodeLib_LIB)\
+ $(EdkIIGluePeiServicesLib_LIB)\
+ $(EdkIIGlueBasePciLibPciExpress_LIB)\
+ $(EdkIIGlueBasePostCodeLibPort80_LIB)\
+ $(EDKFRAMEWORKPPILIB)\
+ $(EdkIIGluePeiHobLib_LIB)\
+ $(PchPlatformPeiLib_LIB)\
+ $(CpuPlatformLib_LIB)\
+ $(BootGuardLib_LIB)\
+
+BootGuardPeiBin: $(BOOT_GUARD_PEI_LIBS)
+ $(MAKE) /$(MAKEFLAGS) $(EDKIIGLUE_DEFAULTS)\
+ /f $(BUILD_DIR)\BootGuardPei.mak all\
+ NAME=BootGuardPei \
+ MAKEFILE=$(BUILD_DIR)\BootGuardPei.mak \
+ "MY_INCLUDES=$(BOOT_GUARD_PEI_INCLUDES)"\
+ "MY_DEFINES=$(BOOT_GUARD_PEI_DEFINES)" \
+ GUID=B41956E1-7CA2-42db-9562-168389F0F066 \
+ ENTRY_POINT=_ModuleEntryPoint "EXT_HEADERS=$(BUILD_DIR)\token.h"\
+ TYPE=PEIM \
+ EDKIIModule=PEIM\
+ DEPEX1=$(BOOT_GUARD_PEI_PATH)\BootGuardPei.dxs \
+ DEPEX1_TYPE=EFI_SECTION_PEI_DEPEX \
+ COMPRESS=0
+
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
diff --git a/Board/EM/FIT/Pei/BootGuardPei.sdl b/Board/EM/FIT/Pei/BootGuardPei.sdl
new file mode 100644
index 0000000..30dd493
--- /dev/null
+++ b/Board/EM/FIT/Pei/BootGuardPei.sdl
@@ -0,0 +1,96 @@
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
+# $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.sdl 2 3/06/13 2:51a Bensonlai $
+#
+# $Revision: 2 $
+#
+# $Date: 3/06/13 2:51a $
+#**********************************************************************
+# Revision History
+# ----------------
+# $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.sdl $
+#
+# 2 3/06/13 2:51a Bensonlai
+# [TAG] EIP116907
+# [Category] Improvement
+# [Description] BpmKmGen.exe generates KM / BPM tables and
+# BootGuardFvMainHash key separately
+# [Files] BpmKmGen.exe, Fit.sdl, Fit.mak, BootGuardPei.sdl,
+# BootGuardDxe.sdl
+#
+# 1 2/25/13 1:15a Bensonlai
+# [TAG] EIP114386
+# [Category] Spec Update
+# [Severity] Important
+# [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard
+# for 4th Gen Intel Core Processor based on Mobile U-Processor Line -
+# BIOS Writer's Guide - Rev 0.8.1
+# [Files] BootGuardPei.cif
+# BootGuardPei.c
+# BootGuardPei.h
+# BootGuardPei.dxs
+# BootGuardPei.sdl
+# BootGuardPei.mak
+# PeiCryptLib.lib
+# OpensslLib.lib
+#
+#**********************************************************************
+#<AMI_FHDR_START>
+#
+# Name: BootGuardPei.sdl
+#
+# Description: SDL file for BootGuardPei
+#
+#<AMI_FHDR_END>
+#**********************************************************************
+
+TOKEN
+ Name = "BOOT_GUARD_PEI_SUPPORT"
+ Value = "1"
+ Help = "Main switch to enable BOOT_GUARD_PEI_SUPPORT in Project"
+ TokenType = Boolean
+ TargetMAK = Yes
+ TargetH = Yes
+ Master = Yes
+ Token = "INTEL_BOOT_GUARD_CHAIN_OF_TRUST_SUPPORT" "=" "1"
+End
+
+MODULE
+ Help = "Includes BootGuardPei.mak to Project"
+ File = "BootGuardPei.mak"
+End
+
+PATH
+ Name = "BOOT_GUARD_PEI_PATH"
+End
+
+ELINK
+ Name = "$(BUILD_DIR)\BootGuardPei.ffs"
+ Parent = "FV_BB"
+ InvokeOrder = AfterParent
+End
+
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
diff --git a/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.c b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.c
new file mode 100644
index 0000000..5959528
--- /dev/null
+++ b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.c
@@ -0,0 +1,469 @@
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
+
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.c 3 9/06/13 6:10a Bensonlai $
+//
+// $Revision: 3 $
+//
+// $Date: 9/06/13 6:10a $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.c $
+//
+// 3 9/06/13 6:10a Bensonlai
+// [TAG] EIP135513
+// [Category] Improvement
+// [Description] Support the TPM1.2 for WHCK test
+//
+// 2 7/25/13 11:02p Bensonlai
+// [TAG] EIP130647
+// [Category] Bug Fix
+// [Severity] Normal
+// [Symptom] Detail PCR is incorrect for Boot Guard.
+// [RootCause] Coding error.
+//
+// 1 6/04/13 5:15a Bensonlai
+// [TAG] EIP125148
+// [Category] Spec Update
+// [Severity] Normal
+// [Description] [SBY ULT] Boot Guard for 4th Gen Intel Core Processor
+// based on Mobile U-Processor Line - BIOS Writer's Guide - Rev 1.0
+// [Files] BootGuardTPMPei.cif
+// BootGuardTPMPei.c
+// BootGuardTPMPei.h
+// BootGuardTPMPei.sdl
+// BootGuardTPMPei.mak
+//
+//**********************************************************************
+//<AMI_FHDR_START>
+//
+// Name: BootGuardTPMPei.c
+//
+// Description: TPM Initialization Flow for Boot Guard
+//
+//<AMI_FHDR_END>
+//**********************************************************************
+
+#include <Efi.h>
+#include <Pei.h>
+#include <TcgCommon.h>
+#include <AmiPeiLib.h>
+#include <TcgMisc.h>
+#include "PPI\TcgService\TcgTcmService.h"
+#include "PPI\TcgService\TcgService.h"
+#include "PPI\TpmDevice\TpmDevice.h"
+#include "PPI\CpuIo.h"
+#include "PPI\LoadFile.h"
+#include <Ppi\ReadOnlyVariable.h>
+#include "AmiTcgPlatformPei.h"
+#include "TcgPlatformSetupPeiPolicy.h"
+#include <Token.h>
+#include "CpuRegs.h"
+#include <AmiCspLibInc.h>
+#include "BootGuardTPMPei.h"
+
+static
+EFI_STATUS
+__stdcall __FillCallbackContext(
+ IN EFI_PEI_SERVICES **PeiService,
+ OUT TCG_PEI_CALLBACK_CONTEXT *CallbackContext )
+{
+ EFI_GUID _gPeiTpmPpiGuid = PEI_TPM_PPI_GUID;
+ CallbackContext->PeiServices = PeiService;
+ return (*PeiService)->LocatePpi(
+ PeiService,
+ &_gPeiTpmPpiGuid,
+ 0,
+ NULL,
+ &CallbackContext->TpmDevice
+ );
+}
+
+#define TCGPASSTHROUGH( cb, in, out ) \
+ TcgCommonPassThrough( \
+ cb, \
+ sizeof (in) / sizeof (*(in)), \
+ (in), \
+ sizeof (out) / sizeof (*(out)), \
+ (out) \
+ )
+
+EFI_STATUS TcgCommonSha1Complete(
+ IN VOID *CallbackContext,
+ IN VOID *Data,
+ IN UINT32 DataLen,
+ OUT TCG_DIGEST *Digest )
+{
+ TPM_1_2_CMD_SHA1COMPLETE cmdSHA1Complete;
+ TPM_1_2_RET_HEADER retSHA1Complete;
+ TPM_TRANSMIT_BUFFER InBuffer[2], OutBuffer[2];
+
+ if ( DataLen >= 64 )
+ {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ cmdSHA1Complete.Header.Tag = TPM_H2NS( TPM_TAG_RQU_COMMAND );
+ cmdSHA1Complete.Header.ParamSize = TPM_H2NL(sizeof(cmdSHA1Complete) + DataLen);
+ cmdSHA1Complete.Header.Ordinal = TPM_H2NL( TPM_ORD_SHA1Complete );
+
+// if(AutoSupportType()){
+// cmdSHA1Complete.Header.Ordinal = TPM_H2NL(TCM_ORD_SHA1Complete);
+// }
+
+ cmdSHA1Complete.NumBytes = TPM_H2NL( DataLen );
+
+ InBuffer[0].Buffer = &cmdSHA1Complete;
+ InBuffer[0].Size = sizeof (cmdSHA1Complete);
+ InBuffer[1].Buffer = Data;
+ InBuffer[1].Size = DataLen;
+
+ OutBuffer[0].Buffer = &retSHA1Complete;
+ OutBuffer[0].Size = sizeof (retSHA1Complete);
+ OutBuffer[1].Buffer = Digest;
+ OutBuffer[1].Size = sizeof (*Digest);
+
+ return TCGPASSTHROUGH( CallbackContext, InBuffer, OutBuffer );
+}
+
+EFI_STATUS
+SHA1HashFunc (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN UINT8 *HashData,
+ IN UINT32 HashDataLen,
+ OUT TCG_DIGEST *Digest
+)
+{
+ EFI_STATUS Status;
+ UINT32 Sha1MaxBytes;
+ TCG_PEI_CALLBACK_CONTEXT Context;
+
+ Status = __FillCallbackContext( PeiServices, &Context );
+ ASSERT_PEI_ERROR( PeiServices, Status );
+
+ Status = Context.TpmDevice->Init( Context.TpmDevice, PeiServices );
+
+ if ( EFI_ERROR( Status )) {
+ goto Exit;
+ }
+
+ Status = TcgCommonSha1Start( &Context, TCG_ALG_SHA, &Sha1MaxBytes );
+
+ if ( EFI_ERROR( Status )) {
+ goto Exit;
+ }
+
+ Status = TcgCommonSha1Update(
+ &Context,
+ HashData,
+ HashDataLen,
+ Sha1MaxBytes
+ );
+
+ if ( EFI_ERROR( Status )) {
+ goto Exit;
+ }
+
+ HashData += (HashDataLen & ~63);
+ HashDataLen &= 63;
+
+ Status = TcgCommonSha1Complete(
+ &Context,
+ (UINT8 *)HashData,
+ (UINT32)HashDataLen,
+ Digest
+ );
+
+ if ( EFI_ERROR( Status )) {
+ goto Exit;
+ }
+
+Exit:
+ Context.TpmDevice->Close( Context.TpmDevice, PeiServices );
+ return Status;
+}
+
+EFI_STATUS ACM_PostSuccess(
+ IN EFI_PEI_SERVICES **PeiServices
+)
+{
+ UINT32 MsrValue;
+
+ MsrValue = (UINT32) ReadMsr (MSR_BOOT_GUARD_SACM_INFO);
+ if ( ((MsrValue & B_NEM_INIT) == B_NEM_INIT) &&
+ ((MsrValue & B_MEASURED) == B_MEASURED) &&
+ (((MsrValue & V_TPM_PRESENT_DTPM_12) == V_TPM_PRESENT_DTPM_12) || ((MsrValue & V_TPM_PRESENT_DTPM_20) == V_TPM_PRESENT_DTPM_20)) &&
+ ((MsrValue & B_TPM_SUCCESS) == B_TPM_SUCCESS) ) {
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : ACM_PostSuccess : EFI_SUCCESS\n"));
+ return EFI_SUCCESS;
+ }
+
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : ACM_PostSuccess : EFI_UNSUPPORTED\n"));
+ return EFI_UNSUPPORTED;
+}
+
+EFI_STATUS LogDetailPCREvent(
+ IN EFI_PEI_SERVICES **PeiServices
+)
+{
+ UINT8 FoundACM, FoundKM, FoundBPM;
+ UINT32 u32HashLen = 0;
+ EFI_TCG_PCR_EVENT TcgEvent;
+ UINT32 EventNum, FitEntryPointer, FitEntryNumber, i;
+ UINTN Len;
+ CHAR8 DetailPCRStr[] = "Boot Guard Measured S-CRTM";
+ PEI_TPM_PPI *TpmPpi = NULL;
+ PEI_TCG_PPI *TcgPpi = NULL;
+ EFI_STATUS Status;
+ BOOT_POLICY *BP;
+ FIT_ENTRY *FitEntry;
+ KEY_MANIFEST_STRAUCTURE *KmStructure;
+ BpmStruct *BpmStructure;
+
+ Len = sizeof(DetailPCRStr) < sizeof(EFI_GUID) ? sizeof(DetailPCRStr) : sizeof(EFI_GUID);
+
+ TcgEvent.Header.PCRIndex = 0;
+ TcgEvent.Header.EventType = EV_S_CRTM_VERSION;
+ TcgEvent.Header.EventDataSize = Len;
+
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] Starting 1"));
+
+ MemCpy(
+ &TcgEvent.Event.SCrtmVersion,
+ DetailPCRStr,
+ Len
+ );
+
+ Status = LocateTcgPpi(PeiServices,&TpmPpi, &TcgPpi);
+ if(EFI_ERROR(Status))return EFI_NOT_FOUND;
+
+ // On page 44.
+ // The pHashData must be the format .
+ // SHA-1 {
+ // 1) One byte containing the lower 8 bit of the BP.RSTR
+ // 2) One byte contain the lower 8 bits of BP.TYPE
+ // ....
+ // 7) Digest of Hashed IBB Segments(s)
+
+ Status = (*PeiServices)->AllocatePool(PeiServices, sizeof (BOOT_POLICY),&BP);
+ if ( EFI_ERROR( Status ) ) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ BP->RSTR0 = (ReadMsr (MSR_BOOT_GUARD_SACM_INFO) & BIT4) ? 1 : 0;
+ BP->RSTR1 = (MmioRead32 (ACM_STATUS) & BIT21) ? 1 : 0;
+ BP->RSTR2 = (MmioRead32 (ACM_STATUS) & BIT22) ? 1 : 0;
+ BP->RSTR3 = (MmioRead32 (ACM_STATUS) & BIT23) ? 1 : 0;
+ BP->RSTR4 = (MmioRead32 (ACM_STATUS) & BIT24) ? 1 : 0;
+ BP->RSTR5 = 0;
+ BP->RSTR6 = 0;
+ BP->RSTR7 = 0;
+
+ BP->TYPE0 = (ReadMsr (MSR_BOOT_GUARD_SACM_INFO) & BIT5) ? 1 : 0;
+ BP->TYPE1 = (ReadMsr (MSR_BOOT_GUARD_SACM_INFO) & BIT6) ? 1 : 0;
+ BP->TYPE2 = (MmioRead32 (ACM_STATUS) & BIT20) ? 1 : 0;
+ BP->TYPE3 = 0;
+ BP->TYPE4 = 0;
+ BP->TYPE5 = 0;
+ BP->TYPE6 = 0;
+ BP->TYPE7 = 0;
+
+ BP->ACM_SVN = ACMSVN;
+ {
+ FitEntryPointer = MmioRead32(IBB_ENTRYPOINT_M);
+ if ( FitEntryPointer == 0xFFFFFFFF ) {
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : FitEntryPointer(%lx) is empty\n", FitEntryPointer));
+ ASSERT_PEI_ERROR( PeiServices, EFI_NOT_READY );
+ }
+
+ FitEntry = (FIT_ENTRY*)FitEntryPointer;
+ if ( FitEntry->TblAddress != EFI_SIGNATURE_64 ('_', 'F', 'I', 'T', '_', ' ', ' ', ' ') ) {
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : [Type 0] FitEntry->TblAddress(%lx) is error\n", FitEntry->TblAddress));
+ ASSERT_PEI_ERROR( PeiServices, EFI_NOT_READY );
+ }
+
+ FitEntryNumber = FitEntry->TblSIZE;
+
+ FoundACM = 0;
+ for(i=1; i<FitEntryNumber; i++) {
+ FitEntry = (FIT_ENTRY*)(FitEntryPointer + i*16);
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : FitEntry->TblType = %x\n", FitEntry->TblType));
+ if ( FitEntry->TblType == 0x02 ) { // FIT type 0x02 - Anc ACM location
+ FoundACM =1;
+ break;
+ }
+ }
+
+ if ( FoundACM == 0 ) {
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : Can't find the Boot Guard ACM"));
+ ASSERT_PEI_ERROR( PeiServices, EFI_NOT_READY );
+ }
+
+ PEI_TRACE((-1, PeiServices, "BP->ACM_Signature \n"));
+
+ for ( i=0; i<256; i++ ) {
+ if (i % 16 == 0) PEI_TRACE((-1, PeiServices, "\n"));
+ BP->ACM_Signature[i] = MmioRead8( FitEntry->TblAddress + 0x184 + i );
+ PEI_TRACE((-1, PeiServices, "%02x ", BP->ACM_Signature[i]));
+ }
+
+ FoundKM = 0;
+ for(i=1; i<FitEntryNumber; i++) {
+ FitEntry = (FIT_ENTRY*)(FitEntryPointer + i*16);
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : FitEntry->TblType = %x\n", FitEntry->TblType));
+ if ( FitEntry->TblType == 0x0B ) { // FIT Type 0x0B - Key Manifest
+ FoundKM =1;
+ break;
+ }
+ }
+
+ if ( FoundKM == 0 ) {
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : Can't find the Boot Guard KM"));
+ ASSERT_PEI_ERROR( PeiServices, EFI_NOT_READY );
+ }
+
+ KmStructure = (KEY_MANIFEST_STRAUCTURE*)FitEntry->TblAddress;
+ PEI_TRACE((-1, PeiServices, "\nKmStructure:\n"));
+
+ for ( i=0; i<256; i++ ) {
+ if (i % 16 == 0) PEI_TRACE((-1, PeiServices, "\n"));
+ BP->Key_Manifest_Signature[i] = KmStructure->KeyManifestSignature.Signature.Signature[i];
+ PEI_TRACE((-1, PeiServices, "%02x ", BP->Key_Manifest_Signature[i]));
+ }
+
+ FoundBPM = 0;
+ for(i=1; i<FitEntryNumber; i++) {
+ FitEntry = (FIT_ENTRY*)(FitEntryPointer + i*16);
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : FitEntry->TblType = %x\n", FitEntry->TblType));
+ if ( FitEntry->TblType == 0x0C ) { // FIT type 0x0C - Boot Policy Manifest
+ FoundBPM =1;
+ break;
+ }
+ }
+
+ if ( FoundBPM == 0 ) {
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : Can't find the Boot Guard BPM"));
+ ASSERT_PEI_ERROR( PeiServices, EFI_NOT_READY );
+ }
+
+ BpmStructure = (BpmStruct*)FitEntry->TblAddress;
+ PEI_TRACE((-1, PeiServices, "\nBpmStructure:\n"));
+
+ for ( i=0; i<256; i++ ) {
+ if (i % 16 == 0) PEI_TRACE((-1, PeiServices, "\n"));
+ BP->Boot_Policy_Manifest_Signature[i] = BpmStructure->Bpm_Signature_Element.KeySignature.Signature.Signature[i];
+ PEI_TRACE((-1, PeiServices, "%02x ", BP->Boot_Policy_Manifest_Signature[i]));
+ }
+
+ PEI_TRACE((-1, PeiServices, "\n\nBpmStructure->Digest_of_Hashed_IBB_Segment:\n\n"));
+
+ for ( i=0; i<32; i++ ) {
+ if (i % 16 == 0) PEI_TRACE((-1, PeiServices, "\n"));
+ BP->Digest_of_Hashed_IBB_Segment[i] = BpmStructure->Ibb_Element.Digest.HashBuffer[i];
+ PEI_TRACE((-1, PeiServices, "%02x ", BP->Digest_of_Hashed_IBB_Segment[i]));
+ }
+
+ PEI_TRACE((-1, PeiServices, "\n"));
+ }
+
+ SHA1HashFunc( PeiServices, (UINT8*)BP, u32HashLen, &TcgEvent.Header.Digest );
+
+ Status = TcgPpi->TCGLogEvent(TcgPpi, PeiServices, (TCG_PCR_EVENT*)&TcgEvent, &EventNum);
+
+ return Status;
+}
+
+/*
+EFI_STATUS LogAuthorityPCREvent(
+ IN EFI_PEI_SERVICES **PeiServices
+)
+{
+ UINT8* pHashData = NULL;
+ UINT32 u32HashLen = 0;
+
+ EFI_TCG_PCR_EVENT TcgEvent;
+ UINT32 EventNum;
+ UINTN Len;
+ CHAR16 AuthorityPCRStr[] = L"Boot Guard Measured S-CRTM";
+ PEI_TPM_PPI *TpmPpi = NULL;
+ PEI_TCG_PPI *TcgPpi = NULL;
+ EFI_STATUS Status;
+
+ Len = sizeof(AuthorityPCRStr) < sizeof(EFI_GUID) ? sizeof(AuthorityPCRStr) : sizeof(EFI_GUID);
+
+ TcgEvent.Header.PCRIndex = 6;
+ TcgEvent.Header.EventType = EV_EFI_VARIABLE_DRIVER_CONFIG;
+ TcgEvent.Header.EventDataSize = Len;
+
+ MemCpy(
+ &TcgEvent.Event.SCrtmVersion,
+ AuthorityPCRStr,
+ Len
+ );
+
+ Status = LocateTcgPpi(PeiServices,&TpmPpi, &TcgPpi);
+ if(EFI_ERROR(Status))return EFI_NOT_FOUND;
+
+ // On page 45~46.
+ // The pHashData must be the format .
+ // SHA-1 {
+ // 1) One byte containing the lower 8 bit of the BP.RSTR
+ // 2) One byte contain the lower 8 bits of BP.TYPE
+ // ....
+ // 7) One byte indicating status of verified boot.
+
+// SHA1HashFunc( PeiServices, pHashData, u32HashLen, &TcgEvent.Header.Digest );
+
+ Status = TcgPpi->TCGLogEvent(TcgPpi, PeiServices, (TCG_PCR_EVENT*)&TcgEvent, &EventNum);
+ return Status;
+}
+*/
+
+EFI_STATUS
+BootGuardMeasureCRTMVersion(
+ IN EFI_PEI_SERVICES **PeiServices )
+{
+ EFI_STATUS Status;
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] Start of BootGuardMeasureCRTMVersion\n"));
+
+ Status = ACM_PostSuccess( PeiServices );
+ if( !EFI_ERROR(Status) )
+ {
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] Start the LogDetailPCREvent\n"));
+ Status = LogDetailPCREvent( PeiServices );
+ ASSERT_PEI_ERROR( PeiServices, Status );
+// Status = LogAuthorityPCREvent( PeiServices );
+// ASSERT_PEI_ERROR( PeiServices, Status );
+ }
+
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] End of BootGuardMeasureCRTMVersion\n"));
+
+ return MeasureCRTMVersion( PeiServices );
+}
+
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
diff --git a/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.cif b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.cif
new file mode 100644
index 0000000..91cf398
--- /dev/null
+++ b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.cif
@@ -0,0 +1,11 @@
+<component>
+ name = "BootGuardTPMPei"
+ category = ModulePart
+ LocalRoot = "Board\EM\FIT\Pei\BootGuardTPMPei"
+ RefName = "BootGuardTPMPei"
+[files]
+"BootGuardTPMPei.c"
+"BootGuardTPMPei.h"
+"BootGuardTPMPei.sdl"
+"BootGuardTPMPei.mak"
+<endComponent>
diff --git a/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.h b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.h
new file mode 100644
index 0000000..5d03aa0
--- /dev/null
+++ b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.h
@@ -0,0 +1,242 @@
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
+
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.h 2 7/25/13 11:03p Bensonlai $
+//
+// $Revision: 2 $
+//
+// $Date: 7/25/13 11:03p $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.h $
+//
+// 2 7/25/13 11:03p Bensonlai
+// [TAG] EIP130647
+// [Category] Bug Fix
+// [Severity] Normal
+// [Symptom] Detail PCR is incorrect for Boot Guard.
+// [RootCause] Coding error.
+//
+// 1 6/04/13 5:15a Bensonlai
+// [TAG] EIP125148
+// [Category] Spec Update
+// [Severity] Normal
+// [Description] [SBY ULT] Boot Guard for 4th Gen Intel Core Processor
+// based on Mobile U-Processor Line - BIOS Writer's Guide - Rev 1.0
+// [Files] BootGuardTPMPei.cif
+// BootGuardTPMPei.c
+// BootGuardTPMPei.h
+// BootGuardTPMPei.sdl
+// BootGuardTPMPei.mak
+//
+//**********************************************************************
+//<AMI_FHDR_START>
+//
+// Name: BootGuardTPMPei.c
+//
+// Description: TPM Initialization Flow for Boot Guard
+//
+//<AMI_FHDR_END>
+//**********************************************************************
+
+#ifndef _BOOT_GUARD_TPM_PEI_H_
+#define _BOOT_GUARD_TPM_PEI_H_
+
+//
+// Define macros to build data structure signatures from characters.
+//
+#define EFI_SIGNATURE_16(A, B) ((A) | (B << 8))
+#define EFI_SIGNATURE_32(A, B, C, D) (EFI_SIGNATURE_16 (A, B) | (EFI_SIGNATURE_16 (C, D) << 16))
+#define EFI_SIGNATURE_64(A, B, C, D, E, F, G, H) \
+ (EFI_SIGNATURE_32 (A, B, C, D) | ((UINT64) (EFI_SIGNATURE_32 (E, F, G, H)) << 32))
+
+#define IBB_ENTRYPOINT_M 0xFFFFFFC0
+#define ACM_STATUS 0xFED30328
+
+// The LocateTcgPPi(...) entry is call the AmiTcgPlatformPeiLib.obj
+EFI_STATUS LocateTcgPpi(
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN PEI_TPM_PPI **gTpmDevicePpi,
+ IN PEI_TCG_PPI **gTcgPpi
+);
+
+#pragma pack(1)
+typedef struct _TCG_PEI_CALLBACK_CONTEXT
+{
+ PEI_TPM_PPI *TpmDevice;
+ EFI_PEI_SERVICES **PeiServices;
+} TCG_PEI_CALLBACK_CONTEXT;
+
+typedef struct _BOOT_POLICY
+{
+ UINT8 RSTR0:1;
+ UINT8 RSTR1:1;
+ UINT8 RSTR2:1;
+ UINT8 RSTR3:1;
+ UINT8 RSTR4:1;
+ UINT8 RSTR5:1;
+ UINT8 RSTR6:1;
+ UINT8 RSTR7:1;
+ UINT8 TYPE0:1;
+ UINT8 TYPE1:1;
+ UINT8 TYPE2:1;
+ UINT8 TYPE3:1;
+ UINT8 TYPE4:1;
+ UINT8 TYPE5:1;
+ UINT8 TYPE6:1;
+ UINT8 TYPE7:1;
+ UINT16 ACM_SVN;
+ UINT8 ACM_Signature[256];
+ UINT8 Key_Manifest_Signature[256];
+ UINT8 Boot_Policy_Manifest_Signature[256];
+ UINT8 Digest_of_Hashed_IBB_Segment[32];
+} BOOT_POLICY;
+
+typedef struct _FIT_ENTRY
+{
+ UINT64 TblAddress;
+ UINT32 TblSIZE;
+ UINT16 TblVer;
+ UINT8 TblType;
+ UINT8 TblChkSum;
+} FIT_ENTRY;
+
+//
+// Manifest definition
+//
+#define TPM_ALG_SHA1 0x4
+#define TPM_ALG_SHA256 0xB
+#define SHA1_DIGEST_SIZE 20
+#define SHA256_DIGEST_SIZE 32
+
+typedef struct {
+ UINT16 HashAlg;
+ UINT16 Size;
+ UINT8 HashBuffer[SHA256_DIGEST_SIZE];
+} HASH_STRUCTURE;
+
+#define RSA_PUBLIC_KEY_STRUCT_KEY_SIZE_DEFAULT 2048
+#define RSA_PUBLIC_KEY_STRUCT_KEY_LEN_DEFAULT (RSA_PUBLIC_KEY_STRUCT_KEY_SIZE_DEFAULT/8)
+#define RSA_PUBLIC_KEY_STRUCT_KEY_EXPONENT_DEFAULT 0x10001 // NOT 0x10001
+typedef struct {
+ UINT8 Version;
+ UINT16 KeySize;
+ UINT32 Exponent;
+ UINT8 Modulus[RSA_PUBLIC_KEY_STRUCT_KEY_LEN_DEFAULT];
+} RSA_PUBLIC_KEY_STRUCT;
+
+#define RSASSA_SIGNATURE_STRUCT_KEY_SIZE_DEFAULT 2048
+#define RSASSA_SIGNATURE_STRUCT_KEY_LEN_DEFAULT (RSASSA_SIGNATURE_STRUCT_KEY_SIZE_DEFAULT/8)
+typedef struct {
+ UINT8 Version;
+ UINT16 KeySize;
+ UINT16 HashAlg;
+ UINT8 Signature[RSASSA_SIGNATURE_STRUCT_KEY_LEN_DEFAULT];
+} RSASSA_SIGNATURE_STRUCT;
+
+typedef struct {
+ UINT8 Version;
+ UINT16 KeyAlg;
+ RSA_PUBLIC_KEY_STRUCT Key;
+ UINT16 SigScheme;
+ RSASSA_SIGNATURE_STRUCT Signature;
+} KEY_SIGNATURE_STRUCT;
+
+typedef struct {
+ UINT8 StructureID[8];
+ UINT8 StructVersion;
+ UINT8 HdrStructVersion;
+ UINT8 PMBPMVersion;
+ UINT8 BPSVN_BPM;
+ UINT8 ACMSVN_BPM;
+ UINT8 Reserved;
+ UINT16 NEMDataStack;
+} BOOT_POLICY_MANIFEST_HEADER;
+
+typedef struct {
+ UINT16 Reserved;
+ UINT16 Flags;
+ UINT32 Base;
+ UINT32 Size;
+} IBB_SEGMENT_ELEMENT;
+
+typedef struct {
+ UINT8 StructureID[8];
+ UINT8 StructVersion;
+ UINT8 SetNumber;
+ UINT8 Reserved;
+ UINT8 PBETValue;
+ UINT32 Flags;
+ UINT64 IBB_MCHBAR;
+ UINT64 VTD_BAR;
+ UINT32 PMRL_Base;
+ UINT32 PMRL_Limit;
+ UINT64 PMRH_Base;
+ UINT64 PMRH_Limit;
+ HASH_STRUCTURE PostIbbHash;
+ UINT32 EntryPoint;
+ HASH_STRUCTURE Digest;
+ UINT8 SegmentCount; // 1 ~ 8
+ IBB_SEGMENT_ELEMENT IBBSegment[1];
+} IBB_ELEMENT;
+
+typedef struct {
+ UINT8 StructureID[8];
+ UINT8 StructVersion;
+ UINT16 PMDataSize;
+//UINT8 PMData[PMDataSize];
+} PLATFORM_MANUFACTURER_ELEMENT;
+
+typedef struct {
+ UINT8 StructureID[8];
+ UINT8 StructVersion;
+ KEY_SIGNATURE_STRUCT KeySignature;
+} BOOT_POLICY_MANIFEST_SIGNATURE_ELEMENT;
+
+typedef struct {
+ BOOT_POLICY_MANIFEST_HEADER Bpm_Header;
+ IBB_ELEMENT Ibb_Element;
+ //PLATFORM_MANUFACTURER_ELEMENT Platform_Manufacture_Element;
+ BOOT_POLICY_MANIFEST_SIGNATURE_ELEMENT Bpm_Signature_Element;
+} BpmStruct;
+
+typedef struct {
+ UINT8 StructureID[8];
+ UINT8 StructVersion;
+ UINT8 KeyManifestVersion;
+ UINT8 KMSVN;
+ UINT8 KeyManifestID;
+ HASH_STRUCTURE BPKey;
+ KEY_SIGNATURE_STRUCT KeyManifestSignature;
+} KEY_MANIFEST_STRAUCTURE;
+
+#pragma pack()
+
+#endif
+
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
diff --git a/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.mak b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.mak
new file mode 100644
index 0000000..0967d28
--- /dev/null
+++ b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.mak
@@ -0,0 +1,50 @@
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 6145-F Northbelt Pkwy, Norcross, GA 30071 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
+
+#**********************************************************************
+#<AMI_FHDR_START>
+#
+# Name: BootGuardTPMPei.mak
+#
+# Description: TPM Initialization Flow for Boot Guard
+#
+#<AMI_FHDR_END>
+#**********************************************************************
+
+TCG_FILE_INCLUDE=\
+ /I$(TcgPlatformSetupPeiPolicy_DIR)\
+ /I$(TCG_DIR)\
+ /I$(AMI_TCG_PLATFORM_PEI_DIR)
+
+AMI_TCG_LIB_OBJECTS = $(AMI_TCG_LIB_OBJECTS) \
+$(BUILD)\BootGuardTPMPei.obj
+
+Make_AMITTCG_LIB : $(BUILD_DIR)\BootGuardTPMPei.obj
+
+$(BUILD_DIR)\BootGuardTPMPei.obj : $(BootGuardTPMPei_PATH)\BootGuardTPMPei.c
+ $(CC) $(CFLAGS) /I$(PROJECT_DIR) /I$(PROJECT_DIR)\Include $(TCG_FILE_INCLUDE) $(PROJECT_CPU_INCLUDES) /Fo$(BUILD_DIR)\BootGuardTPMPei.obj $(BootGuardTPMPei_PATH)\BootGuardTPMPei.c
+
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 6145-F Northbelt Pkwy, Norcross, GA 30071 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
diff --git a/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.sdl b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.sdl
new file mode 100644
index 0000000..e2c81a1
--- /dev/null
+++ b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.sdl
@@ -0,0 +1,96 @@
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
+
+#**********************************************************************
+# $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.sdl 3 10/29/13 5:18a Bensonlai $
+#
+# $Revision: 3 $
+#
+# $Date: 10/29/13 5:18a $
+#**********************************************************************
+# Revision History
+# ----------------
+# $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.sdl $
+#
+# 3 10/29/13 5:18a Bensonlai
+#
+# 2 9/06/13 6:10a Bensonlai
+# [TAG] EIP135513
+# [Category] Improvement
+# [Description] Support the TPM1.2 for WHCK test
+#
+# 1 6/04/13 5:15a Bensonlai
+# [TAG] EIP125148
+# [Category] Spec Update
+# [Severity] Normal
+# [Description] [SBY ULT] Boot Guard for 4th Gen Intel Core Processor
+# based on Mobile U-Processor Line - BIOS Writer's Guide - Rev 1.0
+# [Files] BootGuardTPMPei.cif
+# BootGuardTPMPei.c
+# BootGuardTPMPei.h
+# BootGuardTPMPei.sdl
+# BootGuardTPMPei.mak
+#
+#**********************************************************************
+#<AMI_FHDR_START>
+#
+# Name: BootGuardTPMPei.sdl
+#
+# Description: SDL file for BootGuardTPMPei
+#
+#<AMI_FHDR_END>
+#**********************************************************************
+
+TOKEN
+ Name = "BootGuardTPMPei_SUPPORT"
+ Value = "1"
+ Help = "Main switch to enable BootGuardTPMPei support in Project"
+ TokenType = Boolean
+ TargetEQU = Yes
+ TargetMAK = Yes
+ Master = Yes
+ Token = "TCG_SUPPORT" "=" "1"
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+PATH
+ Name = "BootGuardTPMPei_PATH"
+End
+
+MODULE
+ File = "BootGuardTPMPei.mak"
+ Help = "Includes BootGuardTPMPei.mak to Project"
+End
+
+TOKEN
+ Name = "MEASURE_CRTM_VERSION_PEI_FUNCTION"
+ Value = "BootGuardMeasureCRTMVersion"
+ Help = "Function to measure crtm version. Input:EFI_PEI_SERVICES **. AMI function Modified Pcr 0"
+ TokenType = Expression
+ TargetH = Yes
+End
+
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
diff --git a/Board/EM/FIT/Pei/OpensslLib.lib b/Board/EM/FIT/Pei/OpensslLib.lib
new file mode 100644
index 0000000..290a4fa
--- /dev/null
+++ b/Board/EM/FIT/Pei/OpensslLib.lib
Binary files differ
diff --git a/Board/EM/FIT/Pei/PeiCryptLib.lib b/Board/EM/FIT/Pei/PeiCryptLib.lib
new file mode 100644
index 0000000..b05426c
--- /dev/null
+++ b/Board/EM/FIT/Pei/PeiCryptLib.lib
Binary files differ
diff --git a/Board/EM/FIT/ReBuildFIT.bat b/Board/EM/FIT/ReBuildFIT.bat
new file mode 100644
index 0000000..4a694d0
--- /dev/null
+++ b/Board/EM/FIT/ReBuildFIT.bat
@@ -0,0 +1 @@
+FITUtil.exe BIOS.rom 0 \ No newline at end of file
diff --git a/Board/EM/FIT/ReserveBootGuardFvMainHashKey.bin b/Board/EM/FIT/ReserveBootGuardFvMainHashKey.bin
new file mode 100644
index 0000000..2d30da2
--- /dev/null
+++ b/Board/EM/FIT/ReserveBootGuardFvMainHashKey.bin
@@ -0,0 +1 @@
+ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ \ No newline at end of file
diff --git a/Board/EM/FIT/ReserveBootGuardSigningServer.bin b/Board/EM/FIT/ReserveBootGuardSigningServer.bin
new file mode 100644
index 0000000..a56146f
--- /dev/null
+++ b/Board/EM/FIT/ReserveBootGuardSigningServer.bin
@@ -0,0 +1 @@
+ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ \ No newline at end of file
diff --git a/Board/EM/FIT/ReserveBpmTable.bin b/Board/EM/FIT/ReserveBpmTable.bin
new file mode 100644
index 0000000..08e7df1
--- /dev/null
+++ b/Board/EM/FIT/ReserveBpmTable.bin
Binary files differ
diff --git a/Board/EM/FIT/ReserveKmTable.bin b/Board/EM/FIT/ReserveKmTable.bin
new file mode 100644
index 0000000..08e7df1
--- /dev/null
+++ b/Board/EM/FIT/ReserveKmTable.bin
Binary files differ
diff --git a/Board/EM/FIT/Smm/FitHook.c b/Board/EM/FIT/Smm/FitHook.c
new file mode 100644
index 0000000..303b640
--- /dev/null
+++ b/Board/EM/FIT/Smm/FitHook.c
@@ -0,0 +1,113 @@
+//*************************************************************************
+//*************************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//*************************************************************************
+//*************************************************************************
+
+//*****************************************************************************
+// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Smm/FitHook.c 1 7/03/13 10:06p Bensonlai $
+//
+// $Revision: 1 $
+//
+// $Date: 7/03/13 10:06p $
+//*****************************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Smm/FitHook.c $
+//
+// 1 7/03/13 10:06p Bensonlai
+// [TAG] EIP128151
+// [Category] Improvement
+// [Description] Implement an option(/b) to flash FV_DATA region uisng
+// AFU flash utility.
+// [Files] FitHook.cif
+// FitHook.c
+// FitHook.sdl
+// FitHook.mak
+//
+//*****************************************************************************
+//<AMI_FHDR_START>
+//
+// Name: FitHook.c
+//
+// Description: SW SMI hook.
+//
+//<AMI_FHDR_END>
+//*****************************************************************************
+
+#include <AmiDxeLib.h>
+#include <Protocol/SmiFlash.h>
+#include "token.h"
+
+#define FLASH_DEVICE_BASE_ADDRESS (0xFFFFFFFF-FLASH_SIZE+1)
+#define FV_DATA_BLOCK_ADDRESS (FV_DATA_BASE-FLASH_DEVICE_BASE_ADDRESS)
+#define FV_DATA_BLOCK_END (FV_DATA_BLOCK_ADDRESS+FV_DATA_SIZE)
+#define FV_DATA_TABLE_OFFSET (0xFFFFFFFF-FV_DATA_BASE+1)
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+//
+// Procedure: AppendFvDataToAFU_UpdateBlockTypeId
+//
+// Description: This function is SW SMI hook that sets Flash Block Description
+// type for AMI AFU utility. (EIP#58139)
+//
+// Input:
+// SwSmiNum - SW SMI value number
+// Buffer - Flash descriptor address
+//
+// Output: VOID
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+VOID AppendFvDataToAFU_UpdateBlockTypeId (
+ IN UINT8 SwSmiNum,
+ IN UINT64 Buffer )
+{
+ BLOCK_DESC *BlockDesc;
+ UINTN i;
+
+ // return if SW SMI value is not "Get Flash Info"
+ if (SwSmiNum != SMIFLASH_GET_FLASH_INFO)
+ return;
+
+ BlockDesc = (BLOCK_DESC*)&((INFO_BLOCK*)Buffer)->Blocks;
+
+ for (i = 0; i < ((INFO_BLOCK*)Buffer)->TotalBlocks; i++) {
+
+ TRACE((TRACE_ALWAYS,"AppendFvDataToAFU_UpdateBlockTypeId: %08X(%08X), Block %08X\n", FV_DATA_BLOCK_ADDRESS, FV_DATA_BLOCK_END, BlockDesc[i].StartAddress));
+
+ if (BlockDesc[i].StartAddress < FV_DATA_BLOCK_ADDRESS)
+ continue;
+
+ if (BlockDesc[i].StartAddress >= FV_DATA_BLOCK_END)
+ continue;
+
+ TRACE((TRACE_ALWAYS,"AppendFvDataToAFU_UpdateBlockTypeId: Found Blocks %08X\n",BlockDesc[i].StartAddress));
+
+ BlockDesc[i].Type = BOOT_BLOCK;
+ }
+}
+
+//*************************************************************************
+//*************************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//*************************************************************************
+//*************************************************************************
diff --git a/Board/EM/FIT/Smm/FitHook.cif b/Board/EM/FIT/Smm/FitHook.cif
new file mode 100644
index 0000000..50c2dc7
--- /dev/null
+++ b/Board/EM/FIT/Smm/FitHook.cif
@@ -0,0 +1,12 @@
+<component>
+ name = "FitHook"
+ category = ModulePart
+ LocalRoot = "Board\EM\FIT\Smm"
+ RefName = "FitHook"
+
+[files]
+"FitHook.c"
+"FitHook.sdl"
+"FitHook.mak"
+
+<endComponent>
diff --git a/Board/EM/FIT/Smm/FitHook.mak b/Board/EM/FIT/Smm/FitHook.mak
new file mode 100644
index 0000000..78b432e
--- /dev/null
+++ b/Board/EM/FIT/Smm/FitHook.mak
@@ -0,0 +1,77 @@
+#*************************************************************************
+#*************************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#*************************************************************************
+#*************************************************************************
+
+#*************************************************************************
+# $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Smm/FitHook.mak 1 7/03/13 10:06p Bensonlai $
+#
+# $Revision: 1 $
+#
+# $Date: 7/03/13 10:06p $
+#*************************************************************************
+# Revision History
+# ----------------
+# $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Smm/FitHook.mak $
+#
+# 1 7/03/13 10:06p Bensonlai
+# [TAG] EIP128151
+# [Category] Improvement
+# [Description] Implement an option(/b) to flash FV_DATA region uisng
+# AFU flash utility.
+# [Files] FitHook.cif
+# FitHook.c
+# FitHook.sdl
+# FitHook.mak
+#
+#*************************************************************************
+#<AMI_FHDR_START>
+#
+# Name: FitHook.mak
+#
+# Description: Make file for FitHook eModule.
+#
+#<AMI_FHDR_END>
+#*************************************************************************
+
+all : FitHook
+
+FitHook : $(BUILD_DIR)\FitHook.mak FitHookBin
+
+$(BUILD_DIR)\FitHook.mak : $(FIT_HOOK_PATH)\$(@B).cif $(FIT_HOOK_PATH)\$(@B).mak $(BUILD_RULES)
+ $(CIF2MAK) $(FIT_HOOK_PATH)\$(@B).cif $(CIF2MAK_DEFAULTS)
+
+FitHookObjs = $(BUILD_DIR)\$(FIT_HOOK_PATH)\FitHook.obj
+
+FitHookBin : $(AMIDXELIB)
+ $(MAKE) /$(MAKEFLAGS) $(BUILD_DEFAULTS)\
+ /f $(BUILD_DIR)\FitHook.mak all\
+ "CFLAGS=$(CFLAGS:/W4=/W3) /I$(OFBD_DIR)" \
+ OBJECTS="$(FitHookObjs)" \
+ NAME=FitHook \
+ TYPE=LIBRARY LIBRARY_NAME=$(FIT_HOOK_LIB)
+
+$(FIT_HOOK_LIB) : FitHook
+
+#*************************************************************************
+#*************************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#*************************************************************************
+#*************************************************************************
diff --git a/Board/EM/FIT/Smm/FitHook.sdl b/Board/EM/FIT/Smm/FitHook.sdl
new file mode 100644
index 0000000..d8af9f7
--- /dev/null
+++ b/Board/EM/FIT/Smm/FitHook.sdl
@@ -0,0 +1,94 @@
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
+# $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Smm/FitHook.sdl 2 7/26/13 1:18a Bensonlai $
+#
+# $Revision: 2 $
+#
+# $Date: 7/26/13 1:18a $
+#
+# $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Smm/FitHook.sdl $
+#
+# 2 7/26/13 1:18a Bensonlai
+#
+# 1 7/03/13 10:06p Bensonlai
+# [TAG] EIP128151
+# [Category] Improvement
+# [Description] Implement an option(/b) to flash FV_DATA region uisng
+# AFU flash utility.
+# [Files] FitHook.cif
+# FitHook.c
+# FitHook.sdl
+# FitHook.mak
+#
+#**********************************************************************
+#<AMI_FHDR_START>
+#
+# Name: FitHook.sdl
+#
+# Description: SDL file for FitHook
+#
+#<AMI_FHDR_END>
+#**********************************************************************
+
+TOKEN
+ Name = "FIT_HOOK_SUPPORT"
+ Value = "1"
+ TokenType = Boolean
+ TargetEQU = Yes
+ TargetMAK = Yes
+ TargetH = Yes
+ Master = Yes
+ Help = "Main switch to enable FitHook support in Project"
+End
+
+MODULE
+ Help = "Includes FitHook.mak to Project"
+ File = "FitHook.mak"
+End
+
+PATH
+ Name = "FIT_HOOK_PATH"
+End
+
+ELINK
+ Name = "AppendFvDataToAFU_UpdateBlockTypeId,"
+ Parent = "SMIFlashEndHandlerList"
+ InvokeOrder = AfterParent
+End
+
+TOKEN
+ Name = "FIT_HOOK_LIB"
+ Value = "$(BUILD_DIR)\FitHook.lib"
+ TokenType = Expression
+ TargetMAK = Yes
+End
+
+ELINK
+ Name = "$(BUILD_DIR)\FitHook.lib"
+ Parent = "PRESERVE_LIB"
+ InvokeOrder = AfterParent
+End
+
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
diff --git a/Board/EM/FIT/keygen.exe b/Board/EM/FIT/keygen.exe
new file mode 100644
index 0000000..7367328
--- /dev/null
+++ b/Board/EM/FIT/keygen.exe
Binary files differ
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 11:06:08 +0000