init. 1AQQW051HEADmaster

12 files changed, 550 insertions, 0 deletions

diff --git a/Keys/FW/FWkey.cif b/Keys/FW/FWkey.cif
new file mode 100644
index 0000000..2c7add8
--- /dev/null
+++ b/Keys/FW/FWkey.cif
@@ -0,0 +1,9 @@
+<component>
+	name = "FW Key framework"
+	category = ModulePart
+	LocalRoot = "Keys\FW\"
+	RefName = "FWKey"
+[files]
+"FWkey.sdl"	
+"FWkey.mak"	
+<endComponent>
diff --git a/Keys/FW/FWkey.mak b/Keys/FW/FWkey.mak
new file mode 100644
index 0000000..12d85e6
--- /dev/null
+++ b/Keys/FW/FWkey.mak
@@ -0,0 +1,155 @@
+#*************************************************************************
+#*************************************************************************
+#**                                                                     **
+#**        (C)Copyright 1985-2014, American Megatrends, Inc.            **
+#**                                                                     **
+#**                       All Rights Reserved.                          **
+#**                                                                     **
+#**      5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093           **
+#**                                                                     **
+#**                       Phone: (770)-246-8600                         **
+#**                                                                     **
+#*************************************************************************
+#*************************************************************************
+
+#*************************************************************************
+# $Header: /Alaska/SOURCE/Modules/SecureFlashPkg/PlatformKey/FWkey.mak 5     3/18/14 3:09p Alexp $
+#
+# $Revision: 5 $
+#
+# $Date: 3/18/14 3:09p $
+#*************************************************************************
+# Revision History
+# ----------------
+# $Log: /Alaska/SOURCE/Modules/SecureFlashPkg/PlatformKey/FWkey.mak $
+# 
+# 5     3/18/14 3:09p Alexp
+# year 2014 in hdr & ftr
+# 
+# 4     1/07/14 6:28p Alexp
+# use silent macro in front of "copy"
+# 
+# 3     11/11/13 9:33a Alexp
+# 
+# 2     10/17/13 4:47p Alexp
+# New file with rules to generate FwKey ffs. 
+# Relevant Make scripts moved form SecureMod.nmak
+# 
+#*************************************************************************
+#<AMI_FHDR_START>
+#
+# Name: Fwkey.mak
+#
+# Description: Includes build rules for Platform Root Key(PR) ffs file(s)
+# 
+#<AMI_FHDR_END>
+#*************************************************************************
+
+SecureModule : $(BUILD_DIR)\FWKey.mak $(BUILD_DIR)\FWkey.ffs
+
+#---------------------------------------------------------------------------
+#            Generic MAK dependencies
+#---------------------------------------------------------------------------
+$(BUILD_DIR)\FWKey.mak : $(FWKey_DIR)\FWKey.mak $(FWKey_DIR)\FWKey.cif $(FWKey_DIR)\FWKey.sdl $(BUILD_RULES)
+    $(CIF2MAK) $(FWKey_DIR)\FWKey.cif $(CIF2MAK_DEFAULTS)
+
+#---------------------------------------------------------------------------
+#GUID used to identify FW Key FFS file within the Firmware Volume
+#---------------------------------------------------------------------------
+#RSA n-modulus (e-exponent is hardwired to 0x10001)
+!IF "$(FWKEY_FILE_FORMAT)"=="0"
+PR_KEY_PUB_FFS_FILE_GUID = 3FEEC852-F14C-4E7F-97FD-4C3A8C5BBECC
+!ENDIF
+
+#SHA256 Hash of an n-modulus of RSA Key
+!IF "$(FWKEY_FILE_FORMAT)"=="1"
+PR_KEY_PUB_FFS_FILE_GUID = 5B85965C-455D-4CC6-9C4C-7F086967D2B0
+!ENDIF
+
+#x509 Key Cerificate
+!IF "$(FWCAPSULE_CERT_FORMAT)"=="1" || "$(FWKEY_FILE_FORMAT)" == "2"
+PR_KEY_PUB_FFS_FILE_GUID = 3A666558-43E3-4D25-9169-DB81F5DB42E1
+!ENDIF
+
+!IF !EXIST($(FWpub))
+#---------------------------------------------------------------------------
+#   Create a scratchpad Key buf if no Key file is provided
+#---------------------------------------------------------------------------
+#Merge64 FwKey pad.
+$(BUILD_DIR)\FWKEY.BIN: $(FWKey_DIR)\FWKey.mak
+	$(SILENT)copy << $(BUILD_DIR)\FWkey.ini > NUL 
+output
+    FWKEY_FILE($@)
+end
+group FWKEY_FILE
+    upper=0xffffffff
+components
+blank MICROCODE_PAD
+    size=$(FWKEY_FILE_SIZE)
+    pattern=(0xff)
+end
+end end
+<<
+	$(MERGE) /s $(BUILD_DIR)\Fwkey.ini
+#
+#$(BUILD_DIR)\FWkey.obj: $(BUILD_DIR)\FWkey.mak
+#	$(SILENT)copy << $(BUILD_DIR)\FWkey.c > NUL
+##include <Token.h>
+##pragma pack(1)
+#char pad[$(FWKEY_FILE_SIZE)] = {0xFF,0xFF,0xFF,0xFF};
+#<<KEEP
+#    $(CC) /Fo$@ $(CFLAGS) $(BUILD_DIR)\FWkey.c
+
+#$(BUILD_DIR)\FWkey.bin : $(BUILD_DIR)\FWkey.obj $(BUILD_DIR)\FWkey.mak
+#    $(MAKE) /$(MAKEFLAGS) EXT_OBJS= $(BUILD_DEFAULTS)\
+#        /f $(BUILD_DIR)\FWkey.mak bin\
+#        NAME=FWkey OBJECTS=$(BUILD_DIR)\FWkey.obj\
+#        MAKEFILE=$(BUILD_DIR)\FWkey.mak \
+#        TYPE=BINARY
+
+!ELSE
+#---------------------------------------------------------------------------
+#   Prepare Platform Firmware Root Key (FWKey) bin file
+#---------------------------------------------------------------------------
+$(BUILD_DIR)\FWkey.bin: $(FWpub)
+!IF "$(FWCAPSULE_CERT_FORMAT)"=="1" || "$(FWKEY_FILE_FORMAT)" == "2"
+#x509 Cert Key
+    $(SILENT)copy $** $@
+!ELSE
+#Extract 256byte n-modulus from x509 DER or PKCS#1v2 ASN.1 encoded RSA Key
+# n-modulus can be extracted either from Public Key FWpub or full RSA Key FWpriv files
+    $(CRYPTCON) -w -k $** -o $@
+!IF "$(FWKEY_FILE_FORMAT)"=="1"
+#get SHA256 Hash of n-modulus of RSA Key
+    $(CRYPTCON) -h2 -f $@ -o $@
+!ENDIF
+!ENDIF
+ 
+!ENDIF #!IF !EXIST($(FWpub))
+
+#---------------------------------------------------------------------------
+#   Include public portion of Platform Firmware Root Key (FWKey) as .FFS
+#---------------------------------------------------------------------------
+#Warning: don't compress the data. Raw key buffer is expected by Recovery module.
+#Key data won't be compressed much anyway.
+#Ignore FFS checksum as the file data may be updated by cryptocon utility
+$(BUILD_DIR)\FWkey.ffs: $(BUILD_DIR)\FWkey.bin
+    $(MAKE) /f Core\FFS.mak \
+        BUILD_DIR=$(BUILD_DIR) \
+        GUID=$(PR_KEY_PUB_FFS_FILE_GUID) \
+        TYPE=EFI_FV_FILETYPE_FREEFORM FFS_CHECKSUM=0 \
+        BINFILE=$(BUILD_DIR)\FWkey.bin FFSFILE=$@ COMPRESS=0 NAME=FWkey
+
+#*************************************************************************
+#*************************************************************************
+#**                                                                     **
+#**        (C)Copyright 1985-2014, American Megatrends, Inc.            **
+#**                                                                     **
+#**                       All Rights Reserved.                          **
+#**                                                                     **
+#**      5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093           **
+#**                                                                     **
+#**                       Phone: (770)-246-8600                         **
+#**                                                                     **
+#*************************************************************************
+#*************************************************************************
diff --git a/Keys/FW/FWkey.sdl b/Keys/FW/FWkey.sdl
new file mode 100644
index 0000000..830f183
--- /dev/null
+++ b/Keys/FW/FWkey.sdl
@@ -0,0 +1,99 @@
+TOKEN
+	Name  = "FWpub"
+	Value  = "$(FWKey_DIR)\.pubkey"
+	Help  = "Root of trust Key for signed BIOS verification.\Public portion of the Key is inserted as ffs file inside BIOS RTU (FV_BB)\RSA Key formatted as PKCS#1v2.1 ASN.1 or X.509 DER file."
+	TokenType = Expression
+	TargetMAK = Yes
+	Token = "FWCAPSULE_CERT_FORMAT" "=" "0"
+End
+
+TOKEN
+	Name  = "FWpriv"
+	Value  = "$(FWKey_DIR)\.prikey"
+	Help  = "A Signer Certificate Key in the FwCapsule Hdr.\Used as upgrade(new) key in 2-key signing model\RSA Key formatted as PKCS#1v2.1 ASN.1 or X.509 DER file."
+	TokenType = Expression
+	TargetMAK = Yes
+	Token = "FWCAPSULE_CERT_FORMAT" "=" "0"
+End
+
+TOKEN
+	Name  = "FWrootKey"
+	Value  = "$(FWpriv)"
+	Help  = "A Root Certificate key in the FwCapsule Hdr.\Used as back-up(old) key in a dual-key signing model(only for FWCAPSULE_CERT_FORMAT=0)"
+	TokenType = Expression
+	TargetMAK = Yes
+	Token = "FWCAPSULE_CERT_FORMAT" "=" "0"	
+End
+
+TOKEN
+	Name  = "FWpub"
+	Value  = "$(FWKey_DIR)\FW_pubKey.cer"
+	Help  = "X.509 Certificate with Public key"
+	TokenType = Expression
+	TargetMAK = Yes
+	Token = "FWCAPSULE_CERT_FORMAT" "=" "1"
+End
+
+TOKEN
+	Name  = "FWpriv"
+	Value  = "$(FWKey_DIR)\FW_priKey.pfx"
+	Help  = "File name(.pfx) of Pkcs#12 key container with the private key used for signing of FwCapsule package"
+	TokenType = Expression
+	TargetMAK = Yes
+	Token = "FWCAPSULE_CERT_FORMAT" "=" "1"
+End
+
+TOKEN
+	Name  = "FW_PFX_Password"
+	Value  = " "
+	Help  = "Specifies the optional password to unlock PFX - PKCS#12 Private Key container file."
+	TokenType = Expression
+	TargetMAK = Yes
+End
+
+TOKEN
+	Name  = "FWKEY_FILE_SIZE"
+	Value  = "256"
+	Help  = "Default Key file size for RSA2048 Key. Don't change the value."
+	Lock = yes
+	TokenType = Integer
+	TargetMAK = Yes
+	Token = "FWKEY_FILE_FORMAT" "=" "0"
+End
+
+TOKEN
+	Name  = "FWKEY_FILE_SIZE"
+	Value  = "32"
+	Help  = "Default Key file size for SHA256 Hash. Don't change the value."
+	Lock = yes
+	TokenType = Integer
+	TargetMAK = Yes
+	Token = "FWKEY_FILE_FORMAT" "=" "1"
+End
+
+TOKEN
+	Name  = "FWKEY_FILE_SIZE"
+	Value  = "1536"
+	Help  = "Default key buffer size (1.5k) for x509 DER formatted Public key."
+	TokenType = Integer
+	TargetMAK = Yes
+	Token = "FWKEY_FILE_FORMAT" "=" "2"
+End
+
+PATH
+	Name  = "FWKey_DIR"
+	Help  = "Path to default Platform FW Signing Key.\User may change this path to point to another location of FW Key."
+End
+
+MODULE
+	File  = "FWKey.mak"
+	Token = "CREATE_FWCAPSULE" "!=" "0"
+End
+
+ELINK
+	Name  = "$(BUILD_DIR)\FWkey.ffs"
+	Parent  = "FV_BB"
+	Help  = "Include Key FFS inside BIOS RTU (FV_BB)"
+	Token = "CREATE_FWCAPSULE" "!=" "0"
+	InvokeOrder = AfterParent
+End
diff --git a/Keys/Variables/KEK b/Keys/Variables/KEK
new file mode 100644
index 0000000..807364e
--- /dev/null
+++ b/Keys/Variables/KEK
diff --git a/Keys/Variables/PK b/Keys/Variables/PK
new file mode 100644
index 0000000..1f3e9b2
--- /dev/null
+++ b/Keys/Variables/PK
diff --git a/Keys/Variables/Variables.chm b/Keys/Variables/Variables.chm
new file mode 100644
index 0000000..e138b43
--- /dev/null
+++ b/Keys/Variables/Variables.chm
diff --git a/Keys/Variables/Variables.cif b/Keys/Variables/Variables.cif
new file mode 100644
index 0000000..30dc3be
--- /dev/null
+++ b/Keys/Variables/Variables.cif
@@ -0,0 +1,17 @@
+<component>
+	name = "Default Secure Boot Variables"
+	category = ModulePart
+	LocalRoot = "Keys\Variables\"
+	RefName = "SecVariables"
+[files]
+"Variables.chm"	
+"Variables.sdl"	
+"Variables.mak"	
+"PK"	
+"KEK"	
+"db"	
+"dbt"	
+"dbx"	
+[dependOn]
+"SecureBootMod"
+<endComponent>
diff --git a/Keys/Variables/Variables.mak b/Keys/Variables/Variables.mak
new file mode 100644
index 0000000..d946eb4
--- /dev/null
+++ b/Keys/Variables/Variables.mak
@@ -0,0 +1,117 @@
+#*************************************************************************
+#*************************************************************************
+#**                                                                     **
+#**        (C)Copyright 1985-2013, American Megatrends, Inc.            **
+#**                                                                     **
+#**                       All Rights Reserved.                          **
+#**                                                                     **
+#**      5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093           **
+#**                                                                     **
+#**                       Phone: (770)-246-8600                         **
+#**                                                                     **
+#*************************************************************************
+#*************************************************************************
+
+#*************************************************************************
+# $Header: /Alaska/SOURCE/Modules/SecureBoot_WIN8/SecureVariables/Variables.mak 3     7/25/13 9:14a Alexp $
+#
+# $Revision: 3 $
+#
+# $Date: 7/25/13 9:14a $
+#*************************************************************************
+# Revision History
+# ----------------
+# $Log: /Alaska/SOURCE/Modules/SecureBoot_WIN8/SecureVariables/Variables.mak $
+# 
+# 3     7/25/13 9:14a Alexp
+# EIP#118850: ECR1009: Add build rules to include "dbt" variable
+# 
+# 2     7/13/12 3:20p Alexp
+# 1. Add .Help file containing description of Key certificates included
+# in each Secure Variables
+# 2. Modify Build rules in order to let file overrides from Create Vars
+# Module
+# 
+# 1     6/05/12 4:59p Alexp
+# 
+# 
+#*************************************************************************
+#<AMI_FHDR_START>
+#
+# Name: Certificates.mak
+#
+# Description:  
+# 
+#
+#<AMI_FHDR_END>
+#*************************************************************************
+SecureBootModule: SETPLATFORMKEYS
+
+#---------------------------------------------------------------------------
+#        Set Secured Variables 
+#---------------------------------------------------------------------------
+SETPLATFORMKEYS: \
+$(BUILD_DIR)\PkVar.ffs \
+$(BUILD_DIR)\KekVar.ffs \
+$(BUILD_DIR)\dbVar.ffs \
+!IF "$(DBT_include)" == "1" 
+$(BUILD_DIR)\dbtVar.ffs \
+!ENDIF
+!IF "$(DBX_include)" == "1" 
+$(BUILD_DIR)\dbxVar.ffs
+!ENDIF
+
+PK_FFS_FILE_EFI_AUTH_VAR_GUID   = CC0F8A3F-3DEA-4376-9679-5426BA0A907E
+KEK_FFS_FILE_AUTH_EFI_VAR_GUID  = 9FE7DE69-0AEA-470a-B50A-139813649189
+DB_FFS_FILE_AUTH_EFI_VAR_GUID   = FBF95065-427F-47b3-8077-D13C60710998
+DBX_FFS_FILE_AUTH_EFI_VAR_GUID  = 9D7A05E9-F740-44c3-858B-75586A8F9C8E
+DBT_FFS_FILE_AUTH_EFI_VAR_GUID  = C246FBBF-F75C-43F7-88A6-B5FD0CF1DB7F
+
+# PK is used as FW Root platform key. Used to verify Aptio FW images
+$(BUILD_DIR)\PkVar.ffs : $(PkVar)
+        $(MAKE) /f Core\FFS.mak \
+        BUILD_DIR=$(BUILD_DIR) \
+        GUID=$(PK_FFS_FILE_EFI_AUTH_VAR_GUID) \
+        TYPE=EFI_FV_FILETYPE_FREEFORM \
+        BINFILE=$** FFSFILE=$@ COMPRESS=1 NAME=$(*B)
+
+$(BUILD_DIR)\KekVar.ffs : $(KekVar)
+        $(MAKE) /f Core\FFS.mak \
+        BUILD_DIR=$(BUILD_DIR) \
+        GUID=$(KEK_FFS_FILE_AUTH_EFI_VAR_GUID) \
+        TYPE=EFI_FV_FILETYPE_FREEFORM \
+        BINFILE=$** FFSFILE=$@ COMPRESS=1 NAME=$(*B)
+
+$(BUILD_DIR)\dbVar.ffs : $(dbVar)
+        $(MAKE) /f Core\FFS.mak \
+        BUILD_DIR=$(BUILD_DIR) \
+        GUID=$(DB_FFS_FILE_AUTH_EFI_VAR_GUID) \
+        TYPE=EFI_FV_FILETYPE_FREEFORM \
+        BINFILE=$** FFSFILE=$@ COMPRESS=1 NAME=$(*B)
+
+$(BUILD_DIR)\dbtVar.ffs : $(dbtVar)
+        $(MAKE) /f Core\FFS.mak \
+        BUILD_DIR=$(BUILD_DIR) \
+        GUID=$(DBT_FFS_FILE_AUTH_EFI_VAR_GUID) \
+        TYPE=EFI_FV_FILETYPE_FREEFORM \
+        BINFILE=$** FFSFILE=$@ COMPRESS=1 NAME=$(*B)
+
+$(BUILD_DIR)\dbxVar.ffs : $(dbxVar)
+        $(MAKE) /f Core\FFS.mak \
+        BUILD_DIR=$(BUILD_DIR) \
+        GUID=$(DBX_FFS_FILE_AUTH_EFI_VAR_GUID) \
+        TYPE=EFI_FV_FILETYPE_FREEFORM \
+        BINFILE=$** FFSFILE=$@ COMPRESS=1 NAME=$(*B)
+#*************************************************************************
+#*************************************************************************
+#**                                                                     **
+#**        (C)Copyright 1985-2013, American Megatrends, Inc.            **
+#**                                                                     **
+#**                       All Rights Reserved.                          **
+#**                                                                     **
+#**      5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093           **
+#**                                                                     **
+#**                       Phone: (770)-246-8600                         **
+#**                                                                     **
+#*************************************************************************
+#*************************************************************************
diff --git a/Keys/Variables/Variables.sdl b/Keys/Variables/Variables.sdl
new file mode 100644
index 0000000..09b2bf4
--- /dev/null
+++ b/Keys/Variables/Variables.sdl
@@ -0,0 +1,153 @@
+TOKEN
+    Name  = SecVariables_SUPPORT
+    Value  = "1"
+    TokenType = Boolean
+    TargetMAK = Yes
+    Master = Yes
+End
+TOKEN
+    Name  = "DBT_include"
+    Value  = "0"
+    TokenType = Boolean
+    TargetMAK = Yes
+End
+
+TOKEN
+    Name  = "DBX_include"
+    Value  = "1"
+    TokenType = Boolean
+    TargetMAK = Yes
+End
+
+
+TOKEN
+    Name  = "PkVarFile"
+    Value  = "$(SecVariables_DIR)\PK"
+    TokenType = Expression
+    TargetMAK = Yes
+End
+
+TOKEN
+    Name  = "KekVarFile"
+    Value  = "$(SecVariables_DIR)\KEK"
+    TokenType = Expression
+    TargetMAK = Yes
+End
+
+TOKEN
+    Name  = "dbVarFile"
+    Value  = "$(SecVariables_DIR)\db"
+    TokenType = Expression
+    TargetMAK = Yes
+End
+
+TOKEN
+    Name  = "dbtVarFile"
+    Value  = "$(SecVariables_DIR)\dbt"
+    TokenType = Expression
+    TargetMAK = Yes
+End
+
+TOKEN
+    Name  = "dbxVarFile"
+    Value  = "$(SecVariables_DIR)\dbx"
+    TokenType = Expression
+    TargetMAK = Yes
+End
+
+PATH
+    Name  = "SecVariables_DIR"
+    Help  = "Path to Variables Module in Project"
+End
+
+MODULE
+    File  = "Variables.mak"
+End
+
+ELINK
+    Name  = "$(PkVarFile)"
+    Parent = "PkVar"
+    InvokeOrder = AfterParent
+End
+
+ELINK
+    Name  = "$(KekVarFile)"
+    Parent = "KekVar"
+    InvokeOrder = AfterParent
+End
+
+ELINK
+    Name  = "$(dbVarFile)"
+    Parent = "dbVar"
+    InvokeOrder = AfterParent
+End
+
+ELINK
+    Name  = "$(dbtVarFile)"
+    Parent = "dbtVar"
+    InvokeOrder = AfterParent
+End
+
+ELINK
+    Name  = "$(dbxVarFile)"
+    Parent = "dbxVar"
+    InvokeOrder = AfterParent
+End
+
+ELINK
+    Name  = "PkVar"
+    InvokeOrder = ReplaceParent
+End
+
+ELINK
+    Name  = "KekVar"
+    InvokeOrder = ReplaceParent
+End
+
+ELINK
+    Name  = "dbVar"
+    InvokeOrder = ReplaceParent
+End
+
+ELINK
+    Name  = "dbtVar"
+    InvokeOrder = ReplaceParent
+End
+
+ELINK
+    Name  = "dbxVar"
+    InvokeOrder = ReplaceParent
+End
+
+ELINK
+    Name  = "$(BUILD_DIR)\PkVar.ffs"
+    Parent  = "FV_BB"
+    InvokeOrder = AfterParent
+End
+
+ELINK
+    Name  = "$(BUILD_DIR)\KekVar.ffs"
+    Parent  = "FV_MAIN"
+    InvokeOrder = AfterParent
+End
+
+ELINK
+    Name  = "$(BUILD_DIR)\dbVar.ffs"
+    Parent  = "FV_MAIN"
+    InvokeOrder = AfterParent
+
+End
+
+ELINK
+    Name  = "$(BUILD_DIR)\dbtVar.ffs"
+    Parent  = "FV_MAIN"
+    InvokeOrder = AfterParent
+    Token = "DBT_include" "=" "1"
+End
+
+ELINK
+    Name  = "$(BUILD_DIR)\dbxVar.ffs"
+    Parent  = "FV_MAIN"
+    InvokeOrder = AfterParent
+    Token = "DBX_include" "=" "1"
+End
diff --git a/Keys/Variables/db b/Keys/Variables/db
new file mode 100644
index 0000000..2c1c9cd
--- /dev/null
+++ b/Keys/Variables/db
diff --git a/Keys/Variables/dbt b/Keys/Variables/dbt
new file mode 100644
index 0000000..670132b
--- /dev/null
+++ b/Keys/Variables/dbt
diff --git a/Keys/Variables/dbx b/Keys/Variables/dbx
new file mode 100644
index 0000000..e79929f
--- /dev/null
+++ b/Keys/Variables/dbx