diff options
Diffstat (limited to 'Keys/FW')
-rw-r--r-- | Keys/FW/FWkey.cif | 9 | ||||
-rw-r--r-- | Keys/FW/FWkey.mak | 155 | ||||
-rw-r--r-- | Keys/FW/FWkey.sdl | 99 |
3 files changed, 263 insertions, 0 deletions
diff --git a/Keys/FW/FWkey.cif b/Keys/FW/FWkey.cif new file mode 100644 index 0000000..2c7add8 --- /dev/null +++ b/Keys/FW/FWkey.cif @@ -0,0 +1,9 @@ +<component> + name = "FW Key framework" + category = ModulePart + LocalRoot = "Keys\FW\" + RefName = "FWKey" +[files] +"FWkey.sdl" +"FWkey.mak" +<endComponent> diff --git a/Keys/FW/FWkey.mak b/Keys/FW/FWkey.mak new file mode 100644 index 0000000..12d85e6 --- /dev/null +++ b/Keys/FW/FWkey.mak @@ -0,0 +1,155 @@ +#************************************************************************* +#************************************************************************* +#** ** +#** (C)Copyright 1985-2014, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#************************************************************************* +#************************************************************************* + +#************************************************************************* +# $Header: /Alaska/SOURCE/Modules/SecureFlashPkg/PlatformKey/FWkey.mak 5 3/18/14 3:09p Alexp $ +# +# $Revision: 5 $ +# +# $Date: 3/18/14 3:09p $ +#************************************************************************* +# Revision History +# ---------------- +# $Log: /Alaska/SOURCE/Modules/SecureFlashPkg/PlatformKey/FWkey.mak $ +# +# 5 3/18/14 3:09p Alexp +# year 2014 in hdr & ftr +# +# 4 1/07/14 6:28p Alexp +# use silent macro in front of "copy" +# +# 3 11/11/13 9:33a Alexp +# +# 2 10/17/13 4:47p Alexp +# New file with rules to generate FwKey ffs. +# Relevant Make scripts moved form SecureMod.nmak +# +#************************************************************************* +#<AMI_FHDR_START> +# +# Name: Fwkey.mak +# +# Description: Includes build rules for Platform Root Key(PR) ffs file(s) +# +#<AMI_FHDR_END> +#************************************************************************* + +SecureModule : $(BUILD_DIR)\FWKey.mak $(BUILD_DIR)\FWkey.ffs + +#--------------------------------------------------------------------------- +# Generic MAK dependencies +#--------------------------------------------------------------------------- +$(BUILD_DIR)\FWKey.mak : $(FWKey_DIR)\FWKey.mak $(FWKey_DIR)\FWKey.cif $(FWKey_DIR)\FWKey.sdl $(BUILD_RULES) + $(CIF2MAK) $(FWKey_DIR)\FWKey.cif $(CIF2MAK_DEFAULTS) + +#--------------------------------------------------------------------------- +#GUID used to identify FW Key FFS file within the Firmware Volume +#--------------------------------------------------------------------------- +#RSA n-modulus (e-exponent is hardwired to 0x10001) +!IF "$(FWKEY_FILE_FORMAT)"=="0" +PR_KEY_PUB_FFS_FILE_GUID = 3FEEC852-F14C-4E7F-97FD-4C3A8C5BBECC +!ENDIF + +#SHA256 Hash of an n-modulus of RSA Key +!IF "$(FWKEY_FILE_FORMAT)"=="1" +PR_KEY_PUB_FFS_FILE_GUID = 5B85965C-455D-4CC6-9C4C-7F086967D2B0 +!ENDIF + +#x509 Key Cerificate +!IF "$(FWCAPSULE_CERT_FORMAT)"=="1" || "$(FWKEY_FILE_FORMAT)" == "2" +PR_KEY_PUB_FFS_FILE_GUID = 3A666558-43E3-4D25-9169-DB81F5DB42E1 +!ENDIF + +!IF !EXIST($(FWpub)) +#--------------------------------------------------------------------------- +# Create a scratchpad Key buf if no Key file is provided +#--------------------------------------------------------------------------- +#Merge64 FwKey pad. +$(BUILD_DIR)\FWKEY.BIN: $(FWKey_DIR)\FWKey.mak + $(SILENT)copy << $(BUILD_DIR)\FWkey.ini > NUL +output + FWKEY_FILE($@) +end +group FWKEY_FILE + upper=0xffffffff +components +blank MICROCODE_PAD + size=$(FWKEY_FILE_SIZE) + pattern=(0xff) +end +end end +<< + $(MERGE) /s $(BUILD_DIR)\Fwkey.ini +# +#$(BUILD_DIR)\FWkey.obj: $(BUILD_DIR)\FWkey.mak +# $(SILENT)copy << $(BUILD_DIR)\FWkey.c > NUL +##include <Token.h> +##pragma pack(1) +#char pad[$(FWKEY_FILE_SIZE)] = {0xFF,0xFF,0xFF,0xFF}; +#<<KEEP +# $(CC) /Fo$@ $(CFLAGS) $(BUILD_DIR)\FWkey.c + +#$(BUILD_DIR)\FWkey.bin : $(BUILD_DIR)\FWkey.obj $(BUILD_DIR)\FWkey.mak +# $(MAKE) /$(MAKEFLAGS) EXT_OBJS= $(BUILD_DEFAULTS)\ +# /f $(BUILD_DIR)\FWkey.mak bin\ +# NAME=FWkey OBJECTS=$(BUILD_DIR)\FWkey.obj\ +# MAKEFILE=$(BUILD_DIR)\FWkey.mak \ +# TYPE=BINARY + +!ELSE +#--------------------------------------------------------------------------- +# Prepare Platform Firmware Root Key (FWKey) bin file +#--------------------------------------------------------------------------- +$(BUILD_DIR)\FWkey.bin: $(FWpub) +!IF "$(FWCAPSULE_CERT_FORMAT)"=="1" || "$(FWKEY_FILE_FORMAT)" == "2" +#x509 Cert Key + $(SILENT)copy $** $@ +!ELSE +#Extract 256byte n-modulus from x509 DER or PKCS#1v2 ASN.1 encoded RSA Key +# n-modulus can be extracted either from Public Key FWpub or full RSA Key FWpriv files + $(CRYPTCON) -w -k $** -o $@ +!IF "$(FWKEY_FILE_FORMAT)"=="1" +#get SHA256 Hash of n-modulus of RSA Key + $(CRYPTCON) -h2 -f $@ -o $@ +!ENDIF +!ENDIF + +!ENDIF #!IF !EXIST($(FWpub)) + +#--------------------------------------------------------------------------- +# Include public portion of Platform Firmware Root Key (FWKey) as .FFS +#--------------------------------------------------------------------------- +#Warning: don't compress the data. Raw key buffer is expected by Recovery module. +#Key data won't be compressed much anyway. +#Ignore FFS checksum as the file data may be updated by cryptocon utility +$(BUILD_DIR)\FWkey.ffs: $(BUILD_DIR)\FWkey.bin + $(MAKE) /f Core\FFS.mak \ + BUILD_DIR=$(BUILD_DIR) \ + GUID=$(PR_KEY_PUB_FFS_FILE_GUID) \ + TYPE=EFI_FV_FILETYPE_FREEFORM FFS_CHECKSUM=0 \ + BINFILE=$(BUILD_DIR)\FWkey.bin FFSFILE=$@ COMPRESS=0 NAME=FWkey + +#************************************************************************* +#************************************************************************* +#** ** +#** (C)Copyright 1985-2014, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#************************************************************************* +#************************************************************************* diff --git a/Keys/FW/FWkey.sdl b/Keys/FW/FWkey.sdl new file mode 100644 index 0000000..830f183 --- /dev/null +++ b/Keys/FW/FWkey.sdl @@ -0,0 +1,99 @@ +TOKEN + Name = "FWpub" + Value = "$(FWKey_DIR)\.pubkey" + Help = "Root of trust Key for signed BIOS verification.\Public portion of the Key is inserted as ffs file inside BIOS RTU (FV_BB)\RSA Key formatted as PKCS#1v2.1 ASN.1 or X.509 DER file." + TokenType = Expression + TargetMAK = Yes + Token = "FWCAPSULE_CERT_FORMAT" "=" "0" +End + +TOKEN + Name = "FWpriv" + Value = "$(FWKey_DIR)\.prikey" + Help = "A Signer Certificate Key in the FwCapsule Hdr.\Used as upgrade(new) key in 2-key signing model\RSA Key formatted as PKCS#1v2.1 ASN.1 or X.509 DER file." + TokenType = Expression + TargetMAK = Yes + Token = "FWCAPSULE_CERT_FORMAT" "=" "0" +End + +TOKEN + Name = "FWrootKey" + Value = "$(FWpriv)" + Help = "A Root Certificate key in the FwCapsule Hdr.\Used as back-up(old) key in a dual-key signing model(only for FWCAPSULE_CERT_FORMAT=0)" + TokenType = Expression + TargetMAK = Yes + Token = "FWCAPSULE_CERT_FORMAT" "=" "0" +End + +TOKEN + Name = "FWpub" + Value = "$(FWKey_DIR)\FW_pubKey.cer" + Help = "X.509 Certificate with Public key" + TokenType = Expression + TargetMAK = Yes + Token = "FWCAPSULE_CERT_FORMAT" "=" "1" +End + +TOKEN + Name = "FWpriv" + Value = "$(FWKey_DIR)\FW_priKey.pfx" + Help = "File name(.pfx) of Pkcs#12 key container with the private key used for signing of FwCapsule package" + TokenType = Expression + TargetMAK = Yes + Token = "FWCAPSULE_CERT_FORMAT" "=" "1" +End + +TOKEN + Name = "FW_PFX_Password" + Value = " " + Help = "Specifies the optional password to unlock PFX - PKCS#12 Private Key container file." + TokenType = Expression + TargetMAK = Yes +End + +TOKEN + Name = "FWKEY_FILE_SIZE" + Value = "256" + Help = "Default Key file size for RSA2048 Key. Don't change the value." + Lock = yes + TokenType = Integer + TargetMAK = Yes + Token = "FWKEY_FILE_FORMAT" "=" "0" +End + +TOKEN + Name = "FWKEY_FILE_SIZE" + Value = "32" + Help = "Default Key file size for SHA256 Hash. Don't change the value." + Lock = yes + TokenType = Integer + TargetMAK = Yes + Token = "FWKEY_FILE_FORMAT" "=" "1" +End + +TOKEN + Name = "FWKEY_FILE_SIZE" + Value = "1536" + Help = "Default key buffer size (1.5k) for x509 DER formatted Public key." + TokenType = Integer + TargetMAK = Yes + Token = "FWKEY_FILE_FORMAT" "=" "2" +End + +PATH + Name = "FWKey_DIR" + Help = "Path to default Platform FW Signing Key.\User may change this path to point to another location of FW Key." +End + +MODULE + File = "FWKey.mak" + Token = "CREATE_FWCAPSULE" "!=" "0" +End + +ELINK + Name = "$(BUILD_DIR)\FWkey.ffs" + Parent = "FV_BB" + Help = "Include Key FFS inside BIOS RTU (FV_BB)" + Token = "CREATE_FWCAPSULE" "!=" "0" + InvokeOrder = AfterParent +End |