summaryrefslogtreecommitdiff
path: root/Board/EM/FIT/Pei
diff options
context:
space:
mode:
Diffstat (limited to 'Board/EM/FIT/Pei')
-rw-r--r--Board/EM/FIT/Pei/BootGuardPei.c285
-rw-r--r--Board/EM/FIT/Pei/BootGuardPei.cif14
-rw-r--r--Board/EM/FIT/Pei/BootGuardPei.dxs76
-rw-r--r--Board/EM/FIT/Pei/BootGuardPei.h182
-rw-r--r--Board/EM/FIT/Pei/BootGuardPei.mak119
-rw-r--r--Board/EM/FIT/Pei/BootGuardPei.sdl96
-rw-r--r--Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.c469
-rw-r--r--Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.cif11
-rw-r--r--Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.h242
-rw-r--r--Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.mak50
-rw-r--r--Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.sdl96
-rw-r--r--Board/EM/FIT/Pei/OpensslLib.libbin0 -> 132502 bytes
-rw-r--r--Board/EM/FIT/Pei/PeiCryptLib.libbin0 -> 115966 bytes
13 files changed, 1640 insertions, 0 deletions
diff --git a/Board/EM/FIT/Pei/BootGuardPei.c b/Board/EM/FIT/Pei/BootGuardPei.c
new file mode 100644
index 0000000..1421634
--- /dev/null
+++ b/Board/EM/FIT/Pei/BootGuardPei.c
@@ -0,0 +1,285 @@
+//*************************************************************************
+//*************************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//*************************************************************************
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.c 2 3/07/13 5:43a Bensonlai $
+//
+// $Revision: 2 $
+//
+// $Date: 3/07/13 5:43a $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.c $
+//
+// 2 3/07/13 5:43a Bensonlai
+// [TAG] EIP117307
+// [Category] Improvement
+// [Description] [Boot Guard] Implementation of speed up the post time
+// for Chain of Trust
+// [Files] BootGuardDxe.h, BootGuardPei.c, BootGuardPei.h,
+// BpmKmGen.exe, ReserveBootGuardFvMainHashKey.bin
+//
+// 1 2/25/13 1:15a Bensonlai
+// [TAG] EIP114386
+// [Category] Spec Update
+// [Severity] Important
+// [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard
+// for 4th Gen Intel Core Processor based on Mobile U-Processor Line -
+// BIOS Writer's Guide - Rev 0.8.1
+// [Files] BootGuardPei.cif
+// BootGuardPei.c
+// BootGuardPei.h
+// BootGuardPei.dxs
+// BootGuardPei.sdl
+// BootGuardPei.mak
+// PeiCryptLib.lib
+// OpensslLib.lib
+//
+//*************************************************************************
+//<AMI_FHDR_START>
+//
+// Name: BootGuardPei.c
+//
+// Description: Chain of trust for Pei
+//
+//<AMI_FHDR_END>
+//*************************************************************************
+
+#include "BootGuardPei.h"
+
+EFI_GUID ReserveBootGuardFvMainHashKeyGuid = RESERVE_BOOT_GUARD_FV_MAIN_HASH_KEY_FFS_FILE_RAW_GUID;
+
+STATIC EFI_PEI_NOTIFY_DESCRIPTOR BootGuardVerificationForPeiToDxeHandoffEndOfPeiNotifyDesc = {
+ (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
+ &gEndOfPeiSignalPpiGuid,
+ BootGuardVerificationForPeiToDxeHandoffEndOfPei
+};
+
+//**********************************************************************
+//<AMI_PHDR_START>
+//
+// Procedure: LocateBootGuardFvMainHashKey
+//
+// Description: Loads binary from RAW section of X firwmare volume
+//
+//
+// Output: Buffer - returns a pointer to allocated memory. Caller
+// must free it when done.
+// Size - returns the size of the binary loaded into the
+// buffer.
+//
+//<AMI_PHDR_END>
+//**********************************************************************
+EFI_STATUS
+LocateBootGuardFvMainHashKey (
+ IN EFI_PEI_SERVICES **PpSv,
+ IN OUT VOID **Buffer
+)
+{
+ EFI_STATUS Status;
+ EFI_FIRMWARE_VOLUME_HEADER *pFV;
+ UINTN FvNum=0;
+ EFI_FFS_FILE_HEADER *ppFile=NULL;
+ BOOLEAN Found = FALSE;
+
+ Status = (*PpSv)->FfsFindNextVolume (PpSv, FvNum, &pFV);
+
+ while ( TRUE ) {
+ Status = (*PpSv)->FfsFindNextVolume( PpSv, FvNum, &pFV );
+ if ( EFI_ERROR( Status ) ) {
+ return Status;
+ }
+
+ ppFile = NULL;
+
+ while ( TRUE ) {
+ Status = (*PpSv)->FfsFindNextFile( PpSv,
+ EFI_FV_FILETYPE_FREEFORM,
+ pFV,
+ &ppFile );
+
+ if ( Status == EFI_NOT_FOUND ) {
+ break;
+ }
+
+ if (CompareGuid( &ppFile->Name, &ReserveBootGuardFvMainHashKeyGuid )) {
+ Found = TRUE;
+ break;
+ }
+ }
+
+ if ( Found ) {
+ break;
+ } else {
+ FvNum++;
+ }
+ }
+
+ Status = (*PpSv)->FfsFindSectionData( PpSv,
+ EFI_SECTION_RAW,
+ ppFile,
+ Buffer );
+
+ if ( EFI_ERROR( Status ) ) {
+ return EFI_NOT_FOUND;
+ }
+
+ return Status;
+}
+
+//**********************************************************************
+//<AMI_PHDR_START>
+//
+// Procedure: BootGuardVerificationForPeiToDxeHandoffEndOfPei
+//
+// Description: BootGuardVerificationForPeiToDxeHandoffEndOfPei at end of Pei
+// handler.
+//
+// Output: PeiServices - Pointer to PEI Services Table.
+// NotifyDesc - Pointer to the descriptor for the Notification
+// event that caused this function to execute.
+// Ppi - Pointer to the PPI data associated with
+// this function.
+//
+//<AMI_PHDR_END>
+//**********************************************************************
+STATIC
+EFI_STATUS
+BootGuardVerificationForPeiToDxeHandoffEndOfPei (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
+ IN VOID *Ppi
+)
+{
+ EFI_STATUS Status;
+ UINTN BootGuardHashDataSize = 0, i;
+ UINT8 CurrentBootGuardFvMainHash256Val[32];
+ VOID *BootGuardSha256Context;
+ UINT8 *BootGuardOrgFvMainHash256;
+ AMI_BOOT_GUARD_HOB *AmiBootGuardHobPtr;
+ EFI_GUID AmiBootGuardHobGuid = AMI_BOOT_GUARD_HOB_GUID;
+ EFI_BOOT_MODE BootMode;
+ RESERVE_BOOT_GUARD_FV_MAIN_HASH_KEY *ReserveBootGuardFvMainHashKey;
+
+ Status = PeiServicesGetBootMode (&BootMode);
+ if ( EFI_ERROR( Status ) ) {
+ DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] Get Boot Mode is fail\n"));
+ return Status;
+ }
+
+ if ( BootMode == BOOT_IN_RECOVERY_MODE ) {
+ DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] In the BOOT_IN_RECOVERY_MODE\n"));
+ return Status;
+ }
+
+ if ( BootMode == BOOT_ON_S3_RESUME ) {
+ DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] In the BOOT_ON_S3_RESUME\n"));
+ return Status;
+ }
+
+ Status = (*PeiServices)->CreateHob (PeiServices, EFI_HOB_TYPE_GUID_EXTENSION, sizeof (AMI_BOOT_GUARD_HOB), (VOID **) &AmiBootGuardHobPtr);
+ if ( EFI_ERROR( Status ) ) {
+ DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] CreateHob is fail for AmiBootGuardHobPtr\n"));
+ return Status;
+ }
+
+ AmiBootGuardHobPtr->EfiHobGuidType.Name = AmiBootGuardHobGuid;
+ AmiBootGuardHobPtr->AmiBootGuardVerificationforPEItoDXEFlag = 0;
+ BootGuardHashDataSize = Sha256GetContextSize ();
+ Status = ((*PeiServices)->AllocatePool) (PeiServices, BootGuardHashDataSize, &BootGuardSha256Context);
+ if ( EFI_ERROR( Status ) ) {
+ DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] AllocatePool is fail for BootGuardSha256Context\n"));
+ return Status;
+ }
+
+ BootGuardOrgFvMainHash256 = AllocateZeroPool (32);
+ if (BootGuardOrgFvMainHash256 == NULL) {
+ DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] AllocateZeroPool is fail for BootGuardOrgFvMainHash256\n"));
+ return Status;
+ }
+
+ Status = LocateBootGuardFvMainHashKey(PeiServices , &BootGuardOrgFvMainHash256);
+ if ( EFI_ERROR( Status ) ) {
+ DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] LocateBootGuardFvMainHashKey is fail\n"));
+ return Status;
+ }
+
+ ReserveBootGuardFvMainHashKey = (RESERVE_BOOT_GUARD_FV_MAIN_HASH_KEY*)BootGuardOrgFvMainHash256;
+
+ for ( i = 0; i < sizeof(ReserveBootGuardFvMainHashKey->BootGuardFvMainHashKey); i++ ) {
+ DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] BootGuardOrgFvMainHash256[%x]= %x.\n", i, ReserveBootGuardFvMainHashKey->BootGuardFvMainHashKey[i]));
+ }
+ DEBUG ((EFI_D_ERROR, "\n[BootGuardPei.c] BootGuardFvMainUsedLength= %x.\n", ReserveBootGuardFvMainHashKey->BootGuardFvMainUsedLength));
+
+ Sha256Init (BootGuardSha256Context);
+ Sha256Update (BootGuardSha256Context, (UINT8 *)(DXE_SEGMENT_BASE), (UINTN)ReserveBootGuardFvMainHashKey->BootGuardFvMainUsedLength);
+ Sha256Final (BootGuardSha256Context, CurrentBootGuardFvMainHash256Val);
+
+ for ( i = 0; i < sizeof (CurrentBootGuardFvMainHash256Val); i++ ) {
+ DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] CurrentBootGuardFvMainHash256Val[%x]= %x.\n", i, CurrentBootGuardFvMainHash256Val[i]));
+ }
+
+ if ( !CompareMem(BootGuardOrgFvMainHash256, CurrentBootGuardFvMainHash256Val, 32) ) {
+ AmiBootGuardHobPtr->AmiBootGuardVerificationforPEItoDXEFlag = 1;
+ } else {
+ AmiBootGuardHobPtr->AmiBootGuardVerificationforPEItoDXEFlag = 0;
+ }
+
+ DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] AmiBootGuardHobPtr->AmiBootGuardVerificationforPEItoDXEFlag= %x.\n", AmiBootGuardHobPtr->AmiBootGuardVerificationforPEItoDXEFlag));
+
+ return Status;
+}
+
+EFI_STATUS
+BootGuardPeiEntryPoint (
+ IN EFI_FFS_FILE_HEADER *FfsHeader,
+ IN EFI_PEI_SERVICES **PeiServices
+)
+{
+ EFI_STATUS Status;
+ PCH_SERIES PchSeries = GetPchSeries();
+
+ if ( PchSeries != PchLp ) {
+ return EFI_SUCCESS;
+ }
+
+ if ( IsBootGuardSupported() == FALSE ) {
+ return EFI_SUCCESS;
+ }
+
+ if ( (UINT32)AsmReadMsr64 (MSR_BOOT_GUARD_SACM_INFO) == 0 ) {
+ DEBUG ((EFI_D_ERROR, "[BootGuardPei.c] Boot Guard is disabled by Anchor Cove Profile Configuration in the Intel Fitc\n"));
+ return EFI_SUCCESS;
+ }
+
+ Status = PeiServicesNotifyPpi (&BootGuardVerificationForPeiToDxeHandoffEndOfPeiNotifyDesc);
+ if ( EFI_ERROR( Status ) ) {
+ return Status;
+ }
+
+ return Status;
+}
+
+//*************************************************************************
+//*************************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//*************************************************************************
+//*************************************************************************
diff --git a/Board/EM/FIT/Pei/BootGuardPei.cif b/Board/EM/FIT/Pei/BootGuardPei.cif
new file mode 100644
index 0000000..afb57a5
--- /dev/null
+++ b/Board/EM/FIT/Pei/BootGuardPei.cif
@@ -0,0 +1,14 @@
+<component>
+ name = "BootGuardPei"
+ category = ModulePart
+ LocalRoot = "Board\EM\FIT\Pei"
+ RefName = "BootGuardPei"
+[files]
+"BootGuardPei.c"
+"BootGuardPei.h"
+"BootGuardPei.dxs"
+"BootGuardPei.sdl"
+"BootGuardPei.mak"
+"PeiCryptLib.lib"
+"OpensslLib.lib"
+<endComponent>
diff --git a/Board/EM/FIT/Pei/BootGuardPei.dxs b/Board/EM/FIT/Pei/BootGuardPei.dxs
new file mode 100644
index 0000000..920a857
--- /dev/null
+++ b/Board/EM/FIT/Pei/BootGuardPei.dxs
@@ -0,0 +1,76 @@
+//*************************************************************************
+//*************************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//*************************************************************************
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.dxs 1 2/25/13 1:15a Bensonlai $
+//
+// $Revision: 1 $
+//
+// $Date: 2/25/13 1:15a $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.dxs $
+//
+// 1 2/25/13 1:15a Bensonlai
+// [TAG] EIP114386
+// [Category] Spec Update
+// [Severity] Important
+// [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard
+// for 4th Gen Intel Core Processor based on Mobile U-Processor Line -
+// BIOS Writer's Guide - Rev 0.8.1
+// [Files] BootGuardPei.cif
+// BootGuardPei.c
+// BootGuardPei.h
+// BootGuardPei.dxs
+// BootGuardPei.sdl
+// BootGuardPei.mak
+// PeiCryptLib.lib
+// OpensslLib.lib
+//
+//*************************************************************************
+//<AMI_FHDR_START>
+//
+// Name: BootGuardPei.dxs
+//
+// Description: BootGuardPei dependency file
+//
+//<AMI_FHDR_END>
+//*************************************************************************
+
+#include "AutoGen.h"
+#include "PeimDepex.h"
+#if defined (BUILD_WITH_GLUELIB) || defined (BUILD_WITH_EDKII_GLUE_LIB)
+#include "EfiDepex.h"
+#include EFI_PPI_DEPENDENCY (Variable)
+
+#include EFI_PPI_DEPENDENCY (PchPeiInitDone)
+#endif
+
+DEPENDENCY_START
+ PEI_READ_ONLY_VARIABLE_ACCESS_PPI_GUID AND
+ PCH_PEI_INIT_DONE_PPI_GUID
+DEPENDENCY_END
+
+//*************************************************************************
+//*************************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//*************************************************************************
+//*************************************************************************
diff --git a/Board/EM/FIT/Pei/BootGuardPei.h b/Board/EM/FIT/Pei/BootGuardPei.h
new file mode 100644
index 0000000..ca604d6
--- /dev/null
+++ b/Board/EM/FIT/Pei/BootGuardPei.h
@@ -0,0 +1,182 @@
+//*************************************************************************
+//*************************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//*************************************************************************
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.h 2 3/07/13 5:43a Bensonlai $
+//
+// $Revision: 2 $
+//
+// $Date: 3/07/13 5:43a $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.h $
+//
+// 2 3/07/13 5:43a Bensonlai
+// [TAG] EIP117307
+// [Category] Improvement
+// [Description] [Boot Guard] Implementation of speed up the post time
+// for Chain of Trust
+// [Files] BootGuardDxe.h, BootGuardPei.c, BootGuardPei.h,
+// BpmKmGen.exe, ReserveBootGuardFvMainHashKey.bin
+//
+// 1 2/25/13 1:15a Bensonlai
+// [TAG] EIP114386
+// [Category] Spec Update
+// [Severity] Important
+// [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard
+// for 4th Gen Intel Core Processor based on Mobile U-Processor Line -
+// BIOS Writer's Guide - Rev 0.8.1
+// [Files] BootGuardPei.cif
+// BootGuardPei.c
+// BootGuardPei.h
+// BootGuardPei.dxs
+// BootGuardPei.sdl
+// BootGuardPei.mak
+// PeiCryptLib.lib
+// OpensslLib.lib
+//
+//*************************************************************************
+//<AMI_FHDR_START>
+//
+// Name: BootGuardPei.h
+//
+// Description: Header file for BootGuardPei
+//
+//<AMI_FHDR_END>
+//*************************************************************************
+
+#ifndef _BOOT_GUARD_PEI_H_
+#define _BOOT_GUARD_PEI_H_
+
+#if !defined(EDK_RELEASE_VERSION) || (EDK_RELEASE_VERSION < 0x00020000)
+#include "EdkIIGluePeim.h"
+#include "CpuAccess.h"
+#include "PchAccess.h"
+#include "PchPlatformLib.h"
+#include "BootGuardLibrary.h"
+#include <Token.h>
+#endif
+
+#define RESERVE_BOOT_GUARD_FV_MAIN_HASH_KEY_FFS_FILE_RAW_GUID \
+ {0xcbc91f44, 0xa4bc, 0x4a5b, 0x86, 0x96, 0x70, 0x34, 0x51, 0xd0, 0xb0, 0x53}
+
+#if defined(BUILD_WITH_GLUELIB)
+#undef SetMem
+VOID *
+SetMem (
+ OUT VOID *Buffer,
+ IN UINTN Length,
+ IN UINT8 Value
+)
+{
+ return GlueSetMem (Buffer, Length, Value);
+}
+
+#undef CopyMem
+VOID *
+EFIAPI
+CopyMem (
+ OUT VOID *DestinationBuffer,
+ IN CONST VOID *SourceBuffer,
+ IN UINTN Length
+)
+{
+ return GlueCopyMem (DestinationBuffer, SourceBuffer, Length);
+}
+#endif
+
+//
+// Hash functions definitionS
+//
+UINTN
+EFIAPI
+Sha256GetContextSize (
+ VOID
+);
+
+BOOLEAN
+EFIAPI
+Sha256Init (
+ IN OUT VOID *Sha256Context
+);
+
+BOOLEAN
+EFIAPI
+Sha256Update (
+ IN OUT VOID *Sha256Context,
+ IN CONST VOID *Data,
+ IN UINTN DataLength
+);
+
+BOOLEAN
+EFIAPI
+Sha256Final (
+ IN OUT VOID *Sha256Context,
+ OUT UINT8 *HashValue
+);
+
+STATIC
+EFI_STATUS
+BootGuardVerificationForPeiToDxeHandoffEndOfPei (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
+ IN VOID *Ppi
+);
+
+//
+// GUID to AMI_BOOT_GUARD Module
+//
+#if !defined(EDK_RELEASE_VERSION) || (EDK_RELEASE_VERSION < 0x00020000)
+#define AMI_BOOT_GUARD_HOB_GUID \
+ { \
+ 0xb60ab175, 0x498d, 0x429d, 0xad, 0xba, 0xa, 0x62, 0x2c, 0x58, 0x16, 0xe2 \
+ }
+#else
+#define AMI_BOOT_GUARD_HOB_GUID \
+ { \
+ 0xb60ab175, 0x498d, 0x429d, \
+ { \
+ 0xad, 0xba, 0xa, 0x62, 0x2c, 0x58, 0x16, 0xe2 \
+ } \
+ }
+#endif
+
+#pragma pack (1)
+
+typedef struct {
+ EFI_HOB_GUID_TYPE EfiHobGuidType;
+ UINT8 AmiBootGuardVerificationforPEItoDXEFlag;
+} AMI_BOOT_GUARD_HOB;
+
+typedef struct {
+ UINT8 BootGuardFvMainHashKey[32];
+ UINT32 BootGuardFvMainUsedLength;
+} RESERVE_BOOT_GUARD_FV_MAIN_HASH_KEY;
+
+#pragma pack ()
+
+#endif
+
+//*************************************************************************
+//*************************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//*************************************************************************
+//*************************************************************************
diff --git a/Board/EM/FIT/Pei/BootGuardPei.mak b/Board/EM/FIT/Pei/BootGuardPei.mak
new file mode 100644
index 0000000..b1c6ca1
--- /dev/null
+++ b/Board/EM/FIT/Pei/BootGuardPei.mak
@@ -0,0 +1,119 @@
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
+# $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.mak 1 2/25/13 1:15a Bensonlai $
+#
+# $Revision: 1 $
+#
+# $Date: 2/25/13 1:15a $
+#**********************************************************************
+# Revision History
+# ----------------
+# $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.mak $
+#
+# 1 2/25/13 1:15a Bensonlai
+# [TAG] EIP114386
+# [Category] Spec Update
+# [Severity] Important
+# [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard
+# for 4th Gen Intel Core Processor based on Mobile U-Processor Line -
+# BIOS Writer's Guide - Rev 0.8.1
+# [Files] BootGuardPei.cif
+# BootGuardPei.c
+# BootGuardPei.h
+# BootGuardPei.dxs
+# BootGuardPei.sdl
+# BootGuardPei.mak
+# PeiCryptLib.lib
+# OpensslLib.lib
+#
+#**********************************************************************
+#<AMI_FHDR_START>
+#
+# Name: BootGuardPei.mak
+#
+# Description: Make file for BootGuardPei
+#
+#<AMI_FHDR_END>
+#**********************************************************************
+
+all : BootGuardPei
+
+BootGuardPei : $(BUILD_DIR)\BootGuardPei.mak BootGuardPeiBin
+
+$(BUILD_DIR)\BootGuardPei.mak : $(BOOT_GUARD_PEI_PATH)\BootGuardPei.cif $(BOOT_GUARD_PEI_PATH)\BootGuardPei.mak $(BUILD_RULES)
+ $(CIF2MAK) $(BOOT_GUARD_PEI_PATH)\BootGuardPei.cif $(CIF2MAK_DEFAULTS)
+
+BOOT_GUARD_PEI_INCLUDES = \
+ $(EdkIIGlueLib_INCLUDES)\
+ $(INTEL_PCH_INCLUDES)\
+ $(PROJECT_CPU_INCLUDES)\
+
+BOOT_GUARD_PEI_DEFINES=\
+ $(MY_DEFINES)\
+ /D"__EDKII_GLUE_MODULE_ENTRY_POINT__=BootGuardPeiEntryPoint"\
+ /D __EDKII_GLUE_BASE_LIB__ \
+ /D __EDKII_GLUE_BASE_IO_LIB_INTRINSIC__ \
+ /D __EDKII_GLUE_BASE_MEMORY_LIB__\
+ /D __EDKII_GLUE_PEI_DEBUG_LIB_REPORT_STATUS_CODE__ \
+ /D __EDKII_GLUE_PEI_REPORT_STATUS_CODE_LIB__ \
+ /D __EDKII_GLUE_PEI_SERVICES_LIB__ \
+ /D __EDKII_GLUE_PEI_MEMORY_ALLOCATION_LIB__ \
+ /D __EDKII_GLUE_BASE_PCI_LIB_PCI_EXPRESS__ \
+ /D __EDKII_GLUE_PEI_HOB_LIB__ \
+
+BOOT_GUARD_PEI_LIBS = \
+ $(EdkIIGlueBaseIoLibIntrinsic_LIB)\
+ $(EdkIIGlueBaseLib_LIB)\
+ $(EdkIIGlueBaseLibIA32_LIB)\
+ $(EdkIIGlueBasePrintLib_LIB)\
+ $(EdkIIGluePeiMemoryAllocationLib_LIB)\
+ $(EdkIIGluePeiDebugLibReportStatusCode_LIB)\
+ $(EdkIIGluePeiReportStatusCodeLib_LIB)\
+ $(EdkIIGluePeiServicesLib_LIB)\
+ $(EdkIIGlueBasePciLibPciExpress_LIB)\
+ $(EdkIIGlueBasePostCodeLibPort80_LIB)\
+ $(EDKFRAMEWORKPPILIB)\
+ $(EdkIIGluePeiHobLib_LIB)\
+ $(PchPlatformPeiLib_LIB)\
+ $(CpuPlatformLib_LIB)\
+ $(BootGuardLib_LIB)\
+
+BootGuardPeiBin: $(BOOT_GUARD_PEI_LIBS)
+ $(MAKE) /$(MAKEFLAGS) $(EDKIIGLUE_DEFAULTS)\
+ /f $(BUILD_DIR)\BootGuardPei.mak all\
+ NAME=BootGuardPei \
+ MAKEFILE=$(BUILD_DIR)\BootGuardPei.mak \
+ "MY_INCLUDES=$(BOOT_GUARD_PEI_INCLUDES)"\
+ "MY_DEFINES=$(BOOT_GUARD_PEI_DEFINES)" \
+ GUID=B41956E1-7CA2-42db-9562-168389F0F066 \
+ ENTRY_POINT=_ModuleEntryPoint "EXT_HEADERS=$(BUILD_DIR)\token.h"\
+ TYPE=PEIM \
+ EDKIIModule=PEIM\
+ DEPEX1=$(BOOT_GUARD_PEI_PATH)\BootGuardPei.dxs \
+ DEPEX1_TYPE=EFI_SECTION_PEI_DEPEX \
+ COMPRESS=0
+
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
diff --git a/Board/EM/FIT/Pei/BootGuardPei.sdl b/Board/EM/FIT/Pei/BootGuardPei.sdl
new file mode 100644
index 0000000..30dd493
--- /dev/null
+++ b/Board/EM/FIT/Pei/BootGuardPei.sdl
@@ -0,0 +1,96 @@
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
+# $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.sdl 2 3/06/13 2:51a Bensonlai $
+#
+# $Revision: 2 $
+#
+# $Date: 3/06/13 2:51a $
+#**********************************************************************
+# Revision History
+# ----------------
+# $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardPei.sdl $
+#
+# 2 3/06/13 2:51a Bensonlai
+# [TAG] EIP116907
+# [Category] Improvement
+# [Description] BpmKmGen.exe generates KM / BPM tables and
+# BootGuardFvMainHash key separately
+# [Files] BpmKmGen.exe, Fit.sdl, Fit.mak, BootGuardPei.sdl,
+# BootGuardDxe.sdl
+#
+# 1 2/25/13 1:15a Bensonlai
+# [TAG] EIP114386
+# [Category] Spec Update
+# [Severity] Important
+# [Description] [SBY] Ultrabook for Shark Bay Platform - : Boot Guard
+# for 4th Gen Intel Core Processor based on Mobile U-Processor Line -
+# BIOS Writer's Guide - Rev 0.8.1
+# [Files] BootGuardPei.cif
+# BootGuardPei.c
+# BootGuardPei.h
+# BootGuardPei.dxs
+# BootGuardPei.sdl
+# BootGuardPei.mak
+# PeiCryptLib.lib
+# OpensslLib.lib
+#
+#**********************************************************************
+#<AMI_FHDR_START>
+#
+# Name: BootGuardPei.sdl
+#
+# Description: SDL file for BootGuardPei
+#
+#<AMI_FHDR_END>
+#**********************************************************************
+
+TOKEN
+ Name = "BOOT_GUARD_PEI_SUPPORT"
+ Value = "1"
+ Help = "Main switch to enable BOOT_GUARD_PEI_SUPPORT in Project"
+ TokenType = Boolean
+ TargetMAK = Yes
+ TargetH = Yes
+ Master = Yes
+ Token = "INTEL_BOOT_GUARD_CHAIN_OF_TRUST_SUPPORT" "=" "1"
+End
+
+MODULE
+ Help = "Includes BootGuardPei.mak to Project"
+ File = "BootGuardPei.mak"
+End
+
+PATH
+ Name = "BOOT_GUARD_PEI_PATH"
+End
+
+ELINK
+ Name = "$(BUILD_DIR)\BootGuardPei.ffs"
+ Parent = "FV_BB"
+ InvokeOrder = AfterParent
+End
+
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
diff --git a/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.c b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.c
new file mode 100644
index 0000000..5959528
--- /dev/null
+++ b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.c
@@ -0,0 +1,469 @@
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
+
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.c 3 9/06/13 6:10a Bensonlai $
+//
+// $Revision: 3 $
+//
+// $Date: 9/06/13 6:10a $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.c $
+//
+// 3 9/06/13 6:10a Bensonlai
+// [TAG] EIP135513
+// [Category] Improvement
+// [Description] Support the TPM1.2 for WHCK test
+//
+// 2 7/25/13 11:02p Bensonlai
+// [TAG] EIP130647
+// [Category] Bug Fix
+// [Severity] Normal
+// [Symptom] Detail PCR is incorrect for Boot Guard.
+// [RootCause] Coding error.
+//
+// 1 6/04/13 5:15a Bensonlai
+// [TAG] EIP125148
+// [Category] Spec Update
+// [Severity] Normal
+// [Description] [SBY ULT] Boot Guard for 4th Gen Intel Core Processor
+// based on Mobile U-Processor Line - BIOS Writer's Guide - Rev 1.0
+// [Files] BootGuardTPMPei.cif
+// BootGuardTPMPei.c
+// BootGuardTPMPei.h
+// BootGuardTPMPei.sdl
+// BootGuardTPMPei.mak
+//
+//**********************************************************************
+//<AMI_FHDR_START>
+//
+// Name: BootGuardTPMPei.c
+//
+// Description: TPM Initialization Flow for Boot Guard
+//
+//<AMI_FHDR_END>
+//**********************************************************************
+
+#include <Efi.h>
+#include <Pei.h>
+#include <TcgCommon.h>
+#include <AmiPeiLib.h>
+#include <TcgMisc.h>
+#include "PPI\TcgService\TcgTcmService.h"
+#include "PPI\TcgService\TcgService.h"
+#include "PPI\TpmDevice\TpmDevice.h"
+#include "PPI\CpuIo.h"
+#include "PPI\LoadFile.h"
+#include <Ppi\ReadOnlyVariable.h>
+#include "AmiTcgPlatformPei.h"
+#include "TcgPlatformSetupPeiPolicy.h"
+#include <Token.h>
+#include "CpuRegs.h"
+#include <AmiCspLibInc.h>
+#include "BootGuardTPMPei.h"
+
+static
+EFI_STATUS
+__stdcall __FillCallbackContext(
+ IN EFI_PEI_SERVICES **PeiService,
+ OUT TCG_PEI_CALLBACK_CONTEXT *CallbackContext )
+{
+ EFI_GUID _gPeiTpmPpiGuid = PEI_TPM_PPI_GUID;
+ CallbackContext->PeiServices = PeiService;
+ return (*PeiService)->LocatePpi(
+ PeiService,
+ &_gPeiTpmPpiGuid,
+ 0,
+ NULL,
+ &CallbackContext->TpmDevice
+ );
+}
+
+#define TCGPASSTHROUGH( cb, in, out ) \
+ TcgCommonPassThrough( \
+ cb, \
+ sizeof (in) / sizeof (*(in)), \
+ (in), \
+ sizeof (out) / sizeof (*(out)), \
+ (out) \
+ )
+
+EFI_STATUS TcgCommonSha1Complete(
+ IN VOID *CallbackContext,
+ IN VOID *Data,
+ IN UINT32 DataLen,
+ OUT TCG_DIGEST *Digest )
+{
+ TPM_1_2_CMD_SHA1COMPLETE cmdSHA1Complete;
+ TPM_1_2_RET_HEADER retSHA1Complete;
+ TPM_TRANSMIT_BUFFER InBuffer[2], OutBuffer[2];
+
+ if ( DataLen >= 64 )
+ {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ cmdSHA1Complete.Header.Tag = TPM_H2NS( TPM_TAG_RQU_COMMAND );
+ cmdSHA1Complete.Header.ParamSize = TPM_H2NL(sizeof(cmdSHA1Complete) + DataLen);
+ cmdSHA1Complete.Header.Ordinal = TPM_H2NL( TPM_ORD_SHA1Complete );
+
+// if(AutoSupportType()){
+// cmdSHA1Complete.Header.Ordinal = TPM_H2NL(TCM_ORD_SHA1Complete);
+// }
+
+ cmdSHA1Complete.NumBytes = TPM_H2NL( DataLen );
+
+ InBuffer[0].Buffer = &cmdSHA1Complete;
+ InBuffer[0].Size = sizeof (cmdSHA1Complete);
+ InBuffer[1].Buffer = Data;
+ InBuffer[1].Size = DataLen;
+
+ OutBuffer[0].Buffer = &retSHA1Complete;
+ OutBuffer[0].Size = sizeof (retSHA1Complete);
+ OutBuffer[1].Buffer = Digest;
+ OutBuffer[1].Size = sizeof (*Digest);
+
+ return TCGPASSTHROUGH( CallbackContext, InBuffer, OutBuffer );
+}
+
+EFI_STATUS
+SHA1HashFunc (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN UINT8 *HashData,
+ IN UINT32 HashDataLen,
+ OUT TCG_DIGEST *Digest
+)
+{
+ EFI_STATUS Status;
+ UINT32 Sha1MaxBytes;
+ TCG_PEI_CALLBACK_CONTEXT Context;
+
+ Status = __FillCallbackContext( PeiServices, &Context );
+ ASSERT_PEI_ERROR( PeiServices, Status );
+
+ Status = Context.TpmDevice->Init( Context.TpmDevice, PeiServices );
+
+ if ( EFI_ERROR( Status )) {
+ goto Exit;
+ }
+
+ Status = TcgCommonSha1Start( &Context, TCG_ALG_SHA, &Sha1MaxBytes );
+
+ if ( EFI_ERROR( Status )) {
+ goto Exit;
+ }
+
+ Status = TcgCommonSha1Update(
+ &Context,
+ HashData,
+ HashDataLen,
+ Sha1MaxBytes
+ );
+
+ if ( EFI_ERROR( Status )) {
+ goto Exit;
+ }
+
+ HashData += (HashDataLen & ~63);
+ HashDataLen &= 63;
+
+ Status = TcgCommonSha1Complete(
+ &Context,
+ (UINT8 *)HashData,
+ (UINT32)HashDataLen,
+ Digest
+ );
+
+ if ( EFI_ERROR( Status )) {
+ goto Exit;
+ }
+
+Exit:
+ Context.TpmDevice->Close( Context.TpmDevice, PeiServices );
+ return Status;
+}
+
+EFI_STATUS ACM_PostSuccess(
+ IN EFI_PEI_SERVICES **PeiServices
+)
+{
+ UINT32 MsrValue;
+
+ MsrValue = (UINT32) ReadMsr (MSR_BOOT_GUARD_SACM_INFO);
+ if ( ((MsrValue & B_NEM_INIT) == B_NEM_INIT) &&
+ ((MsrValue & B_MEASURED) == B_MEASURED) &&
+ (((MsrValue & V_TPM_PRESENT_DTPM_12) == V_TPM_PRESENT_DTPM_12) || ((MsrValue & V_TPM_PRESENT_DTPM_20) == V_TPM_PRESENT_DTPM_20)) &&
+ ((MsrValue & B_TPM_SUCCESS) == B_TPM_SUCCESS) ) {
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : ACM_PostSuccess : EFI_SUCCESS\n"));
+ return EFI_SUCCESS;
+ }
+
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : ACM_PostSuccess : EFI_UNSUPPORTED\n"));
+ return EFI_UNSUPPORTED;
+}
+
+EFI_STATUS LogDetailPCREvent(
+ IN EFI_PEI_SERVICES **PeiServices
+)
+{
+ UINT8 FoundACM, FoundKM, FoundBPM;
+ UINT32 u32HashLen = 0;
+ EFI_TCG_PCR_EVENT TcgEvent;
+ UINT32 EventNum, FitEntryPointer, FitEntryNumber, i;
+ UINTN Len;
+ CHAR8 DetailPCRStr[] = "Boot Guard Measured S-CRTM";
+ PEI_TPM_PPI *TpmPpi = NULL;
+ PEI_TCG_PPI *TcgPpi = NULL;
+ EFI_STATUS Status;
+ BOOT_POLICY *BP;
+ FIT_ENTRY *FitEntry;
+ KEY_MANIFEST_STRAUCTURE *KmStructure;
+ BpmStruct *BpmStructure;
+
+ Len = sizeof(DetailPCRStr) < sizeof(EFI_GUID) ? sizeof(DetailPCRStr) : sizeof(EFI_GUID);
+
+ TcgEvent.Header.PCRIndex = 0;
+ TcgEvent.Header.EventType = EV_S_CRTM_VERSION;
+ TcgEvent.Header.EventDataSize = Len;
+
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] Starting 1"));
+
+ MemCpy(
+ &TcgEvent.Event.SCrtmVersion,
+ DetailPCRStr,
+ Len
+ );
+
+ Status = LocateTcgPpi(PeiServices,&TpmPpi, &TcgPpi);
+ if(EFI_ERROR(Status))return EFI_NOT_FOUND;
+
+ // On page 44.
+ // The pHashData must be the format .
+ // SHA-1 {
+ // 1) One byte containing the lower 8 bit of the BP.RSTR
+ // 2) One byte contain the lower 8 bits of BP.TYPE
+ // ....
+ // 7) Digest of Hashed IBB Segments(s)
+
+ Status = (*PeiServices)->AllocatePool(PeiServices, sizeof (BOOT_POLICY),&BP);
+ if ( EFI_ERROR( Status ) ) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ BP->RSTR0 = (ReadMsr (MSR_BOOT_GUARD_SACM_INFO) & BIT4) ? 1 : 0;
+ BP->RSTR1 = (MmioRead32 (ACM_STATUS) & BIT21) ? 1 : 0;
+ BP->RSTR2 = (MmioRead32 (ACM_STATUS) & BIT22) ? 1 : 0;
+ BP->RSTR3 = (MmioRead32 (ACM_STATUS) & BIT23) ? 1 : 0;
+ BP->RSTR4 = (MmioRead32 (ACM_STATUS) & BIT24) ? 1 : 0;
+ BP->RSTR5 = 0;
+ BP->RSTR6 = 0;
+ BP->RSTR7 = 0;
+
+ BP->TYPE0 = (ReadMsr (MSR_BOOT_GUARD_SACM_INFO) & BIT5) ? 1 : 0;
+ BP->TYPE1 = (ReadMsr (MSR_BOOT_GUARD_SACM_INFO) & BIT6) ? 1 : 0;
+ BP->TYPE2 = (MmioRead32 (ACM_STATUS) & BIT20) ? 1 : 0;
+ BP->TYPE3 = 0;
+ BP->TYPE4 = 0;
+ BP->TYPE5 = 0;
+ BP->TYPE6 = 0;
+ BP->TYPE7 = 0;
+
+ BP->ACM_SVN = ACMSVN;
+ {
+ FitEntryPointer = MmioRead32(IBB_ENTRYPOINT_M);
+ if ( FitEntryPointer == 0xFFFFFFFF ) {
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : FitEntryPointer(%lx) is empty\n", FitEntryPointer));
+ ASSERT_PEI_ERROR( PeiServices, EFI_NOT_READY );
+ }
+
+ FitEntry = (FIT_ENTRY*)FitEntryPointer;
+ if ( FitEntry->TblAddress != EFI_SIGNATURE_64 ('_', 'F', 'I', 'T', '_', ' ', ' ', ' ') ) {
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : [Type 0] FitEntry->TblAddress(%lx) is error\n", FitEntry->TblAddress));
+ ASSERT_PEI_ERROR( PeiServices, EFI_NOT_READY );
+ }
+
+ FitEntryNumber = FitEntry->TblSIZE;
+
+ FoundACM = 0;
+ for(i=1; i<FitEntryNumber; i++) {
+ FitEntry = (FIT_ENTRY*)(FitEntryPointer + i*16);
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : FitEntry->TblType = %x\n", FitEntry->TblType));
+ if ( FitEntry->TblType == 0x02 ) { // FIT type 0x02 - Anc ACM location
+ FoundACM =1;
+ break;
+ }
+ }
+
+ if ( FoundACM == 0 ) {
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : Can't find the Boot Guard ACM"));
+ ASSERT_PEI_ERROR( PeiServices, EFI_NOT_READY );
+ }
+
+ PEI_TRACE((-1, PeiServices, "BP->ACM_Signature \n"));
+
+ for ( i=0; i<256; i++ ) {
+ if (i % 16 == 0) PEI_TRACE((-1, PeiServices, "\n"));
+ BP->ACM_Signature[i] = MmioRead8( FitEntry->TblAddress + 0x184 + i );
+ PEI_TRACE((-1, PeiServices, "%02x ", BP->ACM_Signature[i]));
+ }
+
+ FoundKM = 0;
+ for(i=1; i<FitEntryNumber; i++) {
+ FitEntry = (FIT_ENTRY*)(FitEntryPointer + i*16);
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : FitEntry->TblType = %x\n", FitEntry->TblType));
+ if ( FitEntry->TblType == 0x0B ) { // FIT Type 0x0B - Key Manifest
+ FoundKM =1;
+ break;
+ }
+ }
+
+ if ( FoundKM == 0 ) {
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : Can't find the Boot Guard KM"));
+ ASSERT_PEI_ERROR( PeiServices, EFI_NOT_READY );
+ }
+
+ KmStructure = (KEY_MANIFEST_STRAUCTURE*)FitEntry->TblAddress;
+ PEI_TRACE((-1, PeiServices, "\nKmStructure:\n"));
+
+ for ( i=0; i<256; i++ ) {
+ if (i % 16 == 0) PEI_TRACE((-1, PeiServices, "\n"));
+ BP->Key_Manifest_Signature[i] = KmStructure->KeyManifestSignature.Signature.Signature[i];
+ PEI_TRACE((-1, PeiServices, "%02x ", BP->Key_Manifest_Signature[i]));
+ }
+
+ FoundBPM = 0;
+ for(i=1; i<FitEntryNumber; i++) {
+ FitEntry = (FIT_ENTRY*)(FitEntryPointer + i*16);
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : FitEntry->TblType = %x\n", FitEntry->TblType));
+ if ( FitEntry->TblType == 0x0C ) { // FIT type 0x0C - Boot Policy Manifest
+ FoundBPM =1;
+ break;
+ }
+ }
+
+ if ( FoundBPM == 0 ) {
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : Can't find the Boot Guard BPM"));
+ ASSERT_PEI_ERROR( PeiServices, EFI_NOT_READY );
+ }
+
+ BpmStructure = (BpmStruct*)FitEntry->TblAddress;
+ PEI_TRACE((-1, PeiServices, "\nBpmStructure:\n"));
+
+ for ( i=0; i<256; i++ ) {
+ if (i % 16 == 0) PEI_TRACE((-1, PeiServices, "\n"));
+ BP->Boot_Policy_Manifest_Signature[i] = BpmStructure->Bpm_Signature_Element.KeySignature.Signature.Signature[i];
+ PEI_TRACE((-1, PeiServices, "%02x ", BP->Boot_Policy_Manifest_Signature[i]));
+ }
+
+ PEI_TRACE((-1, PeiServices, "\n\nBpmStructure->Digest_of_Hashed_IBB_Segment:\n\n"));
+
+ for ( i=0; i<32; i++ ) {
+ if (i % 16 == 0) PEI_TRACE((-1, PeiServices, "\n"));
+ BP->Digest_of_Hashed_IBB_Segment[i] = BpmStructure->Ibb_Element.Digest.HashBuffer[i];
+ PEI_TRACE((-1, PeiServices, "%02x ", BP->Digest_of_Hashed_IBB_Segment[i]));
+ }
+
+ PEI_TRACE((-1, PeiServices, "\n"));
+ }
+
+ SHA1HashFunc( PeiServices, (UINT8*)BP, u32HashLen, &TcgEvent.Header.Digest );
+
+ Status = TcgPpi->TCGLogEvent(TcgPpi, PeiServices, (TCG_PCR_EVENT*)&TcgEvent, &EventNum);
+
+ return Status;
+}
+
+/*
+EFI_STATUS LogAuthorityPCREvent(
+ IN EFI_PEI_SERVICES **PeiServices
+)
+{
+ UINT8* pHashData = NULL;
+ UINT32 u32HashLen = 0;
+
+ EFI_TCG_PCR_EVENT TcgEvent;
+ UINT32 EventNum;
+ UINTN Len;
+ CHAR16 AuthorityPCRStr[] = L"Boot Guard Measured S-CRTM";
+ PEI_TPM_PPI *TpmPpi = NULL;
+ PEI_TCG_PPI *TcgPpi = NULL;
+ EFI_STATUS Status;
+
+ Len = sizeof(AuthorityPCRStr) < sizeof(EFI_GUID) ? sizeof(AuthorityPCRStr) : sizeof(EFI_GUID);
+
+ TcgEvent.Header.PCRIndex = 6;
+ TcgEvent.Header.EventType = EV_EFI_VARIABLE_DRIVER_CONFIG;
+ TcgEvent.Header.EventDataSize = Len;
+
+ MemCpy(
+ &TcgEvent.Event.SCrtmVersion,
+ AuthorityPCRStr,
+ Len
+ );
+
+ Status = LocateTcgPpi(PeiServices,&TpmPpi, &TcgPpi);
+ if(EFI_ERROR(Status))return EFI_NOT_FOUND;
+
+ // On page 45~46.
+ // The pHashData must be the format .
+ // SHA-1 {
+ // 1) One byte containing the lower 8 bit of the BP.RSTR
+ // 2) One byte contain the lower 8 bits of BP.TYPE
+ // ....
+ // 7) One byte indicating status of verified boot.
+
+// SHA1HashFunc( PeiServices, pHashData, u32HashLen, &TcgEvent.Header.Digest );
+
+ Status = TcgPpi->TCGLogEvent(TcgPpi, PeiServices, (TCG_PCR_EVENT*)&TcgEvent, &EventNum);
+ return Status;
+}
+*/
+
+EFI_STATUS
+BootGuardMeasureCRTMVersion(
+ IN EFI_PEI_SERVICES **PeiServices )
+{
+ EFI_STATUS Status;
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] Start of BootGuardMeasureCRTMVersion\n"));
+
+ Status = ACM_PostSuccess( PeiServices );
+ if( !EFI_ERROR(Status) )
+ {
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] Start the LogDetailPCREvent\n"));
+ Status = LogDetailPCREvent( PeiServices );
+ ASSERT_PEI_ERROR( PeiServices, Status );
+// Status = LogAuthorityPCREvent( PeiServices );
+// ASSERT_PEI_ERROR( PeiServices, Status );
+ }
+
+ PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] End of BootGuardMeasureCRTMVersion\n"));
+
+ return MeasureCRTMVersion( PeiServices );
+}
+
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
diff --git a/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.cif b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.cif
new file mode 100644
index 0000000..91cf398
--- /dev/null
+++ b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.cif
@@ -0,0 +1,11 @@
+<component>
+ name = "BootGuardTPMPei"
+ category = ModulePart
+ LocalRoot = "Board\EM\FIT\Pei\BootGuardTPMPei"
+ RefName = "BootGuardTPMPei"
+[files]
+"BootGuardTPMPei.c"
+"BootGuardTPMPei.h"
+"BootGuardTPMPei.sdl"
+"BootGuardTPMPei.mak"
+<endComponent>
diff --git a/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.h b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.h
new file mode 100644
index 0000000..5d03aa0
--- /dev/null
+++ b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.h
@@ -0,0 +1,242 @@
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
+
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.h 2 7/25/13 11:03p Bensonlai $
+//
+// $Revision: 2 $
+//
+// $Date: 7/25/13 11:03p $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.h $
+//
+// 2 7/25/13 11:03p Bensonlai
+// [TAG] EIP130647
+// [Category] Bug Fix
+// [Severity] Normal
+// [Symptom] Detail PCR is incorrect for Boot Guard.
+// [RootCause] Coding error.
+//
+// 1 6/04/13 5:15a Bensonlai
+// [TAG] EIP125148
+// [Category] Spec Update
+// [Severity] Normal
+// [Description] [SBY ULT] Boot Guard for 4th Gen Intel Core Processor
+// based on Mobile U-Processor Line - BIOS Writer's Guide - Rev 1.0
+// [Files] BootGuardTPMPei.cif
+// BootGuardTPMPei.c
+// BootGuardTPMPei.h
+// BootGuardTPMPei.sdl
+// BootGuardTPMPei.mak
+//
+//**********************************************************************
+//<AMI_FHDR_START>
+//
+// Name: BootGuardTPMPei.c
+//
+// Description: TPM Initialization Flow for Boot Guard
+//
+//<AMI_FHDR_END>
+//**********************************************************************
+
+#ifndef _BOOT_GUARD_TPM_PEI_H_
+#define _BOOT_GUARD_TPM_PEI_H_
+
+//
+// Define macros to build data structure signatures from characters.
+//
+#define EFI_SIGNATURE_16(A, B) ((A) | (B << 8))
+#define EFI_SIGNATURE_32(A, B, C, D) (EFI_SIGNATURE_16 (A, B) | (EFI_SIGNATURE_16 (C, D) << 16))
+#define EFI_SIGNATURE_64(A, B, C, D, E, F, G, H) \
+ (EFI_SIGNATURE_32 (A, B, C, D) | ((UINT64) (EFI_SIGNATURE_32 (E, F, G, H)) << 32))
+
+#define IBB_ENTRYPOINT_M 0xFFFFFFC0
+#define ACM_STATUS 0xFED30328
+
+// The LocateTcgPPi(...) entry is call the AmiTcgPlatformPeiLib.obj
+EFI_STATUS LocateTcgPpi(
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN PEI_TPM_PPI **gTpmDevicePpi,
+ IN PEI_TCG_PPI **gTcgPpi
+);
+
+#pragma pack(1)
+typedef struct _TCG_PEI_CALLBACK_CONTEXT
+{
+ PEI_TPM_PPI *TpmDevice;
+ EFI_PEI_SERVICES **PeiServices;
+} TCG_PEI_CALLBACK_CONTEXT;
+
+typedef struct _BOOT_POLICY
+{
+ UINT8 RSTR0:1;
+ UINT8 RSTR1:1;
+ UINT8 RSTR2:1;
+ UINT8 RSTR3:1;
+ UINT8 RSTR4:1;
+ UINT8 RSTR5:1;
+ UINT8 RSTR6:1;
+ UINT8 RSTR7:1;
+ UINT8 TYPE0:1;
+ UINT8 TYPE1:1;
+ UINT8 TYPE2:1;
+ UINT8 TYPE3:1;
+ UINT8 TYPE4:1;
+ UINT8 TYPE5:1;
+ UINT8 TYPE6:1;
+ UINT8 TYPE7:1;
+ UINT16 ACM_SVN;
+ UINT8 ACM_Signature[256];
+ UINT8 Key_Manifest_Signature[256];
+ UINT8 Boot_Policy_Manifest_Signature[256];
+ UINT8 Digest_of_Hashed_IBB_Segment[32];
+} BOOT_POLICY;
+
+typedef struct _FIT_ENTRY
+{
+ UINT64 TblAddress;
+ UINT32 TblSIZE;
+ UINT16 TblVer;
+ UINT8 TblType;
+ UINT8 TblChkSum;
+} FIT_ENTRY;
+
+//
+// Manifest definition
+//
+#define TPM_ALG_SHA1 0x4
+#define TPM_ALG_SHA256 0xB
+#define SHA1_DIGEST_SIZE 20
+#define SHA256_DIGEST_SIZE 32
+
+typedef struct {
+ UINT16 HashAlg;
+ UINT16 Size;
+ UINT8 HashBuffer[SHA256_DIGEST_SIZE];
+} HASH_STRUCTURE;
+
+#define RSA_PUBLIC_KEY_STRUCT_KEY_SIZE_DEFAULT 2048
+#define RSA_PUBLIC_KEY_STRUCT_KEY_LEN_DEFAULT (RSA_PUBLIC_KEY_STRUCT_KEY_SIZE_DEFAULT/8)
+#define RSA_PUBLIC_KEY_STRUCT_KEY_EXPONENT_DEFAULT 0x10001 // NOT 0x10001
+typedef struct {
+ UINT8 Version;
+ UINT16 KeySize;
+ UINT32 Exponent;
+ UINT8 Modulus[RSA_PUBLIC_KEY_STRUCT_KEY_LEN_DEFAULT];
+} RSA_PUBLIC_KEY_STRUCT;
+
+#define RSASSA_SIGNATURE_STRUCT_KEY_SIZE_DEFAULT 2048
+#define RSASSA_SIGNATURE_STRUCT_KEY_LEN_DEFAULT (RSASSA_SIGNATURE_STRUCT_KEY_SIZE_DEFAULT/8)
+typedef struct {
+ UINT8 Version;
+ UINT16 KeySize;
+ UINT16 HashAlg;
+ UINT8 Signature[RSASSA_SIGNATURE_STRUCT_KEY_LEN_DEFAULT];
+} RSASSA_SIGNATURE_STRUCT;
+
+typedef struct {
+ UINT8 Version;
+ UINT16 KeyAlg;
+ RSA_PUBLIC_KEY_STRUCT Key;
+ UINT16 SigScheme;
+ RSASSA_SIGNATURE_STRUCT Signature;
+} KEY_SIGNATURE_STRUCT;
+
+typedef struct {
+ UINT8 StructureID[8];
+ UINT8 StructVersion;
+ UINT8 HdrStructVersion;
+ UINT8 PMBPMVersion;
+ UINT8 BPSVN_BPM;
+ UINT8 ACMSVN_BPM;
+ UINT8 Reserved;
+ UINT16 NEMDataStack;
+} BOOT_POLICY_MANIFEST_HEADER;
+
+typedef struct {
+ UINT16 Reserved;
+ UINT16 Flags;
+ UINT32 Base;
+ UINT32 Size;
+} IBB_SEGMENT_ELEMENT;
+
+typedef struct {
+ UINT8 StructureID[8];
+ UINT8 StructVersion;
+ UINT8 SetNumber;
+ UINT8 Reserved;
+ UINT8 PBETValue;
+ UINT32 Flags;
+ UINT64 IBB_MCHBAR;
+ UINT64 VTD_BAR;
+ UINT32 PMRL_Base;
+ UINT32 PMRL_Limit;
+ UINT64 PMRH_Base;
+ UINT64 PMRH_Limit;
+ HASH_STRUCTURE PostIbbHash;
+ UINT32 EntryPoint;
+ HASH_STRUCTURE Digest;
+ UINT8 SegmentCount; // 1 ~ 8
+ IBB_SEGMENT_ELEMENT IBBSegment[1];
+} IBB_ELEMENT;
+
+typedef struct {
+ UINT8 StructureID[8];
+ UINT8 StructVersion;
+ UINT16 PMDataSize;
+//UINT8 PMData[PMDataSize];
+} PLATFORM_MANUFACTURER_ELEMENT;
+
+typedef struct {
+ UINT8 StructureID[8];
+ UINT8 StructVersion;
+ KEY_SIGNATURE_STRUCT KeySignature;
+} BOOT_POLICY_MANIFEST_SIGNATURE_ELEMENT;
+
+typedef struct {
+ BOOT_POLICY_MANIFEST_HEADER Bpm_Header;
+ IBB_ELEMENT Ibb_Element;
+ //PLATFORM_MANUFACTURER_ELEMENT Platform_Manufacture_Element;
+ BOOT_POLICY_MANIFEST_SIGNATURE_ELEMENT Bpm_Signature_Element;
+} BpmStruct;
+
+typedef struct {
+ UINT8 StructureID[8];
+ UINT8 StructVersion;
+ UINT8 KeyManifestVersion;
+ UINT8 KMSVN;
+ UINT8 KeyManifestID;
+ HASH_STRUCTURE BPKey;
+ KEY_SIGNATURE_STRUCT KeyManifestSignature;
+} KEY_MANIFEST_STRAUCTURE;
+
+#pragma pack()
+
+#endif
+
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
diff --git a/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.mak b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.mak
new file mode 100644
index 0000000..0967d28
--- /dev/null
+++ b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.mak
@@ -0,0 +1,50 @@
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 6145-F Northbelt Pkwy, Norcross, GA 30071 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
+
+#**********************************************************************
+#<AMI_FHDR_START>
+#
+# Name: BootGuardTPMPei.mak
+#
+# Description: TPM Initialization Flow for Boot Guard
+#
+#<AMI_FHDR_END>
+#**********************************************************************
+
+TCG_FILE_INCLUDE=\
+ /I$(TcgPlatformSetupPeiPolicy_DIR)\
+ /I$(TCG_DIR)\
+ /I$(AMI_TCG_PLATFORM_PEI_DIR)
+
+AMI_TCG_LIB_OBJECTS = $(AMI_TCG_LIB_OBJECTS) \
+$(BUILD)\BootGuardTPMPei.obj
+
+Make_AMITTCG_LIB : $(BUILD_DIR)\BootGuardTPMPei.obj
+
+$(BUILD_DIR)\BootGuardTPMPei.obj : $(BootGuardTPMPei_PATH)\BootGuardTPMPei.c
+ $(CC) $(CFLAGS) /I$(PROJECT_DIR) /I$(PROJECT_DIR)\Include $(TCG_FILE_INCLUDE) $(PROJECT_CPU_INCLUDES) /Fo$(BUILD_DIR)\BootGuardTPMPei.obj $(BootGuardTPMPei_PATH)\BootGuardTPMPei.c
+
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 6145-F Northbelt Pkwy, Norcross, GA 30071 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
diff --git a/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.sdl b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.sdl
new file mode 100644
index 0000000..e2c81a1
--- /dev/null
+++ b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.sdl
@@ -0,0 +1,96 @@
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
+
+#**********************************************************************
+# $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.sdl 3 10/29/13 5:18a Bensonlai $
+#
+# $Revision: 3 $
+#
+# $Date: 10/29/13 5:18a $
+#**********************************************************************
+# Revision History
+# ----------------
+# $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.sdl $
+#
+# 3 10/29/13 5:18a Bensonlai
+#
+# 2 9/06/13 6:10a Bensonlai
+# [TAG] EIP135513
+# [Category] Improvement
+# [Description] Support the TPM1.2 for WHCK test
+#
+# 1 6/04/13 5:15a Bensonlai
+# [TAG] EIP125148
+# [Category] Spec Update
+# [Severity] Normal
+# [Description] [SBY ULT] Boot Guard for 4th Gen Intel Core Processor
+# based on Mobile U-Processor Line - BIOS Writer's Guide - Rev 1.0
+# [Files] BootGuardTPMPei.cif
+# BootGuardTPMPei.c
+# BootGuardTPMPei.h
+# BootGuardTPMPei.sdl
+# BootGuardTPMPei.mak
+#
+#**********************************************************************
+#<AMI_FHDR_START>
+#
+# Name: BootGuardTPMPei.sdl
+#
+# Description: SDL file for BootGuardTPMPei
+#
+#<AMI_FHDR_END>
+#**********************************************************************
+
+TOKEN
+ Name = "BootGuardTPMPei_SUPPORT"
+ Value = "1"
+ Help = "Main switch to enable BootGuardTPMPei support in Project"
+ TokenType = Boolean
+ TargetEQU = Yes
+ TargetMAK = Yes
+ Master = Yes
+ Token = "TCG_SUPPORT" "=" "1"
+ Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1"
+End
+
+PATH
+ Name = "BootGuardTPMPei_PATH"
+End
+
+MODULE
+ File = "BootGuardTPMPei.mak"
+ Help = "Includes BootGuardTPMPei.mak to Project"
+End
+
+TOKEN
+ Name = "MEASURE_CRTM_VERSION_PEI_FUNCTION"
+ Value = "BootGuardMeasureCRTMVersion"
+ Help = "Function to measure crtm version. Input:EFI_PEI_SERVICES **. AMI function Modified Pcr 0"
+ TokenType = Expression
+ TargetH = Yes
+End
+
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
diff --git a/Board/EM/FIT/Pei/OpensslLib.lib b/Board/EM/FIT/Pei/OpensslLib.lib
new file mode 100644
index 0000000..290a4fa
--- /dev/null
+++ b/Board/EM/FIT/Pei/OpensslLib.lib
Binary files differ
diff --git a/Board/EM/FIT/Pei/PeiCryptLib.lib b/Board/EM/FIT/Pei/PeiCryptLib.lib
new file mode 100644
index 0000000..b05426c
--- /dev/null
+++ b/Board/EM/FIT/Pei/PeiCryptLib.lib
Binary files differ