1 files changed, 111 insertions, 0 deletions
diff --git a/ReferenceCode/Haswell/CpuInit/Pei/BootGuardInit.c b/ReferenceCode/Haswell/CpuInit/Pei/BootGuardInit.c
new file mode 100644
index 0000000..f877784
--- /dev/null
+++ b/ReferenceCode/Haswell/CpuInit/Pei/BootGuardInit.c
@@ -0,0 +1,111 @@
+/** @file
+  EFI 2.0 PEIM to initialize the cache and load the BSP microcode
+
+@copyright
+  Copyright (c) 1999 - 2013 Intel Corporation. All rights reserved
+  This software and associated documentation (if any) is furnished
+  under a license and may only be used or copied in accordance
+  with the terms of the license. Except as permitted by such
+  license, no part of this software or documentation may be
+  reproduced, stored in a retrieval system, or transmitted in any
+  form or by any means without the express written consent of
+  Intel Corporation.
+
+  This file contains an 'Intel Pre-EFI Module' and is licensed
+  for Intel CPUs and Chipsets under the terms of your license
+  agreement with Intel or your vendor.  This file may be
+  modified by the user, subject to additional terms of the
+  license agreement
+
+**/
+
+///
+/// External include files do NOT need to be explicitly specified in real EDKII
+/// environment
+///
+#if !defined(EDK_RELEASE_VERSION) || (EDK_RELEASE_VERSION < 0x00020000)
+#include "EdkIIGluePeim.h"
+#include "CpuInitPeim.h"
+#include "CpuAccess.h"
+#include "BootGuardLibrary.h"
+#include "MeAccess.h"
+#include "HeciRegs.h"
+#endif
+
+VOID
+BootGuardInit (
+  IN EFI_PEI_SERVICES             **PeiServices,
+  IN PEI_CPU_PLATFORM_POLICY_PPI  *CpuPlatformPolicyPpi
+  )
+/**
+
+  Perform the platform spefific initializations.
+
+  @param[in] PeiServices          - Indirect reference to the PEI Services Table.
+  @param[in] CpuPlatformPolicyPpi - Platform Policy PPI
+
+**/
+{
+  UINT32  MsrValue;
+  UINT32  MeFwSts4;
+  UINT32  BootGuardAcmStatus;
+
+  if (CpuPlatformPolicyPpi->SecurityConfig->BootGuardConfig == NULL) {
+    return;
+  }
+
+  ///
+  /// Check if System Supports Boot Guard
+  ///
+  if( IsBootGuardSupported() ) {
+    CpuPlatformPolicyPpi->SecurityConfig->BootGuardConfig->BootGuardSupport = TRUE;
+
+    BootGuardAcmStatus  = *(UINT32 *) (UINTN) (TXT_PUBLIC_BASE + R_CPU_BOOT_GUARD_ACM_STATUS);
+    DEBUG ((EFI_D_INFO, "Boot Guard ACM Status = %x\n", BootGuardAcmStatus));
+
+    ///
+    /// Check Bit 12 in ME FWSTS4 to check if TPM_DISCONNECT_ALL bit is set
+    /// or ENF Shutdown path is taken by ME FW.
+    /// Also Identify any failures in ACM
+    ///
+    MeFwSts4 = HeciPciRead32(R_ME_HFS_4);
+    DEBUG ((EFI_D_INFO, "ME FW STS 4 = %x\n", MeFwSts4));
+    if((MeFwSts4 & (B_TPM_DISCONNECT | B_BOOT_GUARD_ENF_MASK)) || (BootGuardAcmStatus & B_BOOT_GUARD_ACM_ERRORCODE_MASK)) {
+      DEBUG ((EFI_D_INFO, "All TPM's on Platform are Disconnected\n"));
+      CpuPlatformPolicyPpi->SecurityConfig->BootGuardConfig->DisconnectAllTpms = TRUE;
+    }
+    CpuPlatformPolicyPpi->SecurityConfig->BootGuardConfig->BypassTpmInit = FALSE;
+    CpuPlatformPolicyPpi->SecurityConfig->BootGuardConfig->MeasuredBoot = FALSE;
+
+    if(MeFwSts4 & BIT10) {
+      DEBUG ((EFI_D_INFO, "Sx Resume Type Identified - TPM Event Log not required for ACM Measurements\n"));
+      CpuPlatformPolicyPpi->SecurityConfig->BootGuardConfig->ByPassTpmEventLog = TRUE;
+    }
+    ///
+    /// Check bit 0 of BOOT_GUARD_SACM_INFO MSR if system is in Boot Guard boot mode
+    ///
+    MsrValue = (UINT32) AsmReadMsr64 (MSR_BOOT_GUARD_SACM_INFO);
+    DEBUG ((EFI_D_INFO, "MSR_BOOT_GUARD_SACM_INFO MSR = %x\n", MsrValue));
+    if ( (MsrValue & B_NEM_INIT) == 0 ) {
+      DEBUG ((EFI_D_INFO, "NEM is not initiated by Boot Guard ACM\n"));
+    }
+    if (MsrValue & B_MEASURED) {
+      CpuPlatformPolicyPpi->SecurityConfig->BootGuardConfig->MeasuredBoot = TRUE;
+      ///
+      /// if measured bit is set, BIOS needs to bypass startup command
+      ///
+      if (MsrValue & B_TPM_SUCCESS) {
+        CpuPlatformPolicyPpi->SecurityConfig->BootGuardConfig->BypassTpmInit = TRUE;
+      }
+      ///
+      /// Read present TPM type
+      ///
+      CpuPlatformPolicyPpi->SecurityConfig->BootGuardConfig->TpmType = (TPM_TYPE) ( (MsrValue & V_TPM_PRESENT_MASK) >> 1 );
+      DEBUG ((EFI_D_INFO, "TPM Type is %x\n", CpuPlatformPolicyPpi->SecurityConfig->BootGuardConfig->TpmType));
+    }
+  } else {
+    CpuPlatformPolicyPpi->SecurityConfig->BootGuardConfig->BootGuardSupport = FALSE;
+  }
+
+  return;
+}